You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release includes a special release candidate for the next Python 3.14 patch release. Python 3.14 included a new garbage collection implementation, which reduced pause times but caused significant unexpected memory pressure in production environments. In 3.14.5 and 3.15, the previous garbage collection implementation will be restored.
We would greatly appreciate if you tested the 3.14.5rc1 version included in this release. The stable version is expected to be released soon and any feedback on potential issues would be helpful to the Python development team.
This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.
Bug fixes
Do not remove files outside the venv on uninstall (#18942)
Validate and heal wheel RECORD during installation (#18943)
Avoid uv cache clean errors due to Win32 path normalization (#18856)
This release includes changes to the networking stack used by uv. While we think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so we have marked the change as breaking out of an abundance of caution.
The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13 which included some breaking changes to TLS certificate verification.
This change should have no effect unless you are using the native-tls option to enable reading system certificates.
rustls-platform-verifier delegates to the system for certificate validation (e.g., Security.framework on macOS) instead of eagerly loading certificates from the system and verifying them via webpki. The effects of this change will vary based on the operating system. In general, uv's certificate validation should now be more consistent with browsers and other native applications. However, this is the most likely cause of breaking changes in this release. Some previously failing certificate chains may succeed, and some previously accepted certificate chains may fail. In either case, we expect the validation to be more correct and welcome reports of regressions.
In particular, because more responsibility for validating the certificate is transferred to your system's security library, some features like CA constraints or revocation of certificates via OCSP and CRLs may now be used.
This change should improve performance when using system certificate on macOS, as uv no longer needs to load all certificates from the keychain at startup.
aws-lc is used instead of ring for a cryptography backend
There should not be breaking changes from this change. We expect this to expand support for certificate signature algorithms.
--native-tls is deprecated in favor of a new --system-certs flag
The --native-tls flag is still usable and has identical behavior to --system-certs.
This change was made to reduce confusion about the TLS implementation uv uses. uv always uses rustls not native-tls.
Building uv on x86-64 and i686 Windows requires NASM
NASM is required by aws-lc. If not found on the system, a prebuilt blob provided by aws-lc-sys will be used.
If you are not building uv from source, this change has no effect.
Numpy 2.5.0 is a transitional release. It drops support for Python 3.11,
marking the end of distutils, and expires a large number of deprecations made
in the 2.0.x release. It also improves free threading and brings sorting into
compliance with the array-api standard with the addition of descending sorts.
There is also a fair amount of preparation for Python 3.15, which will be
supported starting with the first rc.
This release supports Python versions 3.12-3.14.
Highlights
Distutils has been removed,
Many expired deprecations, see below,
Many new deprecations, see below,
Many static typing improvements.
Improved support for free threading,
Support for descending sorts,
See New Features below for other additions.
Deprecations
numpy.char.chararray is deprecated. Use an ndarray with a string or bytes dtype instead.
numpy.take now correctly checks if the result can be cast to the provided out=out under the same-kind rule. A DeprecationWarning is given now
when this check fails. Previously, take incorrectly checked if out
could be cast to the result (the wrong direction). This deprecation also
affects compress and possibly other functions. (Future versions of NumPy
may tighten the casting check further.)
Setting the dtype attribute is deprecated because mutating an array is unsafe
if an array is shared, especially by multiple threads. As an alternative,
you can create a view with a new dtype via array.view(dtype=new_dtype).
Setting the shape attribute is deprecated because mutating an array is
unsafe if an array is shared, especially by multiple threads. As an
alternative, you can create a new view via np.reshape or np.ndarray.reshape. For example: x = np.arange(15); x = np.reshape(x, (3, 5)).
To ensure no copy is made from the data, one can use np.reshape(..., copy=False).
While setting the shape on an array is discouraged, for cases where it is
difficult to work around, e.g., in __array_finalize__, it is possible
with the private method np.ndarray._set_shape.
Using the generic unit in numpy.timedelta64 is deprecated since this
can lead to unexpected behavior such as non-transitive comparison, see gh-28287 for details. As
an alternative, specify an explicit unit such as 's' (seconds) or 'D'
(days) when constructing numpy.timedelta64. Due to this change, operations
that implicitly rely on the generic unit are also deprecated. For
example:
arr = np.array([1, 2, 3], d
✂ Note
PR body was truncated to here.
