Avatar for the astral-sh user
astral-sh
uv
Instrumentation
Wall Time
BlogDocsChangelog

Release 0.7.0

#12843Merged
Comparing
release/070
(
f4d2e37
) with
main
(
990c59d
)
CodSpeed Performance Gauge
0%
Improvements
0
Regressions
0
Untouched
12
New
0
Dropped
0
Ignored
0

Benchmarks

Passed

wheelname_parsing_failure[flyte-short-extension]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_parsing_failure::wheelname_parsing_failure[flyte-short-extension]
CodSpeed Performance Gauge
+2%
1.7 µs
1.7 µs
wheelname_parsing_failure[flyte-long-extension]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_parsing_failure::wheelname_parsing_failure[flyte-long-extension]
CodSpeed Performance Gauge
+2%
1.7 µs
1.7 µs
wheelname_parsing[flyte-short-compatible]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_parsing::wheelname_parsing[flyte-short-compatible]
CodSpeed Performance Gauge
+1%
5.1 µs
5 µs
resolve_warm_airflow
crates/uv-bench/benches/uv.rs::uv::resolve_warm_airflow::resolve_warm_airflow
CodSpeed Performance Gauge
+1%
630.2 ms
624.9 ms
wheelname_parsing[flyte-long-compatible]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_parsing::wheelname_parsing[flyte-long-compatible]
CodSpeed Performance Gauge
0%
13.4 µs
13.3 µs
wheelname_parsing[flyte-long-incompatible]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_parsing::wheelname_parsing[flyte-long-incompatible]
CodSpeed Performance Gauge
0%
15.5 µs
15.5 µs
resolve_warm_jupyter_universal
crates/uv-bench/benches/uv.rs::uv::resolve_warm_jupyter_universal::resolve_warm_jupyter_universal
CodSpeed Performance Gauge
0%
192.1 ms
191.7 ms
build_platform_tags[burntsushi-archlinux]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_build_platform_tags::build_platform_tags[burntsushi-archlinux]
CodSpeed Performance Gauge
0%
280.4 µs
280.3 µs
wheelname_tag_compatibility[flyte-long-compatible]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_tag_compatibility::wheelname_tag_compatibility[flyte-long-compatible]
CodSpeed Performance Gauge
0%
1.8 µs
1.8 µs
wheelname_tag_compatibility[flyte-long-incompatible]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_tag_compatibility::wheelname_tag_compatibility[flyte-long-incompatible]
CodSpeed Performance Gauge
0%
1.3 µs
1.3 µs
wheelname_tag_compatibility[flyte-short-compatible]
crates/uv-bench/benches/distribution_filename.rs::uv_distribution_filename::benchmark_wheelname_tag_compatibility::wheelname_tag_compatibility[flyte-short-compatible]
CodSpeed Performance Gauge
0%
1.6 µs
1.6 µs
resolve_warm_jupyter
crates/uv-bench/benches/uv.rs::uv::resolve_warm_jupyter::resolve_warm_jupyter
CodSpeed Performance Gauge
-5%
60.5 ms
63.9 ms

Commits

Click on a commit to change the comparison range
Base
main
990c59d
0%
Make uv’s first-index strategy more secure by default by failing early on authentication failure (#12805) uv’s default index strategy was designed with dependency confusion attacks in mind. [According to the docs](https://docs.astral.sh/uv/configuration/indexes/#searching-across-multiple-indexes), “if a package exists on an internal index, it should always be installed from the internal index, and never from PyPI”. Unfortunately, this is not true in the case where authentication fails on that internal index. In that case, uv will simply try the next index (even on the `first-index` strategy). This means that uv is not secure by default in this common scenario. This PR causes uv to stop searching for a package if it encounters an authentication failure at an index. It is possible to opt out of this behavior for an index with a new `pyproject.toml` option `ignore-error-codes`. For example: ``` [[tool.uv.index]] name = "my-index" url = "<index-url>" ignore-error-codes = [401, 403] ``` This will also enable users to handle idiosyncratic registries in a more fine-grained way. For example, PyTorch registries return a 403 when a package is not found. In this PR, we special-case PyTorch registries to ignore 403s, but users can use `ignore-error-codes` to handle similar behaviors if they encounter them on internal registries. Depends on #12651 Closes #9429 Closes #12362
1222db1
2 months ago
by zanieb
0%
Bump version to 0.7.0 and write changelog (#13201) The changelog diff is deranged. Rendered at https://github.com/astral-sh/uv/blob/zb/changelog-07/CHANGELOG.md#070 --------- Co-authored-by: Charlie Marsh <charlie.r.marsh@gmail.com> Co-authored-by: Brent Westbrook <36778786+ntBre@users.noreply.github.com>
d10e046
2 months ago
by zanieb
0%
Stylize version warning with bold, yellow, etc. (#13202)
f4d2e37
2 months ago
by charliermarsh
© 2025 CodSpeed Technology
Home Terms Privacy Docs