docs(src/assets/): update uv official documentation

Author: KemingHe

src/assets/uv/_metadata.json

@@ -1,6 +1,6 @@
 {
   "source_repo": "astral-sh/uv",
   "docs_path": "docs",
-  "updated_at": "2025-11-18T22:05:38Z",
-  "commit_sha": "3ac43e8d15ff93405e305523d3a9abdd7670a627"
+  "updated_at": "2025-11-25T22:05:38Z",
+  "commit_sha": "17c1061676d3afbf7387505d8dd087f2146389ce"
 }

src/assets/uv/concepts/build-backend.md

@@ -31,7 +31,7 @@ To use uv as a build backend in an existing project, add `uv_build` to the
 
 ```toml title="pyproject.toml"
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 

src/assets/uv/concepts/projects/build.md

@@ -57,3 +57,18 @@ that the downloaded `setuptools` distribution matches the specified hash:
 ```console
 $ uv build --build-constraint constraints.txt --require-hashes
 ```
+
+## Preventing publish to PyPI
+
+If you have internal packages that you do not want to be published, you can mark them as private:
+
+```toml
+[project]
+classifiers = ["Private :: Do Not Upload"]
+```
+
+This setting makes PyPI reject your uploaded package from publishing. It does not affect security or
+privacy settings on alternative registries.
+
+We also recommend only generating [per-project PyPI API tokens](https://pypi.org/help/#apitoken):
+Without a PyPI token matching the project, it can't be accidentally published.

src/assets/uv/concepts/projects/export.md

@@ -0,0 +1,117 @@
+---
+title: Exporting a lockfile
+description: Exporting a lockfile to different formats
+---
+
+# Exporting a lockfile
+
+uv can export a lockfile to different formats for integration with other tools and workflows. The
+`uv export` command supports multiple output formats, each suited to different use cases.
+
+For more details on lockfiles and how they're created, see the [project layout](./layout.md) and
+[locking and syncing](./sync.md) documentation.
+
+## Overview of export formats
+
+uv supports three export formats:
+
+- `requirements.txt`: The traditional pip-compatible
+  [requirements file format](https://pip.pypa.io/en/stable/reference/requirements-file-format/).
+- `pylock.toml`: The standardized Python lockfile format defined in
+  [PEP 751](https://peps.python.org/pep-0751/).
+- `CycloneDX`: An industry-standard [Software Bill of Materials (SBOM)](https://cyclonedx.org/)
+  format.
+
+The format can be specified with the `--format` flag:
+
+```console
+$ uv export --format requirements.txt
+$ uv export --format pylock.toml
+$ uv export --format cyclonedx1.5
+```
+
+!!! tip
+
+    By default, `uv export` prints to stdout. Use `--output-file` to write to a file for any format:
+
+    ```console
+    $ uv export --format requirements.txt --output-file requirements.txt
+    $ uv export --format pylock.toml --output-file pylock.toml
+    $ uv export --format cyclonedx1.5 --output-file sbom.json
+    ```
+
+## `requirements.txt` format
+
+The `requirements.txt` format is the most widely supported format for Python dependencies. It can be
+used with `pip` and other Python package managers.
+
+### Basic usage
+
+```console
+$ uv export --format requirements.txt
+```
+
+The generated `requirements.txt` file can then be installed via `uv pip install`, or with other
+tools like `pip`.
+
+!!! note
+
+    In general, we recommend against using both a `uv.lock` and a `requirements.txt` file. The
+    `uv.lock` format is more powerful and includes features that cannot be expressed in
+    `requirements.txt`. If you find yourself exporting a `uv.lock` file, consider opening an issue
+    to discuss your use case.
+
+## `pylock.toml` format
+
+[PEP 751](https://peps.python.org/pep-0751/) defines a TOML-based lockfile format for Python
+dependencies. uv can export your project's dependency lockfile to this format.
+
+### Basic usage
+
+```console
+$ uv export --format pylock.toml
+```
+
+## CycloneDX SBOM format
+
+uv can export your project's dependency lockfile as a Software Bill of Materials (SBOM) in CycloneDX
+format. SBOMs provide a comprehensive inventory of all software components in your application,
+which is useful for security auditing, compliance, and supply chain transparency.
+
+!!! important
+
+    Support for exporting to CycloneDX is in [preview](../preview.md), and may change in any future release.
+
+### What is CycloneDX?
+
+[CycloneDX](https://cyclonedx.org/) is an industry-standard format for creating Software Bill of
+Materials. CycloneDX is machine readable and widely supported by security scanning tools,
+vulnerability databases, and Software Composition Analysis (SCA) platforms.
+
+### Basic usage
+
+To export your project's lockfile as a CycloneDX SBOM:
+
+```console
+$ uv export --format cyclonedx1.5
+```
+
+This will generate a JSON-encoded CycloneDX v1.5 document containing your project and all of its
+dependencies.
+
+### SBOM Structure
+
+The generated SBOM follows the
+[CycloneDX specification](https://cyclonedx.org/specification/overview/). uv also includes the
+following custom properties on components:
+
+- `uv:package:marker`: Environment markers (e.g., `python_version >= "3.8"`)
+- `uv:workspace:path`: Relative path for workspace members
+
+## Next steps
+
+To learn more about lockfiles and exporting, see the [locking and syncing](./sync.md) documentation
+and the [command reference](../../reference/cli.md#uv-export).
+
+Or, read on to learn how to
+[build and publish your project to a package index](../../guides/package.md).

src/assets/uv/concepts/projects/init.md

@@ -113,7 +113,7 @@ dependencies = []
 example-pkg = "example_pkg:main"
 
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 
@@ -136,7 +136,7 @@ dependencies = []
 example-pkg = "example_pkg:main"
 
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 
@@ -197,7 +197,7 @@ requires-python = ">=3.11"
 dependencies = []
 
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 

src/assets/uv/concepts/projects/sync.md

@@ -186,12 +186,17 @@ environment.
 
 ## Exporting the lockfile
 
-If you need to integrate uv with other tools or workflows, you can export `uv.lock` to the
-`requirements.txt` format with `uv export --format requirements-txt`. The generated
-`requirements.txt` file can then be installed via `uv pip install`, or with other tools like `pip`.
+If you need to integrate uv with other tools or workflows, you can export `uv.lock` to different
+formats including `requirements.txt`, `pylock.toml` (PEP 751), and CycloneDX SBOM.
 
-In general, we recommend against using both a `uv.lock` and a `requirements.txt` file. If you find
-yourself exporting a `uv.lock` file, consider opening an issue to discuss your use case.
+```console
+$ uv export --format requirements.txt
+$ uv export --format pylock.toml
+$ uv export --format cyclonedx1.5
+```
+
+See the [export guide](./export.md) for comprehensive documentation on all export formats and their
+use cases.
 
 ## Partial installations
 

src/assets/uv/concepts/projects/workspaces.md

@@ -75,7 +75,7 @@ bird-feeder = { workspace = true }
 members = ["packages/*"]
 
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 
@@ -106,7 +106,7 @@ tqdm = { git = "https://github.com/tqdm/tqdm" }
 members = ["packages/*"]
 
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 
@@ -188,7 +188,7 @@ dependencies = ["bird-feeder", "tqdm>=4,<5"]
 bird-feeder = { path = "packages/bird-feeder" }
 
 [build-system]
-requires = ["uv_build>=0.9.10,<0.10.0"]
+requires = ["uv_build>=0.9.12,<0.10.0"]
 build-backend = "uv_build"
 ```
 

