mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-10-15 21:09:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
uv/docs/guides/integration/dependency-bots.md
Mathieu Kniewallner c2f13f9468
docs(dependency-bots): mention PEP 723 + some improvements (#7819) 
## Summary

Renovate recently gained support for updating dependencies defined using
PEP 723 (https://github.com/renovatebot/renovate/pull/31266). Since uv
supports this format, I thought it could be nice to mention support for
it in the integrations documentation as well. I took the occasion to
make the page a bit more structured as well.

## Test Plan

Ran Renovate on https://github.com/mkniewallner/renovate-pep723, which
created https://github.com/mkniewallner/renovate-pep723/pull/2 that
updates a dependency defined using PEP 723. But I'll re-run some tests
again once the changes are released on Renovate cloud GitHub app just in
case.
2024-10-09 11:26:07 -05:00

2.4 KiB
Raw Blame History

Dependency bots

It is considered best practice to regularly update dependencies, to avoid being exposed to vulnerabilities, limit incompatibilities between dependencies, and avoid complex upgrades when upgrading from a too old version. A variety of tools can help staying up-to-date by creating automated pull requests. Several of them support uv, or have work underway to support it.

Renovate

uv is supported by Renovate.

!!! note

Updating `uv pip compile` outputs such as `requirements.txt` is not yet supported. Progress can
be tracked
at [renovatebot/renovate#30909](https://github.com/renovatebot/renovate/issues/30909).

uv.lock output

Renovate uses the presence of a uv.lock file to determine that uv is used for managing dependencies, and will suggest upgrades to project dependencies, optional dependencies and development dependencies. Renovate will update both the pyproject.toml and uv.lock files.

The lockfile can also be refreshed on a regular basis (for instance to update transitive dependencies) by enabling the lockFileMaintenance option:

{
  $schema: "https://docs.renovatebot.com/renovate-schema.json",
  lockFileMaintenance: {
    enabled: true,
  },
}

Inline script metadata

Renovate supports updating dependencies defined using script inline metadata.

Since it cannot automatically detect which Python files use script inline metadata, their locations need to be explicitly defined using fileMatch, like so:

{
  $schema: "https://docs.renovatebot.com/renovate-schema.json",
  pep723: {
    fileMatch: [
      "scripts/generate_docs\\.py",
      "scripts/run_server\\.py",
    ],
  },
}

Dependabot

Support for uv is not yet available. Progress can be tracked at: