Output/report formatting for `uv audit` by woodruffw · Pull Request #18193 · astral-sh/uv

woodruffw · 2026-02-25T17:46:38Z

Summary

This adds some initial output/report formatting for uv audit.

This is an initial blush, any feedback to align this with rendering/formatting idioms elsewhere would be greatly appreciated!

Atop #18119.

Test Plan

None yet.

woodruffw · 2026-02-26T21:47:20Z

Example current output:

warning: `uv audit` is experimental and may change without warning. Pass `--preview-features audit` to disable this warning.
Resolved 71 packages in 29ms
Found 7 known vulnerabilities and no adverse project statuses in 71 packages

Vulnerabilities:

cryptography 46.0.3 has 1 known vulnerability:

- GHSA-r6ph-v2qm-q3c2: cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

  Fixed in: 46.0.5


filelock 3.20.0 has 2 known vulnerabilities:

- GHSA-qmgc-5h2g-mvrw: filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

  Fixed in: 3.20.3

- GHSA-w853-jp5j-5j7f: filelock has a TOCTOU race condition which allows symlink attacks during lock file creation

  Fixed in: 3.20.1


jaraco-context 6.0.1 has 1 known vulnerability:

- GHSA-58pv-8j8x-9vj2: jaraco.context Has a Path Traversal Vulnerability

  Fixed in: 6.1.0


urllib3 2.5.0 has 3 known vulnerabilities:

- GHSA-2xpw-w6gg-jr37: urllib3 streaming API improperly handles highly compressed data

  Fixed in: 2.6.0

- GHSA-38jv-5279-wg99: Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

  Fixed in: 2.6.3

- GHSA-gm62-xv2j-4w53: urllib3 allows an unbounded number of links in the decompression chain

  Fixed in: 2.6.0

Screencap with color:

## Summary This provides the scaffolding (CLI and initial `uv-audit` crate) for a `uv audit` subcommand. Closes #9189. Tracking: - [x] Core CLI scaffolding (this PR) - [x] #18185 - [x] Audit core (probably a new `uv-audit` crate): #18124 - [ ] Bulk dependency audits with OSV - [ ] Result presentation - [ ] #18193 Things that also need to be done with the MVP: - [ ] We should not audit workspace members by default (by definition, they don't exist on indices and therefore don't have meaningful results from vulnerability services). - [ ] I need to ensure groups/etc. are being filtered by correctly, right now we audit every single package in the lockfile unconditionally. ## Test Plan Unit and integration tests commensurate with the new functionality. --------- Signed-off-by: William Woodruff <william@astral.sh>

konstin

Code looks good, left some style comments.

konstin

Code looks good, is there an example uv.lock to see it in color?

woodruffw · 2026-03-09T13:17:41Z

Code looks good, is there an example uv.lock to see it in color?

I was testing it locally against psf/cachecontrol (since I added a lockfile to that repo a while back).

konstin · 2026-03-09T13:48:35Z

+                )?;
+
+                for vuln in vulns {
+                    writeln!(


Can we show the link too? The title often isn't enough to understand whether you are affected.

Yeah, I'll do that with a follow-up!

## Summary Atop #18193. This tweaks the baseline filtering we do with `uv audit` -- previously we only skipped packages without versions, but we should _also_ skip workspace members, since workspace members are local by definition. ## Test Plan Will be tested with integration tests. Signed-off-by: William Woodruff <william@astral.sh>

Atop #18193. This tweaks the baseline filtering we do with `uv audit` -- previously we only skipped packages without versions, but we should _also_ skip workspace members, since workspace members are local by definition. Will be tested with integration tests. Signed-off-by: William Woodruff <william@astral.sh>

Signed-off-by: William Woodruff <william@astral.sh> Skeleton AuditDisplay Signed-off-by: William Woodruff <william@astral.sh> Initial reporting for `uv audit` Signed-off-by: William Woodruff <william@astral.sh> More spacing Signed-off-by: William Woodruff <william@astral.sh> I curse the English language's irregular plural forms Signed-off-by: William Woodruff <william@astral.sh> Clippy Signed-off-by: William Woodruff <william@astral.sh> Bump snapshots Signed-off-by: William Woodruff <william@astral.sh> Feedback Signed-off-by: William Woodruff <william@astral.sh> Feedback Signed-off-by: William Woodruff <william@astral.sh> Add a TODO Signed-off-by: William Woodruff <william@astral.sh>

Atop #18193. This tweaks the baseline filtering we do with `uv audit` -- previously we only skipped packages without versions, but we should _also_ skip workspace members, since workspace members are local by definition. Will be tested with integration tests. Signed-off-by: William Woodruff <william@astral.sh>

## Summary This adds links to `uv audit`'s outputs. This required adding links to the backing (common) Vulnerability type and pulling them from the OSV service. OSV will always produce a link for a Vulnerability (since the ID itself can be turned into a link), but `Vulnerability::link` itself is optional since other services may not necessarily guarantee this. Follows #18193. ## Test Plan None yet. --------- Signed-off-by: William Woodruff <william@astral.sh>

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [uv](https://github.com/astral-sh/uv) | minor | `0.10.9` → `0.11.3` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (uv)</summary> ### [`v0.11.3`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0113) [Compare Source](astral-sh/uv@0.11.2...0.11.3) Released on 2026-04-01. ##### Enhancements - Add progress bar for hashing phase in uv publish ([#18752](astral-sh/uv#18752)) - Add support for ROCm 7.2 ([#18730](astral-sh/uv#18730)) - Emit abi3t tags for every abi3 version ([#18777](astral-sh/uv#18777)) - Expand `uv workspace metadata` with dependency information from the lock ([#18356](astral-sh/uv#18356)) - Implement support for PEP 803 ([#18767](astral-sh/uv#18767)) - Pretty-print platform in built wheel errors ([#18738](astral-sh/uv#18738)) - Publish installers to `/installers/uv/latest` on the mirror ([#18725](astral-sh/uv#18725)) - Show free-threaded Python in built-wheel errors ([#18740](astral-sh/uv#18740)) ##### Preview features - Add `--ignore` and `--ignore-until-fixed` to `uv audit` ([#18737](astral-sh/uv#18737)) ##### Bug fixes - Bump simple API cache ([#18797](astral-sh/uv#18797)) - Don't drop `blake2b` hashes ([#18794](astral-sh/uv#18794)) - Handle broken range request implementations ([#18780](astral-sh/uv#18780)) - Remove `powerpc64-unknown-linux-gnu` from release build targets ([#18800](astral-sh/uv#18800)) - Respect dependency metadata overrides in `uv pip check` ([#18742](astral-sh/uv#18742)) - Support debug CPython ABI tags in environment compatibility ([#18739](astral-sh/uv#18739)) ##### Documentation - Document `false` opt-out for `exclude-newer-package` ([#18768](astral-sh/uv#18768), [#18803](astral-sh/uv#18803)) ### [`v0.11.2`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0112) [Compare Source](astral-sh/uv@0.11.1...0.11.2) Released on 2026-03-26. ##### Enhancements - Add a dedicated Windows PE editing error ([#18710](astral-sh/uv#18710)) - Make `uv self update` fetch the manifest from the mirror first ([#18679](astral-sh/uv#18679)) - Use uv reqwest client for self update ([#17982](astral-sh/uv#17982)) - Show `uv self update` success and failure messages with `--quiet` ([#18645](astral-sh/uv#18645)) ##### Preview features - Evaluate extras and groups when determining auditable packages ([#18511](astral-sh/uv#18511)) ##### Bug fixes - Skip redundant project configuration parsing for `uv run` ([#17890](astral-sh/uv#17890)) ### [`v0.11.1`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0111) [Compare Source](astral-sh/uv@0.11.0...0.11.1) Released on 2026-03-24. ##### Bug fixes - Add missing hash verification for `riscv64gc-unknown-linux-musl` ([#18686](astral-sh/uv#18686)) - Fallback to direct download when direct URL streaming is unsupported ([#18688](astral-sh/uv#18688)) - Revert treating 'Dynamic' values as case-insensitive ([#18692](astral-sh/uv#18692)) - Remove torchdata from list of packages to source from the PyTorch index ([#18703](astral-sh/uv#18703)) - Special-case `==` Python version request ranges ([#9697](astral-sh/uv#9697)) ##### Documentation - Cover `--python <dir>` in "Using arbitrary Python environments" ([#6457](astral-sh/uv#6457)) - Fix version annotations for `PS_MODULE_PATH` and `UV_WORKING_DIR` ([#18691](astral-sh/uv#18691)) ### [`v0.11.0`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0110) [Compare Source](astral-sh/uv@0.10.12...0.11.0) Released on 2026-03-23. ##### Breaking changes This release includes changes to the networking stack used by uv. While we think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so we have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to [v0.13](https://seanmonstar.com/blog/reqwest-v013-rustls-default/) which included some breaking changes to TLS certificate verification. The following changes are included: - [`rustls-platform-verifier`](https://github.com/rustls/rustls-platform-verifier) is used instead of [`rustls-native-certs`](https://github.com/rustls/rustls-native-certs) and [`webpki`](https://github.com/rustls/webpki) for certificate verification **This change should have no effect unless you are using the `native-tls` option to enable reading system certificates.