This week's releases split neatly into two categories: useful incremental hardening (uv, GitLab, Copilot) and things that should change how you architect systems today (Spring CVEs, pg_durable, and a Cornell paper that quietly invalidates a lot of RAG assumptions). The Spring security cluster alone is enough to justify a dependency audit before the weekend. uv 0.11.19 adds CPython 3.15 beta support uv now always computes SHA256 checksums for remote distributions—previously this was situational—a