mirror of
https://github.com/astral-sh/uv.git
synced 2025-08-31 07:47:27 +00:00
ca9aaf1c48
- Adds a collapsible section for the project concept - Splits the project concept document into several child documents. - Moves the workspace and dependencies documents to under the project section - Adds a mkdocs plugin for redirects, so links to the moved documents still work I attempted to make the minimum required changes to the contents of the documents here. There is a lot of room for improvement on the content of each new child document. For review purposes, I want to do that work separately. I'd prefer if the review focused on this structure and idea rather than the content of the files. I expect to do this to other documentation pages that would otherwise be very nested. The project concept landing page and nav (collapsed by default) looks like this now: <img width="1507" alt="Screenshot 2024-11-14 at 11 28 45 AM" src="https://github.com/user-attachments/assets/88288b09-8463-49d4-84ba-ee27144b62a5">
69 lines
2.4 KiB
Markdown
69 lines
2.4 KiB
Markdown
# Dependency bots
|
|
|
|
It is considered best practice to regularly update dependencies, to avoid being exposed to
|
|
vulnerabilities, limit incompatibilities between dependencies, and avoid complex upgrades when
|
|
upgrading from a too old version. A variety of tools can help staying up-to-date by creating
|
|
automated pull requests. Several of them support uv, or have work underway to support it.
|
|
|
|
## Renovate
|
|
|
|
uv is supported by [Renovate](https://github.com/renovatebot/renovate).
|
|
|
|
!!! note
|
|
|
|
Updating `uv pip compile` outputs such as `requirements.txt` is not yet supported. Progress can
|
|
be tracked
|
|
at [renovatebot/renovate#30909](https://github.com/renovatebot/renovate/issues/30909).
|
|
|
|
### `uv.lock` output
|
|
|
|
Renovate uses the presence of a `uv.lock` file to determine that uv is used for managing
|
|
dependencies, and will suggest upgrades to
|
|
[project dependencies](../../concepts/projects/dependencies.md#project-dependencies),
|
|
[optional dependencies](../../concepts/projects/dependencies.md#optional-dependencies) and
|
|
[development dependencies](../../concepts/projects/dependencies.md#development-dependencies).
|
|
Renovate will update both the `pyproject.toml` and `uv.lock` files.
|
|
|
|
The lockfile can also be refreshed on a regular basis (for instance to update transitive
|
|
dependencies) by enabling the
|
|
[`lockFileMaintenance`](https://docs.renovatebot.com/configuration-options/#lockfilemaintenance)
|
|
option:
|
|
|
|
```jsx title="renovate.json5"
|
|
{
|
|
$schema: "https://docs.renovatebot.com/renovate-schema.json",
|
|
lockFileMaintenance: {
|
|
enabled: true,
|
|
},
|
|
}
|
|
```
|
|
|
|
### Inline script metadata
|
|
|
|
Renovate supports updating dependencies defined using
|
|
[script inline metadata](../scripts.md/#declaring-script-dependencies).
|
|
|
|
Since it cannot automatically detect which Python files use script inline metadata, their locations
|
|
need to be explicitly defined using
|
|
[`fileMatch`](https://docs.renovatebot.com/configuration-options/#filematch), like so:
|
|
|
|
```jsx title="renovate.json5"
|
|
{
|
|
$schema: "https://docs.renovatebot.com/renovate-schema.json",
|
|
pep723: {
|
|
fileMatch: [
|
|
"scripts/generate_docs\\.py",
|
|
"scripts/run_server\\.py",
|
|
],
|
|
},
|
|
}
|
|
```
|
|
|
|
## Dependabot
|
|
|
|
Support for uv is not yet available. Progress can be tracked at:
|
|
|
|
- [dependabot/dependabot-core#10478](https://github.com/dependabot/dependabot-core/issues/10478) for
|
|
`uv.lock` output
|
|
- [dependabot/dependabot-core#10039](https://github.com/dependabot/dependabot-core/issues/10039) for
|
|
`uv pip compile` outputs
|