Skip to content

Set exclude-newer = "7 days" in our PEP-723 scripts#25285

Merged
AlexWaygood merged 1 commit into
mainfrom
exclude-newer
May 21, 2026
Merged

Set exclude-newer = "7 days" in our PEP-723 scripts#25285
AlexWaygood merged 1 commit into
mainfrom
exclude-newer

Conversation

@AlexWaygood

Copy link
Copy Markdown
Member

Summary

This helps reduce spurious changes to the lockfile if you run these scripts on a machine that has a global exclude-newer value set in a ~/.config/uv.toml file or similar. It also seems good more generally to set an exclude-newer value for these scripts: dependency cooldowns are better for security.

Note that if the machine, hypothetically, also set UV_DEFAULT_INDEX as an environment variable to something other than pypi.org/simple, there would still be changes to the lockfile, so this change may be necessary but not sufficient for lockfile stability on certain corporate machines.

Test Plan

I ensured that the UV_DEFAULT_INDEX environment variable was set to pypi.org/simple on my machine and then ran mdtest.py using uv run. I didn't run setup_primer_project.py, but I did lock it using uv lock --script.

@AlexWaygood AlexWaygood requested a review from EliteTK May 21, 2026 10:29
@AlexWaygood AlexWaygood added the internal An internal refactor or improvement label May 21, 2026
@astral-sh-bot astral-sh-bot Bot requested a review from charliermarsh May 21, 2026 10:29
@astral-sh-bot

astral-sh-bot Bot commented May 21, 2026

Copy link
Copy Markdown

Typing conformance results

No changes detected ✅

Current numbers
The percentage of diagnostics emitted that were expected errors held steady at 89.36%. The percentage of expected errors that received a diagnostic held steady at 85.49%. The number of fully passing files held steady at 88/134.

@astral-sh-bot

astral-sh-bot Bot commented May 21, 2026

Copy link
Copy Markdown

Memory usage report

Memory usage unchanged ✅

@astral-sh-bot

astral-sh-bot Bot commented May 21, 2026

Copy link
Copy Markdown

ecosystem-analyzer results

No diagnostic changes detected ✅

Full report with detailed diff (timing results)

@astral-sh-bot

astral-sh-bot Bot commented May 21, 2026

Copy link
Copy Markdown

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

✅ ecosystem check detected no linter changes.

Formatter (stable)

✅ ecosystem check detected no format changes.

Formatter (preview)

✅ ecosystem check detected no format changes.

Comment thread scripts/setup_primer_project.py Outdated
@AlexWaygood AlexWaygood enabled auto-merge (squash) May 21, 2026 11:14
@AlexWaygood AlexWaygood merged commit 6cbd59b into main May 21, 2026
58 checks passed
@AlexWaygood AlexWaygood deleted the exclude-newer branch May 21, 2026 11:18
thejchap pushed a commit to thejchap/ruff that referenced this pull request May 23, 2026
## Summary

This helps reduce spurious changes to the lockfile if you run these
scripts on a machine that has a global `exclude-newer` value set in a
`~/.config/uv.toml` file or similar. It also seems good more generally
to set an `exclude-newer` value for these scripts: dependency cooldowns
are better for security.

Note that if the machine, hypothetically, also set `UV_DEFAULT_INDEX` as
an environment variable to something other than `pypi.org/simple`, there
would still be changes to the lockfile, so this change may be necessary
but not sufficient for lockfile stability on _certain_ corporate
machines.

## Test Plan

I ensured that the `UV_DEFAULT_INDEX` environment variable was set to
`pypi.org/simple` on my machine and then ran `mdtest.py` using `uv run`.
I didn't run `setup_primer_project.py`, but I did lock it using `uv lock
--script`.
anishgirianish pushed a commit to anishgirianish/ruff that referenced this pull request May 28, 2026
## Summary

This helps reduce spurious changes to the lockfile if you run these
scripts on a machine that has a global `exclude-newer` value set in a
`~/.config/uv.toml` file or similar. It also seems good more generally
to set an `exclude-newer` value for these scripts: dependency cooldowns
are better for security.

Note that if the machine, hypothetically, also set `UV_DEFAULT_INDEX` as
an environment variable to something other than `pypi.org/simple`, there
would still be changes to the lockfile, so this change may be necessary
but not sufficient for lockfile stability on _certain_ corporate
machines.

## Test Plan

I ensured that the `UV_DEFAULT_INDEX` environment variable was set to
`pypi.org/simple` on my machine and then ran `mdtest.py` using `uv run`.
I didn't run `setup_primer_project.py`, but I did lock it using `uv lock
--script`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

internal An internal refactor or improvement

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants