core: bump astral-sh/uv from 0.8.17 to 0.8.18

[dependabot]

Bumps astral-sh/uv from 0.8.17 to 0.8.18.

Release notes

Sourced from astral-sh/uv's releases.

0.8.18

Release Notes

Released on 2025-09-17.

Enhancements

• Add PyG packages to torch backend (#15911)
• Add handling for unnamed conda environments in base environment detection (#15681)
• Allow selection of debug build interpreters (#11520)
• Improve uv init defaults for native build backend cache keys (#15705)
• Error when pyproject.toml target does not exist for dependency groups (#15831)
• Infer check URL from publish URL when known (#15886)
• Support Gitlab CI/CD as a trusted publisher (#15583)
• Add GraalPy 25.0.0 with support for Python 3.12 (#15900)
• Add --no-clear to uv venv to disable removal prompts (#15795)
• Add conflict detection between --only-group and --extra flags (#15788)
• Allow [project] to be missing from a pyproject.toml (#14113)
• Always treat conda environments named base and root as base environments (#15682)
• Improve log message when direct build for uv_build is skipped (#15898)
• Log when the cache is disabled (#15828)
• Show pyx organization name after authenticating (#15823)
• Use _CONDA_ROOT to detect Conda base environments (#15680)
• Include blake2b hash in uv publish upload form (#15794)
• Fix misleading debug message when removing environments in uv sync (#15881)

Deprecations

• Deprecate tool.uv.dev-dependencies (#15469)
• Revert "feat(ci): build loongarch64 binaries in CI (#15387)" (#15820)

Preview features

• Propagate preview flag to client for native-auth feature (#15872)
• Store native credentials for realms with the https scheme stripped (#15879)
• Use the root index URL when retrieving credentials from the native store (#15873)

Bug fixes

• Fix uv sync --no-sources not switching from editable to registry installations (#15234)
• Avoid display of an empty string when a path is the working directory (#15897)
• Allow cached environment reuse with @latest (#15827)
• Allow escaping spaces in --env-file handling (#15815)
• Avoid ANSI codes in debug! messages (#15843)
• Improve BSD tag construction (#15829)
• Include SHA when listing lockfile changes (#15817)
• Invert the logic for determining if a path is a base conda environment (#15679)
• Load credentials for explicit members when lowering (#15844)
• Re-add triton as a torch backend package (#15910)
• Respect UV_INSECURE_NO_ZIP_VALIDATION=1 in duplicate header errors (#15912)

... (truncated)

Changelog

Sourced from astral-sh/uv's changelog.

0.8.18

Released on 2025-09-17.

Enhancements

• Add PyG packages to torch backend (#15911)
• Add handling for unnamed conda environments in base environment detection (#15681)
• Allow selection of debug build interpreters (#11520)
• Improve uv init defaults for native build backend cache keys (#15705)
• Error when pyproject.toml target does not exist for dependency groups (#15831)
• Infer check URL from publish URL when known (#15886)
• Support Gitlab CI/CD as a trusted publisher (#15583)
• Add GraalPy 25.0.0 with support for Python 3.12 (#15900)
• Add --no-clear to uv venv to disable removal prompts (#15795)
• Add conflict detection between --only-group and --extra flags (#15788)
• Allow [project] to be missing from a pyproject.toml (#14113)
• Always treat conda environments named base and root as base environments (#15682)
• Improve log message when direct build for uv_build is skipped (#15898)
• Log when the cache is disabled (#15828)
• Show pyx organization name after authenticating (#15823)
• Use _CONDA_ROOT to detect Conda base environments (#15680)
• Include blake2b hash in uv publish upload form (#15794)
• Fix misleading debug message when removing environments in uv sync (#15881)

Deprecations

• Deprecate tool.uv.dev-dependencies (#15469)
• Revert "feat(ci): build loongarch64 binaries in CI (#15387)" (#15820)

Preview features

• Propagate preview flag to client for native-auth feature (#15872)
• Store native credentials for realms with the https scheme stripped (#15879)
• Use the root index URL when retrieving credentials from the native store (#15873)

Bug fixes

• Fix uv sync --no-sources not switching from editable to registry installations (#15234)
• Avoid display of an empty string when a path is the working directory (#15897)
• Allow cached environment reuse with @latest (#15827)
• Allow escaping spaces in --env-file handling (#15815)
• Avoid ANSI codes in debug! messages (#15843)
• Improve BSD tag construction (#15829)
• Include SHA when listing lockfile changes (#15817)
• Invert the logic for determining if a path is a base conda environment (#15679)
• Load credentials for explicit members when lowering (#15844)
• Re-add triton as a torch backend package (#15910)
• Respect UV_INSECURE_NO_ZIP_VALIDATION=1 in duplicate header errors (#15912)

... (truncated)

Commits

• c4c4781 Bump version to 0.8.18 (#15920)
• fa53a62 Always treat conda environments named base and root as base environments ...
• 759eab8 Add GitHub Actions to PyPI trusted publishing example (#15753)
• d5012c6 Add handling for unnamed conda environments in base environment detection (#1...
• 1943aba Allow [project] to be missing from a pyproject.toml (#14113)
• fa50a5c Add verbose output to the documentation help section (#15915)
• 2a14edf Respect UV_INSECURE_NO_ZIP_VALIDATION=1 in duplicate header errors (#15912)
• dea1700 Avoid ANSI codes in debug! messages (#15843)
• 48f5076 Add PyG packages to torch backend (#15911)
• d4806ee Re-add triton as a torch backend package (#15910)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	e4ea3d8
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/68cb8447120eb4000848608c

[netlify]

✅ Deploy Preview for authentik-integrations canceled.

Name	Link
🔨 Latest commit	e4ea3d8
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/68cb84476d9d93000870031a

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	e4ea3d8
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/68cb8447eed4400008e6ee0b
😎 Deploy Preview	https://deploy-preview-16866--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.77%. Comparing base (17da90d) to head (e4ea3d8).
⚠️ Report is 12 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #16866   +/-   ##
=======================================
  Coverage   92.77%   92.77%           
=======================================
  Files         838      838           
  Lines       45386    45386           
=======================================
+ Hits        42108    42109    +1     
+ Misses       3278     3277    -1     

Flag	Coverage Δ
e2e	46.61% <ø> (+0.08%)	⬆️
integration	23.44% <ø> (-0.06%)	⬇️
unit	90.92% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.