Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-uv for openSUSE:Factory checked in at 2026-03-17 19:03:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-uv (Old) and /work/SRC/openSUSE:Factory/.python-uv.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-uv" Tue Mar 17 19:03:20 2026 rev:83 rq:1339580 version:0.10.11 Changes: -------- --- /work/SRC/openSUSE:Factory/python-uv/python-uv.changes 2026-03-11 11:28:13.870659702 +0100 +++ /work/SRC/openSUSE:Factory/.python-uv.new.8177/python-uv.changes 2026-03-17 19:05:01.869998555 +0100 @@ -1,0 +2,56 @@ +Tue Mar 17 11:34:26 UTC 2026 - Ondřej Súkup <[email protected]> + +- update to 0.10.11 + * Enhancements + * Fetch Ruff release metadata from an Astral mirror + * Use PEP 639 license metadata for uv itself + * Performance + * Improve distribution id performance + * Bug fixes + * Allow --project to refer to a pyproject.toml directly and reduce to a warning on other files + * Disable SYSTEM_VERSION_COMPAT when querying interpreters on macOS + * Enforce available distributions for supported environments + * Fix uv sync --active recreating active environments when UV_PYTHON_INSTALL_DIR is relative + * Documentation + * Add missing -o requirements.txt in uv pip compile example + * Link to organization security policy + * Link to the AI policy in the contributing guide + +------------------------------------------------------------------- +Mon Mar 16 09:29:33 UTC 2026 - Daniel Garcia <[email protected]> + +- Update vendor.tar.zst (bsc#1259624, CVE-2026-31812) +- Ignore rsa Marvin Attack risk RUSTSEC-2023-0071 in cargo-vendor. The + potential key recovery through timing sidechannels doesn't affect uv + as it's intended to be used locally as a developer tool + https://rustsec.org/advisories/RUSTSEC-2023-0071.html +- update to 0.10.10 + * Enhancements + * Add --outdated flag to uv tool list + * Add riscv64 musl target to build-release-binaries workflow + * Fetch Ruff from an Astral mirror + * Improve error handling for platform detection in Python downloads + * Warn if --project directory does not exist + * Warn when workspace member scripts are skipped due to missing build system + * Update build backend versions used in uv init + * Log explicit config file path in verbose output + * Make uv cache clear an alias of uv cache clean + * Reject invalid classifiers, warn on license classifiers in uv_build + * Preview features + * Add links to uv audit output + * Output/report formatting for uv audit + * Switch to batched OSV queries for uv audit + * Bug fixes + * Avoid sharing version metadata across indexes + * Bump zlib-rs to 0.6.2 to fix panic on decompression of large wheels on Windows + * Filter out unsupported environment wheels + * Preserve absolute/relative paths in lockfiles + * Recreate Python environments under uv tool install --force + * Respect timestamp and other cache keys in cached environments + * Simplify selected extra markers in uv export + * Send pyx mint-token requests with a proper Content-Type + * Fix Windows operating system and version reporting + * Documentation + * Update the platform support policy with a tier 3 section including freebsd and 32-bit windows + +------------------------------------------------------------------- Old: ---- python-uv-0.10.9.tar.gz New: ---- python-uv-0.10.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-uv.spec ++++++ --- /var/tmp/diff_new_pack.3tz4o2/_old 2026-03-17 19:05:04.350101334 +0100 +++ /var/tmp/diff_new_pack.3tz4o2/_new 2026-03-17 19:05:04.354101500 +0100 @@ -33,7 +33,7 @@ %bcond_without libalternatives %{?sle15_python_module_pythons} Name: python-uv -Version: 0.10.9 +Version: 0.10.11 Release: 0 Summary: A Python package installer and resolver, written in Rust License: Apache-2.0 OR MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.3tz4o2/_old 2026-03-17 19:05:04.414103987 +0100 +++ /var/tmp/diff_new_pack.3tz4o2/_new 2026-03-17 19:05:04.422104318 +0100 @@ -5,6 +5,11 @@ <param name="src">python-uv*.tar.gz</param> <param name="compression">zst</param> <param name="update">true</param> + <!-- + https://rustsec.org/advisories/RUSTSEC-2023-0071.html + rsa (0.9.10) Marvin Attack: potential key recovery through timing sidechannels + --> + <param name="i-accept-the-risk">RUSTSEC-2023-0071.md</param> </service> </services> ++++++ python-uv-0.10.9.tar.gz -> python-uv-0.10.11.tar.gz ++++++ ++++ 24136 lines of diff (skipped) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/python-uv/vendor.tar.zst /work/SRC/openSUSE:Factory/.python-uv.new.8177/vendor.tar.zst differ: char 7, line 1
