Renovate
It is considered best practice to regularly update dependencies, to avoid being exposed to vulnerabilities, limit incompatibilities between dependencies, and avoid complex upgrades when upgrading from a too old version.
uv is supported by Renovate.
uv.lock output
Renovate uses the presence of a uv.lock file to determine that uv is used for managing
dependencies, and will suggest upgrades to
project dependencies,
optional dependencies and
development dependencies.
Renovate will update both the pyproject.toml and uv.lock files.
The lockfile can also be refreshed on a regular basis (for instance to update transitive
dependencies) by enabling the
lockFileMaintenance
option:
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
lockFileMaintenance: {
enabled: true,
},
}
Inline script metadata
Renovate supports updating dependencies defined using inline script metadata.
Since it cannot automatically detect which Python files use inline script metadata, their locations
need to be explicitly defined using
managerFilePatterns,
like so:
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
pep723: {
managerFilePatterns: [
"docs/build.py",
"scripts/**/*.py",
],
},
}
Note
Renovate does not yet support updating the lock file associated to the script (https://github.com/renovatebot/renovate/issues/33591), so if you rely on this feature for a script, the lock file will need to be manually updated.
Dependency cooldown
If you use exclude-newer option, it is recommended to
also set the equivalent
minimumReleaseAge option
in Renovate, to avoid ending up with pull requests where uv would not be able to lock the
dependencies.
For instance, if you've set exclude-newer to 1 week, you can set: