github-actions[bot]
commented
3 weeks ago π¦ MegaLinter status: β οΈ WARNING
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| β API | spectral | 1 | 0 | 1.61s | |
| β οΈ BASH | bash-exec | 6 | 1 | 0.03s | |
| β BASH | shellcheck | 6 | 0 | 0.19s | |
| β BASH | shfmt | 6 | 0 | 0 | 0.86s |
| β COPYPASTE | jscpd | yes | no | 3.72s | |
| β DOCKERFILE | hadolint | 128 | 0 | 19.92s | |
| β JSON | jsonlint | 20 | 0 | 0.19s | |
| β JSON | v8r | 22 | 0 | 29.65s | |
| β οΈ MARKDOWN | markdownlint | 266 | 0 | 297 | 31.61s |
| β MARKDOWN | markdown-table-formatter | 266 | 0 | 0 | 159.15s |
| β οΈ PYTHON | bandit | 212 | 66 | 3.92s | |
| β PYTHON | black | 212 | 0 | 0 | 6.37s |
| β PYTHON | flake8 | 212 | 0 | 2.06s | |
| β PYTHON | isort | 212 | 0 | 0 | 2.18s |
| β PYTHON | mypy | 212 | 0 | 21.86s | |
| β PYTHON | pylint | 212 | 0 | 31.99s | |
| β PYTHON | ruff | 212 | 0 | 0 | 1.07s |
| β REPOSITORY | checkov | yes | no | 35.97s | |
| β REPOSITORY | git_diff | yes | no | 0.78s | |
| β οΈ REPOSITORY | grype | yes | 24 | 14.56s | |
| β REPOSITORY | secretlint | yes | no | 16.51s | |
| β REPOSITORY | trivy | yes | no | 44.5s | |
| β REPOSITORY | trivy-sbom | yes | no | 0.71s | |
| β οΈ REPOSITORY | trufflehog | yes | 1 | 11.0s | |
| β SPELL | cspell | 713 | 0 | 12.24s | |
| β οΈ SPELL | lychee | 348 | 10 | 6.37s | |
| β XML | xmllint | 3 | 0 | 0 | 0.79s |
| β YAML | prettier | 160 | 0 | 0 | 5.32s |
| β YAML | v8r | 102 | 0 | 196.45s | |
| β YAML | yamllint | 161 | 0 | 2.89s |
See detailed report in MegaLinter reports
_MegaLinter is graciously provided by 
_
This PR contains the following updates:
0.4.28->0.5.1Release Notes
astral-sh/uv (ghcr.io/astral-sh/uv)
### [`v0.5.1`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#051) [Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.5.0...0.5.1) ##### Enhancements - Allow installation of manylinux wheels on `riscv64` ([#8934](https://redirect.github.com/astral-sh/uv/pull/8934)) ##### Bug fixes - Build source distributions at top-level of cache ([#8905](https://redirect.github.com/astral-sh/uv/pull/8905)) - Allow non-registry dependencies in `uv pip list --outdated` ([#8939](https://redirect.github.com/astral-sh/uv/pull/8939)) - Compute superset of existing and required hashes when healing cache ([#8955](https://redirect.github.com/astral-sh/uv/pull/8955)) - Enable uv to replace and delete itself on Windows ([#8914](https://redirect.github.com/astral-sh/uv/pull/8914)) - Remove source distribution filename from cache ([#8907](https://redirect.github.com/astral-sh/uv/pull/8907)) - Respect `--index-url` in `uv pip list` ([#8942](https://redirect.github.com/astral-sh/uv/pull/8942)) - Respect comma-separated extras in `--with` ([#8946](https://redirect.github.com/astral-sh/uv/pull/8946)) ##### Documentation - Add uninstall note for previous versions ([#8937](https://redirect.github.com/astral-sh/uv/pull/8937)) - Remove some missed references to `~/.cargo/bin` ([#8936](https://redirect.github.com/astral-sh/uv/pull/8936)) - Split README's install code block into 3 ([#8853](https://redirect.github.com/astral-sh/uv/pull/8853)) ### [`v0.5.0`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#050) [Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.4.30...0.5.0) Since the launch of Python version, project, and tool management capabilities back in August, we've seen extraordinary adoption of uv. We've been iterating rapidly: adding new features, fixing bugs, and improving the user experience. Despite moving quickly, stability and compatibility have been a major focus β we've made thirty releases since our last breaking change. Consequently, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes. ##### Breaking - **Use base executable to set virtualenv Python path** ([#8481](https://redirect.github.com/astral-sh/uv/pull/8481)) Previously, uv canonicalized the path to the Python executable when setting the Python path in created virtual environments. This behavior had several undesirable effects: it would bypass