Workflow

Uv

Latest version: v0.5.9

Safety actively analyzes 688931 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 20 of 22

0.1.16

Not secure
Enhancements

- Add support for `--no-build-isolation` ([2258](https://github.com/astral-sh/uv/pull/2258))
- Add support for `--break-system-packages` ([2249](https://github.com/astral-sh/uv/pull/2249))
- Add support for `.netrc` authentication ([2241](https://github.com/astral-sh/uv/pull/2241))
- Add support for `--format=freeze` and `--format=json`
in `uv pip list` ([1998](https://github.com/astral-sh/uv/pull/1998))
- Add support for remote `https://` requirements files (#1332) ([2081](https://github.com/astral-sh/uv/pull/2081))
- Implement `uv pip show` ([2115](https://github.com/astral-sh/uv/pull/2115))
- Allow `UV_PRERELEASE` to be set via environment variable ([2240](https://github.com/astral-sh/uv/pull/2240))
- Include exit code for build failures ([2108](https://github.com/astral-sh/uv/pull/2108))
- Query interpreter to determine correct `virtualenv` paths, enabling `uv venv` with PyPy and
others ([2188](https://github.com/astral-sh/uv/pull/2188))
- Respect non-`sysconfig`-based system Pythons, enabling `--system` installs on Debian and
others ([2193](https://github.com/astral-sh/uv/pull/2193))

Bug fixes

- Fallback to fresh request on non-validating 304 ([2218](https://github.com/astral-sh/uv/pull/2218))
- Add `.stdout()` and `.stderr()` outputs to `Printer` ([2227](https://github.com/astral-sh/uv/pull/2227))
- Close `RECORD` after reading entries during uninstall ([2259](https://github.com/astral-sh/uv/pull/2259))
- Fix Conda Python detection on Windows ([2279](https://github.com/astral-sh/uv/pull/2279))
- Fix parsing requirement where a variable follows an operator without a
space ([2273](https://github.com/astral-sh/uv/pull/2273))
- Prefer more recent minor versions in wheel tags ([2263](https://github.com/astral-sh/uv/pull/2263))
- Retry on Python interpreter launch failures during `--compile` ([2278](https://github.com/astral-sh/uv/pull/2278))
- Show appropriate activation command based on shell detection ([2221](https://github.com/astral-sh/uv/pull/2221))
- Escape Windows paths with spaces in `venv` activation command ([2223](https://github.com/astral-sh/uv/pull/2223))
- Add specialized activation message for `cmd.exe` ([2226](https://github.com/astral-sh/uv/pull/2226))
- Cache wheel metadata in no-PEP 658 fallback ([2255](https://github.com/astral-sh/uv/pull/2255))
- Use reparse points to detect Windows installer shims ([2284](https://github.com/astral-sh/uv/pull/2284))

Documentation

- Add `PIP_COMPATIBILITY.md` to document known deviations
from `pip` ([2244](https://github.com/astral-sh/uv/pull/2244))

0.1.15

Not secure
Enhancements

- Add a `--compile` option to `install` to enable bytecode
compilation ([2086](https://github.com/astral-sh/uv/pull/2086))
- Expose the `--exclude-newer` flag to limit candidate packages based on
date ([2166](https://github.com/astral-sh/uv/pull/2166))
- Add `uv` version to user agent ([2136](https://github.com/astral-sh/uv/pull/2136))

