ci: bump uv from 0.3.3 to 0.4.1 in /.github/workflows in the ci-dependencies group

[dependabot[bot]]

Bumps the ci-dependencies group in /.github/workflows with 1 update: uv.

Updates uv from 0.3.3 to 0.4.1

Release notes

Sourced from uv's releases.

0.4.1

Release Notes

Enhancements

• Add uv export --format requirements-txt (#6778)
• Allow @ references in uv tool install --from (#6842)
• Normalize version specifiers by sorting (#6333)
• Respect the user's upper-bound in requires-python (#6824)
• Use Windows registry to discover Python on Windows directly (#6761)
• Hint at --no-workspace in uv init failures (#6815)
• Update to last PyPy releases (#6784)

Bug fixes

• Avoid deadlocks when multiple uv processes lock resources (#6790)
• Expand tildes when matching against PATH (#6829)
• Fix uv init --no-project alias (#6837)
• Ignore pre-release segments when discovering via requires-python (#6813)
• Support inline optional tables in uv add and uv remove (#6787)
• Update default hello.py to pass ruff format (#6811)
• Avoid stripping root for user path display (#6865)
• Error when user-provided environments are disjoint with Python (#6841)
• Retain alphabetical sorting for pyproject.toml in uv add operations (#6388)))

Documentation

• Add a link to the multiple index docs in the alternative index guide (#6826)
• Add docs for inline exclude newer in PEP 723 scripts (#6831)
• Enumerate available Docker tags (#6768)
• Omit [pip] section from configuration file docs (#6814)
• Update project.urls in pyproject.toml (#6844)
• Add docs for AWS CodeArtifact usage (#6816)

Other changes

Install uv 0.4.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.4.1/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/astral-sh/uv/releases/download/0.4.1/uv-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from uv's changelog.

0.4.1

Enhancements

• Add uv export --format requirements-txt (#6778)
• Allow @ references in uv tool install --from (#6842)
• Normalize version specifiers by sorting (#6333)
• Respect the user's upper-bound in requires-python (#6824)
• Use Windows registry to discover Python on Windows directly (#6761)
• Hint at --no-workspace in uv init failures (#6815)
• Update to last PyPy releases (#6784)

Bug fixes

• Avoid deadlocks when multiple uv processes lock resources (#6790)
• Expand tildes when matching against PATH (#6829)
• Fix uv init --no-project alias (#6837)
• Ignore pre-release segments when discovering via requires-python (#6813)
• Support inline optional tables in uv add and uv remove (#6787)
• Update default hello.py to pass ruff format (#6811)
• Avoid stripping root for user path display (#6865)
• Error when user-provided environments are disjoint with Python (#6841)
• Retain alphabetical sorting for pyproject.toml in uv add operations (#6388)))

Documentation

• Add a link to the multiple index docs in the alternative index guide (#6826)
• Add docs for inline exclude newer in PEP 723 scripts (#6831)
• Enumerate available Docker tags (#6768)
• Omit [pip] section from configuration file docs (#6814)
• Update project.urls in pyproject.toml (#6844)
• Add docs for AWS CodeArtifact usage (#6816)

Other changes

0.4.0

This release adds first-class support for Python projects that are not designed as Python packages (e.g., web applications, data science projects, etc.).

In doing so, it includes some breaking changes around uv's handling of projects. Previously, uv required that all projects could be built into distributable Python packages, and installed them into the virtual environment. Projects created by uv init always included a [build-system] definition and existing projects that did not define a [build-system] would use the legacy setuptools build backend by default.

Most users are not developing libraries that need to be packaged and published to PyPI. Instead, they're building applications using web frameworks, or running collections of Python scripts in the project's root directory. In these cases, requiring a [build-system] was confusing and error-prone. In this release, uv changes the default behavior to orient around these common use cases.

In summary, the major changes are:

• uv no longer attempts to package and install projects that do not define a [build-system].
  • While the project itself will not be installed into the virtual environment, its dependencies will still be included.
  • The previous behavior can be recovered by setting package = true in the [tool.uv] section of your pyproject.toml.
• uv init no longer creates a src/ directory or defines a [build-system] by default.
  • The previous behavior can be recovered with uv init --lib or uv init --app --package.

... (truncated)

Commits

• 823f23e Bump version to v0.4.1 (#6870)
• 0ceefb3 Update FastAPI integration docs (#6833) (#6850)
• 50c5fe9 Avoid stripping root for user path display (#6865)
• 95416ad Take unowned request in PythonInstallation::find_or_download (#6868)
• a1805d1 Allow @ references in uv tool install --from (#6842)
• 3e207da ci(windows): Introduce setup-dev-drive.ps1, maximize dev drive usage (#6858)
• 52bc93e Update project.urls in pyproject.toml (#6844)
• 8674968 fix: adjust trampoline close_handles invalid to be safer (#6792)
• c91c99b Drop old content from the FastAPI guide (#6851)
• 9f8ebca Error when user-provided environments are disjoint with Python (#6841)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

---

📚 Documentation preview 📚: https://citric--1182.org.readthedocs.build/en/1182/

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (8cab842) to head (3829178). Report is 1 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1182 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 10 10 Lines 482 482 Branches 25 25 ========================================= Hits 482 482 ``` | [Flag](https://app.codecov.io/gh/edgarrmondragon/citric/pull/1182/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n) | Coverage Δ | | |---|---|---| | [integration](https://app.codecov.io/gh/edgarrmondragon/citric/pull/1182/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n) | `91.28% <ø> (ø)` | | | [unit](https://app.codecov.io/gh/edgarrmondragon/citric/pull/1182/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n) | `93.77% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[edgarrmondragon]

@dependabot merge