Workflow

Uv

Latest version: v0.1.44

Safety actively analyzes 629004 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 8

0.1.32

Enhancements

- Add a `--require-hashes` command-line setting ([2824](https://github.com/astral-sh/uv/pull/2824))
- Add hash-checking support to `install` and `sync` ([2945](https://github.com/astral-sh/uv/pull/2945))
- Add support for URL requirements in `--generate-hashes` ([2952](https://github.com/astral-sh/uv/pull/2952))
- Allow unnamed requirements for overrides ([2999](https://github.com/astral-sh/uv/pull/2999))
- Enforce and backtrack on invalid versions in source metadata ([2954](https://github.com/astral-sh/uv/pull/2954))
- Fall back to distributions without hashes in resolver ([2949](https://github.com/astral-sh/uv/pull/2949))
- Implement `--emit-index-annotation` to annotate source index for each package ([2926](https://github.com/astral-sh/uv/pull/2926))
- Log hard-link failures ([3015](https://github.com/astral-sh/uv/pull/3015))
- Support free-threaded Python ([2805](https://github.com/astral-sh/uv/pull/2805))
- Support unnamed requirements in `--require-hashes` ([2993](https://github.com/astral-sh/uv/pull/2993))
- Respect link mode for builds, in `uv pip compile` and for `uv venv` seed packages ([3016](https://github.com/astral-sh/uv/pull/3016))
- Force color for build error messages ([3032](https://github.com/astral-sh/uv/pull/3032))
- Surface invalid metadata as hints in error reports ([2850](https://github.com/astral-sh/uv/pull/2850))

Configuration

- Add `UV_BREAK_SYSTEM_PACKAGES` environment variable ([2995](https://github.com/astral-sh/uv/pull/2995))

CLI

- Remove some restrictions in argument groups ([3001](https://github.com/astral-sh/uv/pull/3001))

Bug fixes

- Add `--find-links` source distributions to the registry cache ([2986](https://github.com/astral-sh/uv/pull/2986))
- Allow comments after all `requirements.txt` entries ([3018](https://github.com/astral-sh/uv/pull/3018))
- Avoid cache invalidation on credentials renewal ([3010](https://github.com/astral-sh/uv/pull/3010))
- Avoid calling `normalize_path` with relative paths that extend beyond the current directory ([3013](https://github.com/astral-sh/uv/pull/3013))
- Deduplicate symbolic links between `purelib` and `platlib` ([3002](https://github.com/astral-sh/uv/pull/3002))
- Remove unused `--output-file` from `pip install` ([2975](https://github.com/astral-sh/uv/pull/2975))
- Strip query string when parsing filename from HTML index ([2961](https://github.com/astral-sh/uv/pull/2961))
- Update hashes without `--upgrade` if not present ([2966](https://github.com/astral-sh/uv/pull/2966))

0.1.31

Bug fixes

- Ignore direct URL distributions in prefetcher ([2943](https://github.com/astral-sh/uv/pull/2943))

0.1.30

Enhancements

- Show resolution diagnostics after `pip install` ([2829](https://github.com/astral-sh/uv/pull/2829))

Performance

- Speed up cold-cache `urllib3`-`boto3`-`botocore` performance with batched prefetching ([2452](https://github.com/astral-sh/uv/pull/2452))

Bug fixes

- Backtrack on distributions with invalid metadata ([2834](https://github.com/astral-sh/uv/pull/2834))
- Include LICENSE files in source distribution ([2855](https://github.com/astral-sh/uv/pull/2855))
- Respect `--no-build` and `--no-binary` in `--find-links` ([2826](https://github.com/astral-sh/uv/pull/2826))
- Respect cached local `--find-links` in install plan ([2907](https://github.com/astral-sh/uv/pull/2907))
- Avoid panic with multiple confirmation handlers ([2903](https://github.com/astral-sh/uv/pull/2903))
- Use scheme parsing to determine absolute vs. relative URLs ([2904](https://github.com/astral-sh/uv/pull/2904))
- Remove additional 'because' in resolution failure messages ([2849](https://github.com/astral-sh/uv/pull/2849))
- Use `miette` when printing `pip sync` resolution failures ([2848](https://github.com/astral-sh/uv/pull/2848))

0.1.29

Enhancements

- Allow conflicting Git URLs that refer to the same commit SHA ([2769](https://github.com/astral-sh/uv/pull/2769))
- Allow package lookups across multiple indexes via explicit opt-in (`--index-strategy unsafe-any-match`) ([2815](https://github.com/astral-sh/uv/pull/2815))
- Allow no-op `--no-compile` flag on CLI ([2816](https://github.com/astral-sh/uv/pull/2816))
- Upgrade `rs-async-zip` to support data descriptors ([2809](https://github.com/astral-sh/uv/pull/2809))

Bug fixes

- Avoid unused extras check in `pip install` for source trees ([2811](https://github.com/astral-sh/uv/pull/2811))
- Deduplicate editables during install commands ([2820](https://github.com/astral-sh/uv/pull/2820))
- Fix windows lock race: lock exclusive after all try lock errors ([2800](https://github.com/astral-sh/uv/pull/2800))
- Preserve `.git` suffixes and casing in Git dependencies ([2789](https://github.com/astral-sh/uv/pull/2789))
- Respect Git tags and branches that look like short commits ([2795](https://github.com/astral-sh/uv/pull/2795))
- Enable virtualenv creation on Windows with cpython-x86 ([2707](https://github.com/astral-sh/uv/pull/2707))

Documentation

- Document that uv is safe to run concurrently ([2818](https://github.com/astral-sh/uv/pull/2818))

0.1.28

Enhancements

- Recursively resolve direct URL references upfront ([2684](https://github.com/astral-sh/uv/pull/2684))

Performance

- Populate the in-memory index when resolving lookahead URLs ([2761](https://github.com/astral-sh/uv/pull/2761))

Bug fixes

- Detect Fish via `FISH_VERSION` ([2781](https://github.com/astral-sh/uv/pull/2781))
- Exclude installed distributions with multiple versions from consideration in the resolver ([2779](https://github.com/astral-sh/uv/pull/2779))
- Resolve non-determistic behavior in preferences due to site-packages ordering ([2780](https://github.com/astral-sh/uv/pull/2780))
- Use canonical URL to key redirect map ([2764](https://github.com/astral-sh/uv/pull/2764))
- Use distribution database and index for all pre-resolution phases ([2766](https://github.com/astral-sh/uv/pull/2766))
- Fix `uv self update` on Linux ([2783](https://github.com/astral-sh/uv/pull/2783))

0.1.27

Enhancements

- Add `--exclude-editable` support to `pip-freeze` ([2740](https://github.com/astral-sh/uv/pull/2740))
- Add `pyproject.toml` et al to list of prompted packages ([2746](https://github.com/astral-sh/uv/pull/2746))
- Consider installed packages during resolution ([2596](https://github.com/astral-sh/uv/pull/2596))
- Recursively allow URL requirements for local dependencies ([2702](https://github.com/astral-sh/uv/pull/2702))

Configuration

- Add `UV_RESOLUTION` environment variable for `--resolution` ([2720](https://github.com/astral-sh/uv/pull/2720))

Bug fixes

- Respect overrides in all direct-dependency iterators ([2742](https://github.com/astral-sh/uv/pull/2742))
- Respect subdirectories when reading static metadata ([2728](https://github.com/astral-sh/uv/pull/2728))

Page 3 of 8

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.