Owen Lamont
@owen7ba.bsky.social
Coder into Python and Rust. Interested in all things software engineering, data science, and computer graphics.
I just released uv-secure 0.15.0 to PyPi which now will check whether your version of uv itself has known vulnerabilities in addition to scanning your lock files. This check can be disabled by CLI flag or configuration if you don't use uv-secure with uv. #Python
November 15, 2025 at 1:55 PM
I just released uv-secure 0.15.0 to PyPi which now will check whether your version of uv itself has known vulnerabilities in addition to scanning your lock files. This check can be disabled by CLI flag or configuration if you don't use uv-secure with uv. #Python
I released uv-secure 0.14.1 to PyPi. This release add a --format json option for json output (in addition to the previous/default --format columns). It also make skipped non-PyPi dependencies more explicit. #Python
October 2, 2025 at 1:11 PM
I released uv-secure 0.14.1 to PyPi. This release add a --format json option for json output (in addition to the previous/default --format columns). It also make skipped non-PyPi dependencies more explicit. #Python
I released uv-secure 0.13.0 to PyPi. This release adds new flags to warn against dependencies with some of the new PEP 792 statuses (archived, deprecated, quarantined) that you might not want. #Python
August 18, 2025 at 1:27 PM
I released uv-secure 0.13.0 to PyPi. This release adds new flags to warn against dependencies with some of the new PEP 792 statuses (archived, deprecated, quarantined) that you might not want. #Python
I released uv-secure 0.12.2 to PyPi. This is a small release to enable uv-secure to run on requirements.txt files not generated by uv (requirements.txt still need to be fully pinned and only contain PyPi dependencies). Please let me know if breaks for any of your use cases. #Python
July 22, 2025 at 11:18 AM
I released uv-secure 0.12.2 to PyPi. This is a small release to enable uv-secure to run on requirements.txt files not generated by uv (requirements.txt still need to be fully pinned and only contain PyPi dependencies). Please let me know if breaks for any of your use cases. #Python
I just released uv-secure 0.12.1 to PyPi. This bugfix release adds explicit error messages for unparsable uv.lock / requirements.txt / pylock.toml files (which weren't properly handled before) and also adds more retries for temporarily unreadable files. #Python
July 20, 2025 at 7:50 AM
I just released uv-secure 0.12.1 to PyPi. This bugfix release adds explicit error messages for unparsable uv.lock / requirements.txt / pylock.toml files (which weren't properly handled before) and also adds more retries for temporarily unreadable files. #Python
I just released uv-secure 0.12.0 to PyPi. This version adds support for PEP751 pylock.toml files. Note, at present pylock.toml files aren't compatible with the check direct dependency arguments so all dependencies will be treated as direct dependencies in pylock.toml files. #Python
July 13, 2025 at 3:05 AM
I just released uv-secure 0.12.0 to PyPi. This version adds support for PEP751 pylock.toml files. Note, at present pylock.toml files aren't compatible with the check direct dependency arguments so all dependencies will be treated as direct dependencies in pylock.toml files. #Python
I did an analysis of growing Ruff adoption back in Nov 2023, just updated it again to the end of June 2025 and happy to see adoption is still going strong. Hope to see ty on this plot in the near future. I'm a big fan of Astral tools. #Python
July 12, 2025 at 8:40 AM
I did an analysis of growing Ruff adoption back in Nov 2023, just updated it again to the end of June 2025 and happy to see adoption is still going strong. Hope to see ty on this plot in the near future. I'm a big fan of Astral tools. #Python
I released uv-secure 0.11.0 to PyPi. This release adds the option and config to ignore packages by name and optionally version specifiers from being checked for vulnerability and maintenance issues. Minor breaking changes to CLI arguments - please see GitHub release notes for details. #Python
July 6, 2025 at 5:15 AM
I released uv-secure 0.11.0 to PyPi. This release adds the option and config to ignore packages by name and optionally version specifiers from being checked for vulnerability and maintenance issues. Minor breaking changes to CLI arguments - please see GitHub release notes for details. #Python
Just released uv-secure 0.10.1 to PyPi. There's some breaking changes in 0.10.0 onwards from consolidated the request cache configuration to make things more performant in mono repos and behind the scenes work adding workflows to automate more of the dependency and linter updates. #Python
June 29, 2025 at 8:14 AM
Just released uv-secure 0.10.1 to PyPi. There's some breaking changes in 0.10.0 onwards from consolidated the request cache configuration to make things more performant in mono repos and behind the scenes work adding workflows to automate more of the dependency and linter updates. #Python
Just released uv-secure 0.9.2 to PyPi. Minor convenience added for optional extra to install uvloop/winloop with the faster-async extra. Also a bit of behind the scenes tweaks to follow the PyPi API guidelines better, plus configuring Dependabot to keep actions and dependencies up to date. #Python
June 10, 2025 at 1:55 PM
Just released uv-secure 0.9.2 to PyPi. Minor convenience added for optional extra to install uvloop/winloop with the faster-async extra. Also a bit of behind the scenes tweaks to follow the PyPi API guidelines better, plus configuring Dependabot to keep actions and dependencies up to date. #Python
Working on a #python personal project to convert an image into a 3D height map that can be 3D printed. Was relatively easy to plug together a few Python packages (mainly transformers, pillow, and trimesh) to do this. Repo is here: github.com/owenlamont/m... if anyone is interested.
