Bump the "infrastructure" group with 1 update across multiple ecosystems

[dependabot]

Bumps the infrastructure group with 2 updates: astral-sh/uv and alpine/curl.

Updates astral-sh/uv from 0.11.14 to 0.11.16

Release notes

Sourced from astral-sh/uv's releases.

0.11.16

Release Notes

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum

... (truncated)

Changelog

Sourced from astral-sh/uv's changelog.

0.11.16

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

0.11.15

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

... (truncated)

Commits

• 135a363 Bump version to 0.11.16 (#19522)
• 3b5f994 Add a uv lock check to CI (#19524)
• 4ffb506 Improve crates.io new crate error message (#19523)
• 51ba989 Add support for direct archive dependencies in Git (#10072)
• c07a6ef Reject locked malware installations (#18936)
• 58a6734 Allow environment variables that take a list to be empty (#19503)
• c1477e2 Use UV_NO_SYSTEM_CONFIG in tests to avoid reading machine-global config (#1...
• 4648a0b uv audit: specialize malformed OSV error (#19515)
• e2375ab Test create_junction changes from #19402 (#19487)
• 547bf2f Avoid unwrapping from OnceMap (#19510)
• Additional commits viewable in compare view

Updates alpine/curl from 8.17.0 to 8.19.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions