Bump version to 0.8.7 (#15173)

2025-10-17 22:07:47 +00:00 · 2025-08-08 14:42:23 -05:00 · 2025-08-08 14:42:23 -05:00 · 8a22572338
commit 8a22572338
parent d1beb7f640
16 changed files with 70 additions and 33 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,43 @@

 <!-- prettier-ignore-start -->

+
+## 0.8.7
+
+### Python
+
+- On Mac/Linux, libtcl, libtk, and _tkinter are built as separate shared objects, which fixes matplotlib's `tkagg` backend (the default on Linux), Pillow's `PIL.ImageTk` library, and other extension modules that need to use libtcl/libtk directly.
+- Tix is no longer provided on Linux. This is a deprecated Tk extension that appears to have been previously broken.
+
+See the [`python-build-standalone` release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250808) for details.
+
+### Enhancements
+
+- Do not update `uv.lock` when using `--isolated` ([#15154](https://github.com/astral-sh/uv/pull/15154))
+- Add support for `--prefix` and `--with` installations in `find_uv_bin` ([#14184](https://github.com/astral-sh/uv/pull/14184))
+- Add support for discovering base prefix installations in `find_uv_bin` ([#14181](https://github.com/astral-sh/uv/pull/14181))
+- Improve error messages in `find_uv_bin` ([#14182](https://github.com/astral-sh/uv/pull/14182))
+- Warn when two packages write to the same module ([#13437](https://github.com/astral-sh/uv/pull/13437))
+
+### Preview features
+
+- Add support for `package`-level conflicts in workspaces ([#14906](https://github.com/astral-sh/uv/pull/14906))
+
+### Configuration
+
+- Add `UV_DEV` and `UV_NO_DEV` environment variables (for `--dev` and `--no-dev`) ([#15010](https://github.com/astral-sh/uv/pull/15010))
+
+### Bug fixes
+
+- Fix regression where `--require-hashes` applied to build dependencies in `uv pip install` ([#15153](https://github.com/astral-sh/uv/pull/15153))
+- Ignore GraalPy devtags ([#15013](https://github.com/astral-sh/uv/pull/15013))
+- Include all site packages directories in ephemeral environment overlays ([#15121](https://github.com/astral-sh/uv/pull/15121))
+- Search in the user scheme scripts directory last in `find_uv_bin` ([#14191](https://github.com/astral-sh/uv/pull/14191))
+
+### Documentation
+
+- Add missing periods (`.`) to list elements in `Features` docs page ([#15138](https://github.com/astral-sh/uv/pull/15138))
+
 ## 0.8.6

 This release contains hardening measures to address differentials in behavior between uv and Python's built-in ZIP parser ([CVE-2025-54368](https://github.com/astral-sh/uv/security/advisories/GHSA-8qf3-x8v5-2pj8)).
@ -10,7 +47,7 @@ Prior to this release, attackers could construct ZIP files that would be extract

 Thanks to a triage effort with the [Python Security Response Team](https://devguide.python.org/developer-workflow/psrt/) and PyPI maintainers, we were able to determine that these differentials **were not exploited** via PyPI during the time they were present. The PyPI team has also implemented similar checks and now guards against these parsing differentials on upload.

-Although the practical risk of exploitation is low, we take the _hypothetical_ risk of parser differentials very seriously. Out of an abundance of caution, we have assigned this advisory a CVE identifier and have given it a "moderate" severity suggestion.
+Although the practical risk of exploitation is low, we take the *hypothetical* risk of parser differentials very seriously. Out of an abundance of caution, we have assigned this advisory a CVE identifier and have given it a "moderate" severity suggestion.

 These changes have been validated against the top 15,000 PyPI packages; however, it's plausible that a non-malicious ZIP could be falsely rejected with this additional hardening. As an escape hatch, users who do encounter breaking changes can enable `UV_INSECURE_NO_ZIP_VALIDATION` to restore the previous behavior. If you encounter such a rejection, please file an issue in uv and to the upstream package.

--- a/Cargo.lock
+++ b/Cargo.lock
@ -4655,7 +4655,7 @@ dependencies = [

 [[package]]
 name = "uv"
-version = "0.8.6"
+version = "0.8.7"
 dependencies = [
 "anstream",
 "anyhow",
@ -4824,7 +4824,7 @@ dependencies = [

 [[package]]
 name = "uv-build"
-version = "0.8.6"
+version = "0.8.7"
 dependencies = [
 "anyhow",
 "uv-build-backend",
@ -6046,7 +6046,7 @@ dependencies = [

 [[package]]
 name = "uv-version"
-version = "0.8.6"
+version = "0.8.7"

