Workflow

Python-uv

Latest version: v0.0.38

Safety actively analyzes 682471 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 18 of 26

0.1.18

Breaking changes

Users that rely on native root certificates (or the `SSL_CERT_FILE`) environment variable must now
pass the `--native-tls` command-line flag to enable this behavior.

- Enable TLS native root toggling at runtime ([2362](https://github.com/astral-sh/uv/pull/2362))

Enhancements

- Add `--dry-run` flag to `uv pip install` ([1436](https://github.com/astral-sh/uv/pull/1436))
- Implement "Requires" field in `pip show` ([2347](https://github.com/astral-sh/uv/pull/2347))
- Remove `wheel` from default PEP 517 backend ([2341](https://github.com/astral-sh/uv/pull/2341))
- Add `UV_SYSTEM_PYTHON` environment variable as alias
to `--system` ([2354](https://github.com/astral-sh/uv/pull/2354))
- Add a `-vv` log level and make `-v` more readable ([2301](https://github.com/astral-sh/uv/pull/2301))

Bug fixes

- Expand environment variables prior to detecting scheme ([2394](https://github.com/astral-sh/uv/pull/2394))
- Fix bug where `--no-binary :all:` prevented build of editable
packages ([2393](https://github.com/astral-sh/uv/pull/2393))
- Ignore inverse dependencies when building graph ([2360](https://github.com/astral-sh/uv/pull/2360))
- Skip prefetching when `--no-deps` is specified ([2373](https://github.com/astral-sh/uv/pull/2373))
- Trim injected `python_version` marker to (major, minor) ([2395](https://github.com/astral-sh/uv/pull/2395))
- Wait for request stream to flush before returning resolution ([2374](https://github.com/astral-sh/uv/pull/2374))
- Write relative paths for scripts in data directory ([2348](https://github.com/astral-sh/uv/pull/2348))
- Add dedicated error message for direct filesystem paths in
requirements ([2369](https://github.com/astral-sh/uv/pull/2369))

0.1.17

Enhancements

- Allow more-precise Git URLs to override less-precise Git URLs ([2285](https://github.com/astral-sh/uv/pull/2285))
- Add support for Metadata 2.2 ([2293](https://github.com/astral-sh/uv/pull/2293))
- Added ability to select bytecode invalidation mode of generated `.pyc`
files ([2297](https://github.com/astral-sh/uv/pull/2297))
- Add `Seek` fallback for zip files with data descriptors ([2320](https://github.com/astral-sh/uv/pull/2320))

Bug fixes

- Support reading UTF-16 requirements files ([2283](https://github.com/astral-sh/uv/pull/2283))
- Trim rows in `pip list` ([2298](https://github.com/astral-sh/uv/pull/2298))
- Avoid using setuptools shim of distutils ([2305](https://github.com/astral-sh/uv/pull/2305))
- Communicate PEP 517 hook results via files ([2314](https://github.com/astral-sh/uv/pull/2314))
- Increase default buffer size for wheel and source downloads ([2319](https://github.com/astral-sh/uv/pull/2319))
- Add `Accept-Encoding: identity` to remaining stream paths ([2321](https://github.com/astral-sh/uv/pull/2321))
- Avoid duplicating authorization header with netrc ([2325](https://github.com/astral-sh/uv/pull/2325))
- Remove duplicate `INSTALLER` in `RECORD` ([2336](https://github.com/astral-sh/uv/pull/2336))

Documentation

- Add a custom suggestion to install wheel into the build
environment ([2307](https://github.com/astral-sh/uv/pull/2307))
- Document the environment variables that uv respects ([2318](https://github.com/astral-sh/uv/pull/2318))

