Workflow

Uv

Latest version: v0.5.9

Safety actively analyzes 688924 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 22

0.4.4

Enhancements

- Allow customizing the project environment path with `UV_PROJECT_ENVIRONMENT` ([6834](https://github.com/astral-sh/uv/pull/6834))
- Warn when `VIRTUAL_ENV` is set but will not be respected in project commands ([6864](https://github.com/astral-sh/uv/pull/6864))
- Add `--no-hashes` to `uv export` ([6954](https://github.com/astral-sh/uv/pull/6954))
- Make HTTP headers title case for backward compatibility ([6887](https://github.com/astral-sh/uv/pull/6887))
- Pin `.python-version` in `uv init` ([6869](https://github.com/astral-sh/uv/pull/6869))
- Support `file://` URLs for `UV_PYTHON_INSTALL_MIRROR` ([6950](https://github.com/astral-sh/uv/pull/6950))
- Introduce more docker tags for uv ([6053](https://github.com/astral-sh/uv/pull/6053))

Bug fixes

- Avoid canonicalizing the cache directory ([6949](https://github.com/astral-sh/uv/pull/6949))
- Show all PyPy versions in `uv python list --all-versions` ([6917](https://github.com/astral-sh/uv/pull/6917))
- Avoid incorrect `requires-python` marker simplifications ([6268](https://github.com/astral-sh/uv/pull/6268))

Documentation

- Add documentation for `UV_PROJECT_ENVIRONMENT` ([6987](https://github.com/astral-sh/uv/pull/6987))
- Add optional dependencies section to the lockfile document ([6982](https://github.com/astral-sh/uv/pull/6982))
- Document use of the `file://` scheme in Python installation mirrors ([6984](https://github.com/astral-sh/uv/pull/6984))
- Fix outdated references to the help menu documentation in the first steps page ([6980](https://github.com/astral-sh/uv/pull/6980))
- Show env option in CLI reference documentation ([6863](https://github.com/astral-sh/uv/pull/6863))
- Add bind mount example to `docker.md` ([6921](https://github.com/astral-sh/uv/pull/6921))

0.4.3

Enhancements

- Show build backend output when `--verbose` is provided ([6903](https://github.com/astral-sh/uv/pull/6903))
- Allow `uv sync --frozen --package` without copying member `pyproject.toml` ([6943](https://github.com/astral-sh/uv/pull/6943))

Bug fixes

- Avoid panic with missing temporary directory ([6929](https://github.com/astral-sh/uv/pull/6929))
- Avoid updating incorrect dependencies for sorted `uv add` ([6939](https://github.com/astral-sh/uv/pull/6939))
- Use lower-bound semantics for all Python compatibility comparisons ([6882](https://github.com/astral-sh/uv/pull/6882))

0.4.2

Enhancements

- Adding support for `.pyc` files in `uv run` ([6886](https://github.com/astral-sh/uv/pull/6886))
- Treat missing `top_level.txt` as non-fatal ([6881](https://github.com/astral-sh/uv/pull/6881))

Bug fixes

- Fix `is_disjoint` check for supported environments ([6902](https://github.com/astral-sh/uv/pull/6902))
- Remove dangling archives in `uv cache clean ${package}` ([6915](https://github.com/astral-sh/uv/pull/6915))
- Error when discovered Python is incompatible with `--isolated` workspace ([6885](https://github.com/astral-sh/uv/pull/6885))
- Warn when discovered Python is incompatible with PEP 723 script ([6884](https://github.com/astral-sh/uv/pull/6884))

0.4.1

Enhancements

- Add `uv export --format requirements-txt` ([6778](https://github.com/astral-sh/uv/pull/6778))
- Allow `` references in `uv tool install --from` ([6842](https://github.com/astral-sh/uv/pull/6842))
- Normalize version specifiers by sorting ([6333](https://github.com/astral-sh/uv/pull/6333))
- Respect the user's upper-bound in `requires-python` ([6824](https://github.com/astral-sh/uv/pull/6824))
- Use Windows registry to discover Python on Windows directly ([6761](https://github.com/astral-sh/uv/pull/6761))
- Hint at `--no-workspace` in `uv init` failures ([6815](https://github.com/astral-sh/uv/pull/6815))
- Update to last PyPy releases ([6784](https://github.com/astral-sh/uv/pull/6784))