stabilized version directories (as constructed by Homebrew) and it was not consistent with the Python standard library's behavior. Now, uv uses the `sys._base_executable` path. - **Use XDG (i.e. `~/.local/bin`) instead of the Cargo home directory in the installer** ([#8420](https://redirect.github.com/astral-sh/uv/pull/8420)) Previously, uv's installer used `$CARGO_HOME` or `~/.cargo/bin` for its target install directory. It's been a longstanding complaint that uv uses this directory, as there's no relationship to Cargo. Now, uv will be installed into `$XDG_BIN_HOME`, `$XDG_DATA_HOME/../bin`, or `~/.local/bin` (in that order). Note that `$UV_INSTALL_DIR` can always be used to override the target directory. - **Discover and respect `.python-version` files in parent directories** ([#6370](https://redirect.github.com/astral-sh/uv/pull/6370)) Previously, uv only read `.python-version` files from the working directory. Now, uv will check parent directories for `.python-version` files; however uv will not search for `.python-version` files beyond project boundaries. The new behavior is better aligned with that of `pyenv` and Rye. - **Error when disallowed settings are defined in `uv.toml`** ([#8550](https://redirect.github.com/astral-sh/uv/pull/8550)) Some settings can only be defined in the `pyproject.toml`. Previously, uv would ignore these settings when present in the `uv.toml`. Now, uv will error to avoid confusion about why the settings are not respeced. - **Implement PEP 440-compliant local version semantics** ([#8797](https://redirect.github.com/astral-sh/uv/pull/8797)) Previously, uv's implementation of local versions (e.g. `2.0+cpu`) was not compliant with the specification due to the technical complexity of implementing the local version semantics in the PubGrub algorithm. Thanks to the work of [@ericmarkmartin](https://redirect.github.com/ericmarkmartin), uv now has a spec-compliant implementation. Namely, uv will now allow a request for `torch==2.1.0` to install `torch@2.1.0+cpu` regardless of whether `torch@2.1.0` (without a local tag) actually exists. - **Treat the base Conda environment as a system environment** ([#7691](https://redirect.github.com/astral-sh/uv/pull/7691)) Previously, uv would not distinguish between the base and other Conda environments. Now, uv uses `CONDA_DEFAULT_ENV` and the names `base` and `default` to determine if an environment active via `CONDA_PREFIX` is the base environment. If the base environment is active, the `--system` flag must be used to mutate it. - **Do not allow pre-releases when the `!=` operator is used** ([#7974](https://redirect.github.com/astral-sh/uv/pull/7974)) Previously, uv would use the presence of a pre-release specifier in a version specifier as an opt-in to allow pre-release versions during resolution. The new behavior does not allow pre-releases when an inequals operator is used, e.g., `!= 2.0a1`. - **Prefer `USERPROFILE` over `FOLDERID_Profile` when selecting a home directory on Windows** ([#8048](https://redirect.github.com/astral-sh/uv/pull/8048)) This change is a side-effect of switching from the `directories` crate to `etcetera` for determining canonical system paths. If `USERPROFILE` is not set, the behavior will be unchanged. - **Improve interactions between color environment variables and CLI options** ([#8215](https://redirect.github.com/astral-sh/uv/pull/8215)) Previously, uv would respect the `FORCE_COLOR` and `NO_COLOR` environment variables over the `--color` flag. Now, when the `--color` flag is explicitly provided, uv will respect it over the environment variables. - **Make `allow-insecure-host` a global option** ([#8476](https://redirect.github.com/astral-sh/uv/pull/8476)) Previously, this option was only available in some parts of uv. Now, `--allow-insecure-host` can be provided to any command. For consistency, the `allow-insecure-host` setting has been removed from the `[tool.uv.pip]` configuration in favor of `[tool.uv]`. - **Only write `.python-version` files