Workflow

Python-uv

Latest version: v0.0.38

Safety actively analyzes 706267 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 26

0.4.18

Enhancements

- Allow multiple source entries for each package in `tool.uv.sources` ([7745](https://github.com/astral-sh/uv/pull/7745))
- Add `.gitignore` file to `uv build` output directory ([7835](https://github.com/astral-sh/uv/pull/7835))
- Disable jemalloc on FreeBSD ([7780](https://github.com/astral-sh/uv/pull/7780))
- Respect `PAGER` env var when paging in `uv help` command ([5511](https://github.com/astral-sh/uv/pull/5511))
- Support `uv run -m foo` to run a module ([7754](https://github.com/astral-sh/uv/pull/7754))
- Use a top-level output directory for `uv build` in workspaces ([7813](https://github.com/astral-sh/uv/pull/7813))
- Update `uv init --package` command to match project name ([7670](https://github.com/astral-sh/uv/pull/7670))
- Add a custom suggestion for `uv add dotenv` ([7799](https://github.com/astral-sh/uv/pull/7799))
- Add detailed errors for `tool.uv.sources` deserialization failures ([7823](https://github.com/astral-sh/uv/pull/7823))
- Improve error message copy for failed builds ([7849](https://github.com/astral-sh/uv/pull/7849))
- Use `serde-untagged` to improve some untagged enum error messages ([7822](https://github.com/astral-sh/uv/pull/7822))
- Use build failure hints for `dotenv` errors, rather than in `uv add` ([7825](https://github.com/astral-sh/uv/pull/7825))

Configuration

- Add `UV_NO_SYNC` environment variable ([7752](https://github.com/astral-sh/uv/pull/7752))

Bug fixes

- Accept `git+` prefix in `tool.uv.sources` ([7847](https://github.com/astral-sh/uv/pull/7847))
- Allow spaces in path requirements ([7767](https://github.com/astral-sh/uv/pull/7767))
- Avoid reusing cached downloaded binaries with `--no-binary` ([7772](https://github.com/astral-sh/uv/pull/7772))
- Correctly trims values during wheel WHEEL file parsing ([7770](https://github.com/astral-sh/uv/pull/7770))
- Fix `uv tree --invert` for platform dependencies ([7808](https://github.com/astral-sh/uv/pull/7808))
- Fix encoding mismatch between python child process and uv ([7757](https://github.com/astral-sh/uv/pull/7757))
- Reject self-dependencies in `uv add` ([7766](https://github.com/astral-sh/uv/pull/7766))
- Respect `tool.uv.environments` for legacy virtual workspace roots ([7824](https://github.com/astral-sh/uv/pull/7824))
- Retain empty extras on workspace members ([7762](https://github.com/astral-sh/uv/pull/7762))
- Use file stem when parsing cached wheel names ([7773](https://github.com/astral-sh/uv/pull/7773))

Rust API

- Make `FlatDistributions` public ([7833](https://github.com/astral-sh/uv/pull/7833))

Documentation

- Fix table of contents sizing ([7751](https://github.com/astral-sh/uv/pull/7751))
- GitLab Integration documentation ([6857](https://github.com/astral-sh/uv/pull/6857))
- Update documentation to setup-uvv3 ([7807](https://github.com/astral-sh/uv/pull/7807))
- Use `uv publish` instead of twine in docs ([7837](https://github.com/astral-sh/uv/pull/7837))
- Fix typo in `projects.md` ([7784](https://github.com/astral-sh/uv/pull/7784))

0.4.17

Enhancements

- Add `uv build --all` to build all packages in a workspace ([7724](https://github.com/astral-sh/uv/pull/7724))
- Add support for `uv init --script` ([7565](https://github.com/astral-sh/uv/pull/7565))
- Add support for upgrading build environment for installed tools (`uv tool upgrade --python`) ([7605](https://github.com/astral-sh/uv/pull/7605))
- Initialize a Git repository in `uv init` ([5476](https://github.com/astral-sh/uv/pull/5476))
- Respect `--quiet` flag in `uv build` ([7674](https://github.com/astral-sh/uv/pull/7674))
- Add context message before listing available tools in `uvx` ([7641](https://github.com/astral-sh/uv/pull/7641))

Bug fixes

- Don't create Python bytecode files during interpreter discovery ([7707](https://github.com/astral-sh/uv/pull/7707))
- Escape glob patterns in workspace member discovery ([7709](https://github.com/astral-sh/uv/pull/7709))
- Avoid prefetching source distributions with unbounded lower-bound ranges ([7683](https://github.com/astral-sh/uv/pull/7683))

Documentation

- Add `uv build` and `uv publish` to features overview ([7716](https://github.com/astral-sh/uv/pull/7716))
- Add documentation on cache versioning ([7693](https://github.com/astral-sh/uv/pull/7693))
- Spell out the names of the Docker images for easier copy-paste ([7706](https://github.com/astral-sh/uv/pull/7706))
- Document uv-with-Jupyter workflows ([7625](https://github.com/astral-sh/uv/pull/7625))
- Note that `uv lock --upgrade-package` retains locked versions ([7694](https://github.com/astral-sh/uv/pull/7694))

