|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-b8b59dcf44 (uv)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 44 Update: uv-0.11.2-1.fc44


Date:
              Sat, 28 Mar 2026 00:19:42 +0000


Message-ID:
              <20260328001942.D70B4821DE@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name        : uv
Product     : Fedora 44
Version     : 0.11.2
Release     : 1.fc44
URL         : https://github.com/astral-sh/uv
Summary     : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.

Highlights:

  • A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
    virtualenv, and more.
  • 10-100x faster than pip.
  • Provides comprehensive project management, with a universal lockfile.
  • Runs scripts, with support for inline dependency metadata.
  • Installs and manages Python versions.
  • Runs and installs tools published as Python packages.
  • Includes a pip-compatible interface for a performance boost with a familiar
    CLI.
  • Supports Cargo-style workspaces for scalable projects.
  • Disk-space efficient, with a global cache for dependency deduplication.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv’s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 0.11.2-1
- Update to 0.11.2 (close RHBZ#2450582)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2425802
  [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2425819
  [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432768
  [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432769
  [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432770
  [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432771
  [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432772
  [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432773
  [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432774
  [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432775
  [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432776
  [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432777
  [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2432779
  [ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2436289
  [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2437941
  [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2437942
  [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2437976
  [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2439752
  [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2450541
  [ 20 ] Bug #2450582 - uv-0.11.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2450582
  [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate
authorities in self-signed X.509 format
        https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds