Commit Graph

1217 Commits

Author SHA1 Message Date
Zanie Blue 735b87004c Bump version to 0.9.13 (#16862) 2025-11-26 15:12:54 +00:00
Zanie Blue 0fb1233363 Bump version to 0.9.12 (#16840) 2025-11-24 23:22:12 +00:00
William Woodruff 7b3199f07c Collect and upload PEP 740 attestations during uv publish (#16731)
Co-authored-by: konsti <konstin@mailbox.org>
2025-11-24 16:47:15 -05:00
Zanie Blue 4b92f4fde4 Move the "Export" guide to the projects concept section (#16835)
I consider this a bit too advanced to be in the top-level guides
2025-11-24 10:39:52 -06:00
Zanie Blue 666059bd88 Add documentation for intermediate Docker layers in a workspace (#16787) 2025-11-24 15:22:27 +00:00
Zanie Blue d3a9455998 Update the cargo install recommendation to use crates (#16800) 2025-11-20 20:05:46 -06:00
Zanie Blue 4be1e0a83c Bump version to 0.9.11 (#16794) 2025-11-20 16:24:01 -06:00
Zanie Blue dfe89047bb Publish to crates.io (#16770) 2025-11-20 21:26:44 +00:00
Zanie Blue 5eda329e5a Improve note about build system in publish guide (#16788)
Addresses
https://github.com/astral-sh/uv/issues/5605#issuecomment-3549958048
2025-11-20 13:59:59 -06:00
Zanie Blue 75bd2ea0c5 Move do not upload publish note out of the guide into concepts (#16789)
This feels a little out of place here and it seems nice to be able to
link to it.
2025-11-20 12:33:15 -06:00
Tom Schafer fd7e6d0a05 Add SBOM export support (#16523)
Co-authored-by: Will Rollason <william.rollason@snyk.io>
2025-11-20 12:52:31 -05:00
pythonweb2 7d8634bf35 Document the new behavior for free-threaded python versions (#16781)
## Summary

I noticed that after first installing the free-threaded version, then
the gil version of 3.14, I wasn't able
to install greenlet, because it doesn't ship with wheels for the
free-threaded version (I think it isn't
safe for it to use that interpreter). I noticed that the change made in
3.14 wasn't updated in the docs.

## Test Plan

N/A

---------

Co-authored-by: Wade Roberts <wade.roberts@centralsquare.com>
Co-authored-by: Zanie Blue <contact@zanie.dev>
2025-11-20 08:58:49 -06:00
Zanie Blue 3ac43e8d15 Disable always-authenticate when running under Dependabot (#16773)
Dependabot appears to run a proxy which intercepts all requests and adds
credentials — credentials are _not_ provided via the CLI or environment
variables and there's no way for a user to do so. This means that when
`authenticate = "always"` is used (or when the index URL is on a pyx
domain), uv will fail even though Dependabot may intercept the request
and add credentials.

See
https://github.com/dependabot/dependabot-core/#private-registry-credential-management
2025-11-18 15:43:44 -06:00
Zanie Blue cda7fc3fda Revert "Fix CMD path in FastAPI Dockerfile (#16701)" (#16752)
This reverts commit 92230ba679 from #16701

See https://github.com/astral-sh/uv/pull/16701#issuecomment-3538541379
2025-11-17 13:17:27 -06:00
konsti 44f5a14f40 Bump version to 0.9.10 (#16762)
Motivated by https://github.com/astral-sh/uv/pull/16759

Doesn't contain https://github.com/astral-sh/uv/pull/16752, but that one
doesn't seem critical
2025-11-17 16:29:14 +00:00
Zanie Blue 07e03ee776 Add uv workspace list to list workspace members (#16691)
I'm a little wary here, in the sense that it might be silly to have a
command that does something so simple that's covered by `uv workspace
metadata`? but I think this could be stabilized much faster than `uv
workspace metadata` and makes it easier to write scripts against
workspace members.

---------

Co-authored-by: liam <liam@scalzulli.com>
2025-11-17 09:35:50 -06:00
Zsolt Dollenstein 6f525f9462 Add a "storage" reference document (#15954)
Co-authored-by: Zanie Blue <contact@zanie.dev>
2025-11-17 09:38:14 -05:00
samypr100 bf99f0a195 Add support for SSL_CERT_DIR (#16473)
## Summary

Closes https://github.com/astral-sh/uv/issues/16414

Adds support for the standard
[SSL_CERT_DIR](https://docs.openssl.org/3.6/man3/SSL_CTX_load_verify_locations)
which has gained recent proper support from
[rustls-native-certs](https://github.com/rustls/rustls-native-certs/pull/187)
in v0.8.2.

