omnipkg v2.0.4 — Filelock CVE-2025-68146 Closed · ARM32 + ARM64 Verified · 23+ Platforms

This is a landmark release for omnipkg, focused on hardening security, achieving near-universal platform verification, and implementing a robust, automated CI/CD pipeline. Version 2.0.4 introduces critical security patches, adds complete ARM64 and ARM32 test coverage, and brings native support for Apple Silicon.

🌟 Major Highlights

• 🔒 Security Hardening (CVE-2025-68146): Patched a critical file-locking vulnerability by vendoring a patched version of filelock, ensuring users on all Python versions are protected out-of-the-box.
• 🚀 Complete ARM Architecture Verification: Introduced an exhaustive testing suite for both ARM64 and ARM32 architectures.
  • ARM64 (aarch64): Now verified across 6 major Linux distributions using a powerful QEMU emulation pipeline.
  • ARM32 (armv7): Now automatically verified by scraping build results from the trusted piwheels.org repository.
• 🍏 Native Apple Silicon (macOS ARM64) CI: Added a dedicated job using GitHub's macos-14 native M-series runners, ensuring flawless performance on modern Macs.
• 🤖 Bulletproof Release Pipeline: The PyPI publishing process is now gated, and will not run until all critical cross-platform and ARM64 verification tests have passed successfully.
• 📝 Major Documentation Overhaul: The README.md has been massively updated with detailed, auto-generated platform support matrices, reflecting the live results of our new CI pipelines.

---

Detailed Changes

1. Security Enhancements

• Vendored filelock for CVE-2025-68146: To protect users on older Python versions (< 3.10) from a symlink-based vulnerability in filelock, we have vendored a patched version of the library directly into omnipkg. This provides an immediate, seamless fix without requiring users to manage complex dependencies. Python 3.10+ will continue to use the latest secure version from PyPI.
• Upgraded Security Scanners: The dependency logic in pyproject.toml has been refined to use the latest safety for supported Python versions and pip-audit as a fallback, ensuring continuous security scanning across our entire Python version range (3.7-3.14).

2. Massive CI/CD Expansion

• ARM64 Verification via QEMU: A new workflow (arm64-verification.yml) now runs on every tag and release, testing omnipkg inside Podman containers on emulated ARM64 environments for Debian, Ubuntu, Fedora, Rocky Linux, and Alpine.
• Native Apple Silicon Testing: The primary build verification workflow now includes a macos-14 runner, adding native ARM64 testing on Apple's M-series hardware to our matrix.
• Automated ARM32 (Raspberry Pi) Verification: A new workflow (piwheels-arm32-verification.yml) runs on a schedule and after releases to scrape piwheels.org, confirming that builds for Raspberry Pi are available and updating the README with the results.
• Gated PyPI Publishing: The publish.yml workflow now explicitly waits for the main cross-platform and ARM64 tests to complete successfully before allowing a package to be published. This prevents accidental releases of broken code.
• Automated Branch Syncing: New workflows (sync-main.yml, auto-merge-to-main.yml) have been implemented to keep the development and main branches synchronized, improving development velocity and stability.
• Multi-Arch Docker Builds: The Docker build process (docker-ci-ghcr.yml) is now more robust, building and pushing multi-architecture images (amd64, arm64) to both Docker Hub and GitHub Container Registry.

3. Bug Fixes and Refinements

• Fixed KB Initialization Deadlock: Resolved a NoneType error in the package_meta_builder that could occur during the very first knowledge base build when trying to run a security scan before the bubble manager was fully initialized.
• Dockerfile Simplification: Removed the Redis server from the official Docker image. omnipkg's automatic fallback to a built-in SQLite database makes this unnecessary for most users and results in a lighter, more secure container.

This release represents a huge leap forward in the reliability, security, and professional-grade quality assurance of omnipkg.

omnipkg v2.0.3 - Live Daemon Monitoring + Code Quality Overhaul

🎯 New Feature: Real-Time Daemon Monitor

Added 8pkg daemon monitor - a live TUI dashboard for monitoring worker daemon performance.