during `uv init` for workspace members if the version differs** ([#8897](https://redirect.github.com/astral-sh/uv/pull/8897)) Previously, uv would create a `.python-version` file for workspace members during `uv init`. Now, uv will only do so if the version differs from the `.python-version` file in the workspace root since uv will respect `.python-version` files in parent directories. ##### Enhancements - Add `uv tree --outdated` ([#8893](https://redirect.github.com/astral-sh/uv/pull/8893)) - Add armv8l alias for armv7l to support arm 32-bit compatibility mode ([#8881](https://redirect.github.com/astral-sh/uv/pull/8881)) - Add support for `pip list --outdated` ([#8872](https://redirect.github.com/astral-sh/uv/pull/8872)) - Allow semicolons directly after direct URLs ([#8836](https://redirect.github.com/astral-sh/uv/pull/8836)) - Enable support for arbitrary git transports ([#8769](https://redirect.github.com/astral-sh/uv/pull/8769)) - Improve Python discovery source messages ([#8890](https://redirect.github.com/astral-sh/uv/pull/8890)) - Show dedicated error for trailing `;` on URL and path requirements ([#8835](https://redirect.github.com/astral-sh/uv/pull/8835)) - Add progress bar for `uv cache clean` ([#8857](https://redirect.github.com/astral-sh/uv/pull/8857)) - Warn on failure to query system configuration file ([#8829](https://redirect.github.com/astral-sh/uv/pull/8829)) ##### Preview features - Add support for building basic source distributions with the experimental uv build backend ([#8886](https://redirect.github.com/astral-sh/uv/pull/8886)) ##### Bug fixes - Respect dynamic version updates in `uv lock` ([#8867](https://redirect.github.com/astral-sh/uv/pull/8867)) - Respect fork markers in `--resolution-mode=lowest-direct` ([#8839](https://redirect.github.com/astral-sh/uv/pull/8839)) ##### Documentation - Add further examples of git+https support ([#8841](https://redirect.github.com/astral-sh/uv/pull/8841)) - Add installer variables to environment reference ([#8874](https://redirect.github.com/astral-sh/uv/pull/8874)) - Add note on private classifier ([#8783](https://redirect.github.com/astral-sh/uv/pull/8783)) - Update pip-and-uv strictness example ([#8822](https://redirect.github.com/astral-sh/uv/pull/8822)) - Fix `uv python install` docs to use an existing PyPy version ([#8845](https://redirect.github.com/astral-sh/uv/pull/8845)) - Document how to mimic `--verbose` with `RUST_LOG` ([#8858](https://redirect.github.com/astral-sh/uv/pull/8858)) ### [`v0.4.30`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0430) [Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.4.29...0.4.30) ##### Enhancements - Add support for `.env` and custom env files in `uv run` ([#8811](https://redirect.github.com/astral-sh/uv/pull/8811)) - Add support for `--all-packages` in `uv run`, `uv sync`, and `uv export` ([#8742](https://redirect.github.com/astral-sh/uv/pull/8742), [#8741](https://redirect.github.com/astral-sh/uv/pull/8741), [#8739](https://redirect.github.com/astral-sh/uv/pull/8739)) - Allow use of `--frozen` with `--all-packages` in `uv sync` and `uv export` ([#8760](https://redirect.github.com/astral-sh/uv/pull/8760)) - Show full error chain on tool upgrade failures ([#8753](https://redirect.github.com/astral-sh/uv/pull/8753)) - Add `--check-url` to `uv publish` to check for existing distributions during upload ([#8531](https://redirect.github.com/astral-sh/uv/pull/8531)) - Suggest using `--check-url` when `--skip-existing` is used ([#8803](https://redirect.github.com/astral-sh/uv/pull/8803)) ##### Bug fixes - Allow incompatible `requires-python` for source distributions with static metadata ([#8768](https://redirect.github.com/astral-sh/uv/pull/8768)) - Allow managed downloads with `--python-preference system` ([#8808](https://redirect.github.com/astral-sh/uv/pull/8808)) - Avoid error for `--group` defined in non-root workspace member ([#8734](https://redirect.github.com/astral-sh/uv/pull/8734)) - Avoid showing dependency group