src/assets/uv/concepts/python-versions.md

@@ -34,7 +34,7 @@ The following Python version request formats are supported:
 - `<version>` (e.g., `3`, `3.12`, `3.12.3`)
 - `<version-specifier>` (e.g., `>=3.12,<3.13`)
 - `<version><short-variant>` (e.g., `3.13t`, `3.12.0d`)
-- `<version>+<variant>` (e.g., `3.13+freethreaded`, `3.12.0+debug`)
+- `<version>+<variant>` (e.g., `3.13+freethreaded`, `3.12.0+debug`, `3.14+gil`)
 - `<implementation>` (e.g., `cpython` or `cp`)
 - `<implementation>@<version>` (e.g., `cpython@3.12`)
 - `<implementation><version>` (e.g., `cpython3.12` or `cp312`)
@@ -339,8 +339,16 @@ uv supports discovering and installing
 [free-threaded](https://docs.python.org/3.14/glossary.html#term-free-threading) Python variants in
 CPython 3.13+.
 
-Free-threaded Python versions will not be selected by default. Free-threaded Python versions will
-only be selected when explicitly requested, e.g., with `3.13t` or `3.13+freethreaded`.
+For Python 3.13, free-threaded Python versions will not be selected by default. Free-threaded Python
+versions will only be selected when explicitly requested, e.g., with `3.13t` or `3.13+freethreaded`.
+
+For Python 3.14+, uv will allow use of free-threaded Python 3.14+ interpreters without explicit
+selection. The GIL-enabled build of Python will still be preferred, e.g., when performing an
+installation with `uv python install 3.14`. However, e.g., if a free-threaded interpreter comes
+before a GIL-enabled build on the `PATH`, it will be used.
+
+If both free-threaded and GIL-enabled Python versions are available on the system, and want to
+require the use of the GIL-enabled variant in a project, you can use the `+gil` variant specifier.
 
 ## Debug Python variants
 

src/assets/uv/concepts/tools.md

@@ -18,8 +18,8 @@ Because it is very common to run tools without installing them, a `uvx` alias is
 refer to `uvx` instead of `uv tool run`.
 
 Tools can also be installed with `uv tool install`, in which case their executables are
-[available on the `PATH`](#the-path) — an isolated virtual environment is still used, but it is not
-removed when the command completes.
+[available on the `PATH`](#tool-executables) — an isolated virtual environment is still used, but it
+is not removed when the command completes.
 
 ## Execution vs installation
 

src/assets/uv/getting-started/installation.md

@@ -25,7 +25,7 @@ uv provides a standalone installer to download and install uv:
     Request a specific version by including it in the URL:
 
     ```console
-    $ curl -LsSf https://astral.sh/uv/0.9.10/install.sh | sh
+    $ curl -LsSf https://astral.sh/uv/0.9.12/install.sh | sh
     ```
 
 === "Windows"
@@ -41,7 +41,7 @@ uv provides a standalone installer to download and install uv:
     Request a specific version by including it in the URL:
 
     ```pwsh-session
-    PS> powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/0.9.10/install.ps1 | iex"
+    PS> powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/0.9.12/install.ps1 | iex"
     ```
 
 !!! tip
@@ -137,11 +137,10 @@ the standalone installer via `github.com` instead of `astral.sh`.
 
 ### Cargo
 
-uv is available via Cargo, but must be built from Git rather than [crates.io](https://crates.io) due
-to its dependency on unpublished crates.
+uv is available via [crates.io](https://crates.io).
 
 ```console
-$ cargo install --git https://github.com/astral-sh/uv uv
+$ cargo install --locked uv
 ```
 
 !!! note