Avoid archive id collisions#19949
Conversation
We observed what appears to be a collision between `ArchiveIds` in https://github.com/astral-sh/ruff/actions/runs/27950213732/job/82705000710?pr=26198. This may happen if two processes installing the same package are started at exactly the same time, which is plausible in the ruff test suite. Using a secure RNG prevents this.
|
Hmm, something doesn't fully make sense here -- even if two processes were started at the exact same instant, https://docs.rs/fastrand/latest/src/fastrand/global_rng.rs.html#199-213 Switching to the CSPRNG seems fine though. We could probably remove Edit: this might be a bug in |
|
This thread id is relative to the process, not relative to the OS, for example |
|
Yeah, I just realized I was thinking of kernel TIDs, not (I think this is potentially still a bug in |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/astral-sh/uv](https://github.com/astral-sh/uv) | stage | patch | `0.11.23` → `0.11.24` | --- ### Release Notes <details> <summary>astral-sh/uv (ghcr.io/astral-sh/uv)</summary> ### [`v0.11.24`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01124) [Compare Source](astral-sh/uv@0.11.23...0.11.24) Released on 2026-06-23. ##### Python - Add CPython 3.15.0b3 ([#​19964](astral-sh/uv#19964)) ##### Preview features - Make project environments relocatable under preview ([#​19965](astral-sh/uv#19965)) ##### Performance - Use a compact index for lazy version maps ([#​19959](astral-sh/uv#19959)) ##### Bug fixes - Allow disabling `exclude-newer` ([#​19934](astral-sh/uv#19934)) - Avoid archive id collisions ([#​19949](astral-sh/uv#19949)) - Reapply "Fix transparent Python upgrades in project environments" ([#​19928](astral-sh/uv#19928)) - Clean up partial tool entrypoint installs ([#​19966](astral-sh/uv#19966)) - Fix relocatable `activate.fish` and broaden Fish version support ([#​19856](astral-sh/uv#19856)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Renovate Bot <renovate@bhamm-lab.com> Reviewed-on: https://codeberg.org/blake-hamm/bhamm-lab/pulls/222
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [uv](https://github.com/astral-sh/uv) | patch | `0.11.23` → `0.11.24` | --- ### Release Notes <details> <summary>astral-sh/uv (uv)</summary> ### [`v0.11.24`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01124) [Compare Source](astral-sh/uv@0.11.23...0.11.24) Released on 2026-06-23. ##### Python - Add CPython 3.15.0b3 ([#​19964](astral-sh/uv#19964)) ##### Preview features - Make project environments relocatable under preview ([#​19965](astral-sh/uv#19965)) ##### Performance - Use a compact index for lazy version maps ([#​19959](astral-sh/uv#19959)) ##### Bug fixes - Allow disabling `exclude-newer` ([#​19934](astral-sh/uv#19934)) - Avoid archive id collisions ([#​19949](astral-sh/uv#19949)) - Reapply "Fix transparent Python upgrades in project environments" ([#​19928](astral-sh/uv#19928)) - Clean up partial tool entrypoint installs ([#​19966](astral-sh/uv#19966)) - Fix relocatable `activate.fish` and broaden Fish version support ([#​19856](astral-sh/uv#19856)) </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzQuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIzNC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItcmVsZWFzZSIsInR5cGUvcGF0Y2giXX0=--> Reviewed-on: https://forgejo.hayden.moe/hayden/phoebe/pulls/190
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [uv](https://github.com/astral-sh/uv) | patch | `0.11.21` → `0.11.28` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (uv)</summary> ### [`v0.11.28`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01128) [Compare Source](astral-sh/uv@0.11.27...0.11.28) Released on 2026-07-07. ##### Security This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted. See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes. ##### Python - Upgrade GraalPy to 25.1.3 ([#​20069](astral-sh/uv#20069)) ##### Enhancements - Improve trace logs for unexpected error chains ([#​20220](astral-sh/uv#20220)) - Move lockfile update guidance to a hint ([#​20219](astral-sh/uv#20219)) - Preserve indentation for multiline error causes ([#​20156](astral-sh/uv#20156)) - Render user errors with their cause chains ([#​20217](astral-sh/uv#20217)) - Route final command errors through the printer to respect `-q` and `-qq` ([#​20163](astral-sh/uv#20163)) - Use standard rendering for `uv build` errors ([#​20159](astral-sh/uv#20159)) - Use standard rendering for tool requirement errors ([#​20160](astral-sh/uv#20160)) ##### Performance - Only compile bytecode for installed distributions in `uv pip install` ([#​19914](astral-sh/uv#19914)) - Avoid allocating URL-safe Git revisions ([#​20194](astral-sh/uv#20194)) - Avoid allocating canonical Python request strings ([#​20193](astral-sh/uv#20193)) - Avoid allocating custom Astral mirror URLs ([#​20204](astral-sh/uv#20204)) - Avoid allocating expanded compatibility tags ([#​20190](astral-sh/uv#20190)) - Avoid allocating shell strings that need no escaping ([#​20196](astral-sh/uv#20196)) - Avoid allocating static ABI descriptions ([#​20201](astral-sh/uv#20201)) - Avoid allocating static Windows executable names ([#​20200](astral-sh/uv#20200)) - Avoid allocating static dependency table names ([#​20199](astral-sh/uv#20199)) - Avoid allocating static platform triple components ([#​20195](astral-sh/uv#20195)) - Avoid allocating static resolver report labels ([#​20198](astral-sh/uv#20198)) - Avoid allocating static unavailable-version messages ([#​20197](astral-sh/uv#20197)) - Avoid allocating unchanged Python download architectures ([#​20202](astral-sh/uv#20202)) - Avoid allocating unchanged paths during case normalization ([#​20203](astral-sh/uv#20203)) - Avoid allocations when expanding group conflicts ([#​20211](astral-sh/uv#20211)) - Avoid allocations when formatting requirements ([#​20206](astral-sh/uv#20206)) - Avoid cloning credential lookup services ([#​20210](astral-sh/uv#20210)) - Avoid cloning dry-run distributions ([#​20209](astral-sh/uv#20209)) - Avoid cloning owned dependency metadata ([#​20212](astral-sh/uv#20212)) - Avoid redundant direct URL clones ([#​20207](astral-sh/uv#20207)) - Create metadata version errors lazily ([#​20205](astral-sh/uv#20205)) - Optimize expanded tag compatibility checks ([#​20171](astral-sh/uv#20171)) - Optimize parsing of single-digit three-part versions ([#​20118](astral-sh/uv#20118)) ##### Bug fixes - Avoid overflow when computing HTTP cache age ([#​20178](astral-sh/uv#20178)) - Respect `--upgrade` when `upgrade-package` is configured ([#​19955](astral-sh/uv#19955)) - Support `uv tree` in dependency-group-only projects ([#​20167](astral-sh/uv#20167)) - Treat cache entries as stale at exact expiration ([#​20183](astral-sh/uv#20183)) ### [`v0.11.27`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01127) [Compare Source](astral-sh/uv@0.11.26...0.11.27) Released on 2026-07-06. ##### Enhancements - Continue on ignored errors when fetching wheel metadata ([#​12255](astral-sh/uv#12255)) - Use caching for `--python-downloads-json-url` ([#​16749](astral-sh/uv#16749)) ##### Preview features - Discover extensionless shebang scripts in `uv workspace list --scripts` ([#​20099](astral-sh/uv#20099)) ##### Performance - Avoid full site-packages scans for direct reinstalls ([#​20119](astral-sh/uv#20119)) - Avoid redundant pyproject parsing ([#​20076](astral-sh/uv#20076)) - Cache default dependency markers when reading locks ([#​20125](astral-sh/uv#20125)) - Enable SIMD-accelerated TOML parsing ([#​20079](astral-sh/uv#20079)) - Intern `requires-python` specifiers in Simple API parsing ([#​20104](astral-sh/uv#20104)) - Read cache entries into exact-sized buffers ([#​20120](astral-sh/uv#20120)) - Reduce VersionSpecifiers parsing allocations ([#​20105](astral-sh/uv#20105)) - Reduce site-packages scan allocation overhead ([#​20087](astral-sh/uv#20087)) - Reuse package names when parsing wheel filenames ([#​20110](astral-sh/uv#20110)) - Sort Simple API files after grouping ([#​20112](astral-sh/uv#20112)) ##### Bug fixes - Always emit `packages` table for pylock.toml ([#​20145](astral-sh/uv#20145)) - Avoid blank line for empty `uv pip tree` ([#​20062](astral-sh/uv#20062)) - Encode hashes in file paths ([#​19807](astral-sh/uv#19807)) - Error on a registry uv.lock package without a version instead of panicking ([#​19855](astral-sh/uv#19855)) - Preserve conditional extra markers in exports ([#​20148](astral-sh/uv#20148)) - Skip the ambiguous authority check for file transport VCS URLs ([#​20086](astral-sh/uv#20086)) - Sync index format when `uv add --index` updates an existing index URL ([#​19818](astral-sh/uv#19818)) ##### Other changes - Re-add `pub` APIs used in Pixi ([#​20074](astral-sh/uv#20074)) - Update Rust toolchain to 1.96.1 ([#​20103](astral-sh/uv#20103)) ### [`v0.11.26`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01126) [Compare Source](astral-sh/uv@0.11.25...0.11.26) Released on 2026-06-30. ##### Performance - Adapt uv to IDs-only PubGrub dependencies ([#​20048](astral-sh/uv#20048)) - Avoid allocations in `ForkMap::contains` ([#​20023](astral-sh/uv#20023)) - Reuse resolver work across PubGrub iterations ([#​20020](astral-sh/uv#20020)) - Speed up candidate selection for disjoint ranges ([#​20026](astral-sh/uv#20026)) ##### Bug fixes - Warn when the build cache is inside the source directory ([#​20056](astral-sh/uv#20056)) ### [`v0.11.25`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01125) [Compare Source](astral-sh/uv@0.11.24...0.11.25) Released on 2026-06-26. ##### Security This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted. See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes. ##### Enhancements - Add a full "lockfile" to tool receipts ([#​18937](astral-sh/uv#18937)) - Allow scoped overrides to add dependencies ([#​19974](astral-sh/uv#19974)) - Avoid writing redundant lockfile markers with `tool.uv.environments` ([#​19933](astral-sh/uv#19933)) - Factor supported environments out of lockfile markers ([#​19969](astral-sh/uv#19969)) - Recommend our own build backend in the build frontend ([#​19994](astral-sh/uv#19994)) - Reject wheels with multiple .dist-info directories ([#​19986](astral-sh/uv#19986)) - Simplify dependency markers under parent reachability ([#​19971](astral-sh/uv#19971)) - Support scoped dependency exclusions ([#​19977](astral-sh/uv#19977)) - Support scoped dependency overrides ([#​19970](astral-sh/uv#19970)) - Explain why files are skipped in registry index parsing ([#​19983](astral-sh/uv#19983)) ##### Preview features - Add `uv workspace list --scripts` ([#​20009](astral-sh/uv#20009)) - Support centralised environments in `uv venv` ([#​19912](astral-sh/uv#19912)) - Use locked ty versions in `uv check` ([#​19884](astral-sh/uv#19884)) - Add centralized storage of project environments ([#​18214](astral-sh/uv#18214)) - Verify lockfile hashes before reusing a cached ty in `uv check` ([#​19995](astral-sh/uv#19995)) - Use locked dependency selection for `uv check --script` ([#​19989](astral-sh/uv#19989)) ##### Bug fixes - Preserve standalone markers in workspace metadata ([#​20011](astral-sh/uv#20011)) - Reject `uv build` if the cache dir is enclosed ([#​19991](astral-sh/uv#19991)) ### [`v0.11.24`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01124) [Compare Source](astral-sh/uv@0.11.23...0.11.24) Released on 2026-06-23. ##### Python - Add CPython 3.15.0b3 ([#​19964](astral-sh/uv#19964)) ##### Preview features - Make project environments relocatable under preview ([#​19965](astral-sh/uv#19965)) ##### Performance - Use a compact index for lazy version maps ([#​19959](astral-sh/uv#19959)) ##### Bug fixes - Allow disabling `exclude-newer` ([#​19934](astral-sh/uv#19934)) - Avoid archive id collisions ([#​19949](astral-sh/uv#19949)) - Reapply "Fix transparent Python upgrades in project environments" ([#​19928](astral-sh/uv#19928)) - Clean up partial tool entrypoint installs ([#​19966](astral-sh/uv#19966)) - Fix relocatable `activate.fish` and broaden Fish version support ([#​19856](astral-sh/uv#19856)) ### [`v0.11.23`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01123) [Compare Source](astral-sh/uv@0.11.22...0.11.23) Released on 2026-06-19. ##### Bug fixes - Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#​19925](astral-sh/uv#19925)) - Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#​19926](astral-sh/uv#19926)) ### [`v0.11.22`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01122) [Compare Source](astral-sh/uv@0.11.21...0.11.22) Released on 2026-06-18. ##### Enhancements - Publish wheels before sdists in `uv publish` ([#​19831](astral-sh/uv#19831)) - Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#​19821](astral-sh/uv#19821)) ##### Preview features - Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#​18437](astral-sh/uv#18437)) - Update the lockfile during `uv check --no-sync` ([#​19909](astral-sh/uv#19909)) - Add `--script` to `uv check` and `uv metadata` ([#​19860](astral-sh/uv#19860)) - Report workspace-exclusive dependency groups in `workspace metadata` ([#​19862](astral-sh/uv#19862)) - Support SARIF as a `uv audit` output ([#​19872](astral-sh/uv#19872)) ##### Performance - Use a more deadlock-resistant concurrent hashmap in the resolver ([#​19532](astral-sh/uv#19532)) ##### Bug fixes - Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#​19808](astral-sh/uv#19808)) - Reject extras that have the same normalized name ([#​19871](astral-sh/uv#19871)) - Reject dependency group `include-group` entries that have additional fields ([#​19866](astral-sh/uv#19866)) - Reject invalid UTF-8 URL credentials ([#​19814](astral-sh/uv#19814)) - Validate that PEP 517 `backend-path`s exist when building sdists ([#​19834](astral-sh/uv#19834)) - Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#​19869](astral-sh/uv#19869)) - Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#​19868](astral-sh/uv#19868)) - Allow `uv` to be recursively invoked by PEP 517 build hooks ([#​19879](astral-sh/uv#19879)) - Allow empty `credentials.toml` files ([#​19815](astral-sh/uv#19815)) - Fix transparent Python upgrades in project environments ([#​19890](astral-sh/uv#19890)) - Handle non-file editable URLs in `uv pip list` ([#​19867](astral-sh/uv#19867)) - Fix incorrect output from `uv tree --invert` ([#​19910](astral-sh/uv#19910)) - Fix environment locking of `uv venv` in a project ([#​19837](astral-sh/uv#19837)) - Fix handling of workspace-exclusive dependency groups in `uv tree` ([#​19905](astral-sh/uv#19905)) ##### Documentation - Archive the 0.10.x changelog ([#​19813](astral-sh/uv#19813)) ##### Other changes - Mark more tests as requiring network for vendors that need to run tests offline ([#​19819](astral-sh/uv#19819)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIzMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiLCJhdXRvbWF0aW9uOmJvdC1hdXRob3JlZCIsImRlcGVuZGVuY3ktdHlwZTo6cGF0Y2giXX0=-->
