Workflow

Pex

Latest version: v2.33.7

Safety actively analyzes 723177 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 57

2.32.0

This release adds support for Pip 25.0.

* Add support for `--pip-version 25.0`. (2652)

2.31.0

This release adds `pex3 lock subset <reqs...> --lock existing.lock` for
creating a subset of an existing lock file. This is a fast operation
that just trims un-used locked requirements from the lock but otherwise
leaves the lock unchanged.

* Add support for `pex3 lock subset`. (2647)

2.30.0

This release brings `--sh-boot` support to PEXes with
`--layout {loose,packed}`. Previously, the `--sh-boot` option only took
effect for traditional PEX zip files. Now all PEX output and runtime
schemes, in any combination, can benefit from the reduced boot latency
`--sh-boot` brings on all runs of a PEX after the first.

* Support `--sh-boot` for `--layout {loose,packed}`. (2645)

2.29.0

This release brings 1st class support for newer Pip's
`--keyring-provider` option. Previously you could only use `keyring`
based authentication via `--use-pip-config` and either the
`PIP_KEYRING_PROVIDER` environment variable or Pip config files.
Although using `--keyring-provider import` is generally unusable in the
face of Pex hermeticity strictures, `--keyring-provider subprocess` is
viable; just ensure you have a keyring provider on the `PATH`. You can
read more [here][Pip-KRP-subprocess].

This release also brings [PEP-723][PEP-723] support to Pex locks. You
can now pass `pex3 lock {create,sync,update} --exe <script> ...` to
include the PEP-723 declared script requirements in the lock.

* add `--keyring-provider` flag to configure keyring-based authentication (2592)
* Support locking PEP-723 requirements. (2642)

[Pip-KRP-subprocess]: https://pip.pypa.io/en/stable/topics/authentication/#using-keyring-as-a-command-line-application
[PEP-723]: https://peps.python.org/pep-0723

2.28.1

This release upgrades `science` for use in building PEX scies with
`--scie {eager,lazy}`. The upgraded `science` fixes issues dealing
handling failed Python distribution downloads and should now be more
robust and clear when downloads fail.

* Upgrade `science` minimum requirement to 0.10.1. (2637)

2.28.0

This release adds Pex `--scie {eager,lazy}` support for Linux ppc64le
and s390x.

* Add `--scie` support for Linux ppc64le and s390x. (2635)

Page 3 of 57

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.