In addition, this PR clarifies documentation around `SSL_CERT_FILE` and
`SSL_CERT_DIR` when used in combination with `UV_NATIVE_TLS` as
mentioned in
https://github.com/astral-sh/uv/issues/16412#issuecomment-3434927201

## Test Plan

Manually tested with custom cert chains in multiple directories and
loading them via SSL_CERT_DIR. We didn't have tests for `SSL_CERT_FILE`
or `SSL_CERT_DIR` environment variables so I added a basic one using our
own test-only certificate generation and dummy https server. I also
moved some things around for better reuse.
2025-11-16 11:48:31 -06:00
Meitar Reihan b9826778b9 Support http/https URLs in uv python --python-downloads-json-url (#16542)
continuation PR based on #14687

---------

Co-authored-by: Geoffrey Thomas <geofft@ldpreload.com>
Co-authored-by: Aria Desires <aria.desires@gmail.com>
2025-11-14 17:51:24 -05:00
Meitar Reihan 7f4d8c67a8 Account for python_downloads_json_url on Pre-release Python version warnings (#16737)
Solves #16711
2025-11-14 15:12:35 -06:00
Zanie Blue f5ce5b47c8 Add support for --upgrade in uv python install (#16676)
This allows us to suggest `uv python install --upgrade 3.14` as the
canonical way to get the latest patch version of a given Python
regardless of whether it is installed already. Currently, you can do `uv
python upgrade 3.14` and it will install it, but I'd like to remove that
behavior as I find it very surprising.
2025-11-13 09:55:48 -06:00
Mikayla Thompson 88811553e4 pip install --target (and sync) install python if necessary (#16694)
## Summary

As described in https://github.com/astral-sh/uv/issues/12229, `pip
install` with `--target` or `--prefix` seem like they should install the
necessary python version if it doesn't exist, but they currently don't.

Most minimal reproduction is something like:
```
> uv python uninstall 3.13
...
> uv pip install anyio --target target-dir --python 3.13
error: No interpreter found for Python 3.13 in virtual environments, managed installations, or search path
```

This also fails without `--target`, but a venv is expected in that case,
so the with `--target`/`--prefix` is the only version that needs to be
fixed. The same mechanism occurs for `uv pip sync` as well.

## Test Plan

Added tests for install and sync that failed before fix and now pass.

---------

Signed-off-by: Mikayla Thompson <mrt@mikayla.codes>
2025-11-12 15:42:52 -07:00
Zanie Blue 4fac4cb7ed Bump version to 0.9.9 (#16708) 2025-11-12 18:14:44 +00:00
Charlie Marsh 2c0d166260 Add only-emit-workspace and similar variants to uv export (#16681)
## Summary

This is useful for scenarios in which you want to emit the workspace
dependencies, but nothing else.
2025-11-12 16:51:45 +00:00
jspablo 92230ba679 Fix CMD path in FastAPI Dockerfile (#16701)
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:

- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->

## Summary

Fix suggestion for uv when used with FastAPI and Docker.

## Test Plan

The Dockerfile sets `/app` as workdir, later the CMD command points
again to `app/main.py` instead of only `main.py`, causing the following
error:
```
Path does not exist app/main.py
```
2025-11-12 07:39:14 -06:00
Mikayla Thompson b81060674e workspace dir command (#16678)
Addresses https://github.com/astral-sh/uv/issues/13636

Prints the path to the workspace root by default, and any of the child
packages if requested.

I looped it into the same preview flag as `workspace metadata`, given
how closely related they are.

## Summary

```
─> uv workspace dir
/Users/mikayla/code/uv/dev-envs

─> uv workspace dir --package foo-proj
/Users/mikayla/code/uv/dev-envs/foo-proj

─> uv workspace dir --package bar-proj
error: Package `bar-proj` not found in workspace.
```

## Test Plan

Unit tests added.

---------

Signed-off-by: Mikayla Thompson <mrt@mikayla.codes>
Co-authored-by: Zanie Blue <contact@zanie.dev>
2025-11-11 12:30:39 -07:00
liam 63ab247765 Allow explicit values with uv version --bump (#16555)
Resolves https://github.com/astral-sh/uv/issues/16427

This PR updates `uv version --bump` so you can pin the exact number
you’re targeting, i.e. `--bump patch=10` or `--bump dev=42`. The
command-line interface now parses those `component=value` flags, and the
bump logic actually sets the version to the number you asked for.
2025-11-11 12:27:32 -05:00
Zanie Blue 3ccad58166 Add uv workspace metadata (#16516)
This adds the scaffolding for a `uv workspace metadata` command, as an
equivalent to `cargo metadata`, for integration with downstream tools. I
didn't do much here beyond emit the workspace root path and the paths of
the workspace members. I explored doing a bit more in #16638, but I
think we're actually going to want to come up with a fairly
comprehensive schema like `cargo metadata` has. I've started exploring
that too, but I don't have a concrete proposal to share yet.