Configuration
📅 Schedule: (in timezone Europe/Stockholm)
Branch creation
Between 01:00 PM and 05:59 PM, only on Friday (* 13-17 * * 5)
Automerge
At any time (no schedule defined)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
If you want to rebase/retry this PR, check this box
Security policy requires rejecting changes to workflow files (.github/workflows/*), even for automated dependency updates.
This PR modifies .github/workflows/python-cicd.yml to bump astral-sh/uv from 0.10.x to 0.11.x. While the change appears legitimate, the review policy for this repository does not permit auto-approval of workflow file modifications.
Note: v0.11.0 includes breaking changes to TLS certificate verification (switching from rustls-native-certs to rustls-platform-verifier). Manual review is recommended before merging.
✅ All modified and coverable lines are covered by tests.
🚀 New features to boost your workflow:
❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
renovateBot
changed the title
chore(deps): update dependency astral-sh/uv to 0.11.x
chore(deps): update update ci/build dependencies to 0.11.x
Jun 2, 2026
renovateBot
changed the title
chore(deps): update update ci/build dependencies to 0.11.x
chore(deps): update update ci/build dependencies
Jun 22, 2026
renovateBot
changed the title
chore(deps): update update ci/build dependencies
chore(deps): update dependency astral-sh/uv to 0.11.x
Jun 25, 2026
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: uv.lock
Command failed: uv lock --upgrade-package numpy
Downloading cpython-3.13.14-linux-x86_64-gnu (download) (33.4MiB)
Downloaded cpython-3.13.14-linux-x86_64-gnu (download)
Using CPython 3.13.14
× No solution found when resolving dependencies for split (markers:
│ python_full_version == '3.11.*'):
╰─▶ Because the requested Python version (>=3.11) does not satisfy
Python>=3.12 and numpy>=2.5.0 depends on Python>=3.12, we can conclude
that numpy>=2.5.0 cannot be used.
And because only the following versions of numpy are available:
numpy<=2.5.0
numpy==2.5.1
we can conclude that numpy>=2.5.0 cannot be used.
And because your project depends on numpy>=2.5.0 and your project
requires preservationeval[dev], we can conclude that your project's
requirements are unsatisfiable.
hint: While the active Python version is 3.13, the resolution failed for other Python versions supported by your project. Consider limiting your project's supported Python versions using `requires-python`.
hint: The `requires-python` value (>=3.11) includes Python versions that are not supported by your dependencies (e.g., numpy>=2.5.0 only supports >=3.12). Consider using a more restrictive `requires-python` value (like >=3.12).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.10.x→0.11.x0.11.28(+3)>=2.4.0,<2.5.0→>=2.5.0,<2.6.02.5.1>=2.4.0,<2.5.0→>=2.5.0,<2.6.02.5.1Release Notes
astral-sh/uv (astral-sh/uv)
v0.11.24Compare Source
Released on 2026-06-23.
Python
Preview features
Performance
Bug fixes
exclude-newer(#19934)activate.fishand broaden Fish version support (#19856)v0.11.23Compare Source
Released on 2026-06-19.
Bug fixes
pre-commit-uv(#19925)pyproject.tomlwould be treated as standalone projects (#19926)v0.11.22Compare Source
Released on 2026-06-18.
Enhancements
uv publish(#19831)TYandRUFFenv vars for providing paths for binaries used byuv formatanduv check(#19821)Preview features
uv.tomlandpyproject.toml(#18437)uv check --no-sync(#19909)--scripttouv checkanduv metadata(#19860)workspace metadata(#19862)uv auditoutput (#19872)Performance
Bug fixes
include-groupentries that have additional fields (#19866)backend-paths exist when building sdists (#19834)pylock.tomlfiles do not have an unsupported alock-version(#19869)packages.requires-pythonof apylock.toml(#19868)uvto be recursively invoked by PEP 517 build hooks (#19879)credentials.tomlfiles (#19815)uv pip list(#19867)uv tree --invert(#19910)uv venvin a project (#19837)uv tree(#19905)Documentation
Other changes
v0.11.21Compare Source
Released on 2026-06-11.
