chore(deps): bump astral-sh/uv from edd1fd8 to 10902f5

[dependabot]

Bumps astral-sh/uv from edd1fd8 to 10902f5.

Changelog

Sourced from astral-sh/uv's changelog.

Changelog

0.10.9

Released on 2026-03-06.

Enhancements

• Add fbgemm-gpu, fbgemm-gpu-genai, torchrec, and torchtune to the PyTorch list (#18338)
• Add torchcodec to PyTorch List (#18336)
• Log the duration we took before erroring (#18231)
• Warn when using uv_build settings without uv_build (#15750)
• Add fallback to /usr/lib/os-release on Linux system lookup failure (#18349)
• Use cargo auditable to include SBOM in uv builds (#18276)

Configuration

• Add an environment variable for UV_VENV_RELOCATABLE (#18331)

Performance

• Avoid toml Document overhead (#18306)
• Use a single global workspace cache (#18307)

Bug fixes

• Continue on trampoline job assignment failures (#18291)
• Handle the hard link limit gracefully instead of failing (#17699)
• Respect build constraints for workspace members (#18350)
• Revalidate editables and other dependencies in scripts (#18328)
• Support Python 3.13+ on Android (#18301)
• Support cp3-none-any (#17064)
• Skip tool environments with broken links to Python on Windows (#17176)

Documentation

• Add documentation for common marker values (#18327)
• Improve documentation on virtual dependencies (#18346)

0.10.8

Released on 2026-03-03.

Python

• Add CPython 3.10.20

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

This PR is a routine Dependabot dependency bump that updates the astral-sh/uv Docker image digest in the Dockerfile from edd1fd89... to 10902f58..., corresponding to uv version 0.10.9 (released 2026-03-06). The version tag 0.10 remains pinned, and there are no structural or logic changes to the Dockerfile or any other files.

Key changes:

• Updated ghcr.io/astral-sh/uv:0.10 SHA256 digest to the 0.10.9 release, which includes bug fixes (hard link limit handling, Android Python 3.13+ support, workspace build constraint fixes), performance improvements (single global workspace cache), and new enhancements (SBOM in builds via cargo auditable, UV_VENV_RELOCATABLE env var).
• No other files are modified.

Confidence Score: 5/5

• This PR is safe to merge — it is a pinned-digest bump of a well-maintained tool image with no code logic changes.
• The change is a single-line digest update to a trusted base image (astral-sh/uv) managed by Dependabot. The 0.10 version tag is preserved, and the new digest corresponds to the latest 0.10.x patch release. Patch releases for uv are backwards-compatible and the changelog shows only bug fixes and enhancements with no breaking changes.
• No files require special attention.

Important Files Changed

Filename	Overview
Dockerfile	Updates the astral-sh/uv base image SHA256 digest from edd1fd8... to 10902f5... (uv 0.10.9), keeping the 0.10 version tag pinned. No structural or logic changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["ghcr.io/astral-sh/uv:0.10@sha256:10902f5...\n(uv stage — updated digest)"] -->|COPY /uv /uvx /bin/| B
    B["python:3.12-slim@sha256:f3fa41d...\n(builder stage)"]
    B --> C["apt-get: cmake, build-essential,\nlibssl-dev, zlib1g-dev, libzstd-dev"]
    C --> D["uv sync --frozen --no-dev\n--extra treesitter-full (deps only)"]
    D --> E["COPY . . → uv sync (full install)"]
    E --> F["python:3.12-slim@sha256:f3fa41d...\n(final runtime stage)"]
    F --> G["apt-get: ripgrep, libssl3,\nzlib1g, libzstd1"]
    G --> H["useradd appuser"]
    H --> I["COPY .venv, codebase_rag,\ncodec, cgr, pyproject.toml"]
    I --> J["entrypoint.sh\n(sets LD_PRELOAD, exec code-graph-rag)"]
    J --> K["CMD: mcp-server"]

Loading

_{Last reviewed commit: ec1ebca}

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud