Workflow

Uv

Latest version: v0.5.9

Safety actively analyzes 688931 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 22 of 22

0.1.4

Not secure
Enhancements

- Add CMD support ([1523](https://github.com/astral-sh/uv/pull/1523))
- Improve tracing when encountering invalid `requires-python`
values ([1568](https://github.com/astral-sh/uv/pull/1568))

Bug fixes

- Add graceful fallback for Artifactory indexes ([1574](https://github.com/astral-sh/uv/pull/1574))
- Allow URL requirements in editable installs ([1614](https://github.com/astral-sh/uv/pull/1614))
- Allow repeated dependencies when installing ([1558](https://github.com/astral-sh/uv/pull/1558))
- Always run `get_requires_for_build_wheel` ([1590](https://github.com/astral-sh/uv/pull/1590))
- Avoid propagating top-level options to sub-resolutions ([1607](https://github.com/astral-sh/uv/pull/1607))
- Consistent use of `BIN_NAME` in activation scripts ([1577](https://github.com/astral-sh/uv/pull/1577))
- Enforce URL constraints for non-URL dependencies ([1565](https://github.com/astral-sh/uv/pull/1565))
- Allow non-nested archives for `hexdump` and others ([1564](https://github.com/astral-sh/uv/pull/1564))
- Avoid using `white` coloring in terminal output ([1576](https://github.com/astral-sh/uv/pull/1576))
- Bump simple metadata cache version ([1617](https://github.com/astral-sh/uv/pull/1617))
- Better error messages on expect failures in resolver ([1583](https://github.com/astral-sh/uv/pull/1583))

Documentation

- Add license to activator scripts ([1610](https://github.com/astral-sh/uv/pull/1610))

0.1.3

Not secure
Enhancements

- Add support for `UV_EXTRA_INDEX_URL` ([1515](https://github.com/astral-sh/uv/pull/1515))
- Use the system trust store for HTTPS requests ([1512](https://github.com/astral-sh/uv/pull/1512))
- Automatically detect virtual environments when used
via `python -m uv` ([1504](https://github.com/astral-sh/uv/pull/1504))
- Add warning for empty requirements files ([1519](https://github.com/astral-sh/uv/pull/1519))
- Support MD5 hashes ([1556](https://github.com/astral-sh/uv/pull/1556))

Bug fixes

- Add support for extras in editable requirements ([1531](https://github.com/astral-sh/uv/pull/1531))
- Apply percent-decoding to file-based URLs ([1541](https://github.com/astral-sh/uv/pull/1541))
- Apply percent-decoding to filepaths in HTML find-links ([1544](https://github.com/astral-sh/uv/pull/1544))
- Avoid attempting rename in copy fallback path ([1546](https://github.com/astral-sh/uv/pull/1546))
- Fix list rendering in `venv --help` output ([1459](https://github.com/astral-sh/uv/pull/1459))
- Fix trailing commas on `Requires-Python` in HTML indexes ([1507](https://github.com/astral-sh/uv/pull/1507))
- Read from `/bin/sh` if `/bin/ls` cannot be found when determining libc
path ([1433](https://github.com/astral-sh/uv/pull/1433))
- Remove URL encoding when determining file name ([1555](https://github.com/astral-sh/uv/pull/1555))
- Support recursive extras ([1435](https://github.com/astral-sh/uv/pull/1435))
- Use comparable representation for `PackageId` ([1543](https://github.com/astral-sh/uv/pull/1543))
- fix OS detection for Alpine Linux ([1545](https://github.com/astral-sh/uv/pull/1545))
- only parse /bin/sh (not /bin/ls) ([1493](https://github.com/astral-sh/uv/pull/1493))
- pypi-types: fix lenient requirement parsing ([1529](https://github.com/astral-sh/uv/pull/1529))
- Loosen package script regexp to match spec ([1482](https://github.com/astral-sh/uv/pull/1482))
- Use string display instead of debug for url parse trace ([1498](https://github.com/astral-sh/uv/pull/1498))

Documentation

- Provide example of file based package install. ([1424](https://github.com/astral-sh/uv/pull/1424))
- Adjust link ([1434](https://github.com/astral-sh/uv/pull/1434))
- Add troubleshooting section to benchmarks guide ([1485](https://github.com/astral-sh/uv/pull/1485))
- infra: source github templates ([1425](https://github.com/astral-sh/uv/pull/1425))

0.1.2

Not secure
Enhancements

- Add `--upgrade` support to `pip install` ([1379](https://github.com/astral-sh/uv/pull/1379))
- Add `-U`/`-P` short flags for `--upgrade`/`--upgrade-package` ([1394](https://github.com/astral-sh/uv/pull/1394))
- Add `UV_NO_CACHE` environment variable ([1383](https://github.com/astral-sh/uv/pull/1383))
- uv-cache: Add hidden alias for --no-cache-dir ([1380](https://github.com/astral-sh/uv/pull/1380))