0.1.16

Enhancements

- Add support for `--no-build-isolation` ([2258](https://github.com/astral-sh/uv/pull/2258))
- Add support for `--break-system-packages` ([2249](https://github.com/astral-sh/uv/pull/2249))
- Add support for `.netrc` authentication ([2241](https://github.com/astral-sh/uv/pull/2241))
- Add support for `--format=freeze` and `--format=json`
in `uv pip list` ([1998](https://github.com/astral-sh/uv/pull/1998))
- Add support for remote `https://` requirements files (#1332) ([2081](https://github.com/astral-sh/uv/pull/2081))
- Implement `uv pip show` ([2115](https://github.com/astral-sh/uv/pull/2115))
- Allow `UV_PRERELEASE` to be set via environment variable ([2240](https://github.com/astral-sh/uv/pull/2240))
- Include exit code for build failures ([2108](https://github.com/astral-sh/uv/pull/2108))
- Query interpreter to determine correct `virtualenv` paths, enabling `uv venv` with PyPy and
others ([2188](https://github.com/astral-sh/uv/pull/2188))
- Respect non-`sysconfig`-based system Pythons, enabling `--system` installs on Debian and
others ([2193](https://github.com/astral-sh/uv/pull/2193))

Bug fixes

- Fallback to fresh request on non-validating 304 ([2218](https://github.com/astral-sh/uv/pull/2218))
- Add `.stdout()` and `.stderr()` outputs to `Printer` ([2227](https://github.com/astral-sh/uv/pull/2227))
- Close `RECORD` after reading entries during uninstall ([2259](https://github.com/astral-sh/uv/pull/2259))
- Fix Conda Python detection on Windows ([2279](https://github.com/astral-sh/uv/pull/2279))
- Fix parsing requirement where a variable follows an operator without a
space ([2273](https://github.com/astral-sh/uv/pull/2273))
- Prefer more recent minor versions in wheel tags ([2263](https://github.com/astral-sh/uv/pull/2263))
- Retry on Python interpreter launch failures during `--compile` ([2278](https://github.com/astral-sh/uv/pull/2278))
- Show appropriate activation command based on shell detection ([2221](https://github.com/astral-sh/uv/pull/2221))
- Escape Windows paths with spaces in `venv` activation command ([2223](https://github.com/astral-sh/uv/pull/2223))
- Add specialized activation message for `cmd.exe` ([2226](https://github.com/astral-sh/uv/pull/2226))
- Cache wheel metadata in no-PEP 658 fallback ([2255](https://github.com/astral-sh/uv/pull/2255))
- Use reparse points to detect Windows installer shims ([2284](https://github.com/astral-sh/uv/pull/2284))

Documentation

- Add `PIP_COMPATIBILITY.md` to document known deviations
from `pip` ([2244](https://github.com/astral-sh/uv/pull/2244))

0.1.15

Enhancements

- Add a `--compile` option to `install` to enable bytecode
compilation ([2086](https://github.com/astral-sh/uv/pull/2086))
- Expose the `--exclude-newer` flag to limit candidate packages based on
date ([2166](https://github.com/astral-sh/uv/pull/2166))
- Add `uv` version to user agent ([2136](https://github.com/astral-sh/uv/pull/2136))

Bug fixes

- Set `.metadata` suffix on URL path ([2123](https://github.com/astral-sh/uv/pull/2123))
- Fallback to non-range requests when HEAD returns 404 ([2186](https://github.com/astral-sh/uv/pull/2186))
- Allow direct URLs in optional dependencies in editables ([2206](https://github.com/astral-sh/uv/pull/2206))
- Allow empty values in WHEEL files ([2170](https://github.com/astral-sh/uv/pull/2170))
- Avoid Windows Store shims in `--python python3`-like invocations ([2212](https://github.com/astral-sh/uv/pull/2212))
- Expand Windows shim detection to include `python3.12.exe` ([2209](https://github.com/astral-sh/uv/pull/2209))
- HTML-decode URLs in HTML indexes ([2215](https://github.com/astral-sh/uv/pull/2215))
- Make direct dependency detection respect markers ([2207](https://github.com/astral-sh/uv/pull/2207))
- Respect `py --list-paths` fallback in `--python python3` invocations on
Windows ([2214](https://github.com/astral-sh/uv/pull/2214))
- Respect local freshness when auditing installed environment ([2169](https://github.com/astral-sh/uv/pull/2169))
- Respect markers on URL dependencies in editables ([2176](https://github.com/astral-sh/uv/pull/2176))
- Respect nested editable requirements in parser ([2204](https://github.com/astral-sh/uv/pull/2204))
- Run Windows against Python 3.13 ([2171](https://github.com/astral-sh/uv/pull/2171))
- Error when editables don't match `Requires-Python` ([2194](https://github.com/astral-sh/uv/pull/2194))

