Workflow

Pdm

Latest version: v2.23.0

Safety actively analyzes 723177 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 16 of 37

2.1.3

Not secure
---------------------------

Features & Improvements

- When adding a package to (or removing from) a group, enhance the formatting of the group name in the printed message. [1329](https://github.com/pdm-project/pdm/issues/1329)

Bug Fixes

- Fix a bug of missing hashes for packages with `file://` links the first time they are added. [1325](https://github.com/pdm-project/pdm/issues/1325)
- Ignore invalid values of `data-requires-python` when parsing package links. [1334](https://github.com/pdm-project/pdm/issues/1334)
- Leave an incomplete project metadata if PDM fails to parse the project files, but emit a warning. [1337](https://github.com/pdm-project/pdm/issues/1337)
- Fix the bug that `editables` package isn't installed for self package. [1344](https://github.com/pdm-project/pdm/issues/1344)
- Fix a decoding error for non-ASCII characters in package description when publishing it. [1345](https://github.com/pdm-project/pdm/issues/1345)

Documentation

- Clarify documentation explaining `setup-script`, `run-setuptools`, and `is-purelib`. [1327](https://github.com/pdm-project/pdm/issues/1327)

2.1.2

Not secure
---------------------------

Bug Fixes

- Fix a bug that dependencies from different versions of the same package override each other. [1307](https://github.com/pdm-project/pdm/issues/1307)
- Forward SIGTERM to child processes in `pdm run`. [1312](https://github.com/pdm-project/pdm/issues/1312)
- Fix errors when running on FIPS 140-2 enabled systems using Python 3.9 and newer. [1313](https://github.com/pdm-project/pdm/issues/1313)
- Fix the build failure when the subprocess outputs with non-UTF8 characters. [1319](https://github.com/pdm-project/pdm/issues/1319)
- Delay the trigger of `post_lock` for `add` and `update` operations, to ensure the `pyproject.toml` is updated before the hook is run. [1320](https://github.com/pdm-project/pdm/issues/1320)

2.1.1

Not secure
---------------------------

Features & Improvements

- Add a env_file.override option that allows the user to specify that
the env_file should override any existing environment variables. This
is not the default as the environment the code runs it should take
precedence. [1299](https://github.com/pdm-project/pdm/issues/1299)

Bug Fixes

- Fix a bug that unnamed requirements can't override the old ones in either `add` or `update` command. [1287](https://github.com/pdm-project/pdm/issues/1287)
- Support mutual TLS to private repositories via pypi.client_cert and pypi.client_key config options. [1290](https://github.com/pdm-project/pdm/issues/1290)
- Set a minimum version for the `packaging` dependency to ensure that `packaging.utils.parse_wheel_filename` is available. [1293](https://github.com/pdm-project/pdm/issues/1293)
- Fix a bug that checking for PDM update creates a venv. [1301](https://github.com/pdm-project/pdm/issues/1301)
- Prefer compatible packages when fetching metadata. [1302](https://github.com/pdm-project/pdm/issues/1302)

2.1.0

Not secure
---------------------------

Features & Improvements

- Allow the use of custom CA certificates using the `pypi.ca_certs` config entry. [1240](https://github.com/pdm-project/pdm/issues/1240)
- Add `pdm export` to available pre-commit hooks. [1279](https://github.com/pdm-project/pdm/issues/1279)

Bug Fixes

- Skip incompatible requirements when installing build dependencies. [1264](https://github.com/pdm-project/pdm/issues/1264)
- Fix a crash when pdm tries to publish a package with non-ASCII characters in the metadata. [1270](https://github.com/pdm-project/pdm/issues/1270)
- Try to read the lock file even if the lock version is incompatible. [1273](https://github.com/pdm-project/pdm/issues/1273)
- For packages that are only available as source distribution, the `summary` field in `pdm.lock` contains the `description` from the package's `pyproject.toml`. [1274](https://github.com/pdm-project/pdm/issues/1274)
- Do not crash when calling `pdm show` for a package that is only available as source distribution. [1276](https://github.com/pdm-project/pdm/issues/1276)
- Fix a bug that completion scripts are interpreted as rich markups. [1283](https://github.com/pdm-project/pdm/issues/1283)

Dependencies

- Remove the dependency of `pip`. [1268](https://github.com/pdm-project/pdm/issues/1268)

Removals and Deprecations

- Deprecate the top-level imports from `pdm` module, it will be removed in the future. [1282](https://github.com/pdm-project/pdm/issues/1282)

2.0.3

Not secure
---------------------------

Bug Fixes

- Support Conda environments when detecting the project environment. [1253](https://github.com/pdm-project/pdm/issues/1253)
- Fix the interpreter resolution to first try `python` executable in the `PATH`. [1255](https://github.com/pdm-project/pdm/issues/1255)
- Stabilize sorting of URLs in `metadata.files` in `pdm.lock`. [1256](https://github.com/pdm-project/pdm/issues/1256)
- Don't expand credentials in the file URLs in the `[metadata.files]` table of the lock file. [1259](https://github.com/pdm-project/pdm/issues/1259)

2.0.2

Not secure
---------------------------

Features & Improvements

- `env_file` variables no longer override existing environment variables. [1235](https://github.com/pdm-project/pdm/issues/1235)
- Support referencing other optional groups in optional-dependencies with `<this_package_name>[group1, group2]` [1241](https://github.com/pdm-project/pdm/issues/1241)

Bug Fixes

- Respect `requires-python` when creating the default venv. [1237](https://github.com/pdm-project/pdm/issues/1237)

Page 16 of 37

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.