Automated mise tool upgrades from local config. Updated tools: - `uv` Command: `mise upgrade --bump --local uv` <details> <summary>Version changelog (uv)</summary> | Tool | Requested | Installed | |------|-----------|-----------| | `uv` | `0.11.0` → `0.11.28` | `0.11.0` → `0.11.28` | </details> <details> <summary>Release notes (1 tools)</summary> <details> <summary>uv: `0.11.0` → `0.11.28` (astral-sh/uv)</summary> ### 0.11.19 ## Release Notes Released on 2026-06-03. ### Python - Add CPython 3.15.0b2 ([#19531](astral-sh/uv#19531)) ### Enhancements - Always compute SHA256 for remote distributions ([#19662](astral-sh/uv#19662)) - Add PyEmscripten platform (PEP 783) ([#19629](astral-sh/uv#19629)) - Add Pyodide 2025 target triple ([#19653](astral-sh/uv#19653)) ### Preview features - Make preview features for commands have names that aren't ambiguous with the command ([#19645](astral-sh/uv#19645)) - Respect `--isolated` in `uv check` ([#19666](astral-sh/uv#19666)) ### Bug fixes - Continue tool uninstall after dangling receipts ([#19623](astral-sh/uv#19623)) - Skip Unix-specific installation steps when cross-installing Windows Python distributions ([#19424](astral-sh/uv#19424)) ## Install uv 0.11.19 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex" ``` ## Download uv 0.11.19 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarc… (truncated) ### 0.11.20 ## Release Notes Released on 2026-06-10. ### Enhancements - Add `--emit-index-url` and `--emit-find-links` to `uv export` ([#18370](astral-sh/uv#18370)) - Add `--find-links` support for `uv pip list` ([#16103](astral-sh/uv#16103)) - Group executable install errors during `uv python install` ([#19691](astral-sh/uv#19691)) - Use ICF in macOS release builds to reduce binary sizes ([#19615](astral-sh/uv#19615)) ### Preview features - Add initial hidden `uv upgrade` command ([#19678](astral-sh/uv#19678)) - Reject Git revisions in `uv upgrade` ([#19742](astral-sh/uv#19742)) ### Configuration - Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`, `UV_NO_INSTALL_LOCAL` ([#19323](astral-sh/uv#19323)) ### Performance - Speed up discovery of large workspaces ([#18311](astral-sh/uv#18311)) ### Bug fixes - Allow unknown preview flags with a warning again ([#19669](astral-sh/uv#19669)) - Apply dependency exclusions to direct requirements ([#19699](astral-sh/uv#19699)) - Avoid following external symlinks during cache clean ([#19682](astral-sh/uv#19682)) - Avoid following symlinks during cache prune ([#19543](astral-sh/uv#19543)) - Fix Git cache keys for worktrees and packed refs ([#19706](astral-sh/uv#19706)) - Make resolver error handling iterative to avoid stack overflows ([#19695](astral-sh/uv#19695)) - Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows ([#19703](astral-sh/uv#19703)) - Rebuild explicit local directory tool installs ([#19591](astral-sh/uv#19591)) - Validate egg top-level entries as identifiers ([#19679](https://github.com/astral-sh/uv/pull/19… (truncated) ### 0.11.21 ## Release Notes Released on 2026-06-11. ### Python - Add CPython 3.13.14 and 3.14.6 ([#19787](astral-sh/uv#19787)) ### Preview features - Add `environment.root` to `uv workspace metadata --sync` ([#19760](astral-sh/uv#19760)) - Allow `uv upgrade` to update a single dependency constraint ([#19738](astral-sh/uv#19738)) - Compute and pass `uv workspace metadata` payload in `ty check` ([#19763](astral-sh/uv#19763)) - Make packaged applications the default for `uv init` ([#17841](astral-sh/uv#17841)) ### Performance - Add parallel discovery of Python versions for `uv python list` ([#18684](astral-sh/uv#18684)) - Avoid normalizing source distribution names twice ([#19784](astral-sh/uv#19784)) ### Bug fixes - Improve cache robustness and pruning behavior - Allow CI cache pruning without an sdist bucket ([#19802](astral-sh/uv#19802)) - Avoid overflow when reading malformed cache entries ([#19799](astral-sh/uv#19799)) - Preserve cached Python downloads during cache pruning ([#19795](astral-sh/uv#19795)) - Reject running inside the cache ([#19659](astral-sh/uv#19659)) - Fix Python discovery and version request edge cases - Avoid panics for Unicode Python version requests ([#19797](astral-sh/uv#19797)) - Fix handling of non-critical errors in `uv python list` with path requests ([#19774](astral-sh/uv#19774)) - Fix stop-discovery-at regression ([#19769](astral-sh/uv#19769)) - Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets - Allow trailing commas in version specifiers ([#19806](astral-sh/uv#19806)) - Avoid panics for invalid UTF-8 URL… (truncated) ### 0.11.22 ## Release Notes Released on 2026-06-18. ### Enhancements - Publish wheels before sdists in `uv publish` ([#19831](astral-sh/uv#19831)) - Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#19821](astral-sh/uv#19821)) ### Preview features - Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#18437](astral-sh/uv#18437)) - Update the lockfile during `uv check --no-sync` ([#19909](astral-sh/uv#19909)) - Add `--script` to `uv check` and `uv metadata` ([#19860](astral-sh/uv#19860)) - Report workspace-exclusive dependency groups in `workspace metadata` ([#19862](astral-sh/uv#19862)) - Support SARIF as a `uv audit` output ([#19872](astral-sh/uv#19872)) ### Performance - Use a more deadlock-resistant concurrent hashmap in the resolver ([#19532](astral-sh/uv#19532)) ### Bug fixes - Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#19808](astral-sh/uv#19808)) - Reject extras that have the same normalized name ([#19871](astral-sh/uv#19871)) - Reject dependency group `include-group` entries that have additional fields ([#19866](astral-sh/uv#19866)) - Reject invalid UTF-8 URL credentials ([#19814](astral-sh/uv#19814)) - Validate that PEP 517 `backend-path`s exist when building sdists ([#19834](astral-sh/uv#19834)) - Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#19869](astral-sh/uv#19869)) - Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#19868](astral-sh/uv#19868)) - Allow `u… (truncated) ### 0.11.23 ## Release Notes Released on 2026-06-19. ### Bug fixes - Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#19925](astral-sh/uv#19925)) - Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#19926](astral-sh/uv#19926)) ## Install uv 0.11.23 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex" ``` ## Download uv 0.11.23 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip.sha256) | | [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip) | x86 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip.sha256) | | [uv-x86_64-pc-windows-msvc.zip](http… (truncated) ### 0.11.24 ## Release Notes Released on 2026-06-23. ### Python - Add CPython 3.15.0b3 ([#19964](astral-sh/uv#19964)) ### Preview features - Make project environments relocatable under preview ([#19965](astral-sh/uv#19965)) ### Performance - Use a compact index for lazy version maps ([#19959](astral-sh/uv#19959)) ### Bug fixes - Allow disabling `exclude-newer` ([#19934](astral-sh/uv#19934)) - Avoid archive id collisions ([#19949](astral-sh/uv#19949)) - Reapply "Fix transparent Python upgrades in project environments" ([#19928](astral-sh/uv#19928)) - Clean up partial tool entrypoint installs ([#19966](astral-sh/uv#19966)) - Fix relocatable `activate.fish` and broaden Fish version support ([#19856](astral-sh/uv#19856)) ## Install uv 0.11.24 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex" ``` ## Download uv 0.11.24 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarch64-pc-windows-msvc.zip](https://releases.ast… (truncated) ### 0.11.25 ## Release Notes Released on 2026-06-26. ### Security This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted. See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes. ### Enhancements - Add a full "lockfile" to tool receipts ([#18937](astral-sh/uv#18937)) - Allow scoped overrides to add dependencies ([#19974](astral-sh/uv#19974)) - Avoid writing redundant lockfile markers with `tool.uv.environments` ([#19933](astral-sh/uv#19933)) - Factor supported environments out of lockfile markers ([#19969](astral-sh/uv#19969)) - Recommend our own build backend in the build frontend ([#19994](astral-sh/uv#19994)) - Reject wheels with multiple .dist-info directories ([#19986](astral-sh/uv#19986)) - Simplify dependency markers under parent reachability ([#19971](astral-sh/uv#19971)) - Support scoped dependency exclusions ([#19977](astral-sh/uv#19977)) - Support scoped dependency overrides ([#19970](astral-sh/uv#19970)) - Explain why files are skipped in registry index parsing ([#19983](astral-sh/uv#19983)) ### Preview features - Add `uv workspace list --scripts` ([#20009](astral-sh/uv#20009)) - Support centralised environments in `uv venv` ([#19912](astral-sh/uv#19912)) - Use locked ty versions in `uv check` ([#19884](astral-sh/uv#19884)) - Add centralized storage of project environ… (truncated) ### 0.11.26 ## Release Notes Released on 2026-06-30. ### Performance - Adapt uv to IDs-only PubGrub dependencies ([#20048](astral-sh/uv#20048)) - Avoid allocations in `ForkMap::contains` ([#20023](astral-sh/uv#20023)) - Reuse resolver work across PubGrub iterations ([#20020](astral-sh/uv#20020)) - Speed up candidate selection for disjoint ranges ([#20026](astral-sh/uv#20026)) ### Bug fixes - Warn when the build cache is inside the source directory ([#20056](astral-sh/uv#20056)) ## Install uv 0.11.26 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.ps1 | iex" ``` ## Download uv 0.11.26 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip.sha256) | | [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-i686-pc-window… (truncated) ### 0.11.27 ## Release Notes Released on 2026-07-06. ### Enhancements - Continue on ignored errors when fetching wheel metadata ([#12255](astral-sh/uv#12255)) - Use caching for `--python-downloads-json-url` ([#16749](astral-sh/uv#16749)) ### Preview features - Discover extensionless shebang scripts in `uv workspace list --scripts` ([#20099](astral-sh/uv#20099)) ### Performance - Avoid full site-packages scans for direct reinstalls ([#20119](astral-sh/uv#20119)) - Avoid redundant pyproject parsing ([#20076](astral-sh/uv#20076)) - Cache default dependency markers when reading locks ([#20125](astral-sh/uv#20125)) - Enable SIMD-accelerated TOML parsing ([#20079](astral-sh/uv#20079)) - Intern `requires-python` specifiers in Simple API parsing ([#20104](astral-sh/uv#20104)) - Read cache entries into exact-sized buffers ([#20120](astral-sh/uv#20120)) - Reduce VersionSpecifiers parsing allocations ([#20105](astral-sh/uv#20105)) - Reduce site-packages scan allocation overhead ([#20087](astral-sh/uv#20087)) - Reuse package names when parsing wheel filenames ([#20110](astral-sh/uv#20110)) - Sort Simple API files after grouping ([#20112](astral-sh/uv#20112)) ### Bug fixes - Always emit `packages` table for pylock.toml ([#20145](astral-sh/uv#20145)) - Avoid blank line for empty `uv pip tree` ([#20062](astral-sh/uv#20062)) - Encode hashes in file paths ([#19807](astral-sh/uv#19807)) - Error on a registry uv.lock package without a version instead of panicking ([#19855](astral-sh/uv#19855)) - Preserve conditional extra markers in exports ([#20148](https://github.com/astra… (truncated) ### 0.11.28 ## Release Notes Released on 2026-07-07. ### Security This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted. See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes. ### Python - Upgrade GraalPy to 25.1.3 ([#20069](astral-sh/uv#20069)) ### Enhancements - Improve trace logs for unexpected error chains ([#20220](astral-sh/uv#20220)) - Move lockfile update guidance to a hint ([#20219](astral-sh/uv#20219)) - Preserve indentation for multiline error causes ([#20156](astral-sh/uv#20156)) - Render user errors with their cause chains ([#20217](astral-sh/uv#20217)) - Route final command errors through the printer to respect `-q` and `-qq` ([#20163](astral-sh/uv#20163)) - Use standard rendering for `uv build` errors ([#20159](astral-sh/uv#20159)) - Use standard rendering for tool requirement errors ([#20160](astral-sh/uv#20160)) ### Performance - Only compile bytecode for installed distributions in `uv pip install` ([#19914](astral-sh/uv#19914)) - Avoid allocating URL-safe Git revisions ([#20194](astral-sh/uv#20194)) - Avoid allocating canonical Python request strings ([#20193](astral-sh/uv#20193)) - Avoid allocating custom Astral mirror URLs ([#20204](astral-sh/uv#20204)) - Avoid allocating expanded compatibility tags ([#20190](astral-sh/uv#20190)) - Avoid allocating shell stri… (truncated) _Omitted 18 older releases._ </details> </details> Modified files: - `.mise.toml`
Automated mise tool upgrades from local config. Updated tools: - `uv` Command: `mise upgrade --bump --local uv` <details> <summary>Version changelog (uv)</summary> | Tool | Requested | Installed | |------|-----------|-----------| | `uv` | `0.11.0` → `0.11.28` | `0.11.0` → `0.11.28` | </details> <details> <summary>Release notes (1 tools)</summary> <details> <summary>uv: `0.11.0` → `0.11.28` (astral-sh/uv)</summary> ### 0.11.19 ## Release Notes Released on 2026-06-03. ### Python - Add CPython 3.15.0b2 ([#19531](astral-sh/uv#19531)) ### Enhancements - Always compute SHA256 for remote distributions ([#19662](astral-sh/uv#19662)) - Add PyEmscripten platform (PEP 783) ([#19629](astral-sh/uv#19629)) - Add Pyodide 2025 target triple ([#19653](astral-sh/uv#19653)) ### Preview features - Make preview features for commands have names that aren't ambiguous with the command ([#19645](astral-sh/uv#19645)) - Respect `--isolated` in `uv check` ([#19666](astral-sh/uv#19666)) ### Bug fixes - Continue tool uninstall after dangling receipts ([#19623](astral-sh/uv#19623)) - Skip Unix-specific installation steps when cross-installing Windows Python distributions ([#19424](astral-sh/uv#19424)) ## Install uv 0.11.19 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex" ``` ## Download uv 0.11.19 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarc… (truncated) ### 0.11.20 ## Release Notes Released on 2026-06-10. ### Enhancements - Add `--emit-index-url` and `--emit-find-links` to `uv export` ([#18370](astral-sh/uv#18370)) - Add `--find-links` support for `uv pip list` ([#16103](astral-sh/uv#16103)) - Group executable install errors during `uv python install` ([#19691](astral-sh/uv#19691)) - Use ICF in macOS release builds to reduce binary sizes ([#19615](astral-sh/uv#19615)) ### Preview features - Add initial hidden `uv upgrade` command ([#19678](astral-sh/uv#19678)) - Reject Git revisions in `uv upgrade` ([#19742](astral-sh/uv#19742)) ### Configuration - Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`, `UV_NO_INSTALL_LOCAL` ([#19323](astral-sh/uv#19323)) ### Performance - Speed up discovery of large workspaces ([#18311](astral-sh/uv#18311)) ### Bug fixes - Allow unknown preview flags with a warning again ([#19669](astral-sh/uv#19669)) - Apply dependency exclusions to direct requirements ([#19699](astral-sh/uv#19699)) - Avoid following external symlinks during cache clean ([#19682](astral-sh/uv#19682)) - Avoid following symlinks during cache prune ([#19543](astral-sh/uv#19543)) - Fix Git cache keys for worktrees and packed refs ([#19706](astral-sh/uv#19706)) - Make resolver error handling iterative to avoid stack overflows ([#19695](astral-sh/uv#19695)) - Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows ([#19703](astral-sh/uv#19703)) - Rebuild explicit local directory tool installs ([#19591](astral-sh/uv#19591)) - Validate egg top-level entries as identifiers ([#19679](https://github.com/astral-sh/uv/pull/19… (truncated) ### 0.11.21 ## Release Notes Released on 2026-06-11. ### Python - Add CPython 3.13.14 and 3.14.6 ([#19787](astral-sh/uv#19787)) ### Preview