0.1.14

Enhancements

- Add support for `--system-site-packages` in `uv venv` ([2101](https://github.com/astral-sh/uv/pull/2101))
- Add support for Python installed from Windows Store ([2122](https://github.com/astral-sh/uv/pull/2122))
- Expand environment variables in `-r` and `-c` subfile paths ([2143](https://github.com/astral-sh/uv/pull/2143))
- Treat empty index URL strings as null instead of erroring ([2137](https://github.com/astral-sh/uv/pull/2137))
- Use space as delimiter for `UV_EXTRA_INDEX_URL` ([2140](https://github.com/astral-sh/uv/pull/2140))
- Report line and column numbers in `requirements.txt` parser
errors ([2100](https://github.com/astral-sh/uv/pull/2100))
- Improve error messages when `uv` is offline ([2110](https://github.com/astral-sh/uv/pull/2110))

Bug fixes

- Future-proof the `pip` entrypoints special-case ([1982](https://github.com/astral-sh/uv/pull/1982))
- Allow empty extras in `pep508-rs` and add more corner case to
tests ([2128](https://github.com/astral-sh/uv/pull/2128))
- Adjust base Python lookup logic for Windows to respect Windows
Store ([2121](https://github.com/astral-sh/uv/pull/2121))
- Consider editable dependencies to be 'direct' for `--resolution` ([2114](https://github.com/astral-sh/uv/pull/2114))
- Preserve environment variables in resolved Git dependencies ([2125](https://github.com/astral-sh/uv/pull/2125))
- Use `prefix` instead of `base_prefix` for environment root ([2117](https://github.com/astral-sh/uv/pull/2117))
- Wrap unsafe script shebangs in `/bin/sh` ([2097](https://github.com/astral-sh/uv/pull/2097))
- Make WHEEL parsing error line numbers one indexed ([2151](https://github.com/astral-sh/uv/pull/2151))
- Determine `site-packages` path based on implementation name ([2094](https://github.com/astral-sh/uv/pull/2094))

Documentation

- Add caveats on `--system` support to the README ([2131](https://github.com/astral-sh/uv/pull/2131))
- Add instructions for `SSL_CERT_FILE` env var ([2124](https://github.com/astral-sh/uv/pull/2124))

0.1.13

Bug fixes

- Prioritize `PATH` over `py --list-paths` in Windows selection ([2057](https://github.com/astral-sh/uv/pull/2057)).
This fixes an issue in which the `--system` flag would not work correctly on Windows in GitHub Actions.
- Avoid canonicalizing user-provided interpreters ([2072](https://github.com/astral-sh/uv/pull/2072)). This fixes an
issue in which the `--python` flag would not work correctly with pyenv and other interpreters.
- Allow pre-releases for requirements in constraints files ([2069](https://github.com/astral-sh/uv/pull/2069))
- Avoid truncating EXTERNALLY-MANAGED error message ([2073](https://github.com/astral-sh/uv/pull/2073))
- Extend activation highlighting to entire `venv` command ([2070](https://github.com/astral-sh/uv/pull/2070))
- Reverse the order of `--index-url` and `--extra-index-url`
priority ([2083](https://github.com/astral-sh/uv/pull/2083))
- Avoid assuming `RECORD` file is in `platlib` ([2091](https://github.com/astral-sh/uv/pull/2091))

Page 18 of 26

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.