I don't want this to be a top-level command because I think people would
expect `uv metadata <PACKAGE>` to show metadata about arbitrary packages
(this has been requested several times). I also think we can do other
things in the workspace namespace to make trivial integrations simpler,
like `uv workspace list` (enumerate members) and `uv workspace dir`
(show the path to the workspace root).

I don't expect this to be stable at all to start. I've both gated it
with preview and hidden it from the help. The intent is to merge so we
can iterate on it as we figure out what integrations need.
2025-11-11 15:46:01 +00:00
Mikayla Thompson f22af0f88a Deprecate --project arg for init (#16674)
Addresses https://github.com/astral-sh/uv/issues/15790

## Summary

After discussion, the functionality of `--project` vs `--directory` was
quite unclear in this case, so deprecating `--project` for `init` is
probably the clearest behavior option. This is a breaking change, so it
requires being under preview before being rolled out fully.

Included in the PR now:
- new feature flag (`init --project` is deprecated if `--preview` or
`--preview-features deprecate-project-for-init` are provided)
- tests (for `--directory` behavior, as well as the current warning and
future error)
- documentation updated in docs/concepts/projects/init.md

---------

Signed-off-by: Mikayla Thompson <mrt@mikayla.codes>
2025-11-10 16:33:08 -07:00
Mathieu Kniewallner 9a21897f3d feat(cli): expose UV_NO_DEFAULT_GROUPS environment variable (#16645)
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:

- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->

## Summary

Similarly to #16529 that adds `UV_NO_GROUP`, this adds
`UV_NO_DEFAULT_GROUPS` that does the same as `--no-default-groups`. This
can be useful on the CI, to disable default groups on a job without
having to set the argument in all commands that could trigger a sync
(for instance
[here](https://github.com/fpgmaas/deptry/blob/8757b318e9974bbfa7ec65dabf999bc935ac026f/.github/workflows/main.yml#L105-L116)).

## Test Plan

Snapshot tests.

---------

Co-authored-by: samypr100 <3933065+samypr100@users.noreply.github.com>
2025-11-10 14:43:48 -06:00
Zanie Blue 85c5d32284 Bump version to 0.9.8 (#16636) 2025-11-07 11:45:22 -06:00
Haaris Rahman e5c10cd45d Fix typo in uv tool list doc (#16625)
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:

- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->

## Summary


Fixed a typo in the docs.

Regenerated the docs, with the fix.


<!-- What's the purpose of the change? What does it do, and why? -->
2025-11-06 22:06:17 -06:00
Charlie Marsh 5fe8af114b Accept multiple packages in uv export (#16603)
## Summary

Closes https://github.com/astral-sh/uv/issues/16503.
2025-11-05 22:52:22 +00:00
Charlie Marsh 9a6eafc043 Accept multiple packages in uv sync (#16543)
## Summary

Closes https://github.com/astral-sh/uv/issues/12130.

---------

Co-authored-by: Zanie Blue <contact@zanie.dev>
Co-authored-by: konsti <konstin@mailbox.org>
2025-11-04 14:17:58 +00:00
chisato 8b479efd2f Add a uv cache size command (#16032)
## Summary

<!-- What's the purpose of the change? What does it do, and why? -->

Implement `uv cache size` to output the cache directory size in raw
bytes by default, with a `--human` option for human-readable output.

close #15821

<!-- How was it tested? -->

---------

Co-authored-by: Charlie Marsh <charlie.r.marsh@gmail.com>
2025-11-02 20:44:28 +00:00
Gabe Joseph 17c9656df2 Note uv pip list name normalization in docs (#13210)
Related to https://github.com/astral-sh/uv/issues/13209

---------

Co-authored-by: Charlie Marsh <charlie.r.marsh@gmail.com>
2025-11-02 20:39:30 +00:00
Blair Allan 4b61e65d6c Add UV_NO_SOURCES as an environment variable (#15883)
## Summary

This is an enhancement that makes the cli flag `--no-sources` an
environment variable - "UV_NO_SOURCES"

Why is this a relevant change? 

When working across different environments, in our case remote vs local,
we often have our packages hosted in a artifact registry but when
developing locally we build our packages from github. This results in us
using the uv.tool.sources table quite a bit however this then also
forces us to use `--no-sources` for all our remote work.

This change enables us to set an environment variable once and to never
have to type --no-sources after every uv run command again.

## Test Plan

Expanded on the current --no-sources tests, to test when
UV_NO_SOURCES=true/false the behaviour is the same as the flag.
Additionally ensured that the cli overrides the env variable.

---------

Co-authored-by: Charlie Marsh <charlie.r.marsh@gmail.com>
2025-11-02 20:25:19 +00:00
Charlie Marsh 5c71b5c124 Enable first-class dependency exclusions (#16528)
## Summary

This PR adds an `exclude-dependencies` setting that allows users to omit
a dependency during resolution. It's effectively a formalized version of
the `flask ; python_version < '0'` hack that we've suggested to users in
various issues.

