build(deps-dev): bump uv from 0.6.0 to 0.11.15 in /atlassian-mcp

[dependabot]

Bumps uv from 0.6.0 to 0.11.15.

Release notes

Sourced from uv's releases.

0.11.15

Release Notes

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

Install uv 0.11.15

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.15

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

0.11.14

Released on 2026-05-12.

Enhancements

• Add Astral mirror URL override (#19206)

... (truncated)

Commits

• 3cffe97 Fix crates.io publish script lockfile (#19473)
• de16a7b Bump version to 0.11.15 (#19472)
• cf826cc Disable test_simultaneous_create_set_then_move on Linux (#19469)
• 2d566bc Allow retry of custom-publish-crates separately from announce (#19470)
• 0588b8f Run release builds on maturin version bumps in CI (#19466)
• 9a65753 Enforce that entry points cannot escape in the scripts directory (#19464)
• d77d849 Revert "Update maturin to v1.13.2 (#19445)" (#19465)
• 5373e96 Update Rust crate rustls to v0.23.40 (#19250)
• fb8d3d4 Update Rust crate rustls-pki-types to v1.14.1 (#19251)
• 078480d Configure maturin and uv so uv run can be used to work on uv itself (#19461)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Lockfile-only dev-tool bump with no runtime code changes; main risk is CI/local workflow behavior differences on a large uv version jump.

Overview
Updates the pinned uv dev dependency in atlassian-mcp/uv.lock from 0.6.0 to 0.11.15 (sdist and platform wheel hashes). No application source or pyproject.toml dependency spec changes—only the lockfile resolution for the existing dev uv entry.

The newer release includes security fixes (TAR parsing and script entry-point path handling) plus resolver, sync, and performance changes across many minor versions; CI and local uv sync will install the updated toolchain.

^{Reviewed by Cursor Bugbot for commit b292531. Bugbot is set up for automated code reviews on this repo. Configure here.}