|
|
|
|
|
|
by Terretta
4 days ago
|
|
|
Two new security features for uv: - uv audit is a new command that scans your dependencies for known vulnerabilities and "adverse" project statuses (such as being deprecated) - uv add, uv sync, etc. can now perform a lightweight OSV-based lookup for previously-resolved malware on every sync operation, try it by setting UV_MALWARE_CHECK=1 Both are in preview, considered unstable, and there may be breaking changes… • • • Meanwhile, don't forget uv's exclude-newer cooldown: https://docs.astral.sh/uv/reference/settings/#exclude-newer # pyproject.toml
[tool.uv]
exclude-newer = "P3D" # "3 days" in RFC 3339 format
Or use it with uv pip compile to generate pinned requirements with cooldown: $ uv pip compile --exclude-newer "3 days" requirements.in -o requirements.txt
|
|
|