Closes #12616.
2025-10-31 10:14:12 -04:00
Charlie Marsh 7cf1646a44 Expose UV_NO_GROUP as an environment variable (#16529)
## Summary

Closes https://github.com/astral-sh/uv/issues/11619.
2025-10-30 22:34:14 -05:00
Zanie Blue 0adb444806 Bump version to 0.9.7 (#16524) 2025-10-30 16:47:51 -05:00
Alexander Vandenbulcke c156b1d50d Don't use UV_LOCKED to enable --check flag (#16521)
Env var UV_LOCKED should only be used to enable `--locked` for the `uv
lock` command. Previously `--check` was also enabled by specifying
UV_LOCKED.
2025-10-30 15:37:27 -04:00
Zanie Blue 2652244655 Bump version to 0.9.6 (#16500)
Signed-off-by: William Woodruff <william@astral.sh>
Co-authored-by: William Woodruff <william@astral.sh>
2025-10-29 14:08:49 -05:00
konsti cfa1de311e Add --no-create-gitignore to uv build (#16369)
Fixes #16332
2025-10-28 07:25:31 -05:00
konsti 804f1ff808 Add --clear to uv build to remove old build artifacts (#16371)
Add `uv build --clear` that behaves like `rm -r ./dist && uv build` to
clear artifacts from previous builds. This avoids accidentally
publishing the wrong artifacts and removes accumulated old builds.

See https://github.com/astral-sh/uv/issues/10293#issuecomment-3405904013
Fixes #10293
2025-10-27 18:15:17 +00:00
Matthijs Kok 659b4873b6 Update docs for maturin build backend init template (#16469)
I forgot to update the docs in
https://github.com/astral-sh/uv/pull/16449
Sorry!
2025-10-27 11:35:39 +01:00
Basil Sh. b8a1b13feb docs: installation.md add info about installing via MacPorts (#16039) 2025-10-26 22:07:21 -04:00
SADIK KUZU 175be60727 Upgrade setup-python action to version 6 (#16450)
## Summary

<!-- What's the purpose of the change? What does it do, and why? -->

This pull request updates the GitHub Actions workflow documentation to
use the latest version of the `actions/setup-python` action. This
ensures compatibility with recent improvements and bug fixes in the
action.

Workflow version updates:

* Updated the `uses: actions/setup-python` step from version `v5` to
`v6` in two separate workflow job examples in
`docs/guides/integration/github.md`.
[[1]](diffhunk://#diff-e864b910728c865e8e16ddb7892761fc2ef4838f2bf256eb1e20c35b24edd9fbL96-R96)
[[2]](diffhunk://#diff-e864b910728c865e8e16ddb7892761fc2ef4838f2bf256eb1e20c35b24edd9fbL119-R119)
2025-10-26 21:54:20 -04:00
Brian Dentino ce7808d0cb Update docs to reflect new signal forwarding semantics (#16430)
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:

- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->

## Summary

<!-- What's the purpose of the change? What does it do, and why? -->
I am a new uv user and I was reading the docs to better understand the
project scope & best practices. The section on [signal
forwarding](https://docs.astral.sh/uv/concepts/projects/run/#signal-handling)
with `uv run` caught my eye because I've used tools that use SIGHUP to
trigger config reloads or SIGUSR1/2 to enable debugging/profiling/etc so
I was a little concerned about using a runner that might block those
signals. After some searching in issues/PRs, I found that this behavior
was actually [changed earlier this
year](https://github.com/astral-sh/uv/pull/13017) to forward additional
signals (awesome!) and thought I would update the docs and save the next
person/llm from thinking their tool won't work as expected if it uses
custom signal handling.

Thanks for all your great work!

P.S. If you think it makes more sense to explicitly list all forwarded
signals as opposed to just the exclusions, I'm happy to edit.
2025-10-24 14:52:08 -05:00
Charles-Meldhine Madi Mnemoi 225bffbb6c Running uv lock --check with outdated lockfile will print that --check was passed, instead of --locked (#16322)
Hello,

# Summary

This PR fixes the confusing error message when running `uv lock --check`
with an outdated lockfile.

Previously, the error message incorrectly stated that `--locked` was
provided, even when the user used `--check`.

Now, the error message correctly indicates which flag was used: either
`--check` or `--locked`.

This closes #14105.

# Test plan

- I updated the existing integration test (`check_outdated_lock` in
`lock.rs`) to verify the new error message includes the correct flag.
- I ran existing tests to ensure I have no introduced regressions for
other commands.
2025-10-21 12:46:10 -05:00
William Woodruff d5f39331a7 Bump version to 0.9.5 (#16389) 2025-10-21 12:14:22 -04:00