From 6b56fccac4888885e5e9d8a232348b99c0857dc1 Mon Sep 17 00:00:00 2001 From: Tsvika Shapira Date: Fri, 15 May 2026 15:16:45 +0300 Subject: [PATCH 1/2] feat: audit with uv --- project_name/justfile.jinja | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/project_name/justfile.jinja b/project_name/justfile.jinja index 7f0ec97..2476e9d 100644 --- a/project_name/justfile.jinja +++ b/project_name/justfile.jinja @@ -46,10 +46,7 @@ deps-update: && deps-list-outdated # Audit dependencies deps-audit: - uv run --exact --all-extras --all-groups --with pip-audit -- \ - pip-audit \ - --skip-editable - uv run --exact true + uv audit --locked ### code quality ### From c070e44d7221c1fa72aadadfc37e1e0f61a775a4 Mon Sep 17 00:00:00 2001 From: Tsvika Shapira Date: Fri, 15 May 2026 17:06:16 +0300 Subject: [PATCH 2/2] chore: bump minimum uv version to 0.10.12 for `uv audit` `uv audit` first ships usefully in 0.10.12: PR #18512 made it exit non-zero on findings, and PR #18540 unhid it from CLI help. Earlier versions can't fail the `deps-audit` recipe on vulnerabilities. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/uv-tests.yml | 2 +- README.md | 2 +- project_name/pyproject.toml.jinja | 2 +- pyproject.toml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/uv-tests.yml b/.github/workflows/uv-tests.yml index 008ca28..8bcdcfd 100644 --- a/.github/workflows/uv-tests.yml +++ b/.github/workflows/uv-tests.yml @@ -35,7 +35,7 @@ jobs: strategy: fail-fast: false matrix: - uv-version: ["0.9.17", "latest"] + uv-version: ["0.10.12", "latest"] steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: diff --git a/README.md b/README.md index c2e621d..64c4ddb 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A modern Python project template using recommended development tools and best pr ## TL;DR -Assuming that you have `uv` installed (version `>=0.9.17`) +Assuming that you have `uv` installed (version `>=0.10.12`) 1. `uvx copier copy gh:tsvikas/python-template path/to/project/directory/` diff --git a/project_name/pyproject.toml.jinja b/project_name/pyproject.toml.jinja index 26c7929..91e9311 100644 --- a/project_name/pyproject.toml.jinja +++ b/project_name/pyproject.toml.jinja @@ -114,7 +114,7 @@ typing = [ [tool.uv] -required-version = ">=0.9.17" +required-version = ">=0.10.12" default-groups = ["dev", "test", "typing"] # Minimum age guard: only consider package versions released at least 24h ago, # as a lightweight supply-chain defense against just-published malicious releases. diff --git a/pyproject.toml b/pyproject.toml index e308df2..8468e5c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ dev = [ ] [tool.uv] -required-version = ">=0.9.17" +required-version = ">=0.10.12" # Minimum age guard: only consider package versions released at least 24h ago, # as a lightweight supply-chain defense against just-published malicious releases. exclude-newer = "24 hours"