# View current daemon metrics
8pkg daemon monitor

# Live auto-refresh dashboard (watch mode)
8pkg daemon monitor --watch

Metrics Display:

• 📊 Real-time worker stats per package version
• 💾 Memory usage tracking
• 📈 Request counts & cache hit rates
• ⏱️ Worker idle time
• ❌ Per-worker failure tracking
• 🐍 Python interpreter mapping

---

🔧 Code Quality & Security Overhaul

Automated Linting & Formatting

• Fixed undefined variables, unused imports, dead code
• Added proper type hints
• Improved code formatting consistency
• Fixed shadowed variables

Security Infrastructure

• Added 30+ security scanning workflows (Snyk, Trivy, SonarCloud, Checkmarx, etc.)

Bug Fixes (Linter-Induced Issues)

No bugs existed in the original code. These fixes correct issues introduced by automated linting tools:

• Restored walrus operator in file hashing (linter removed it → infinite loop)
• Fixed loop variable in smart_uninstall (linter changed wrong variable)
• Resolved merge conflicts from automated changes

---

📦 Upgrade

8pkg upgrade omnipkg

Note: Legacy daemon status still available for simple snapshot view.

omnipkg v2.0.2 - Security Patch & Microsecond Conflict Detection

🚨 Critical Security Update (CVE-2025-68146)

Addressed a TOCTOU race condition in filelock by implementing strict version pinning with environment markers in pyproject.toml. This ensures the security patch is applied on supported Python versions while maintaining installation compatibility for legacy environments:

• Python 3.10+: Enforced filelock>=3.20.1 (Patched)
• Python 3.8-3.9: Pinned filelock>=3.13,<3.20.1
• Python <3.8: Pinned filelock>=3.12,<3.13

⚡ Performance: Redis Pipelining

The Legacy In-Process Loader has been optimized to remove filesystem bottlenecks during conflict detection.

• New Method: Added _detect_conflicts_via_redis() using Redis pipelining.
• Optimization: Replaced O(N) filesystem scanning (glob/scandir) with O(1) batched cache lookups.
• Metric: Reduced conflict detection overhead from ~2.3ms to ~0.09ms.
• Fallback: Added _detect_conflicts_legacy() for environments without Redis.

🐛 Fixes & Improvements

• Profiling Silence:
  • Changed enable_profiling default to False.
  • Updated _profile_end() and _aggressive_module_cleanup() to strictly respect the profiling flag.
  • Standard execution is now completely silent.
• Code Organization:
  • Refactored loader.py logic; moved _activate_bubble and split conflict detection strategies for better readability and maintenance.

Full Changelog: v2.0.1...v2.0.2

omnipkg v2.0.1 - Microsecond Install Verifications, Concurrent-Safe >1ms Overhead Daemon Spawns, and Windows Daemon Support

This is a significant point release that addresses critical stability issues, introduces massive performance enhancements, and implements a more robust, concurrent architecture for the daemon.

🚀 Performance Overhaul: Microsecond Activation

The omnipkgLoader has been obsessively profiled and optimized, pushing every controllable operation to its physical limits.

• ~50 Microsecond Pre-flight Checks: The package satisfaction check (check_package_installed_fast) has been rewritten to use direct, cache-less filesystem scans. This has reduced the time to validate an existing package from ~24 milliseconds to ~50 microseconds—a nearly 500x speedup.
• Sub-Millisecond Activation: For packages already in the main environment, the total activation time (including all checks and cloaking of conflicting bubbles) is now consistently under 1 millisecond.
• Surgical Knowledge Base Updates: The metadata discovery logic now uses a "fast-path" to surgically locate only newly installed packages, dramatically accelerating post-install operations.

