Avatar for the astral-sh user
astral-sh
uv
BlogDocsChangelog

Performance History

Latest Results

boss missed some
charlie/exclude-newer-index-ii
4 minutes ago
Bump snapshots Signed-off-by: William Woodruff <william@astral.sh>
ww/rm-bz-lzma-in-zips
10 minutes ago
uv audit: add context/warnings for ignored vulnerabilities (#18905) ## Summary This makes one small QoL change to `uv audit`: - We now warn the user if they ignore (via CLI or config) a vulnerability ID, but that ID doesn't actually match any known vulnerabilities discovered during the audit. This can happen due to drift (e.g. the user upgrades but forgets to removed a stale ID) or user error (the user typos a vulnerability ID). ~~- We now report the number of ignored vulnerabilities as a statistic in the output. In practice, this means users will see something like "5 vulnerabilities (2 ignored)" in the header of `uv audit`'s output if they ignore vulnerabilities.~~ See #18506. ## Test Plan Added integration tests for the new behavior. --------- Signed-off-by: William Woodruff <william@astral.sh>
main
15 minutes ago
Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928) It has been 2 years, we probably do not need this around anymore
main
19 minutes ago
Improve certificate loading error messages
zb/cert-err
23 minutes ago
Bump snapshots Signed-off-by: William Woodruff <william@astral.sh>
ww/rm-bz-lzma-in-zips
26 minutes ago
Clear junction properly when uninstalling Python versions on Windows (#18815) ## Summary Reproduces and fixes #18793. Previously, when uninstalling Python versions on Windows, we'd remove junctions (i.e. soft links) for the minor version _after_ deleting the installation itself. This worked correctly on Linux and macOS but _not_ on Windows, since on Windows we'd call `junction::get_target` (via `PythonMinorVersionLink::exists`), which would fail because the junction would be dangling following the deletion. Specifically, `read_target` returns `None`, short circuiting the `target_directory` check. The fix here is to reorder the uninstallation flow so that we precompute and remove the links _before_ the underlying installations are deleted. I've added two tests that both reproduced the behavior and now demonstrate the fix working. Note: https://github.com/astral-sh/uv/pull/18815/changes/81c27ba0e1f225189949ddb60bc11e6902e55dd0 shows a smaller alternative fix -- instead of reordering the installation flow, we can change the "entry exists" logic on Windows to not require that the target still exists. I believe this would also be functionally correct, but I think reordering the uninstallation flow makes more sense (in terms of eliminating the surprising state rather than trying to work around it). ## Test Plan Look at me, I am the test plan now. --------- Signed-off-by: William Woodruff <william@astral.sh> Co-authored-by: Zanie Blue <contact@zanie.dev>
main
26 minutes ago
Normalize persisted fork markers before lock equality checks (#18612) ## Summary This PR attempts to apply the same canonicalization we apply at serialization time, but in-memory when constructing the `Lock`, to further avoid mismatches between the deserialized and in-memory representations. Closes https://github.com/astral-sh/uv/issues/18553.
main
29 minutes ago

Latest Branches

CodSpeed Performance Gauge
+2%
Remove bz/lzma/xz support from ZIP handling#18927
33 minutes ago
6437610
ww/rm-bz-lzma-in-zips
CodSpeed Performance Gauge
-1%
Improve certificate loading error messages#18924
2 hours ago
ce63a9a
zb/cert-err
CodSpeed Performance Gauge
0%
Clear junction properly when uninstalling Python versions on Windows#18815
2 hours ago
f8edb85
ww/repro-18793
© 2026 CodSpeed Technology
Home Terms Privacy Docs