** `rustls-platform-verifier` delegates to the system for certificate validation (e.g., `Security.framework` on macOS) instead of eagerly loading certificates from the system and verifying them via `webpki`. The effects of this change will vary based on the operating system. In general, uv's certificate validation should now be more consistent with browsers and other native applications. However, this is the most likely cause of breaking changes in this release. Some previously failing certificate chains may succeed, and some previously accepted certificate chains may fail. In either case, we expect the validation to be more correct and welcome reports of regressions. In particular, because more responsibility for validating the certificate is transferred to your system's security library, some features like [CA constraints](https://support.apple.com/en-us/103255) or [revocation of certificates](https://en.wikipedia.org/wiki/Certificate_revocation) via OCSP and CRLs may now be used. This change should improve performance when using system certificate on macOS, as uv no longer needs to load all certificates from the keychain at startup. - [`aws-lc`](https://github.com/aws/aws-lc) is used instead of `ring` for a cryptography backend There should not be breaking changes from this change. We expect this to expand support for certificate signature algorithms. - `--native-tls` is deprecated in favor of a new `--system-certs` flag The `--native-tls` flag is still usable and has identical behavior to `--system-certs.` This change was made to reduce confusion about the TLS implementation uv uses. uv always uses `rustls` not `native-tls`. - Building uv on x86-64 and i686 Windows requires NASM NASM is required by `aws-lc`. If not found on the system, a prebuilt blob provided by `aws-lc-sys` will be used. If you are not building uv from source, this change has no effect. See the [CONTRIBUTING](https://github.com/astral-sh/uv/blob/b6854d77bfd0cb78157fecaf8b30126c6f16bc11/CONTRIBUTING.md#setup) guide for details. - Empty `SSL_CERT_FILE` values are ignored (for consistency with `SSL_CERT_DIR`) See [#18550](astral-sh/uv#18550) for details. ##### Python - Enable frame pointers for improved profiling on Linux x86-64 and aarch64 See the [python-build-standalone release notes](https://github.com/astral-sh/python-build-standalone/releases/20260320) for details. ##### Enhancements - Treat 'Dynamic' values as case-insensitive ([#18669](astral-sh/uv#18669)) - Use a dedicated error for invalid cache control headers ([#18657](astral-sh/uv#18657)) - Enable checksum verification in the generated installer script ([#18625](astral-sh/uv#18625)) ##### Preview features - Add `--service-format` and `--service-url` to `uv audit` ([#18571](astral-sh/uv#18571)) ##### Performance - Avoid holding flat index lock across indexes ([#18659](astral-sh/uv#18659)) ##### Bug fixes - Find the dynamic linker on the file system when sniffing binaries fails ([#18457](astral-sh/uv#18457)) - Fix export of conflicting workspace members with dependencies ([#18666](astral-sh/uv#18666)) - Respect installed settings in `uv tool list --outdated` ([#18586](astral-sh/uv#18586)) - Treat paths originating as PEP 508 URLs which contain expanded variables as relative ([#18680](astral-sh/uv#18680)) - Fix `uv export` for workspace member packages with conflicts ([#18635](astral-sh/uv#18635)) - Continue to alternative authentication providers when the pyx store has no token ([#18425](astral-sh/uv#18425)) - Use redacted URLs for log messages in cached client ([#18599](astral-sh/uv#18599)) ##### Documentation - Add details on Linux versions to the platform policy ([#18574](astral-sh/uv#18574)) - Clarify `FLASH_ATTENTION_SKIP_CUDA_BUILD` guidance for `flash-attn` installs ([#18473](astral-sh/uv#18473)) - Split the dependency bots page into two separate pages ([#18597](astral-sh/uv#18597)) - Split the alternative indexes page into separate pages ([#18607](astral-sh/uv#18607)) ### [`v0.10.12`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01012) [Compare Source](astral-sh/uv@0.10.11...0.10.12) Released on 2026-03-19. ##### Python - Add pypy 3.11.15 ([#18468](astral-sh/uv#18468)) - Add support for using Python 3.6 interpreters ([#18454](astral-sh/uv#18454)) ##### Enhancements - Include