🐛 Critical Stability & Cross-Platform Fixes

• Windows Support (No-Fork Mode): The worker daemon has been re-architected to support Windows by implementing a --no-fork startup mode that uses subprocess.Popen, enabling full daemon functionality on all platforms.
• First-Run Initialization Bugs:
  • Resolved multiple recursion loops during first-time setup by correcting initialization order and enforcing minimal_mode.
  • Fixed an AttributeError for _info_cache that would occur on the very first Knowledge Base build, preventing a clean initial setup without requiring 8pkg reset.
• Daemon psutil Bug: Fixed a faulty import check that caused 8pkg daemon status to incorrectly report "psutil not installed" even when it was present.
• Package Discovery (canonicalize_name): Patched a NameError in the package discovery logic, improving the reliability of metadata gathering.
• Scope and PATH Bugs:
  • Resolved an UnboundLocalError in the GPU pipeline by correcting logic scope.
  • Implemented PATH environment variable manipulation in the loader to enable proper binary executable isolation (e.g., uv).

✨ Architectural Enhancements

• Centralized Quantum Healing: The existing "Quantum Healing" logic for Python version conflicts has been centralized into a single _handle_quantum_healing method to simplify the codebase.
• Concurrent Daemon Spawning: The daemon architecture was hardened with more granular locking around filesystem cloaking. This allows multiple daemon workers to be spawned concurrently in a thread-safe manner.
• Smart Installation Verification: A new verification system intelligently groups and tests interdependent packages (e.g., the httpx stack) together to ensure robust installations.
• Automatic Index Detection: A new package index registry automatically detects and uses special URLs for variants like PyTorch CUDA builds.
• Snapshot-Based Stability: smart_install now takes pre-install snapshots and can perform a "safe restore" if an operation fails.

omnipkg v2.0.0 - The Python Hypervisor Release

Release Date: 2025-12-08

This release marks a fundamental paradigm shift from "Package Loader" to "Distributed Runtime Architecture." OmniPkg 2.0 introduces a persistent daemon kernel, universal GPU IPC, and hardware-level isolation, effectively functioning as an Operating System for Python environments.

We have shattered the performance barrier. What once took 2 seconds now takes 60 milliseconds. What once crashed due to ABI conflicts now runs concurrently on the same GPU.

🚀 Major Architectural Breakthroughs

• Universal GPU IPC (Pure Python/ctypes):

  • Implemented a custom, framework-agnostic CUDA IPC protocol (UniversalGpuIpc) using raw ctypes.
  • Performance: Achieved ~1.5ms latency for tensor handoffs, beating PyTorch's native IPC by ~30% and Hybrid SHM by 800%.
  • Enables true zero-copy data transfer between isolated processes without relying on framework-specific hooks.

• Persistent Worker Daemon ("The Kernel"):

  • Replaced ad-hoc subprocess spawning with a persistent, self-healing worker pool (WorkerPoolDaemon).
  • Reduces environment context switching time from ~2000ms (process spawn) to ~60ms (warm activation).
  • Implements an "Elastic Lung" architecture: Workers morph into required environments on-demand and purge themselves back to a clean slate.

• Selective Hardware Virtualization (CUDA Hotswapping):

  • Implemented dynamic LD_LIBRARY_PATH injection at the worker level.
  • The daemon now scans active bubbles to inject the exact CUDA runtime libraries required by the specific framework version (e.g., loading CUDA 11 libs for TF 2.13 while the host runs CUDA 12).
  • Result: Successfully ran TensorFlow 2.12 (CPU), TF 2.13 (CPU), and TF 2.20 (GPU) simultaneously in a single orchestration flow without crashing.

⚡ Core Enhancements

• Fail-Safe Cloaking: Added _force_restore_owned_cloaks() to guarantee filesystem restoration even during catastrophic process failures or OOM events. No more "zombie" cloaked files.
• Global Shutdown Silencer: Implemented an atexit hook that synchronizes CUDA contexts and redirects stderr to /dev/null during final interpreter shutdown, eliminating harmless but noisy C++ "driver shutting down" warnings.
• Composite Bubble Injection: The loader now automatically constructs "Meta-Bubbles" at runtime, merging the requested package bubble with its binary dependencies (NVIDIA libs, Triton) on the fly.

