mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-08-30 15:27:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
uv/docs/guides/integration/dependency-bots.md
Zanie Blue ca9aaf1c48
Reorganize the project concept documentation (#9121) 
- Adds a collapsible section for the project concept
- Splits the project concept document into several child documents.
- Moves the workspace and dependencies documents to under the project
section
- Adds a mkdocs plugin for redirects, so links to the moved documents
still work

I attempted to make the minimum required changes to the contents of the
documents here. There is a lot of room for improvement on the content of
each new child document. For review purposes, I want to do that work
separately. I'd prefer if the review focused on this structure and idea
rather than the content of the files.

I expect to do this to other documentation pages that would otherwise be
very nested.

The project concept landing page and nav (collapsed by default) looks
like this now:

<img width="1507" alt="Screenshot 2024-11-14 at 11 28 45 AM"
src="https://github.com/user-attachments/assets/88288b09-8463-49d4-84ba-ee27144b62a5">
2024-11-19 13:52:12 -06:00

2.4 KiB
Raw Blame History

Dependency bots

It is considered best practice to regularly update dependencies, to avoid being exposed to vulnerabilities, limit incompatibilities between dependencies, and avoid complex upgrades when upgrading from a too old version. A variety of tools can help staying up-to-date by creating automated pull requests. Several of them support uv, or have work underway to support it.

Renovate

uv is supported by Renovate.

!!! note

Updating `uv pip compile` outputs such as `requirements.txt` is not yet supported. Progress can
be tracked
at [renovatebot/renovate#30909](https://github.com/renovatebot/renovate/issues/30909).

uv.lock output

Renovate uses the presence of a uv.lock file to determine that uv is used for managing dependencies, and will suggest upgrades to project dependencies, optional dependencies and development dependencies. Renovate will update both the pyproject.toml and uv.lock files.

The lockfile can also be refreshed on a regular basis (for instance to update transitive dependencies) by enabling the lockFileMaintenance option:

{
  $schema: "https://docs.renovatebot.com/renovate-schema.json",
  lockFileMaintenance: {
    enabled: true,
  },
}

Inline script metadata

Renovate supports updating dependencies defined using script inline metadata.

Since it cannot automatically detect which Python files use script inline metadata, their locations need to be explicitly defined using fileMatch, like so:

{
  $schema: "https://docs.renovatebot.com/renovate-schema.json",
  pep723: {
    fileMatch: [
      "scripts/generate_docs\\.py",
      "scripts/run_server\\.py",
    ],
  },
}

Dependabot

Support for uv is not yet available. Progress can be tracked at: