0.11.29
0.11.29
Release Notes
Release Notes
Released on 2026-07-15.
Python
- Use gzip-compressed artifacts for PyPy downloads (#20265)
Enhancements
- Add JSON output to
uv tree(#19978) - Add CUDA 13.2 as a supported PyTorch backend (#20267)
- Prefer local artifacts over URLs when installing from
pylock.toml(#20393) - Clarify diagnostics for unsatisfiable direct requirement ranges (#20227)
- Include the selected project name in missing-extra errors (#20358)
Preview features
- Preserve extras and dependency-group conflict context when selecting locked project tools (#20078)
- Split OSV audit queries that exceed the service's 1,000-package limit (#20398)
- Apply OSV fixed-version information only to the matching package and ecosystem (#20399)
- Skip the virtualenv distutils monkeypatch on Python 3.10 and later (#20222)
- Report invalid
uv audit --service-urlvalues instead of panicking (#20374) - Include preview settings in the published SchemaStore schema (#20304)
Performance
- Reduce resolver work by widening selected versions across ranges without other known candidates (#20115)
- Defer client and build setup for no-op
uv syncoperations (#20364) - Reuse workspace discovery during frozen syncs (#20363)
- Reuse workspace discovery after resolving settings (#20356)
- Reuse workspace discovery in
uv tree,uv export,uv format, anduv audit(#20359) - Avoid cache and interpreter setup when reading a project version (#20360)
Bug fixes
- Reject duplicate active package entries in
pylock.toml(#20391) - Preserve direct-archive hashes in
uv pip freezeoutput (#20395) - Explain conflicting root requirements instead of displaying an empty version range (#20228)
- Prevent build-backend data paths from escaping the project or bypassing wheel exclusions (#20397)
- Reject PEP 517 backend paths outside the source tree, including paths that escape through symlinks (#20387)
- Redact credentials from failed Git fetch commands (#20401)
- Fix exclusive post-release range ordering to match PEP 440 (#20268)
- Canonicalize equivalent PEP 440 ranges during dependency resolution (#20182)
- Honor Python version pins when initializing scripts (#20404)
- Respect package-scoped source filtering for scripts (#20389)
- Report existing environment incompatibilities when
uv pip install --stricthas nothing to install (#20388) - Continue scanning
platlibwhenpurelibis missing (#20405) - Handle versionless
.egg-infofiles as legacy package metadata (#20403) - Make repeated locking idempotent for impossible cross-variable platform markers (#20369)
- Report invalid cloud credential endpoint URLs instead of panicking (#20372)
- Report invalid
pylock.tomlartifact URLs instead of panicking (#20373) - Report non-UTF-8 virtual environment paths instead of panicking while generating activation scripts (#20375)
- Return an unsupported-operation error from unimplemented build-backend requirement hooks (#20376)
Documentation
- Clarify
--no-buildbehavior for editable requirements (#20234) - Document uv's threat model (#20236)
- Reduce the number of badges in the README (#11257)
Install uv 0.11.29
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.29/uv-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.29/uv-installer.ps1 | iex"
Download uv 0.11.29
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv
You can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>