uv's target triple in version report ([#18520](astral-sh/uv#18520)) - Allow comma separated values in `--no-emit-package` ([#18565](astral-sh/uv#18565)) ##### Preview features - Show `uv audit` in the CLI help ([#18540](astral-sh/uv#18540)) ##### Bug fixes - Improve reporting of managed interpreter symlinks in `uv python list` ([#18459](astral-sh/uv#18459)) - Preserve end-of-line comments on previous entries when removing dependencies ([#18557](astral-sh/uv#18557)) - Treat abi3 wheel Python version as a lower bound ([#18536](astral-sh/uv#18536)) - Detect hard-float support on aarch64 kernels running armv7 userspace ([#18530](astral-sh/uv#18530)) ##### Documentation - Add Python 3.15 to supported versions ([#18552](astral-sh/uv#18552)) - Adjust the PyPy note ([#18548](astral-sh/uv#18548)) - Move Pyodide to Tier 2 in the Python support policy ([#18561](astral-sh/uv#18561)) - Move Rust and Python version support out of the Platform support policy ([#18535](astral-sh/uv#18535)) - Update Docker guide with changes from `uv-docker-example` ([#18558](astral-sh/uv#18558)) - Update the Python version policy ([#18559](astral-sh/uv#18559)) ### [`v0.10.11`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01011) [Compare Source](astral-sh/uv@0.10.10...0.10.11) Released on 2026-03-16. ##### Enhancements - Fetch Ruff release metadata from an Astral mirror ([#18358](astral-sh/uv#18358)) - Use PEP 639 license metadata for uv itself ([#16477](astral-sh/uv#16477)) ##### Performance - Improve distribution id performance ([#18486](astral-sh/uv#18486)) ##### Bug fixes - Allow `--project` to refer to a `pyproject.toml` directly and reduce to a warning on other files ([#18513](astral-sh/uv#18513)) - Disable `SYSTEM_VERSION_COMPAT` when querying interpreters on macOS ([#18452](astral-sh/uv#18452)) - Enforce available distributions for supported environments ([#18451](astral-sh/uv#18451)) - Fix `uv sync --active` recreating active environments when `UV_PYTHON_INSTALL_DIR` is relative ([#18398](astral-sh/uv#18398)) ##### Documentation - Add missing `-o requirements.txt` in `uv pip compile` example ([#12308](astral-sh/uv#12308)) - Link to organization security policy ([#18449](astral-sh/uv#18449)) - Link to the AI policy in the contributing guide ([#18448](astral-sh/uv#18448)) ### [`v0.10.10`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01010) [Compare Source](astral-sh/uv@0.10.9...0.10.10) Released on 2026-03-13. ##### Python - Add CPython 3.15.0a7 ([#18403](astral-sh/uv#18403)) ##### Enhancements - Add `--outdated` flag to `uv tool list` ([#18318](astral-sh/uv#18318)) - Add riscv64 musl target to build-release-binaries workflow ([#18228](astral-sh/uv#18228)) - Fetch Ruff from an Astral mirror ([#18286](astral-sh/uv#18286)) - Improve error handling for platform detection in Python downloads ([#18453](astral-sh/uv#18453)) - Warn if `--project` directory does not exist ([#17714](astral-sh/uv#17714)) - Warn when workspace member scripts are skipped due to missing build system ([#18389](astral-sh/uv#18389)) - Update build backend versions used in `uv init` ([#18417](astral-sh/uv#18417)) - Log explicit config file path in verbose output ([#18353](astral-sh/uv#18353)) - Make `uv cache clear` an alias of `uv cache clean` ([#18420](astral-sh/uv#18420)) - Reject invalid classifiers, warn on license classifiers in `uv_build` ([#18419](astral-sh/uv#18419)) ##### Preview features - Add links to `uv audit` output ([#18392](astral-sh/uv#18392)) - Output/report formatting for `uv audit` ([#18193](astral-sh/uv#18193)) - Switch to batched OSV queries for `uv audit` ([#18394](astral-sh/uv#18394)) ##### Bug fixes - Avoid sharing version metadata across indexes ([#18373](astral-sh/uv#18373)) - Bump zlib-rs to 0.6.2 to fix panic on decompression of large wheels on Windows ([#18362](astral-sh/uv#18362)) - Filter out unsupported environment wheels ([#18445](astral-sh/uv#18445)) - Preserve absolute/relative paths in lockfiles ([#18176](astral-sh/uv#18176)) - Recreate Python environments under `uv tool install --force` ([#18399](astral-sh/uv#18399)) - Respect timestamp and other cache keys in cached environments ([#18396](astral-sh/uv#18396)) - Simplify selected extra markers in `uv export` ([#18433](astral-sh/uv#18433)) - Send pyx mint-token requests with a proper `Content-Type` ([#18334](astral-sh/uv#18334)) - Fix Windows operating system and version reporting ([#18383](astral-sh/uv#18383)) ##### Documentation - Update the platform support policy with a tier 3 section including freebsd and 32-bit windows ([#18345](astral-sh/uv#18345)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

