uv 0.11.25 release: Security improvements and new features
sdkpreviewengineer
patch
Version 0.11.25 of uv enhances security by updating its tar library to prevent issues with malformed or ambiguous source distributions. It also introduces several new features, including lockfile enhancements and support for scoped dependency overrides, alongside preview features like workspace scripts and centralized environments. This release impacts developers managing Python dependencies, offering a more robust and flexible package management experience.
- →Add a full "lockfile" to tool receipts
- →Allow scoped overrides to add dependencies
- →Avoid writing redundant lockfile markers with tool.uv.environments
- →Factor supported environments out of lockfile markers
- →Recommend our own build backend in the build frontend
Enhancements (10) ›
- Add a full "lockfile" to tool receipts
- Allow scoped overrides to add dependencies
- Avoid writing redundant lockfile markers with tool.uv.environments
- Factor supported environments out of lockfile markers
- Recommend our own build backend in the build frontend
- Reject wheels with multiple .dist-info directories
- Simplify dependency markers under parent reachability
- Support scoped dependency exclusions
- Support scoped dependency overrides
- Explain why files are skipped in registry index parsing
Read the original announcement →
https://github.com/astral-sh/uv/releases/tag/0.11.25