You are now using uv in ci as well. uv offers dependency cooldowns, of X days or weeks within the publication of a new package version. This can be enabled via an env like this in ci:
env:
UV_EXCLUDE_NEWER: 1 week # ignore packages published in the last week
or directly in pyproject.toml, which then will apply to dev work as well:
[tool.uv]
exclude-newer = "1 week"
This way there is a slimmer chance of a bad package hitting ci and/or dev machines. What do you think?
Ref: https://docs.astral.sh/uv/concepts/resolution/#dependency-cooldowns
You are now using
uvin ci as well. uv offers dependency cooldowns, of X days or weeks within the publication of a new package version. This can be enabled via an env like this in ci:or directly in
pyproject.toml, which then will apply to dev work as well:This way there is a slimmer chance of a bad package hitting ci and/or dev machines. What do you think?
Ref: https://docs.astral.sh/uv/concepts/resolution/#dependency-cooldowns