🐛 Critical Fixes

• PyTorch 1.13+ Compatibility: Patched the worker daemon to handle TypedStorage serialization changes in newer PyTorch versions, preventing crashes during native IPC.
• Deadlock Prevention: Implemented ThreadPoolExecutor in the daemon manager to allow recursive worker calls (Worker A calling Worker B) without deadlocking the socket.
• Lazy Loading: Made psutil and torch imports lazy within the daemon to prevent "poisoning" the process with default environment versions before isolation takes effect.

📊 Benchmarks (vs v1.x)

Metric	v1.x (Hybrid)	v2.0 (Universal)	Speedup
IPC Tensor Handoff	14ms	1.5ms	9.3x
Context Switch (Cold)	~2500ms	~2500ms	1.0x
Context Switch (Warm)	~2000ms	~0.06s	33x
Recursive Depth	5 levels	Unlimited	∞

📦 Upgrade

# Via pip
pip install --upgrade omnipkg

# Via omnipkg itself
8pkg upgrade

Welcome to the Singularity.

omnipkg v1.6.2 - Universal Runtime Healing Introduced

This release transforms omnipkg into a truly universal execution environment. It can now accept Python code via any method (scripts, inline -c, heredocs, pipes, or CLI binaries) and wrap them in an immortal, self-healing context.

🚀 New Features

• Universal Input Support: 8pkg run now handles stdin execution (python <<EOF or cat script.py | 8pkg run python). If the piped code fails, omnipkg captures it, analyzes the crash, auto-heals the environment, and re-runs it transparently.
• StdLib Guard: The heuristic engine now strictly filters out Python standard library modules (like sys, os, math, json). It will no longer attempt to "install" these if a script has a syntax error involving them.
• Smart Dependency Batching: When a ModuleNotFoundError occurs, the healer instantly scans the rest of the script for other missing imports and installs them all in a single batch operation, drastically reducing repair time.
• CLI Healing: You can now run system tools like 8pkg run http --version. If httpie is broken due to dependency conflicts (e.g., urllib3 version mismatch), omnipkg automatically detects the tool's owner package, creates an isolated bubble, and executes the tool successfully—without touching your main environment.

🛡️ improvements & Fixes

• Safety First Bubbling: Fixed a logic flaw where the healer would grab any available bubble version. It now correctly resolves the latest version from PyPI first, then checks if a bubble exists for that specific version.
• Performance Stats: The "UV vs OMNIPKG" performance comparison table is now perfectly aligned and formatted, regardless of the runner name length.
• Verbose Control: Silenced noisy sys.path injection logs during wrapper execution. Use --verbose to see them.
• Python Management: You can now install/swap Python versions using standard install syntax: 8pkg install python==3.12.

⚡ Performance

• Execution: ~7.8x faster than uv run failure-to-recovery cycles
• Bubble Activation: <25ms average (sub-millisecond for cached bubbles)
• Smart Batching: Reduces multi-package healing drastically

---

📦 Upgrade

# Via pip
pip install --upgrade omnipkg

# Via omnipkg itself
8pkg upgrade

# Or with conda
conda update -c conda-forge omnipkg

omnipkg v1.6.1 - Bulletproof Concurrency & Windows Stability

v1.6.1: Bulletproof Concurrency & Windows Stability

This is a critical stability and performance release that eliminates race conditions discovered during multi-threaded, cross-platform testing. After the massive src layout refactor, we subjected omnipkg to its most intense stress test yet, uncovered a core concurrency flaw on Windows, and completely re-engineered the self-healing and sync mechanisms to be rock-solid.

The results are staggering: what previously caused crashes and file corruption now runs flawlessly, with subsequent runs completing up to 58x faster (from 413 seconds down to 7.1 seconds).

