python uv Releases · · 0.11.25

uv 0.11.25 release: Security improvements and new features

sdkpreviewengineer
patch

Version 0.11.25 of uv enhances security by updating its tar library to prevent issues with malformed or ambiguous source distributions. It also introduces several new features, including lockfile enhancements and support for scoped dependency overrides, alongside preview features like workspace scripts and centralized environments. This release impacts developers managing Python dependencies, offering a more robust and flexible package management experience.

  • Add a full "lockfile" to tool receipts
  • Allow scoped overrides to add dependencies
  • Avoid writing redundant lockfile markers with tool.uv.environments
  • Factor supported environments out of lockfile markers
  • Recommend our own build backend in the build frontend
Enhancements (10)
  • Add a full "lockfile" to tool receipts
  • Allow scoped overrides to add dependencies
  • Avoid writing redundant lockfile markers with tool.uv.environments
  • Factor supported environments out of lockfile markers
  • Recommend our own build backend in the build frontend
  • Reject wheels with multiple .dist-info directories
  • Simplify dependency markers under parent reachability
  • Support scoped dependency exclusions
  • Support scoped dependency overrides
  • Explain why files are skipped in registry index parsing
Fixes (2)
  • Preserve standalone markers in workspace metadata
  • Reject uv build if the cache dir is enclosed
Read the original announcement →

https://github.com/astral-sh/uv/releases/tag/0.11.25