mirror of
https://github.com/astral-sh/uv.git
synced 2025-07-19 11:15:01 +00:00
90a21ae46a
Some checks are pending
CI / cargo dev generate-all (push) Blocked by required conditions
CI / cargo shear (push) Waiting to run
CI / Determine changes (push) Waiting to run
CI / test windows trampoline | i686 (push) Blocked by required conditions
CI / lint (push) Waiting to run
CI / cargo clippy | ubuntu (push) Blocked by required conditions
CI / cargo clippy | windows (push) Blocked by required conditions
CI / cargo test | ubuntu (push) Blocked by required conditions
CI / cargo test | macos (push) Blocked by required conditions
CI / cargo test | windows (push) Blocked by required conditions
CI / check windows trampoline | aarch64 (push) Blocked by required conditions
CI / check windows trampoline | i686 (push) Blocked by required conditions
CI / check windows trampoline | x86_64 (push) Blocked by required conditions
CI / test windows trampoline | x86_64 (push) Blocked by required conditions
CI / typos (push) Waiting to run
CI / mkdocs (push) Waiting to run
CI / build binary | windows aarch64 (push) Blocked by required conditions
CI / build binary | linux libc (push) Blocked by required conditions
CI / build binary | linux musl (push) Blocked by required conditions
CI / build binary | macos aarch64 (push) Blocked by required conditions
CI / build binary | macos x86_64 (push) Blocked by required conditions
CI / build binary | windows x86_64 (push) Blocked by required conditions
CI / cargo build (msrv) (push) Blocked by required conditions
CI / build binary | freebsd (push) Blocked by required conditions
CI / ecosystem test | pydantic/pydantic-core (push) Blocked by required conditions
CI / ecosystem test | prefecthq/prefect (push) Blocked by required conditions
CI / ecosystem test | pallets/flask (push) Blocked by required conditions
CI / smoke test | linux (push) Blocked by required conditions
CI / check system | alpine (push) Blocked by required conditions
CI / smoke test | macos (push) Blocked by required conditions
CI / smoke test | windows x86_64 (push) Blocked by required conditions
CI / smoke test | windows aarch64 (push) Blocked by required conditions
CI / integration test | conda on ubuntu (push) Blocked by required conditions
CI / integration test | deadsnakes python3.9 on ubuntu (push) Blocked by required conditions
CI / integration test | free-threaded on linux (push) Blocked by required conditions
CI / integration test | free-threaded on windows (push) Blocked by required conditions
CI / integration test | pypy on ubuntu (push) Blocked by required conditions
CI / integration test | pypy on windows (push) Blocked by required conditions
CI / integration test | graalpy on ubuntu (push) Blocked by required conditions
CI / integration test | graalpy on windows (push) Blocked by required conditions
CI / integration test | github actions (push) Blocked by required conditions
CI / check cache | macos aarch64 (push) Blocked by required conditions
CI / integration test | free-threaded python on github actions (push) Blocked by required conditions
CI / integration test | determine publish changes (push) Blocked by required conditions
CI / integration test | uv publish (push) Blocked by required conditions
CI / integration test | uv_build (push) Blocked by required conditions
CI / check cache | ubuntu (push) Blocked by required conditions
CI / check system | windows registry (push) Blocked by required conditions
CI / check system | python on debian (push) Blocked by required conditions
CI / check system | python on fedora (push) Blocked by required conditions
CI / check system | python on ubuntu (push) Blocked by required conditions
CI / check system | python on opensuse (push) Blocked by required conditions
CI / check system | python on rocky linux 8 (push) Blocked by required conditions
CI / check system | python on rocky linux 9 (push) Blocked by required conditions
CI / check system | graalpy on ubuntu (push) Blocked by required conditions
CI / check system | pypy on ubuntu (push) Blocked by required conditions
CI / check system | pyston (push) Blocked by required conditions
CI / check system | python on macos aarch64 (push) Blocked by required conditions
CI / check system | homebrew python on macos aarch64 (push) Blocked by required conditions