March 16, 2025 at 11:28 AM
Working on a #python personal project to convert an image into a 3D height map that can be 3D printed. Was relatively easy to plug together a few Python packages (mainly transformers, pillow, and trimesh) to do this. Repo is here: github.com/owenlamont/m... if anyone is interested.
Just released uv-secure 0.9.0 to PyPi. It now distinguishes direct dependencies from transitive dependencies so you can filter the checks to direct dependencies if you like.
Some minor breaking changes to the configuration file structure - see release notes for the updates.
#Python
Some minor breaking changes to the configuration file structure - see release notes for the updates.
#Python
February 16, 2025 at 7:32 AM
Just released uv-secure 0.9.0 to PyPi. It now distinguishes direct dependencies from transitive dependencies so you can filter the checks to direct dependencies if you like.
Some minor breaking changes to the configuration file structure - see release notes for the updates.
#Python
Some minor breaking changes to the configuration file structure - see release notes for the updates.
#Python
uv-secure is now on conda-forge. If you're a conda fan too, I suggest installing as a @prefix.dev pixi global tool.
I'd like to expand the scope of uv-secure to scan pixi.lock files too... unfortunately @conda-forge.org has no API for listing known package vulnerabilities like PyPi that I know of.
I'd like to expand the scope of uv-secure to scan pixi.lock files too... unfortunately @conda-forge.org has no API for listing known package vulnerabilities like PyPi that I know of.
February 11, 2025 at 11:59 AM
uv-secure is now on conda-forge. If you're a conda fan too, I suggest installing as a @prefix.dev pixi global tool.
I'd like to expand the scope of uv-secure to scan pixi.lock files too... unfortunately @conda-forge.org has no API for listing known package vulnerabilities like PyPi that I know of.
I'd like to expand the scope of uv-secure to scan pixi.lock files too... unfortunately @conda-forge.org has no API for listing known package vulnerabilities like PyPi that I know of.
Just released uv-secure 0.8.0 to PyPi - more user facing features this time! You can now set optional code maintainability thresholds to flag dependencies whose release is too old or has been marked as yanked on PyPi. Also package names and versions also hyperlink appropriately. #python
January 30, 2025 at 12:31 PM
Just released uv-secure 0.8.0 to PyPi - more user facing features this time! You can now set optional code maintainability thresholds to flag dependencies whose release is too old or has been marked as yanked on PyPi. Also package names and versions also hyperlink appropriately. #python
If someone is quick you can give pip-audit its thousandth star github.com/pypa/pip-audit #python
January 27, 2025 at 12:17 PM
If someone is quick you can give pip-audit its thousandth star github.com/pypa/pip-audit #python
I released uv-secure 0.7.1 to PyPi - minor UI changes but I've now integrated the hishel package for caching API requests which can give a significant speed boost when running uv-secure multiple times. Big thanks to github.com/Vizonex for contributing too! I'd love even more contributors. #python
January 26, 2025 at 12:23 PM
I released uv-secure 0.7.1 to PyPi - minor UI changes but I've now integrated the hishel package for caching API requests which can give a significant speed boost when running uv-secure multiple times. Big thanks to github.com/Vizonex for contributing too! I'd love even more contributors. #python
I've released uv-secure 0.6.0 to PyPi. Pretty minor release this time - I've added hyperlinks for vulnerability aliases if you enabled aliases, fixed some documentation, and added a running in development guide. I'll be trying to make it easier for new contributors to join going forward. #python
January 19, 2025 at 1:21 PM
I've released uv-secure 0.6.0 to PyPi. Pretty minor release this time - I've added hyperlinks for vulnerability aliases if you enabled aliases, fixed some documentation, and added a running in development guide. I'll be trying to make it easier for new contributors to join going forward. #python
I've released uv-secure 0.5.0 on PyPi. It now has the same vulnerability table format and formatting options (--aliases and --desc) as pip-audit.
Except it leverages @willmcgugan.bsky.social 's Rich to look prettier (and even has clickable hyperlinks if your terminal supports it).
#python
Except it leverages @willmcgugan.bsky.social 's Rich to look prettier (and even has clickable hyperlinks if your terminal supports it).
#python
January 11, 2025 at 8:52 AM
I've released uv-secure 0.5.0 on PyPi. It now has the same vulnerability table format and formatting options (--aliases and --desc) as pip-audit.
Except it leverages @willmcgugan.bsky.social 's Rich to look prettier (and even has clickable hyperlinks if your terminal supports it).
#python
Except it leverages @willmcgugan.bsky.social 's Rich to look prettier (and even has clickable hyperlinks if your terminal supports it).
#python