🚀 Concurrency & Stability Overhaul (The Real Story)

The "Quantum Multiverse" demo revealed a critical race condition on Windows: the self-heal sync process would modify a managed Python environment at the exact moment another thread was scanning it, causing FileNotFoundError crashes on temporary files (~mnipkg-1.6.1.dist-info). This has been completely resolved.

Key Fixes:

• Eliminated Race Conditions: Introduced a strict "native-only" sync rule. Managed interpreters running in concurrent threads are now forbidden from initiating a sync, preventing them from modifying each other's filesystems.
• Bulletproof File Scanning: The Knowledge Base builder now gracefully handles race conditions by ignoring temporary (~) files and skipping any file or directory that is deleted mid-scan, preventing crashes.
• Conservative Windows Defaults: The self-heal sync is now disabled by default on Windows to guarantee stability in complex environments. It can be enabled for power users via OMNIPKG_ENABLE_SYNC=1.
• Massive Performance Gains: With the KB builds now stable, subsequent test runs leverage the cache perfectly, dropping execution time from ~7 minutes to ~7 seconds.

🪟 Enhanced Windows Reliability

Building on the concurrency fixes, we've further hardened Windows-specific behavior.

• Stale DLL Cache Purging: Windows now always performs a full Python context swap to clear "zombie" DLLs left in memory after concurrent operations, preventing Fatal Python error crashes.
• Universal Safe Printing: All 237 print statements containing emojis have been wrapped in safe_print() to eliminate UnicodeEncodeError crashes in Windows terminals.

🍺 Homebrew Formula Resurrection

After being stuck on v1.5.4 since October 3, 2025, the Homebrew tap is back online with automated updates!

• Automated CI/CD Pipeline: Formula updates on every release.
• Resilient PyPI Polling: Now retries up to 15 times to fetch release data.
• Install/Update:

  brew update && brew upgrade omnipkg

🛠️ Developer Tooling

Two new utilities were created to achieve this level of stability:

• emoji_print_fixer.py: Automatically converted 237 print() calls to safe_print().
• embedded_code_checker.py: Scans for and identifies missing imports in dynamically generated code strings.

📝 Upgrade Notes

This is a critical stability patch for all users, especially those on Windows or running omnipkg in complex, multi-threaded applications. The performance improvements on cached runs are a significant bonus.

---

Full Changelog: v1.6.0...v1.6.1
Homebrew Tap: https://github.com/1minds3t/homebrew-omnipkg

omnipkg v1.6.0 - The Quantum Lock & Concurrency Release

omnipkg v1.6.0: The Quantum Lock & Concurrency Release

After a monumentally productive weekend and over 70 developer commits, this release transforms omnipkg from a powerful tool into a battle-hardened, production-grade orchestrator. This isn't just an update; it's a foundational rewrite of the core engine, focused on eliminating race conditions, conquering state corruption, and achieving true, safe concurrency on all platforms, including Windows.

With over 6,000 lines of code changed, this release introduces an entirely new level of intelligence, compatibility, and resilience to the system.

🚀 New Features & Major Architectural Victories

True, Multi-Platform Concurrency: The "Impossible" Achieved

Omnipkg now fully supports simultaneous, parallel operations without corrupting its own state. The "Quantum Multiverse" is no longer just a concept—it's a reality. Our Windows CI now proves that three concurrent threads can simultaneously swap to different Python versions, install different package versions, and operate in the same environment without a single failure.

This was made possible by a ground-up re-architecture of state management:

• Atomic Registry Operations: All writes to the interpreter registry.json are now protected by file locks and atomic move operations.
• The "Admin vs. Worker" Firewall: A critical safety rule has been implemented. The "native" interpreter is a protected "admin" context, and "worker" contexts (e.g., a thread on Python 3.9) are forbidden from modifying the native environment, solving the primary source of self-syncing bugs and race conditions.