Python
Preview features
environment.roottouv workspace metadata --sync(#19760)uv upgradeto update a single dependency constraint (#19738)uv workspace metadatapayload inty check(#19763)uv init(#17841)Performance
uv python list(#18684)Bug fixes
uv python listwith path requests (#19774)v0.11.20Compare Source
Released on 2026-06-10.
Enhancements
--emit-index-urland--emit-find-linkstouv export(#18370)--find-linkssupport foruv pip list(#16103)uv python install(#19691)Preview features
uv upgradecommand (#19678)uv upgrade(#19742)Configuration
UV_NO_INSTALL_PROJECT,UV_NO_INSTALL_WORKSPACE,UV_NO_INSTALL_LOCAL(#19323)Performance
Bug fixes
VIRTUAL_ENVthroughcygpathinsidefishon Windows (#19703)Documentation
--find-linkscaching behavior (#19585)v0.11.19Compare Source
Released on 2026-06-03.
Python
Enhancements
Preview features
--isolatedinuv check(#19666)Bug fixes
v0.11.18Compare Source
Released on 2026-06-01.
Performance
Preview
uv checkto runtyfrom uv (#19605)Bug fixes
Other changes
v0.11.17Compare Source
Released on 2026-05-28.
Enhancements
uv addwith standard library modules (#19572)uv workspaceand itslistsubcommand in help output (#19533)ignore-error-codeswhen applicable (#19521)import-namesandimport-namespacessupport touv-build(PEP 794) (#19380)--no-editable-packageflag to various commands (#19584)uv toolinvocations (#19577)Preview features
uv workspace metadata(#19122)uv venv --clearto remove non-virtual environments (#19595)Bug fixes
tool.uv.conflicts(#19538)--env-fileinuv run(#19567)--check-url(#19594)--find-linksparsing (#19537)Documentation
v0.11.16Compare Source
Released on 2026-05-21.
Enhancements
Preview features
Configuration
UV_NO_SYSTEM_CONFIG(#19476)Bug fixes
uv-build(#19495)Documentation
v0.11.15Compare Source
Released on 2026-05-18.
Security
Enhancements
Preview
Configuration
required-environmentsinuv pip compile(#19378)Performance
Version::only_release_trimmed(#19425)Bug fixes
[tool.uv.sources]credentials underuv sync --frozen(#19423)Documentation
v0.11.14Compare Source
Released on 2026-05-12.
Enhancements
top_level.txtentries in uninstall that are not valid Python identifiers (#19340)Bug fixes
.envfiles in parent process (#19343)uv treeshowing extra-conditional deps for packages required without extras (#19332)--no-build) during lock validation (#19366)v0.11.13Compare Source
Released on 2026-05-10.
Bug fixes
--require-hasheswhen installing frompylock.tomlfiles (#19334)Python
Python
v0.11.12Compare Source
Released on 2026-05-08.
Python
Enhancements
--no-editablesupport touv pip install(#19306)Bug fixes
--no-devoverUV_DEV=1(#19313)--no-frozenflag (#19290) (#19294)Documentation
v0.11.11Compare Source
Released on 2026-05-06.
Bug fixes
v0.11.10Compare Source
Released on 2026-05-05.
Bug fixes
v0.11.9Compare Source
Released on 2026-05-04.
This release includes a special release candidate for the next Python 3.14 patch release. Python 3.14 included a new garbage collection implementation, which reduced pause times but caused significant unexpected memory pressure in production environments. In 3.14.5 and 3.15, the previous garbage collection implementation will be restored.
We would greatly appreciate if you tested the 3.14.5rc1 version included in this release. The stable version is expected to be released soon and any feedback on potential issues would be helpful to the Python development team.
For more context, see the announcement, issue, and pull request.
Issues with the new release can be reported in the uv or CPython issue trackers.
