diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml
index 5b9bda8..7c18905 100644
--- a/.github/workflows/version-check.yml
+++ b/.github/workflows/version-check.yml
@@ -4,8 +4,8 @@ on:
     types: [opened, synchronize, ready_for_review]
     paths:
       - 'socketsecurity/**'
-      - 'setup.py'
       - 'pyproject.toml'
+      - 'uv.lock'
 
 permissions:
   contents: read
@@ -46,6 +46,18 @@ jobs:
           print(f'✅ Version properly incremented from {main_ver} to {pr_ver}')
           "
 
+      - name: Require uv.lock update when pyproject changes
+        run: |
+          CHANGED_FILES="$(git diff --name-only origin/main...HEAD)"
+
+          if echo "$CHANGED_FILES" | grep -qx 'pyproject.toml'; then
+            if ! echo "$CHANGED_FILES" | grep -qx 'uv.lock'; then
+              echo "❌ pyproject.toml changed, but uv.lock was not updated."
+              echo "Run 'uv lock' and commit uv.lock with the version bump."
+              exit 1
+            fi
+          fi
+
       - name: Manage PR Comment
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
         if: always() && github.event.pull_request.head.repo.full_name == github.repository
diff --git a/.hooks/sync_version.py b/.hooks/sync_version.py
index f26dd76..4abf179 100644
--- a/.hooks/sync_version.py
+++ b/.hooks/sync_version.py
@@ -8,6 +8,7 @@
 
 INIT_FILE = pathlib.Path("socketsecurity/__init__.py")
 PYPROJECT_FILE = pathlib.Path("pyproject.toml")
+UV_LOCK_FILE = pathlib.Path("uv.lock")
 
 VERSION_PATTERN = re.compile(r"__version__\s*=\s*['\"]([^'\"]+)['\"]")
 PYPROJECT_PATTERN = re.compile(r'^version\s*=\s*".*"$', re.MULTILINE)
@@ -72,6 +73,21 @@ def inject_version(version: str):
         new_pyproject = re.sub(r"(\[project\])", rf"\1\nversion = \"{version}\"", pyproject)
     PYPROJECT_FILE.write_text(new_pyproject)
 
+
+def run_uv_lock() -> bool:
+    before = UV_LOCK_FILE.read_bytes() if UV_LOCK_FILE.exists() else b""
+    try:
+        subprocess.run(["uv", "lock"], check=True, text=True)
+    except FileNotFoundError:
+        print("❌ `uv` is required but was not found in PATH.")
+        sys.exit(1)
+    except subprocess.CalledProcessError:
+        print("❌ `uv lock` failed. Please run it manually and fix any errors.")
+        sys.exit(1)
+
+    after = UV_LOCK_FILE.read_bytes() if UV_LOCK_FILE.exists() else b""
+    return before != after
+
 def main():
     dev_mode = "--dev" in sys.argv
     current_version = read_version_from_init(INIT_FILE)
@@ -84,15 +100,24 @@ def main():
             base_version = current_version.split(".dev")[0] if ".dev" in current_version else current_version
             new_version = find_next_available_dev_version(base_version)
             inject_version(new_version)
-            print("⚠️ Version was unchanged — auto-bumped. Please git add + commit again.")
+            uv_lock_changed = run_uv_lock()
+            lock_hint = " and uv.lock" if uv_lock_changed else ""
+            print(f"⚠️ Version was unchanged — auto-bumped. Please git add{lock_hint} + commit again.")
             sys.exit(0)
         else:
             new_version = bump_patch_version(current_version)
             inject_version(new_version)
-            print("⚠️ Version was unchanged — auto-bumped. Please git add + commit again.")
+            uv_lock_changed = run_uv_lock()
+            lock_hint = " and uv.lock" if uv_lock_changed else ""
+            print(f"⚠️ Version was unchanged — auto-bumped. Please git add{lock_hint} + commit again.")
             sys.exit(1)
     else:
-        print("✅ Version already bumped — proceeding.")
+        uv_lock_changed = run_uv_lock()
+        if uv_lock_changed:
+            print("⚠️ Version already bumped, but uv.lock was out of date and has been updated. Please git add uv.lock + commit again.")
+            sys.exit(1)
+
+        print("✅ Version already bumped and uv.lock is up to date — proceeding.")
         sys.exit(0)
 
 if __name__ == "__main__":
diff --git a/pyproject.toml b/pyproject.toml
index 50b0518..4b7f380 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.88"
+version = "2.2.89"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [
diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py
index a7dcdfb..9547cf5 100644
--- a/socketsecurity/__init__.py
+++ b/socketsecurity/__init__.py
@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.88'
+__version__ = '2.2.89'
 USER_AGENT = f'SocketPythonCLI/{__version__}'
diff --git a/uv.lock b/uv.lock
index a90e6b2..3266b98 100644
--- a/uv.lock
+++ b/uv.lock
@@ -1168,7 +1168,7 @@ wheels = [
 
 [[package]]
 name = "socketsecurity"
-version = "2.2.86"
+version = "2.2.89"
 source = { editable = "." }
 dependencies = [
     { name = "bs4" },