annotations on workspace members in tree ([#8730](https://redirect.github.com/astral-sh/uv/pull/8730)) - Do not error when the Python bin directory is missing on `uv python uninstall` ([#8725](https://redirect.github.com/astral-sh/uv/pull/8725)) - Include member groups when locking workspace ([#8736](https://redirect.github.com/astral-sh/uv/pull/8736)) - Fix bug where `python_version < '0'` could appear in a final resolution ([#8759](https://redirect.github.com/astral-sh/uv/pull/8759)) - Sanitize filenames during zip extraction ([#8732](https://redirect.github.com/astral-sh/uv/pull/8732)) - Switch to RFC 9110 compatible format for exclude newer requests ([#8752](https://redirect.github.com/astral-sh/uv/pull/8752)) ##### Preview features - Add support for installing versioned Python executables on Windows ([#8663](https://redirect.github.com/astral-sh/uv/pull/8663)) - Improve interactions with existing Python executables during install ([#8733](https://redirect.github.com/astral-sh/uv/pull/8733)) ##### Rust API - Extend `BaseClient` to accept extra middleware ([#8807](https://redirect.github.com/astral-sh/uv/pull/8807)) - Add `From` for `FlatDistributions` struct ([#8800](https://redirect.github.com/astral-sh/uv/pull/8800)) ##### Documentation - Fix environment variable name in providing credentials section ([#8740](https://redirect.github.com/astral-sh/uv/pull/8740)) - Fix `add httpx` example with real git branch ([#8756](https://redirect.github.com/astral-sh/uv/pull/8756)) - Fix indentation in `projects.md` ([#8772](https://redirect.github.com/astral-sh/uv/pull/8772)) - Fix link to publish guide in `README` ([#8720](https://redirect.github.com/astral-sh/uv/pull/8720)) - Generate environment variables documentation from code ([#8493](https://redirect.github.com/astral-sh/uv/pull/8493)) - Improve and fix some documents ([#8749](https://redirect.github.com/astral-sh/uv/pull/8749)) - Improve environment variables document ([#8777](https://redirect.github.com/astral-sh/uv/pull/8777)) ### [`v0.4.29`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0429) [Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.4.28...0.4.29) ##### Enhancements - Sort errors during display in `uv python install` ([#8684](https://redirect.github.com/astral-sh/uv/pull/8684)) - Update resolver to use disjointness checks instead of marker equality ([#8661](https://redirect.github.com/astral-sh/uv/pull/8661)) - Add `riscv64` to supported Python platform tags ([#8660](https://redirect.github.com/astral-sh/uv/pull/8660)) ##### Bug fixes - Fix hard and soft float libc detection for managed Python distributions on ARM ([#8498](https://redirect.github.com/astral-sh/uv/pull/8498)) - Handle cycles in `uv pip tree` ([#8689](https://redirect.github.com/astral-sh/uv/pull/8689)) - Respect dependency group markers in `uv export` ([#8659](https://redirect.github.com/astral-sh/uv/pull/8659)) - Support transitive dependencies in Git workspaces ([#8665](https://redirect.github.com/astral-sh/uv/pull/8665)) - Use portable paths for subdirectories in lock URLs ([#8707](https://redirect.github.com/astral-sh/uv/pull/8707)) - Update `uv init --virtual` to imply `--no-package` ([#8595](https://redirect.github.com/astral-sh/uv/pull/8595)) ##### Preview - Install versioned Python executables into the bin directory during `uv python install` (Unix only) ([#8458](https://redirect.github.com/astral-sh/uv/pull/8458)) ##### Documentation - Clarify relationship between specifiers and `requires-python` range ([#8688](https://redirect.github.com/astral-sh/uv/pull/8688)) - Fix broken link in docs ([#8552](https://redirect.github.com/astral-sh/uv/pull/8552)) - Fix outdated documentation on `Requires-Python` ([#8679](https://redirect.github.com/astral-sh/uv/pull/8679)) - Add Google Artifact Registry index authentication guide ([#8579](https://redirect.github.com/astral-sh/uv/pull/8579))Configuration
π Schedule: Branch creation - "before 4am on Wednesday" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.