Fedora 40: FEDORA-2024-075f626765 critical: uv command injection fix

An extremely fast Python package installer and resolver, written in Rust.

Designed as a drop-in replacement for common pip and pip-tools workflows.

Highlights:

Drop-in replacement for common pip, pip-tools, and virtualenv commands.

10-100x faster than pip and pip-tools (pip-compile and pip-sync).

Disk-space efficient, with a global cache for dependency deduplication.

Installable via curl, pip, pipx, etc. uv is a static binary that can be

installed without Rust or Python.

Tested at-scale against the top 10,000 PyPI packages.

Support for macOS, Linux, and Windows.

Advanced features such as dependency version overrides and alternative

resolution strategies.

Best-in-class error messages with a conflict-tracking resolver.

Support for a wide range of advanced pip features, including editable

installs, Git dependencies, direct URL dependencies, local dependencies,

constraints, source distributions, HTML and JSON indexes, and more.

Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes. By updating to a current release of uv, this update fixes CVE-2024-53899, which was originally reported against virtualenv but which was also reproducible on uv 0.5.2 and earlier. See upstream issue #9424 for more details. This update adds a default system-wide configuration file /etc/uv/uv.toml with settings specific to Fedora. The RPM-packaged uv now deviates from the default configuration in two ways. First, we set "python-downloads" to "manual" in order to avoid unintended Python downloads. We suggest using RPM-packaged (system) Pythons that benefit from distribution maintenance and integration. Use uv python install to manually install managed Pythons. Second, we set "python-preference" to "system" instead of "managed". Otherwise, any managed Python would be used for uv operations where no particular Python is specified, even if the only available managed Python were much...