Bug fixes

- Avoid deadlocks when multiple uv processes lock resources ([6790](https://github.com/astral-sh/uv/pull/6790))
- Expand tildes when matching against `PATH` ([6829](https://github.com/astral-sh/uv/pull/6829))
- Fix `uv init --no-project` alias ([6837](https://github.com/astral-sh/uv/pull/6837))
- Ignore pre-release segments when discovering via `requires-python` ([6813](https://github.com/astral-sh/uv/pull/6813))
- Support inline optional tables in `uv add` and `uv remove` ([6787](https://github.com/astral-sh/uv/pull/6787))
- Update default `hello.py` to pass `ruff format` ([6811](https://github.com/astral-sh/uv/pull/6811))
- Avoid stripping root for user path display ([6865](https://github.com/astral-sh/uv/pull/6865))
- Error when user-provided environments are disjoint with Python ([6841](https://github.com/astral-sh/uv/pull/6841))
- Retain alphabetical sorting for `pyproject.toml` in `uv add` operations ([6388](https://github.com/astral-sh/uv/pull/6388))))

Documentation

- Add a link to the multiple index docs in the alternative index guide ([6826](https://github.com/astral-sh/uv/pull/6826))
- Add docs for inline exclude newer in PEP 723 scripts ([6831](https://github.com/astral-sh/uv/pull/6831))
- Enumerate available Docker tags ([6768](https://github.com/astral-sh/uv/pull/6768))
- Omit `[pip]` section from configuration file docs ([6814](https://github.com/astral-sh/uv/pull/6814))
- Update `project.urls` in `pyproject.toml` ([6844](https://github.com/astral-sh/uv/pull/6844))
- Add docs for AWS CodeArtifact usage ([6816](https://github.com/astral-sh/uv/pull/6816))

Other changes

0.4.0

This release adds first-class support for Python projects that are not designed as Python packages (e.g., web applications, data science projects, etc.).

In doing so, it includes some breaking changes around uv's handling of projects. Previously, uv required that all projects could be built into distributable Python packages, and installed them into the virtual environment. Projects created by `uv init` always included a `[build-system]` definition and existing projects that did not define a `[build-system]` would use the legacy setuptools build backend by default.

Most users are not developing libraries that need to be packaged and published to PyPI. Instead, they're building applications using web frameworks, or running collections of Python scripts in the project's root directory. In these cases, requiring a `[build-system]` was confusing and error-prone. In this release, uv changes the default behavior to orient around these common use cases.

In summary, the major changes are:

- uv no longer attempts to package and install projects that do not define a `[build-system]`.
- While the project itself will not be installed into the virtual environment, its dependencies will still be included.
- The previous behavior can be recovered by setting `package = true` in the `[tool.uv]` section of your `pyproject.toml`.
- `uv init` no longer creates a `src/` directory or defines a `[build-system]` by default.
- The previous behavior can be recovered with `uv init --lib` or `uv init --app --package`.
- uv allows and recommends including `[project]` definitions in virtual workspace roots.
- Previously, the uv required the `[project]` section to be omitted.
- uv allows disabling packaging of projects, even if they define a `[build-system]`, by setting `package = false` in the `[tool.uv]` section of your `pyproject.toml`.

See the latest documentation on [build systems in projects](http://docs.astral.sh/uv/concepts/projects/#build-systems) for more details.