Python
libpythonto match LinuxEnhancements
Preview
uv auditadd reporting for adverse project statuses (#19128)Bug fixes
requires-pythonpins a version (#18700)LockedFile::dropon Wine (#19229)top_level.txtin.egg-info(#19114)PYTHONHOMEand only set__PYVENV_LAUNCHER__for virtual environments (#19199)Documentation
--native-tlsandUV_NATIVE_TLSas deprecated (#18705)pytorch-triton-rocmto PyTorch ROCm docs (#19241)uv initcreates git files / folders in the projects guide (#19183)v0.11.8Compare Source
Released on 2026-04-27.
Enhancements
--python-downloads-json-urltopython pin(#19092)pip uninstall -y(#19082)exclude-newerto be missing from the lockfile whenexclude-newer-spanis present (#19024)uv self version --short(#19019)SSL_CERT_DIRdirectory (#19018)exclude-newerandexclude-newer-packagevalues in lockfiles (#19022, #19101)Configuration
UV_PYTHON_NO_REGISTRY(#19035)UV_NO_PROJECT(#19052)UV_PYTHON_SEARCH_PATHfor Python discoveryPATHoverrides (#19034)Bug fixes
rust-toolchain.tomlto uv-build sdist (#19131)uv lockon apyproject.tomlthat only contains dependency-groups (#19087).python-version(#19102).tar.zstwheels (#19144)Distributions
Documentation
v0.11.7Compare Source
Released on 2026-04-15.
Python
2026041including an OpenSSL security upgrade (#19004)Enhancements
required-versionmismatches (#18977)--exclude-newerhints (#18952)Preview features
--scripthandling inuv audit(#18970)uv audit(#18970)Bug fixes
workspace metadatain linehaul data (#18966)uv sync --checkfailures (#18976)~=operators (#18960)v0.11.6Compare Source
Released on 2026-04-09.
This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.
Bug fixes
RECORDduring installation (#18943)uv cache cleanerrors due to Win32 path normalization (#18856)v0.11.5Compare Source
Released on 2026-04-08.
Python
Enhancements
build_system.requireserror message (#18911)Preview features
exclude-newerto[[tool.uv.index]](#18839)uv audit: add context/warnings for ignored vulnerabilities (#18905)Bug fixes
Documentation
PIP_COMPATIBILITY.mdredirect file (#18928)uv init example-bare --bareexamples (#18822, #18925)v0.11.4Compare Source
Released on 2026-04-07.
Enhancements
--upgrade-group(#18266)Bug fixes
pyproject.tomldependencies (#18786)--lockedand--frozenwhen script lockfile is missing (#18832)uv exportextra resolution for workspace member and conflicting extras (#18888)exclude-newervalues duringuv tree --outdated(#18899)--exclude-newerinuv tool list --outdated(#18861)Cargo.lockinuv-buildsource distributions (#18831)Documentation
--exclude-newercompares artifact upload times (#18830)v0.11.3Compare Source
Released on 2026-04-01.
Enhancements
uv workspace metadatawith dependency information from the lock (#18356)/installers/uv/lateston the mirror (#18725)Preview features
--ignoreand--ignore-until-fixedtouv audit(#18737)Bug fixes
blake2bhashes (#18794)powerpc64-unknown-linux-gnufrom release build targets (#18800)uv pip check(#18742)Documentation
falseopt-out forexclude-newer-package(#18768, #18803)v0.11.2Compare Source
Released on 2026-06-11.
Python
Preview features
environment.roottouv workspace metadata --sync(#19760)uv upgradeto update a single dependency constraint (#19738)uv workspace metadatapayload inty check(#19763)uv init(#17841)Performance
uv python list(#18684)Bug fixes
uv python listwith path requests (#19774)v0.11.1Compare Source
Released on 2026-06-03.
Python
Enhancements
Preview features
--isolatedinuv check(#19666)Bug fixes
v0.11.0Compare Source
Released on 2026-03-23.
Breaking changes
This release includes changes to the networking stack used by uv. While we think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so we have marked the change as breaking out of an abundance of caution.
The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13 which included some breaking changes to TLS certificate verification.
