Bump py-rattler from 0.22.0 to 0.24.0 in the uv group across 1 directory

[dependabot]

Bumps the uv group with 1 update in the / directory: py-rattler.

Updates py-rattler from 0.22.0 to 0.24.0

Release notes

Sourced from py-rattler's releases.

py-rattler v0.24.0

Added

• Add additional parameters to Client (auth storage, proxy config, cache dir, etc.) in #2273
• Expose extra_depends on PackageRecord in #2268
• Add support for CEP-42 channel relations in repodata in #2370
• Add repodata revisions as proposed in conda/ceps#146 in #2379
• Implement simplified variant selection with flags in #2381
• Implement shell flavors and workspace-wide initialization in #2259
• Handle HTTP 501 responses in sharded repodata fetching in #2401
• Add __cuda_arch virtual package in #1863
• Graduate extras, conditionals, and flags from experimental in #2450
• Published wheels now include a CycloneDX SBOM of the Rust dependency tree under .dist-info/sboms/ (PEP 770)

Changed

• BREAKING: Lockfile v7 — restructured format with platform-keyed environments, partial source records, source timestamps, and run_exports on source packages (#2026, #2348)
• BREAKING: Move min_age into exclude_newer and allow per-channel configuration in #2279
• Replace chrono with jiff for date/time handling in #1905

Fixed

• Prevent package-cache path traversal via malicious build strings in untrusted channel metadata (GHSA-h672-p7h7-97v9)
• Reject path traversal in Python entry points (CVE-2026-47425) in #2445
• Make sdist PEP 625 conformant and trim bundled test data (roughly halves sdist size) in #2470
• Retry temp-directory rename on transient Windows errors in #2453
• Render conditional when dependencies as defined in CEP 43 in #2436
• Avoid runtime import of typing_extensions in the index module in #2428
• Make build string matching case-insensitive per CEP-29 in #2386
• Fix ordering of dev and post components in version comparison in #2299
• Fix StrictVersion Ord contract violation in #2225
• Sort paths returned by link_package_sync for deterministic install output in #2418
• Copy symlinked files when symbolic linking is disabled in #2409
• Handle missing symlinks on Windows install path in #2399
• Don't assume path is a file:// URL in run-exports extraction in #2411

Performance

• Bump resolvo to 0.10.3, delivering an almost 2x solver speedup (prefix-dev/resolvo#221)
• Preserve Arc when crossing the Python custom-source boundary, improving solver performance with many custom sources in #2400

Commits

• 81d1876 ci(release-python): pass changelog notes via env var to avoid shell quoting i...
• 0566e56 chore: prepare py-rattler v0.24.0 release (#2452)
• 04fbe1c fix: make sdist PEP 625 conformant and trim test data (#2470)
• d431502 fix(test): fix rattler_cache::package_cache::test_flaky (#2471)
• c05458e chore(ci): Update Rust crate astral_async_zip to 0.0.18 (#2467)
• 6964df6 chore(ci): Update Rust crate cc to v1.2.63 (#2468)
• ee4e2ff chore(ci): Update Rust crate http to v1.4.1 (#2469)
• 6012e28 Merge commit from fork
• 46eadfe chore(ci): Update dependency ts-jest to v29.4.11 (#2459)
• 84af4ab chore(ci): Update aws-sdk-rust monorepo (#2458)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.