Intelligent, Trustworthy Self-Healing

The "zombie state"—where an interpreter exists on disk but is unknown to the registry—has been eradicated. The core commands are now self-aware and capable of healing the system.

• Smart swap Command: Now features a multi-tiered fallback that will automatically trigger a full filesystem rescan to find and register "zombie" interpreters before proceeding.
• Hardened adopt & remove: These commands are now fully transactional, performing a final rescan to verify the ground truth before reporting success. The system will never lie to you again.

Full Python 3.7+ Compatibility & Next-Gen Resolution

• Legacy Project Support: Omnipkg now fully supports managing projects running on Python 3.7. The entire dependency chain has been updated, and omnipkg can now download and manage standalone Python 3.7 interpreters.
• Smarter Dependency Resolution: Omnipkg now intelligently calculates the correct intersection of version requirements (e.g., numpy<2.0 vs. numpy>=1.26).

Platform-Aware Intelligence & User Experience

• Platform-Aware Wheel Selection: Omnipkg now inspects all available package files, parsing wheel tags to select the best binary wheel for your specific OS, CPU architecture, and Python version.

  Pip may still be a reckless time traveler, but with omnipkg, it's now carrying the right passport.

• "Return to Origin" Install Guarantee: The install command now automatically returns you to your original Python context after a "Quantum Healing" event.
• Blazing Fast Startup (204x Faster Self-Heal): The startup self-heal check has been optimized with a multi-tiered caching strategy, reducing its execution time from 138ms down to a mere 0.677ms on a cache hit.

📝 Important Notes & Known Issues

• Native Interpreter Sync: To ensure maximum safety and respect for the user's environment, the self-healing mechanism will sync all managed interpreters automatically, but it will not automatically upgrade the native omipkg installation. This is intentional. To upgrade the native installation, please use the explicit omnipkg upgrade omnipkg command, or pip install -e . for developers.
• Python 3.7 Self-Heal: While Python 3.7 is now fully supported for adoption, installation, and swapping, the self-healing logic for identifying it as a "native" interpreter is still under development. This is a known issue that will be resolved in an upcoming patch release.

🔮 What's Next: Activating "Quantum Installation"

The individual pieces of our next great leap are already here. This release doesn't just promise future features; it ships the proven, foundational technology for them.

The install command's "Quantum Healing" engine can already perform fully autonomous, cross-interpreter installations—detecting Python version incompatibilities, adopting the correct Python version, installing the package, and seamlessly returning to the original context. The run command's auto-healing loader can already activate version "bubbles" at runtime.

The next major step is to integrate these two proven technologies.

In a near-future release, the omnipkg run loader will be wired directly into the Quantum Healing engine. When a script imports a package that requires a completely different version of Python, the loader won't just fail—it will trigger the full, cross-dimensional installation workflow that omnipkg install uses today.

The architecture is built. The engine is battle-tested. The final integration is the next logical step. The multiverse is not just expanding; it's becoming fully interactive.

omnipkg v1.5.14 - The Time Traveler's Update

omnipkg v1.5.14 - The Time Traveler's Update

This is a landmark release. omnipkg now travels through time.

The Dependency Time Machine is now fully operational, solving one of the most painful problems in package management: installing legacy software that fails to build with modern toolchains. With this update, omnipkg can resurrect packages from the past, making "impossible" installations not just possible, but trivial.

The successful test_old_flask.py demo is a testament to this power, flawlessly installing flask-login==0.4.1 (from 2017!) alongside a modern version in the same environment—a task that would utterly destroy a standard pip installation.

✨ Key Features & Major Enhancements

• Time Machine is Now Fully Operational: The smart_install command now seamlessly integrates the Time Machine. When a modern pip install fails due to legacy build errors (e.g., metadata-generation-failed), omnipkg automatically:

  1. Travels back to the package's original release date.
  2. Finds the contemporary versions of all its dependencies.
  3. Installs an ancient version of setuptools (40.x) to handle the old build system.
  4. Builds the complete, historical dependency tree in a fully isolated sandbox.
  5. Bubbles the resulting installation, preserving the main environment perfectly.