The following changes are included:
rustls-platform-verifieris used instead ofrustls-native-certsandwebpkifor certificate verificationThis change should have no effect unless you are using the
native-tlsoption to enable reading system certificates.rustls-platform-verifierdelegates to the system for certificate validation (e.g.,Security.frameworkon macOS) instead of eagerly loading certificates from the system and verifying them viawebpki. The effects of this change will vary based on the operating system. In general, uv's certificate validation should now be more consistent with browsers and other native applications. However, this is the most likely cause of breaking changes in this release. Some previously failing certificate chains may succeed, and some previously accepted certificate chains may fail. In either case, we expect the validation to be more correct and welcome reports of regressions.In particular, because more responsibility for validating the certificate is transferred to your system's security library, some features like CA constraints or revocation of certificates via OCSP and CRLs may now be used.
This change should improve performance when using system certificate on macOS, as uv no longer needs to load all certificates from the keychain at startup.
aws-lcis used instead ofringfor a cryptography backendThere should not be breaking changes from this change. We expect this to expand support for certificate signature algorithms.
--native-tlsis deprecated in favor of a new--system-certsflagThe
--native-tlsflag is still usable and has identical behavior to--system-certs.This change was made to reduce confusion about the TLS implementation uv uses. uv always uses
rustlsnotnative-tls.Building uv on x86-64 and i686 Windows requires NASM
NASM is required by
aws-lc. If not found on the system, a prebuilt blob provided byaws-lc-syswill be used.If you are not building uv from source, this change has no effect.
See the CONTRIBUTING guide for details.
Empty
SSL_CERT_FILEvalues are ignored (for consistency withSSL_CERT_DIR)See #18550 for details.
Python
See the python-build-standalone release notes for details.
Enhancements
Preview features
--service-formatand--service-urltouv audit(#18571)Performance
Bug fixes
uv tool list --outdated(#18586)uv exportfor workspace member packages with conflicts (#18635)Documentation
FLASH_ATTENTION_SKIP_CUDA_BUILDguidance forflash-attninstalls (#18473)numpy/numpy (numpy)
v2.5.0: (June 21, 2026)Compare Source
NumPy 2.5.0 Release Notes
Numpy 2.5.0 is a transitional release. It drops support for Python 3.11,
marking the end of distutils, and expires a large number of deprecations made
in the 2.0.x release. It also improves free threading and brings sorting into
compliance with the array-api standard with the addition of descending sorts.
There is also a fair amount of preparation for Python 3.15, which will be
supported starting with the first rc.
This release supports Python versions 3.12-3.14.
Highlights
See New Features below for other additions.
Deprecations
numpy.char.chararrayis deprecated. Use anndarraywith a string or bytes dtype instead.(gh-30605)
numpy.takenow correctly checks if the result can be cast to the providedout=outunder the same-kind rule. ADeprecationWarningis given nowwhen this check fails. Previously,
takeincorrectly checked ifoutcould be cast to the result (the wrong direction). This deprecation also
affects
compressand possibly other functions. (Future versions of NumPymay tighten the casting check further.)
(gh-30615)
The
numpy.char.[as]arrayfunctions are deprecated. Use annumpy.[as]arraywith a string or bytes dtype instead.(gh-30802)
Setting the dtype attribute is deprecated because mutating an array is unsafe
if an array is shared, especially by multiple threads. As an alternative,
you can create a view with a new dtype via
array.view(dtype=new_dtype).(gh-29244)
Setting the
shapeattribute is deprecated because mutating an array isunsafe if an array is shared, especially by multiple threads. As an
alternative, you can create a new view via
np.reshapeornp.ndarray.reshape. For example:x = np.arange(15); x = np.reshape(x, (3, 5)).To ensure no copy is made from the data, one can use
np.reshape(..., copy=False).While setting the shape on an array is discouraged, for cases where it is
difficult to work around, e.g., in
__array_finalize__, it is possiblewith the private method
np.ndarray._set_shape.(gh-29536)
Using the
genericunit innumpy.timedelta64is deprecated since thiscan lead to unexpected behavior such as non-transitive comparison, see
gh-28287 for details. As
an alternative, specify an explicit unit such as
's'(seconds) or'D'(days) when constructing
numpy.timedelta64. Due to this change, operationsthat implicitly rely on the
genericunit are also deprecated. Forexample:
Configuration
📅 Schedule: (in timezone Europe/Stockholm)
* 13-17 * * 5)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.