 [[package]]
 name = "uv-virtualenv"
--- a/crates/uv-build/Cargo.toml
+++ b/crates/uv-build/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "uv-build"
-version = "0.8.6"
+version = "0.8.7"
 edition = { workspace = true }
 rust-version = { workspace = true }
 homepage = { workspace = true }
--- a/crates/uv-build/pyproject.toml
+++ b/crates/uv-build/pyproject.toml
@ -1,6 +1,6 @@
 [project]
 name = "uv-build"
-version = "0.8.6"
+version = "0.8.7"
 description = "The uv build backend"
 authors = [{ name = "Astral Software Inc.", email = "hey@astral.sh" }]
 requires-python = ">=3.8"
--- a/crates/uv-version/Cargo.toml
+++ b/crates/uv-version/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "uv-version"
-version = "0.8.6"
+version = "0.8.7"
 edition = { workspace = true }
 rust-version = { workspace = true }
 homepage = { workspace = true }
--- a/crates/uv/Cargo.toml
+++ b/crates/uv/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "uv"
-version = "0.8.6"
+version = "0.8.7"
 edition = { workspace = true }
 rust-version = { workspace = true }
 homepage = { workspace = true }
--- a/docs/concepts/build-backend.md
+++ b/docs/concepts/build-backend.md
@ -31,7 +31,7 @@ To use uv as a build backend in an existing project, add `uv_build` to the

 ```toml title="pyproject.toml"
 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

--- a/docs/concepts/projects/init.md
+++ b/docs/concepts/projects/init.md
@ -111,7 +111,7 @@ dependencies = []
 example-pkg = "example_pkg:main"

 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

@ -134,7 +134,7 @@ dependencies = []
 example-pkg = "example_pkg:main"

 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

@ -195,7 +195,7 @@ requires-python = ">=3.11"
 dependencies = []

 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

--- a/docs/concepts/projects/workspaces.md
+++ b/docs/concepts/projects/workspaces.md
@ -75,7 +75,7 @@ bird-feeder = { workspace = true }
 members = ["packages/*"]

 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

@ -106,7 +106,7 @@ tqdm = { git = "https://github.com/tqdm/tqdm" }
 members = ["packages/*"]

 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

@ -188,7 +188,7 @@ dependencies = ["bird-feeder", "tqdm>=4,<5"]
 bird-feeder = { path = "packages/bird-feeder" }

 [build-system]
-requires = ["uv_build>=0.8.6,<0.9.0"]
+requires = ["uv_build>=0.8.7,<0.9.0"]
 build-backend = "uv_build"
 ```

--- a/docs/getting-started/installation.md
+++ b/docs/getting-started/installation.md
@ -25,7 +25,7 @@ uv provides a standalone installer to download and install uv:
    Request a specific version by including it in the URL:

    ```console
-    $ curl -LsSf https://astral.sh/uv/0.8.6/install.sh | sh
+    $ curl -LsSf https://astral.sh/uv/0.8.7/install.sh | sh
    ```

 === "Windows"
@ -41,7 +41,7 @@ uv provides a standalone installer to download and install uv:
    Request a specific version by including it in the URL:

    ```pwsh-session
-    PS> powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/0.8.6/install.ps1 | iex"
+    PS> powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/0.8.7/install.ps1 | iex"
    ```

 !!! tip
--- a/docs/guides/integration/aws-lambda.md
+++ b/docs/guides/integration/aws-lambda.md
@ -92,7 +92,7 @@ the second stage, we'll copy this directory over to the final image, omitting th
 other unnecessary files.

 ```dockerfile title="Dockerfile"
-FROM ghcr.io/astral-sh/uv:0.8.6 AS uv
+FROM ghcr.io/astral-sh/uv:0.8.7 AS uv

 # First, bundle the dependencies into the task root.
 FROM public.ecr.aws/lambda/python:3.13 AS builder
@ -334,7 +334,7 @@ And confirm that opening http://127.0.0.1:8000/ in a web browser displays, "Hell
 Finally, we'll update the Dockerfile to include the local library in the deployment package:

 ```dockerfile title="Dockerfile"
-FROM ghcr.io/astral-sh/uv:0.8.6 AS uv
+FROM ghcr.io/astral-sh/uv:0.8.7 AS uv

 # First, bundle the dependencies into the task root.
 FROM public.ecr.aws/lambda/python:3.13 AS builder
--- a/docs/guides/integration/docker.md
+++ b/docs/guides/integration/docker.md
@ -31,7 +31,7 @@ $ docker run --rm -it ghcr.io/astral-sh/uv:debian uv --help
 The following distroless images are available:

 - `ghcr.io/astral-sh/uv:latest`
- `ghcr.io/astral-sh/uv:{major}.{minor}.{patch}`, e.g., `ghcr.io/astral-sh/uv:0.8.6`
+- `ghcr.io/astral-sh/uv:{major}.{minor}.{patch}`, e.g., `ghcr.io/astral-sh/uv:0.8.7`
 - `ghcr.io/astral-sh/uv:{major}.{minor}`, e.g., `ghcr.io/astral-sh/uv:0.8` (the latest patch
  version)

@ -75,7 +75,7 @@ And the following derived images are available:

 As with the distroless image, each derived image is published with uv version tags as
 `ghcr.io/astral-sh/uv:{major}.{minor}.{patch}-{base}` and
-`ghcr.io/astral-sh/uv:{major}.{minor}-{base}`, e.g., `ghcr.io/astral-sh/uv:0.8.6-alpine`.
+`ghcr.io/astral-sh/uv:{major}.{minor}-{base}`, e.g., `ghcr.io/astral-sh/uv:0.8.7-alpine`.

 In addition, starting with `0.8` each derived image also sets `UV_TOOL_BIN_DIR` to `/usr/local/bin`
 to allow `uv tool install` to work as expected with the default user.
@ -116,7 +116,7 @@ Note this requires `curl` to be available.
 In either case, it is best practice to pin to a specific uv version, e.g., with:

 ```dockerfile
-COPY --from=ghcr.io/astral-sh/uv:0.8.6 /uv /uvx /bin/
+COPY --from=ghcr.io/astral-sh/uv:0.8.7 /uv /uvx /bin/
 ```

 !!! tip
@ -134,7 +134,7 @@ COPY --from=ghcr.io/astral-sh/uv:0.8.6 /uv /uvx /bin/
 Or, with the installer:

 ```dockerfile
-ADD https://astral.sh/uv/0.8.6/install.sh /uv-installer.sh
+ADD https://astral.sh/uv/0.8.7/install.sh /uv-installer.sh
 ```

 ### Installing a project
@ -560,5 +560,5 @@ Verified OK
 !!! tip

    These examples use `latest`, but best practice is to verify the attestation for a specific
-    version tag, e.g., `ghcr.io/astral-sh/uv:0.8.6`, or (even better) the specific image digest,
+    version tag, e.g., `ghcr.io/astral-sh/uv:0.8.7`, or (even better) the specific image digest,
    such as `ghcr.io/astral-sh/uv:0.5.27@sha256:5adf09a5a526f380237408032a9308000d14d5947eafa687ad6c6a2476787b4f`.
--- a/docs/guides/integration/github.md
+++ b/docs/guides/integration/github.md
@ -47,7 +47,7 @@ jobs:
        uses: astral-sh/setup-uv@v6
        with:
          # Install a specific version of uv.
-          version: "0.8.6"
+          version: "0.8.7"
 ```

 ## Setting up Python
--- a/docs/guides/integration/pre-commit.md
+++ b/docs/guides/integration/pre-commit.md
@ -19,7 +19,7 @@ To make sure your `uv.lock` file is up to date even if your `pyproject.toml` fil
 repos:
  - repo: https://github.com/astral-sh/uv-pre-commit
    # uv version.
-    rev: 0.8.6
+    rev: 0.8.7
    hooks:
      - id: uv-lock
 ```
@ -30,7 +30,7 @@ To keep a `requirements.txt` file in sync with your `uv.lock` file:
 repos:
  - repo: https://github.com/astral-sh/uv-pre-commit
    # uv version.
-    rev: 0.8.6
+    rev: 0.8.7
    hooks:
      - id: uv-export
 ```
@ -41,7 +41,7 @@ To compile requirements files:
 repos:
  - repo: https://github.com/astral-sh/uv-pre-commit
    # uv version.
-    rev: 0.8.6
+    rev: 0.8.7
    hooks:
      # Compile requirements
      - id: pip-compile
@ -54,7 +54,7 @@ To compile alternative requirements files, modify `args` and `files`:
 repos:
  - repo: https://github.com/astral-sh/uv-pre-commit
    # uv version.
-    rev: 0.8.6
+    rev: 0.8.7
    hooks:
      # Compile requirements
      - id: pip-compile
@ -68,7 +68,7 @@ To run the hook over multiple files at the same time, add additional entries:
 repos:
  - repo: https://github.com/astral-sh/uv-pre-commit
    # uv version.
-    rev: 0.8.6
+    rev: 0.8.7
    hooks:
      # Compile requirements
      - id: pip-compile
--- a/pyproject.toml
+++ b/pyproject.toml
@ -4,7 +4,7 @@ build-backend = "maturin"

 [project]
 name = "uv"
-version = "0.8.6"
+version = "0.8.7"
 description = "An extremely fast Python package and project manager, written in Rust."
 authors = [{ name = "Astral Software Inc.", email = "hey@astral.sh" }]
 requires-python = ">=3.8"
--- a/python/uv/_find_uv.py
+++ b/python/uv/_find_uv.py
@ -46,9 +46,9 @@ def find_uv_bin() -> str:
        if os.path.isfile(path):
            return path

+    locations = "\n".join(f" - {target}" for target in seen)
    raise UvNotFound(
-        f"Could not find the uv binary in any of the following locations:\n"
-        f"{'\n'.join(f' - {target}' for target in seen)}\n"
+        f"Could not find the uv binary in any of the following locations:\n{locations}\n"
    )