Avatar for the astral-sh user
astral-sh
uv
BlogDocsChangelog

Performance History

Latest Results

More docs Signed-off-by: William Woodruff <william@yossarian.net>
ww/uv-audit-sarif
5 hours ago
Reject colliding normalized extra names (#19871) ## Summary PEP 685 requires tools to reject extra names that collide after normalization. Both the workspace parser and uv-build previously parsed `project.optional-dependencies` directly into maps keyed by `ExtraName`, so entries such as `foo-bar` and `foo_bar` silently overwrote one another. Detect duplicate normalized extra names during deserialization in both paths and report a TOML parse error instead. The regression coverage exercises both workspace and build-backend parsing.
main
5 hours ago
Validate pylock.toml lock versions (#19869) ## Summary Prior to this change, uv parsed the `lock-version` field in `pylock.toml` files but never checked whether that version was supported. As a result, a lock file declaring an incompatible major version such as `2.0` was installed normally. This validates the lock version immediately after deserialization, both when installing from a lock file and when reusing an existing output file during an upgrade. Major version 1 remains forward-compatible with later minor versions, while unsupported major versions now produce a direct error as required by PEP 751. The regression coverage verifies that version 2.0 is rejected and that a future version 1.1 remains accepted.
main
5 hours ago
Validate pylock versions during deserialization
charlie/validate-pylock-version
5 hours ago
Validate dependency group includes (#19866) ## Summary Prior to this change, a dependency-group object containing `include-group` alongside additional keys was accepted as a group include. We silently discarded the additional fields even though the current specification defines an include object as containing exactly one key. This recognizes `include-group` only when it is the object's sole key. Mixed tables are preserved as dependency object specifiers, allowing future syntax to deserialize without being misinterpreted, while the existing semantic validation rejects them when their group is processed. The focused coverage verifies both that mixed tables retain all of their fields during deserialization and that `uv lock` rejects the currently unsupported object when resolving its group.
main
5 hours ago
Share unique map deserializer
charlie/reject-colliding-extra-names
5 hours ago
Handle non-file editable URLs in pip list (#19867) ## Summary Prior to this change, `uv pip list` assumed that every installed editable direct URL could be converted to a local file path. An editable `direct_url.json` containing a non-file URL caused both the columns and JSON output formats to panic. This handles the URL-to-path conversion fallibly and omits the editable project location when the URL does not identify a local path, matching `uv pip show`. The regression test constructs the installed metadata directly and verifies both output formats.
main
6 hours ago
Validate pylock.toml package Python requirements (#19868) ## Summary Prior to this change, uv parsed `packages.requires-python` from `pylock.toml` files but did not enforce it. A package selected for installation could therefore require a different Python version than the target environment. This checks each selected package's Python requirement immediately after evaluating its marker. Packages excluded by their marker remain skipped, while a selected package with an incompatible requirement now produces a direct error before its source is processed. The regression coverage verifies both the skipped-marker case and the incompatible selected-package case.
main
6 hours ago

Latest Branches

CodSpeed Performance Gauge
0%
Support SARIF as a `uv audit` output#19872
5 hours ago
a024ac5
ww/uv-audit-sarif
CodSpeed Performance Gauge
0%
Validate pylock.toml lock versions#19869
6 hours ago
226e2e0
charlie/validate-pylock-version
CodSpeed Performance Gauge
-1%
Reject colliding normalized extra names#19871
6 hours ago
1e69622
charlie/reject-colliding-extra-names
Ā© 2026 CodSpeed Technology
Home Terms Privacy Docs