Bug fixes

- Set `.metadata` suffix on URL path ([2123](https://github.com/astral-sh/uv/pull/2123))
- Fallback to non-range requests when HEAD returns 404 ([2186](https://github.com/astral-sh/uv/pull/2186))
- Allow direct URLs in optional dependencies in editables ([2206](https://github.com/astral-sh/uv/pull/2206))
- Allow empty values in WHEEL files ([2170](https://github.com/astral-sh/uv/pull/2170))
- Avoid Windows Store shims in `--python python3`-like invocations ([2212](https://github.com/astral-sh/uv/pull/2212))
- Expand Windows shim detection to include `python3.12.exe` ([2209](https://github.com/astral-sh/uv/pull/2209))
- HTML-decode URLs in HTML indexes ([2215](https://github.com/astral-sh/uv/pull/2215))
- Make direct dependency detection respect markers ([2207](https://github.com/astral-sh/uv/pull/2207))
- Respect `py --list-paths` fallback in `--python python3` invocations on
Windows ([2214](https://github.com/astral-sh/uv/pull/2214))
- Respect local freshness when auditing installed environment ([2169](https://github.com/astral-sh/uv/pull/2169))
- Respect markers on URL dependencies in editables ([2176](https://github.com/astral-sh/uv/pull/2176))
- Respect nested editable requirements in parser ([2204](https://github.com/astral-sh/uv/pull/2204))
- Run Windows against Python 3.13 ([2171](https://github.com/astral-sh/uv/pull/2171))
- Error when editables don't match `Requires-Python` ([2194](https://github.com/astral-sh/uv/pull/2194))

0.1.14

Not secure
Enhancements

- Add support for `--system-site-packages` in `uv venv` ([2101](https://github.com/astral-sh/uv/pull/2101))
- Add support for Python installed from Windows Store ([2122](https://github.com/astral-sh/uv/pull/2122))
- Expand environment variables in `-r` and `-c` subfile paths ([2143](https://github.com/astral-sh/uv/pull/2143))
- Treat empty index URL strings as null instead of erroring ([2137](https://github.com/astral-sh/uv/pull/2137))
- Use space as delimiter for `UV_EXTRA_INDEX_URL` ([2140](https://github.com/astral-sh/uv/pull/2140))
- Report line and column numbers in `requirements.txt` parser
errors ([2100](https://github.com/astral-sh/uv/pull/2100))
- Improve error messages when `uv` is offline ([2110](https://github.com/astral-sh/uv/pull/2110))

Bug fixes

- Future-proof the `pip` entrypoints special-case ([1982](https://github.com/astral-sh/uv/pull/1982))
- Allow empty extras in `pep508-rs` and add more corner case to
tests ([2128](https://github.com/astral-sh/uv/pull/2128))
- Adjust base Python lookup logic for Windows to respect Windows
Store ([2121](https://github.com/astral-sh/uv/pull/2121))
- Consider editable dependencies to be 'direct' for `--resolution` ([2114](https://github.com/astral-sh/uv/pull/2114))
- Preserve environment variables in resolved Git dependencies ([2125](https://github.com/astral-sh/uv/pull/2125))
- Use `prefix` instead of `base_prefix` for environment root ([2117](https://github.com/astral-sh/uv/pull/2117))
- Wrap unsafe script shebangs in `/bin/sh` ([2097](https://github.com/astral-sh/uv/pull/2097))
- Make WHEEL parsing error line numbers one indexed ([2151](https://github.com/astral-sh/uv/pull/2151))
- Determine `site-packages` path based on implementation name ([2094](https://github.com/astral-sh/uv/pull/2094))

Documentation

- Add caveats on `--system` support to the README ([2131](https://github.com/astral-sh/uv/pull/2131))
- Add instructions for `SSL_CERT_FILE` env var ([2124](https://github.com/astral-sh/uv/pull/2124))

0.1.13

Not secure
Bug fixes

- Prioritize `PATH` over `py --list-paths` in Windows selection ([2057](https://github.com/astral-sh/uv/pull/2057)).
This fixes an issue in which the `--system` flag would not work correctly on Windows in GitHub Actions.
- Avoid canonicalizing user-provided interpreters ([2072](https://github.com/astral-sh/uv/pull/2072)). This fixes an
issue in which the `--python` flag would not work correctly with pyenv and other interpreters.
- Allow pre-releases for requirements in constraints files ([2069](https://github.com/astral-sh/uv/pull/2069))
- Avoid truncating EXTERNALLY-MANAGED error message ([2073](https://github.com/astral-sh/uv/pull/2073))
- Extend activation highlighting to entire `venv` command ([2070](https://github.com/astral-sh/uv/pull/2070))
- Reverse the order of `--index-url` and `--extra-index-url`
priority ([2083](https://github.com/astral-sh/uv/pull/2083))
- Avoid assuming `RECORD` file is in `platlib` ([2091](https://github.com/astral-sh/uv/pull/2091))