• The Repair Bot v7: A Hyper-Aware Knowledge Base: This release introduces a completely redesigned discovery engine that finally solves the challenge of tracking identical package versions across multiple locations.

  • The Problem: Previously, the discovery logic would find the first instance of a package (e.g., requests in the main environment) and stop. It would fail to process other instances of the same version located in bubbles or nested inside other packages (like pygments inside rich). This led to "blank" or incomplete Knowledge Base entries.
  • The Solution: The new Repair Bot is "hyper-aware." It performs a comprehensive, concurrent scan of the entire environment to find all physical instances of every package. It then uses the unique, resolved file path of each instance to generate a stable installation_hash.
  • The Result: This hash allows for surgical, high-performance KB updates. The system now intelligently skips already-synced instances, finds and registers new ones, and instantly exorcises ghosts. This guarantees the KB is always a perfect reflection of reality and makes synchronization dramatically faster.

• ⚡ Ultra-Fast Pre-Flight Checks: omnipkg install is now faster than ever. It performs a new, ultra-fast check that determines if your requested packages are already satisfied (in the main environment or a bubble). If they are, the command exits immediately with success in milliseconds, avoiding all unnecessary processing.

🐛 Bug Fixes & Refinements

• Guaranteed Bubble Isolation: The bubble creation process (create_isolated_bubble) has been hardened to ensure all installations, including Time Machine operations, occur within a temporary sandbox. This completely prevents the main site-packages from being polluted during a build.
• Demo Overhaul: The test_old_flask.py script has been transformed into a powerful, interactive demo that first shows how pip violently destroys an environment when trying to install a legacy package, and then demonstrates how omnipkg handles the same task with intelligence and grace.
• Quantum Healing™ Pre-Flight: omnipkg now detects Python version incompatibility before an install even starts, triggering Quantum Healing immediately to download the correct Python interpreter and seamlessly retry the command.
• Hyper-Aggressive Module Cleanup: The omnipkgLoader now performs an "exorcism" on exit, purging every single module loaded from a bubble out of memory to guarantee zero state leakage between version swaps.

This release marks a significant step forward in solving dependency hell. Welcome to the era of time travel for your Python packages.

omnipkg v1.5.13 - uv security patch

omnipkg v1.5.13 Release Notes

Release Date: 2025-11-02

This release brings a crucial security patch, several bug fixes, and significant improvements to our continuous integration (CI) and testing infrastructure.

✨ Highlights

• New "Quantum Chaos" Test: A new stress test (tests/quantum_chaos.py) has been added to the suite. This test is designed to be impossible for traditional package managers, simultaneously using multiple conflicting versions of TensorFlow, SciPy, NumPy, and Rich in the same execution to showcase Omnipkg's advanced context-switching capabilities.
• CI Stability Improvements: Workflows for testing and dependency management have been made more robust and efficient.

🛡️ Security Fixes

• Dependency Vulnerability: Upgraded the uv dependency from 0.9.5 to 0.9.6 in both pyproject.toml and requirements.txt to resolve a known security vulnerability.

🐛 Bug Fixes & Stability

• Core: Fixed a syntax error involving a missing parenthesis in the libresolver module.
• CLI: Stabilized the "Quantum Multiverse Warp" concurrent installation test by pinning its execution to Python 3.11, ensuring more consistent test results.

⚙️ CI/CD Improvements

• Dependency Management: The update-requirements.yml workflow has been improved to use a more recent version of pip-tools and streamline the process.
• Windows Testing: The Windows concurrency test has been optimized to use a faster status command for priming, reducing runtime and improving efficiency.

📖 Documentation

• Updated the performance and comparison statistics badges in the README.md.

---

This version is a recommended update for all users, as it includes an important security fix and enhances the overall stability of the package.