woodruffw changed the base branch from main to ww/uv-audit February 25, 2026 17:46

woodruffw changed the title ~~Ww/uv audit results~~ Output/report formatting for uv audit Feb 25, 2026

woodruffw mentioned this pull request Feb 25, 2026

Scaffolding for uv audit #18119

Merged

10 tasks

woodruffw marked this pull request as ready for review February 26, 2026 21:48

woodruffw requested a review from konstin February 26, 2026 21:48

woodruffw force-pushed the ww/uv-audit branch 3 times, most recently from df8f860 to 233fd7f Compare March 2, 2026 18:57

Base automatically changed from ww/uv-audit to main March 3, 2026 16:11

woodruffw force-pushed the ww/uv-audit-results branch 3 times, most recently from f64784b to bba6e5a Compare March 3, 2026 16:16

konstin added the preview Experimental behavior label Mar 5, 2026

konstin reviewed Mar 5, 2026

View reviewed changes

Comment thread crates/uv/src/commands/project/audit.rs Outdated

Comment thread crates/uv/src/commands/project/audit.rs Outdated

Comment thread crates/uv/src/commands/project/audit.rs

woodruffw force-pushed the ww/uv-audit-results branch 3 times, most recently from b47913d to 237062b Compare March 5, 2026 18:00

woodruffw mentioned this pull request Mar 5, 2026

Filter down to auditable packages #18322

Merged

woodruffw requested a review from konstin March 8, 2026 02:32

konstin approved these changes Mar 9, 2026

View reviewed changes

konstin reviewed Mar 9, 2026

View reviewed changes

Comment thread crates/uv/src/commands/reporters.rs Outdated

konstin reviewed Mar 9, 2026

View reviewed changes

Comment thread crates/uv/src/commands/project/audit.rs Outdated

konstin reviewed Mar 9, 2026

View reviewed changes

woodruffw had a problem deploying to uv-test-publish March 9, 2026 14:56 — with GitHub Actions Error

woodruffw force-pushed the ww/uv-audit-results branch from dc80a24 to 6246b49 Compare March 9, 2026 14:56

woodruffw force-pushed the ww/uv-audit-results branch from 6246b49 to c2553d1 Compare March 9, 2026 15:00

woodruffw added 2 commits March 9, 2026 23:24

woodruffw force-pushed the ww/uv-audit-results branch from c2553d1 to 0333537 Compare March 9, 2026 15:24

woodruffw merged commit f54ce67 into main Mar 10, 2026
213 of 216 checks passed

woodruffw deleted the ww/uv-audit-results branch March 10, 2026 04:07

woodruffw mentioned this pull request Mar 10, 2026

Add links to uv audit output #18392

Merged

BrewTestBot mentioned this pull request Mar 13, 2026

uv 0.10.10 Homebrew/homebrew-core#272203

Merged

woodruffw mentioned this pull request Mar 16, 2026

Roadmap: uv audit #18506

Open

25 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Output/report formatting for `uv audit`#18193

Output/report formatting for `uv audit`#18193
woodruffw merged 2 commits intomainfrom
ww/uv-audit-results

woodruffw commented Feb 25, 2026 •

edited

Loading

Uh oh!

woodruffw commented Feb 26, 2026

Uh oh!

konstin left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

konstin left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

woodruffw commented Mar 9, 2026

Uh oh!

Uh oh!

Uh oh!

konstin Mar 9, 2026

Uh oh!

woodruffw Mar 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

woodruffw commented Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test Plan

Uh oh!

woodruffw commented Feb 26, 2026

Uh oh!

konstin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

konstin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

woodruffw commented Mar 9, 2026

Uh oh!

Uh oh!

Uh oh!

konstin Mar 9, 2026

Choose a reason for hiding this comment

Uh oh!

woodruffw Mar 9, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

woodruffw commented Feb 25, 2026 •

edited

Loading