0.4.16

Enhancements

- Add `uv publish` ([7475](https://github.com/astral-sh/uv/pull/7475))
- Add a `--project` argument to run a command from a project directory ([7603](https://github.com/astral-sh/uv/pull/7603))
- Display Python implementation when creating environments ([7652](https://github.com/astral-sh/uv/pull/7652))
- Implement trusted publishing for `uv publish` ([7548](https://github.com/astral-sh/uv/pull/7548))
- Respect lockfile preferences for `--with` requirements ([7627](https://github.com/astral-sh/uv/pull/7627))
- Unhide the `--directory` option ([7653](https://github.com/astral-sh/uv/pull/7653))
- Allow requesting free-threaded Python interpreters ([7431](https://github.com/astral-sh/uv/pull/7431))
- Show a dedicated PubGrub hint for `--unsafe-best-match` ([7645](https://github.com/astral-sh/uv/pull/7645))
- Add resolver error checking for conflicting distributions ([7595](https://github.com/astral-sh/uv/pull/7595))

Bug fixes

- Avoid adding double-newlines for CRLF ([7640](https://github.com/astral-sh/uv/pull/7640))
- Avoid retaining forks when `requires-python` range changes ([7624](https://github.com/astral-sh/uv/pull/7624))
- Determine if pre-release Python downloads should be allowed using the version specifiers ([7638](https://github.com/astral-sh/uv/pull/7638))
- Fix `link-mode=clone` for directories on Linux ([7620](https://github.com/astral-sh/uv/pull/7620))
- Improve Python executable name discovery when using alternative implementations ([7649](https://github.com/astral-sh/uv/pull/7649))
- Require opt-in to use alternative Python implementations ([7650](https://github.com/astral-sh/uv/pull/7650))
- Use the first pre-release discovered when only pre-release Python versions are available ([7666](https://github.com/astral-sh/uv/pull/7666))

Documentation

- Document environment variable that disables printing of virtual environment name in prompt ([7648](https://github.com/astral-sh/uv/pull/7648))
- Remove double whitespaces from the code ([7623](https://github.com/astral-sh/uv/pull/7623))
- Use anchorlinks rather than permalinks ([7626](https://github.com/astral-sh/uv/pull/7626))

Preview features

- Add build backend scaffolding ([7662](https://github.com/astral-sh/uv/pull/7662))

0.4.15

Bug fixes

- Revert "Treat invalid platform as more compatible than invalid Python (7556)" ([7608](https://github.com/astral-sh/uv/pull/7608))

Documentation

- Add the execution policy to powershell installs for single versions ([7602](https://github.com/astral-sh/uv/pull/7602))

0.4.14

Breaking

- Move uvx shell completion to `uvx --generate-shell-completion` ([7511](https://github.com/astral-sh/uv/pull/7511))

Enhancements

- Adjust messaging for frozen hint on resolution failure during `uv add` ([7597](https://github.com/astral-sh/uv/pull/7597))
- Provide resolution hints in case of possible local name conflicts ([7505](https://github.com/astral-sh/uv/pull/7505))
- Improve Docker image release tagging order and display on `ghcr.io` ([7568](https://github.com/astral-sh/uv/pull/7568))
- Improve deserialization error messages ([7598](https://github.com/astral-sh/uv/pull/7598))

Bug fixes

- Allow system environments during project environment validity check ([7585](https://github.com/astral-sh/uv/pull/7585))
- Avoid validating workspace members when `--no-sources` is provided ([7599](https://github.com/astral-sh/uv/pull/7599))
- Fix handling of `sys.base_prefix` collision in interpreter identity check during tool installs ([7596](https://github.com/astral-sh/uv/pull/7596))
- Make `uv cache prune` robust to unreadable rkyv entries ([7561](https://github.com/astral-sh/uv/pull/7561))
- Revert "Remove duplicate warning for settings discovery errors (7384)" ([7594](https://github.com/astral-sh/uv/pull/7594))

Documentation

- Fix `-` to `_` in packaged applications document ([7571](https://github.com/astral-sh/uv/pull/7571))

0.4.13

Enhancements

- Add `socks` support ([7503](https://github.com/astral-sh/uv/pull/7503))
- Avoid warning about bad Python interpreter links for empty project environment directories ([7527](https://github.com/astral-sh/uv/pull/7527))
- Improve invalid environment warning messages ([7544](https://github.com/astral-sh/uv/pull/7544))
- Use more verbose spelling of "virtualenv" during creation ([7523](https://github.com/astral-sh/uv/pull/7523))
- Do not use a user-facing warning for "Waiting to acquire lock..." message ([7502](https://github.com/astral-sh/uv/pull/7502))

Performance

- Use a single buffer for hints on resolver errors ([7497](https://github.com/astral-sh/uv/pull/7497))

Bug fixes

- Allow Python pre-releases to be used if they are first on the `PATH` ([7470](https://github.com/astral-sh/uv/pull/7470))
- Avoid deleting the project environment directory if it is not a virtual environment ([7522](https://github.com/astral-sh/uv/pull/7522))
- Do not error if the `CACHEDIR.TAG` file exists but cannot be written to ([7550](https://github.com/astral-sh/uv/pull/7550))
- Treat invalid platform as more compatible than invalid Python ([7556](https://github.com/astral-sh/uv/pull/7556))
- Use portable paths when serializing sources ([7504](https://github.com/astral-sh/uv/pull/7504))
- Compute resolver hints using the final reduced derivation tree ([7546](https://github.com/astral-sh/uv/pull/7546))
- Bump the wheel and sdist cache versions ([7560](https://github.com/astral-sh/uv/pull/7560))
- Heal cache entries with missing source distributions ([7559](https://github.com/astral-sh/uv/pull/7559))

Rust libraries

- Bump minimum supported Rust version from 1.80 -> 1.81

Documentation

- Add `UV_LINK_MODE` to Docker caching example ([7510](https://github.com/astral-sh/uv/pull/7510))
- Clarify behavior of of overrides in CLI reference ([7537](https://github.com/astral-sh/uv/pull/7537))

Page 3 of 26

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.