Bug fixes

- Add fix-up for invalid star comparison with major-only version ([1410](https://github.com/astral-sh/uv/pull/1410))
- Add fix-up for trailing comma with trailing space ([1409](https://github.com/astral-sh/uv/pull/1409))
- Allow empty fragments in HTML parser ([1443](https://github.com/astral-sh/uv/pull/1443))
- Fix search for `python.exe` on Windows ([1381](https://github.com/astral-sh/uv/pull/1381))
- Ignore invalid extra named `.none` ([1428](https://github.com/astral-sh/uv/pull/1428))
- Parse `-r` and `-c` entries as relative to containing file ([1421](https://github.com/astral-sh/uv/pull/1421))
- Avoid import contextlib in `_virtualenv` ([1406](https://github.com/astral-sh/uv/pull/1406))
- Decode HTML escapes when extracting SHA ([1440](https://github.com/astral-sh/uv/pull/1440))
- Fix broken URLs parsed from relative paths in registries ([1413](https://github.com/astral-sh/uv/pull/1413))
- Improve error message for invalid sdist archives ([1389](https://github.com/astral-sh/uv/pull/1389))

Documentation

- Re-add license badge to the README ([1333](https://github.com/astral-sh/uv/pull/1333))
- Replace "novel" in README ([1365](https://github.com/astral-sh/uv/pull/1365))
- Tweak some grammar in the README ([1387](https://github.com/astral-sh/uv/pull/1387))
- Update README.md to include venv activate ([1411](https://github.com/astral-sh/uv/pull/1411))
- Update wording and add `alt` tag ([1423](https://github.com/astral-sh/uv/pull/1423))

0.1.1

Not secure
Bug fixes

- Fix bug where `python3` is not found in the global path ([1351](https://github.com/astral-sh/uv/pull/1351))

Documentation

- Fix diagram alignment ([1354](https://github.com/astral-sh/uv/pull/1354))
- Grammar nit ([1345](https://github.com/astral-sh/uv/pull/1345))

<!-- prettier-ignore-end -->

0.1.0

Not secure
requires-python = ">=3.12.0"

[project.optional-dependencies]
Include `torch` whenever `--extra cpu` or `--extra gpu` is provided.
cpu = ["torch>=2.5.1"]
gpu = ["torch>=2.5.1"]

[tool.uv]
But allow `cpu` and `gpu` to choose conflicting versions of `torch`.
conflicts = [[{ extra = "cpu" }, { extra = "gpu" }]]

[tool.uv.sources]
torch = [
With `--extra cpu`, pull PyTorch from the CPU-only index.
{ index = "pytorch-cpu", extra = "cpu", marker = "platform_system != 'Darwin'" },
With `--extra gpu`, pull PyTorch from the GPU-enabled index.
{ index = "pytorch-gpu", extra = "gpu" },
]

[[tool.uv.index]]
name = "pytorch-cpu"
url = "https://download.pytorch.org/whl/cpu"
explicit = true

[[tool.uv.index]]
name = "pytorch-gpu"
url = "https://download.pytorch.org/whl/cu124"
explicit = true


See the [PyTorch](https://docs.astral.sh/uv/guides/integration/pytorch/) documentation for more.

Enhancements

- Allow conflicting extras in explicit index assignments ([9160](https://github.com/astral-sh/uv/pull/9160))
- Support overrides and constraints in PEP 723 scripts ([9162](https://github.com/astral-sh/uv/pull/9162))
- Update `uv tool install --force` to imply `--reinstall-package <name>` ([9074](https://github.com/astral-sh/uv/pull/9074))
- Turn `--verify-hashes` on by default ([9170](https://github.com/astral-sh/uv/pull/9170))

Performance

- Enable `zlib-rs` on all platforms ([9202](https://github.com/astral-sh/uv/pull/9202))

Bug fixes

- Allow apostrophe in virtual environment name ([8984](https://github.com/astral-sh/uv/pull/8984))
- Automatically retry body errors when processing response ([9213](https://github.com/astral-sh/uv/pull/9213))
- Detect nested workspace inside the current workspace and members with identical names ([9094](https://github.com/astral-sh/uv/pull/9094))
- Only install the specified project with `--frozen --package` in legacy non-`[project]` workspaces ([9215](https://github.com/astral-sh/uv/pull/9215))
- Respect `[[tool.uv.index]]` in PEP 723 scripts ([9208](https://github.com/astral-sh/uv/pull/9208))
- Show derivation markers for resolutions with project name ([9136](https://github.com/astral-sh/uv/pull/9136))
- Sort distributions when computing hash ([9185](https://github.com/astral-sh/uv/pull/9185))
- Include trampolines in source distributions on Windows ([9172](https://github.com/astral-sh/uv/pull/9172))

Documentation

- Add `--index <name>=<url>` syntax to index documentation ([9139](https://github.com/astral-sh/uv/pull/9139))
- Add documentation for using uv with PyTorch ([9210](https://github.com/astral-sh/uv/pull/9210))

Error messages

- Add a dedicated error for `include = "dev"` with `tool.uv.dev-dependencies` ([9173](https://github.com/astral-sh/uv/pull/9173))
- Avoid showing disjoint marker error with `true` ([9169](https://github.com/astral-sh/uv/pull/9169))
- Improve error message when `git` is not found ([9206](https://github.com/astral-sh/uv/pull/9206))
- Include extras and dependency groups in derivation chains ([9113](https://github.com/astral-sh/uv/pull/9113))
- Include version constraints in derivation chains ([9112](https://github.com/astral-sh/uv/pull/9112))

Page 22 of 22

Links

Releases

Has known vulnerabilities

Previous

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.