features - Add `environment.root` to `uv workspace metadata --sync` ([#19760](astral-sh/uv#19760)) - Allow `uv upgrade` to update a single dependency constraint ([#19738](astral-sh/uv#19738)) - Compute and pass `uv workspace metadata` payload in `ty check` ([#19763](astral-sh/uv#19763)) - Make packaged applications the default for `uv init` ([#17841](astral-sh/uv#17841)) ### Performance - Add parallel discovery of Python versions for `uv python list` ([#18684](astral-sh/uv#18684)) - Avoid normalizing source distribution names twice ([#19784](astral-sh/uv#19784)) ### Bug fixes - Improve cache robustness and pruning behavior - Allow CI cache pruning without an sdist bucket ([#19802](astral-sh/uv#19802)) - Avoid overflow when reading malformed cache entries ([#19799](astral-sh/uv#19799)) - Preserve cached Python downloads during cache pruning ([#19795](astral-sh/uv#19795)) - Reject running inside the cache ([#19659](astral-sh/uv#19659)) - Fix Python discovery and version request edge cases - Avoid panics for Unicode Python version requests ([#19797](astral-sh/uv#19797)) - Fix handling of non-critical errors in `uv python list` with path requests ([#19774](astral-sh/uv#19774)) - Fix stop-discovery-at regression ([#19769](astral-sh/uv#19769)) - Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets - Allow trailing commas in version specifiers ([#19806](astral-sh/uv#19806)) - Avoid panics for invalid UTF-8 URL… (truncated) ### 0.11.22 ## Release Notes Released on 2026-06-18. ### Enhancements - Publish wheels before sdists in `uv publish` ([#19831](astral-sh/uv#19831)) - Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#19821](astral-sh/uv#19821)) ### Preview features - Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#18437](astral-sh/uv#18437)) - Update the lockfile during `uv check --no-sync` ([#19909](astral-sh/uv#19909)) - Add `--script` to `uv check` and `uv metadata` ([#19860](astral-sh/uv#19860)) - Report workspace-exclusive dependency groups in `workspace metadata` ([#19862](astral-sh/uv#19862)) - Support SARIF as a `uv audit` output ([#19872](astral-sh/uv#19872)) ### Performance - Use a more deadlock-resistant concurrent hashmap in the resolver ([#19532](astral-sh/uv#19532)) ### Bug fixes - Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#19808](astral-sh/uv#19808)) - Reject extras that have the same normalized name ([#19871](astral-sh/uv#19871)) - Reject dependency group `include-group` entries that have additional fields ([#19866](astral-sh/uv#19866)) - Reject invalid UTF-8 URL credentials ([#19814](astral-sh/uv#19814)) - Validate that PEP 517 `backend-path`s exist when building sdists ([#19834](astral-sh/uv#19834)) - Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#19869](astral-sh/uv#19869)) - Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#19868](astral-sh/uv#19868)) - Allow `u… (truncated) ### 0.11.23 ## Release Notes Released on 2026-06-19. ### Bug fixes - Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#19925](astral-sh/uv#19925)) - Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#19926](astral-sh/uv#19926)) ## Install uv 0.11.23 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex" ``` ## Download uv 0.11.23 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip.sha256) | | [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip) | x86 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip.sha256) | | [uv-x86_64-pc-windows-msvc.zip](http… (truncated) ### 0.11.24 ## Release Notes Released on 2026-06-23. ### Python - Add CPython 3.15.0b3 ([#19964](astral-sh/uv#19964)) ### Preview features - Make project environments relocatable under preview ([#19965](astral-sh/uv#19965)) ### Performance - Use a compact index for lazy version maps ([#19959](astral-sh/uv#19959)) ### Bug fixes - Allow disabling `exclude-newer` ([#19934](astral-sh/uv#19934)) - Avoid archive id collisions ([#19949](astral-sh/uv#19949)) - Reapply "Fix transparent Python upgrades in project environments" ([#19928](astral-sh/uv#19928)) - Clean up partial tool entrypoint installs ([#19966](astral-sh/uv#19966)) - Fix relocatable `activate.fish` and broaden Fish version support ([#19856](astral-sh/uv#19856)) ## Install uv 0.11.24 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex" ``` ## Download uv 0.11.24 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarch64-pc-windows-msvc.zip](https://releases.ast… (truncated) ### 0.11.25 ## Release Notes Released on 2026-06-26. ### Security This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted. See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes. ### Enhancements - Add a full "lockfile" to tool receipts ([#18937](astral-sh/uv#18937)) - Allow scoped overrides to add dependencies ([#19974](astral-sh/uv#19974)) - Avoid writing redundant lockfile markers with `tool.uv.environments` ([#19933](astral-sh/uv#19933)) - Factor supported environments out of lockfile markers ([#19969](astral-sh/uv#19969)) - Recommend our own build backend in the build frontend ([#19994](astral-sh/uv#19994)) - Reject wheels with multiple .dist-info directories ([#19986](astral-sh/uv#19986)) - Simplify dependency markers under parent reachability ([#19971](astral-sh/uv#19971)) - Support scoped dependency exclusions ([#19977](astral-sh/uv#19977)) - Support scoped dependency overrides ([#19970](astral-sh/uv#19970)) - Explain why files are skipped in registry index parsing ([#19983](astral-sh/uv#19983)) ### Preview features - Add `uv workspace list --scripts` ([#20009](astral-sh/uv#20009)) - Support centralised environments in `uv venv` ([#19912](astral-sh/uv#19912)) - Use locked ty versions in `uv check` ([#19884](astral-sh/uv#19884)) - Add centralized storage of project environ… (truncated) ### 0.11.26 ## Release Notes Released on 2026-06-30. ### Performance - Adapt uv to IDs-only PubGrub dependencies ([#20048](astral-sh/uv#20048)) - Avoid allocations in `ForkMap::contains` ([#20023](astral-sh/uv#20023)) - Reuse resolver work across PubGrub iterations ([#20020](astral-sh/uv#20020)) - Speed up candidate selection for disjoint ranges ([#20026](astral-sh/uv#20026)) ### Bug fixes - Warn when the build cache is inside the source directory ([#20056](astral-sh/uv#20056)) ## Install uv 0.11.26 ### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.sh | sh ``` ### Install prebuilt binaries via powershell script ```sh powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.ps1 | iex" ``` ## Download uv 0.11.26 | File | Platform | Checksum | |--------|----------|----------| | [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz.sha256) | | [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz.sha256) | | [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip.sha256) | | [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-i686-pc-window… (truncated) ### 0.11.27 ## Release Notes Released on 2026-07-06. ### Enhancements - Continue on ignored errors when fetching wheel metadata ([#12255](astral-sh/uv#12255)) - Use caching for `--python-downloads-json-url` ([#16749](astral-sh/uv#16749)) ### Preview features - Discover extensionless shebang scripts in `uv workspace list --scripts` ([#20099](astral-sh/uv#20099)) ### Performance - Avoid full site-packages scans for direct reinstalls ([#20119](astral-sh/uv#20119)) - Avoid redundant pyproject parsing ([#20076](astral-sh/uv#20076)) - Cache default dependency markers when reading locks ([#20125](astral-sh/uv#20125)) - Enable SIMD-accelerated TOML parsing ([#20079](astral-sh/uv#20079)) - Intern `requires-python` specifiers in Simple API parsing ([#20104](astral-sh/uv#20104)) - Read cache entries into exact-sized buffers ([#20120](astral-sh/uv#20120)) - Reduce VersionSpecifiers parsing allocations ([#20105](astral-sh/uv#20105)) - Reduce site-packages scan allocation overhead ([#20087](astral-sh/uv#20087)) - Reuse package names when parsing wheel filenames ([#20110](astral-sh/uv#20110)) - Sort Simple API files after grouping ([#20112](astral-sh/uv#20112)) ### Bug fixes - Always emit `packages` table for pylock.toml ([#20145](astral-sh/uv#20145)) - Avoid blank line for empty `uv pip tree` ([#20062](astral-sh/uv#20062)) - Encode hashes in file paths ([#19807](astral-sh/uv#19807)) - Error on a registry uv.lock package without a version instead of panicking ([#19855](astral-sh/uv#19855)) - Preserve conditional extra markers in exports ([#20148](https://github.com/astra… (truncated) ### 0.11.28 ## Release Notes Released on 2026-07-07. ### Security This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted. See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes. ### Python - Upgrade GraalPy to 25.1.3 ([#20069](astral-sh/uv#20069)) ### Enhancements - Improve trace logs for unexpected error chains ([#20220](astral-sh/uv#20220)) - Move lockfile update guidance to a hint ([#20219](astral-sh/uv#20219)) - Preserve indentation for multiline error causes ([#20156](astral-sh/uv#20156)) - Render user errors with their cause chains ([#20217](astral-sh/uv#20217)) - Route final command errors through the printer to respect `-q` and `-qq` ([#20163](astral-sh/uv#20163)) - Use standard rendering for `uv build` errors ([#20159](astral-sh/uv#20159)) - Use standard rendering for tool requirement errors ([#20160](astral-sh/uv#20160)) ### Performance - Only compile bytecode for installed distributions in `uv pip install` ([#19914](astral-sh/uv#19914)) - Avoid allocating URL-safe Git revisions ([#20194](astral-sh/uv#20194)) - Avoid allocating canonical Python request strings ([#20193](astral-sh/uv#20193)) - Avoid allocating custom Astral mirror URLs ([#20204](astral-sh/uv#20204)) - Avoid allocating expanded compatibility tags ([#20190](astral-sh/uv#20190)) - Avoid allocating shell stri… (truncated) _Omitted 18 older releases._ </details> </details> Modified files: - `.mise.toml` Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
We observed what appears to be a collision between
ArchiveIdsin https://github.com/astral-sh/ruff/actions/runs/27950213732/job/82705000710?pr=26198. This may happen if two processes installing the same package are started at exactly the same time, which is plausible in the ruff test suite. Using a secure RNG prevents this.