Enhancements

- Add first-class support for non-packaged projects ([6585](https://github.com/astral-sh/uv/pull/6585))
- Add `--app` and `--lib` options to `uv init` ([6689](https://github.com/astral-sh/uv/pull/6689))
- Use `virtual` source label in lockfile for non-packaged dependencies ([6728](https://github.com/astral-sh/uv/pull/6728))
- Read hash from URL fragment if `--hashes` are omitted ([6731](https://github.com/astral-sh/uv/pull/6731))
- Support `{package}{version}` in `uv tool install` ([6762](https://github.com/astral-sh/uv/pull/6762))
- Publish additional Docker tags without patch version ([6734](https://github.com/astral-sh/uv/pull/6734))

Bug fixes

- Accept either strings or structs for hosts ([6763](https://github.com/astral-sh/uv/pull/6763))
- Avoid including non-excluded members in parent workspaces ([6735](https://github.com/astral-sh/uv/pull/6735))
- Avoid reading stale `.egg-info` from mutable sources ([6714](https://github.com/astral-sh/uv/pull/6714))
- Avoid writing invalid PEP 723 scripts on `tool.uv.sources` ([6706](https://github.com/astral-sh/uv/pull/6706))
- Compare virtual members when invalidating lockfile ([6754](https://github.com/astral-sh/uv/pull/6754))
- Do not require workspace members to sync with `--frozen` ([6737](https://github.com/astral-sh/uv/pull/6737))
- Implement deserialization for trusted host ([6716](https://github.com/astral-sh/uv/pull/6716))
- Avoid showing duplicate paths in `uv python list` ([6740](https://github.com/astral-sh/uv/pull/6740))
- Raise an error for unclosed script tags in PEP 723 scripts ([6704](https://github.com/astral-sh/uv/pull/6704))

Documentation

- Add dependabot and renovate documentation page ([6236](https://github.com/astral-sh/uv/pull/6236))
- Bind to the host to allow connections in FastAPI Docker example ([6753](https://github.com/astral-sh/uv/pull/6753))
- Fix some broken links ([6705](https://github.com/astral-sh/uv/pull/6705))
- Update FastAPI guide for virtual projects and use `uv init` to create the `pyproject.toml` ([6752](https://github.com/astral-sh/uv/pull/6752))
- Update project documentation for the application / library concepts ([6718](https://github.com/astral-sh/uv/pull/6718))
- Update workspace documentation to remove legacy virtual projects ([6720](https://github.com/astral-sh/uv/pull/6720))

0.3.5

Enhancements

- Add support for `--allow-insecure-host` (aliased to `--trusted-host`) ([6591](https://github.com/astral-sh/uv/pull/6591))
- Read requirements from `requires.txt` when available ([6655](https://github.com/astral-sh/uv/pull/6655))
- Respect `tool.uv.environments` in `pip compile --universal` ([6663](https://github.com/astral-sh/uv/pull/6663))
- Use relative paths by default in `uv add` ([6686](https://github.com/astral-sh/uv/pull/6686))
- Improve messages for empty solves and installs ([6588](https://github.com/astral-sh/uv/pull/6588))

Bug fixes

- Avoid reusing state across tool upgrades ([6660](https://github.com/astral-sh/uv/pull/6660))
- Detect musl and error for musl Python builds ([6643](https://github.com/astral-sh/uv/pull/6643))
- Ignore `send` errors in installer ([6667](https://github.com/astral-sh/uv/pull/6667))

Documentation

- Add development section to Docker guide and reference new example project ([6666](https://github.com/astral-sh/uv/pull/6666))
- Add docs for `constraint-dependencies` and `override-dependencies` ([6596](https://github.com/astral-sh/uv/pull/6596))
- Clarify package priority order in pip compatibility guide ([6619](https://github.com/astral-sh/uv/pull/6619))
- Fix docs for disabling build isolation with `uv sync` ([6674](https://github.com/astral-sh/uv/pull/6674))
- Improve consistency of directory lookup instructions in Docker ([6665](https://github.com/astral-sh/uv/pull/6665))
- Improve lockfile concept documentation, add coverage for upgrades ([6698](https://github.com/astral-sh/uv/pull/6698))
- Shift the order of some of the Docker guide content ([6664](https://github.com/astral-sh/uv/pull/6664))
- Use `python` to highlight requirements and use more content tabs ([6549](https://github.com/astral-sh/uv/pull/6549))

Page 7 of 22

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.