CI / check system | python on macos x86-64 (push) Blocked by required conditions
CI / check system | python3.10 on windows x86-64 (push) Blocked by required conditions
CI / check system | python3.10 on windows x86 (push) Blocked by required conditions
CI / check system | python3.13 on windows x86-64 (push) Blocked by required conditions
CI / check system | x86-64 python3.13 on windows aarch64 (push) Blocked by required conditions
CI / check system | python3.12 via chocolatey (push) Blocked by required conditions
CI / check system | python3.9 via pyenv (push) Blocked by required conditions
CI / check system | python3.13 (push) Blocked by required conditions
CI / check system | conda3.11 on macos aarch64 (push) Blocked by required conditions
CI / check system | conda3.8 on macos aarch64 (push) Blocked by required conditions
CI / check system | conda3.11 on linux x86-64 (push) Blocked by required conditions
CI / check system | conda3.8 on linux x86-64 (push) Blocked by required conditions
CI / check system | conda3.11 on windows x86-64 (push) Blocked by required conditions
CI / check system | conda3.8 on windows x86-64 (push) Blocked by required conditions
CI / check system | amazonlinux (push) Blocked by required conditions
CI / check system | embedded python3.10 on windows x86-64 (push) Blocked by required conditions
CI / benchmarks (push) Blocked by required conditions
Follows https://github.com/astral-sh/uv/pull/13690 Tested in https://github.com/astral-sh/packse/blob/main/.github/dependabot.yml
77 lines
2.5 KiB
Markdown
77 lines
2.5 KiB
Markdown
---
|
|
title: Using uv with dependency bots
|
|
description: A guide to using uv with dependency bots like Renovate and Dependabot.
|
|
---
|
|
|
|
# Dependency bots
|
|
|
|
It is considered best practice to regularly update dependencies, to avoid being exposed to
|
|
vulnerabilities, limit incompatibilities between dependencies, and avoid complex upgrades when
|
|
upgrading from a too old version. A variety of tools can help staying up-to-date by creating
|
|
automated pull requests. Several of them support uv, or have work underway to support it.
|
|
|
|
## Renovate
|
|
|
|
uv is supported by [Renovate](https://github.com/renovatebot/renovate).
|
|
|
|
### `uv.lock` output
|
|
|
|
Renovate uses the presence of a `uv.lock` file to determine that uv is used for managing
|
|
dependencies, and will suggest upgrades to
|
|
[project dependencies](../../concepts/projects/dependencies.md#project-dependencies),
|
|
[optional dependencies](../../concepts/projects/dependencies.md#optional-dependencies) and
|
|
[development dependencies](../../concepts/projects/dependencies.md#development-dependencies).
|
|
Renovate will update both the `pyproject.toml` and `uv.lock` files.
|
|
|
|
The lockfile can also be refreshed on a regular basis (for instance to update transitive
|
|
dependencies) by enabling the
|
|
[`lockFileMaintenance`](https://docs.renovatebot.com/configuration-options/#lockfilemaintenance)
|
|
option:
|
|
|
|
```jsx title="renovate.json5"
|
|
{
|
|
$schema: "https://docs.renovatebot.com/renovate-schema.json",
|
|
lockFileMaintenance: {
|
|
enabled: true,
|
|
},
|
|
}
|
|
```
|
|
|
|
### Inline script metadata
|
|
|
|
Renovate supports updating dependencies defined using
|
|
[script inline metadata](../scripts.md/#declaring-script-dependencies).
|
|
|
|
Since it cannot automatically detect which Python files use script inline metadata, their locations
|
|
need to be explicitly defined using
|
|
[`fileMatch`](https://docs.renovatebot.com/configuration-options/#filematch), like so:
|
|
|
|
```jsx title="renovate.json5"
|
|
{
|
|
$schema: "https://docs.renovatebot.com/renovate-schema.json",
|
|
pep723: {
|
|
fileMatch: [
|
|
"scripts/generate_docs\\.py",
|
|
"scripts/run_server\\.py",
|
|
],
|
|
},
|
|
}
|
|
```
|
|
|
|
## Dependabot
|
|
|
|
Dependabot has announced support for uv, but there are some use cases that are not yet working. See
|
|
[astral-sh/uv#2512](https://github.com/astral-sh/uv/issues/2512) for updates.
|
|
|
|
Dependabot supports updating `uv.lock` files. To enable it, add the uv `package-ecosystem` to your
|
|
`updates` list in the `dependabot.yml`:
|
|
|
|
```yaml title="dependabot.yml"
|
|
version: 2
|
|
|
|
updates:
|
|
- package-ecosystem: "uv"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
```
|