0.1.12

Not secure
CLI

- Add a `--python` flag to allow installation into arbitrary Python
interpreters ([2000](https://github.com/astral-sh/uv/pull/2000))
- Add a `--system` flag for opt-in non-virtualenv installs ([2046](https://github.com/astral-sh/uv/pull/2046))

Enhancements

- Add a `--pre` alias for `--prerelease=allow` ([2049](https://github.com/astral-sh/uv/pull/2049))
- Enable `freeze` and `list` to introspect non-virtualenv Pythons ([2033](https://github.com/astral-sh/uv/pull/2033))
- Support environment variables in index URLs in requirements files ([2036](https://github.com/astral-sh/uv/pull/2036))
- Add `--exclude-editable` and `--exclude` args to `uv pip list` ([1985](https://github.com/astral-sh/uv/pull/1985))
- Always remove color codes from output file ([2018](https://github.com/astral-sh/uv/pull/2018))
- Support recursive extras in direct `pyproject.toml` files ([1990](https://github.com/astral-sh/uv/pull/1990))
- Un-cache editable requirements with dynamic metadata ([2029](https://github.com/astral-sh/uv/pull/2029))
- Use a non-local lockfile for locking system interpreters ([2045](https://github.com/astral-sh/uv/pull/2045))
- Surface the `EXTERNALLY-MANAGED` message to users ([2032](https://github.com/astral-sh/uv/pull/2032))

0.1.11

Not secure
Enhancements

- Add support for pip-compile's `--unsafe-package` flag ([1889](https://github.com/astral-sh/uv/pull/1889))
- Improve interpreter discovery logging ([1909](https://github.com/astral-sh/uv/pull/1909))
- Implement `uv pip list` ([1662](https://github.com/astral-sh/uv/pull/1662))
- Allow round-trip via `freeze` command ([1936](https://github.com/astral-sh/uv/pull/1936))
- Don't write pip compile output to stdout with `-q` ([1962](https://github.com/astral-sh/uv/pull/1962))
- Add long-form version output ([1930](https://github.com/astral-sh/uv/pull/1930))

Compatibility

- Accept single string for `backend-path` ([1969](https://github.com/astral-sh/uv/pull/1969))
- Add compatibility for deprecated `python_implementation` marker ([1933](https://github.com/astral-sh/uv/pull/1933))
- Generate versioned `pip` launchers ([1918](https://github.com/astral-sh/uv/pull/1918))

Bug fixes

- Avoid erroring for source distributions with symlinks in archive ([1944](https://github.com/astral-sh/uv/pull/1944))
- Expand scope of archive timestamping ([1960](https://github.com/astral-sh/uv/pull/1960))
- Gracefully handle virtual environments with conflicting packages ([1893](https://github.com/astral-sh/uv/pull/1893))
- Invalidate dependencies when editables are updated ([1955](https://github.com/astral-sh/uv/pull/1955))
- Make < exclusive for non-pre-release markers ([1878](https://github.com/astral-sh/uv/pull/1878))
- Properly apply constraints in venv audit ([1956](https://github.com/astral-sh/uv/pull/1956))
- Re-sync editables on-change ([1959](https://github.com/astral-sh/uv/pull/1959))
- Remove current directory from PATH in PEP 517 hooks ([1975](https://github.com/astral-sh/uv/pull/1975))
- Remove `--upgrade` and `--quiet` flags from generated output
files ([1873](https://github.com/astral-sh/uv/pull/1873))
- Use full python version in `pyvenv.cfg` ([1979](https://github.com/astral-sh/uv/pull/1979))

Performance

- fix `uv pip install` handling of gzip'd response and PEP 691 ([1978](https://github.com/astral-sh/uv/pull/1978))
- Remove `spawn_blocking` from version map ([1966](https://github.com/astral-sh/uv/pull/1966))

Documentation

- Clarify `lowest` vs. `lowest-direct` resolution strategies ([1954](https://github.com/astral-sh/uv/pull/1954))
- Improve error message for network timeouts ([1961](https://github.com/astral-sh/uv/pull/1961))

Page 20 of 22

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.