Change8

0.11.0

Breaking Changes
📦 uvView on GitHub →
4 breaking5 features🐛 7 fixes1 deprecations🔧 4 symbols

Summary

This release introduces significant updates to the networking stack, replacing certificate verification backends and deprecating the `--native-tls` flag in favor of `--system-certs`. It also includes several performance improvements and bug fixes across dependency resolution and auditing features.

⚠️ Breaking Changes

  • The networking stack was updated, potentially causing rejection of previously trusted TLS certificates due to the upgrade of reqwest to v0.13 and changes in TLS certificate verification.
  • Certificate verification now uses `rustls-platform-verifier` instead of `rustls-native-certs` and `webpki`. If you were using the `native-tls` option, validation behavior may change as it now delegates to the system's security library (e.g., Security.framework on macOS). Some certificate chains may now succeed or fail.
  • The `--native-tls` flag is deprecated in favor of `--system-certs`. While `--native-tls` still works identically to `--system-certs`, users should migrate to the new flag to reduce confusion.
  • Building uv from source on x86-64 and i686 Windows now requires NASM because `aws-lc` requires it. If NASM is not found, a prebuilt blob from `aws-lc-sys` will be used.

Migration Steps

  1. If you rely on specific TLS certificate validation behavior that might have changed due to the switch to `rustls-platform-verifier`, test your network operations thoroughly.
  2. Replace usage of the deprecated `--native-tls` flag with `--system-certs`.
  3. If building uv from source on Windows (x86-64 or i686), ensure NASM is installed or rely on the prebuilt blob provided by `aws-lc-sys`.

✨ New Features

  • Frame pointers are enabled for improved profiling on Linux x86-64 and aarch64 builds (via python-build-standalone).
  • Treated 'Dynamic' values as case-insensitive.
  • Introduced a dedicated error type for invalid cache control headers.
  • Enabled checksum verification in the generated installer script.
  • Added `--service-format` and `--service-url` options to `uv audit` (Preview feature).

🐛 Bug Fixes

  • Fixed finding the dynamic linker on the file system when binary sniffing fails.
  • Fixed export of conflicting workspace members with dependencies.
  • Fixed `uv tool list --outdated` to respect installed settings.
  • Fixed treating paths originating as PEP 508 URLs containing expanded variables as relative.
  • Fixed `uv export` for workspace member packages with conflicts.
  • Fixed continuing to alternative authentication providers when the pyx store has no token.
  • Fixed using redacted URLs for log messages in the cached client.

Affected Symbols

uv's networking stack (reqwest upgrade)--native-tls flag--system-certs flaguv audit command

⚡ Deprecations

  • The `--native-tls` flag is deprecated in favor of the new `--system-certs` flag.