diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml
index 51623fad..477234b8 100644
--- a/.github/workflows/python-build.yml
+++ b/.github/workflows/python-build.yml
@@ -19,6 +19,8 @@ jobs:
           allow-prereleases: true
       - name: Check out repository code
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Install prereq
         run: pip install tox coveralls
       - name: Run python tests
@@ -58,16 +60,47 @@ jobs:
           python-version: "3.11"
       - name: Check out repository code
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Install prereq
         run: pip install tox
       - name: Run python tests
         run: tox -e ${{ matrix.toxenv }}
-  pypi-publish:
+  build:
+    name: Build oauthlib distribution
     needs:
       - tests
       - docs
       - coveralls
-    if: ${{ success() }} && github.repository == 'oauthlib/oauthlib' && startsWith(github.ref, 'refs/tags')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Install pypa/build
+        run: >-
+          python3 -m
+          pip install
+          build
+          --user
+      - name: Build wheel and tarball
+        run: python3 -m build
+      - name: Store the package's artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+  pypi-publish:
+    if: success() && github.repository == 'oauthlib/oauthlib' && github.ref_type == 'tag'
+    needs:
+      - build
     name: Upload release to PyPI
     runs-on: ubuntu-latest
     environment:
@@ -76,16 +109,10 @@ jobs:
     permissions:
       id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
-    - name: Check out repository code
-      uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - name: Download all the dists
+      uses: actions/download-artifact@v4
       with:
-        python-version: '3.10'
-    - name: Install prereq
-      run: pip install build twine
-    - name: Build python package
-      run: python -m build
-    - name: Check python package
-      run: twine check dist/*
+        name: python-package-distributions
+        path: dist/
     - name: Publish package distributions to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index d76e42c7..6bdea12d 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -4,6 +4,8 @@ build:
   os: ubuntu-22.04
   tools:
     python: "3.12"
+  apt_packages:
+    - graphviz  # used for "dot" graphs
 sphinx:
   builder: html
   configuration: docs/conf.py
diff --git a/Makefile b/Makefile
index 9622f70d..5313c80a 100644
--- a/Makefile
+++ b/Makefile
@@ -34,44 +34,37 @@ clean-build:
 	@rm -fr dist/
 	@rm -fr *.egg-info
 
-format fmt black:
-	black .
-
-lint ruff:
-	ruff check .
-
 test:
-	tox
+	uvx --with tox-uv tox
 
 bottle:
 	#---------------------------
 	# Library refinitiv/bottle-oauthlib
 	# Contacts: Jonathan.Huot
 	cd bottle-oauthlib 2>/dev/null || git clone https://github.com/refinitiv/bottle-oauthlib.git
-	cd bottle-oauthlib && sed -i.old 's,deps =,deps= --editable=file://{toxinidir}/../,' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && tox
+	cd bottle-oauthlib && sed -i.old 's,deps =,deps= --editable=file://{toxinidir}/../,' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && uvx --with tox-uv tox
 
 django:
 	#---------------------------
 	# Library: evonove/django-oauth-toolkit
 	# Contacts: evonove,masci
-	# (note: has tox.ini already)
 	cd django-oauth-toolkit 2>/dev/null || git clone https://github.com/evonove/django-oauth-toolkit.git
-	cd django-oauth-toolkit && sed -i.old 's,deps =,deps= --editable=file://{toxinidir}/../,' tox.ini && tox
+	cd django-oauth-toolkit && sed -i.old 's,deps =,deps= --editable=file://{toxinidir}/../,' tox.ini && uvx --with tox-uv tox
 
 requests:
 	#---------------------------
 	# Library requests/requests-oauthlib
 	# Contacts: ib-lundgren,lukasa
 	cd requests-oauthlib 2>/dev/null || git clone https://github.com/requests/requests-oauthlib.git
-	cd requests-oauthlib && sed -i.old 's,deps=,deps = --editable=file://{toxinidir}/../[signedtoken],' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && tox
+	cd requests-oauthlib && sed -i.old 's,oauthlib.*,--editable=file://{toxinidir}/../../[signedtoken],' requirements.txt && uvx --with tox-uv tox
 
 dance:
 	#---------------------------
 	# Library singingwolfboy/flask-dance
 	# Contacts: singingwolfboy
 	cd flask-dance 2>/dev/null || git clone https://github.com/singingwolfboy/flask-dance.git
-	cd flask-dance && sed -i.old 's,deps=,deps = --editable=file://{toxinidir}/../,' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && tox 
+	cd flask-dance && sed -i.old 's;"oauthlib.*";"oauthlib @ file://'`pwd`'/../";' pyproject.toml && uv venv && uv pip install -e '.[test]' && ./.venv/bin/coverage run -m pytest
 
 .DEFAULT_GOAL := all
 .PHONY: clean test bottle dance django flask requests
-all: lint test bottle dance django flask requests
+all: test bottle dance django flask requests
diff --git a/docs/contributing.rst b/docs/contributing.rst
index 9da1370c..19c08190 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@@ -159,24 +159,22 @@ all versions conveniently at once can be done using `Tox`_.
 
    $ tox
 
-Tox requires you to have `virtualenv`_ installed as well as respective python
-version. We recommend using `pyenv`_ to install those Python versions.
+Tox requires you to have respective python versions. We recommend using `uv`_ to install those Python versions.
 
-We recommend using the latest patch version for each Python version we support and the latest PyPy versions.
-The versions beloew may not be up to date.
 
 .. sourcecode:: bash
 
-   $ pyenv install -l # check which versions you want to use
-   $ pyenv install 3.8.18
-   $ pyenv install 3.11.7
-   $ pyenv install pypy3.10-7.3.13
+   $ uv tool install tox --with tox-uv
+   $ uv python list # check which versions you want to use
+   $ uv python install 3.8 3.9 3.10 3.11 3.12 3.13
+   $ uv python install pypy3
+   $ uvx --with tox-uv tox # that run all tests with all python versions
+
 
 .. _`Tox`: https://tox.readthedocs.io/en/latest/install.html
-.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/installation/
-.. _`pyenv`: https://github.com/pyenv/pyenv
+.. _`uv`: https://docs.astral.sh/uv/#python-versions
 
-Test upstream applications
+Test downstream applications
 -----------------------------------
 
 Remember, OAuthLib is used by several 3rd party projects. If you think you
@@ -186,6 +184,14 @@ submit a breaking change, confirm that other projects builds are not affected.
 
    $ make
 
+Note be sure you are using ``uv`` as explained before with all python versions, including those from downstream libraries, to have all test cases running.
+
+As of 2025, additional downstreams python versions are as below:
+
+.. sourcecode:: bash
+
+   $ uv python install pypy3.10
+
 
 If you add code, add tests!
 --------------------------------------
diff --git a/ruff.toml b/ruff.toml
index ec45dd4b..9dffa813 100644
--- a/ruff.toml
+++ b/ruff.toml
@@ -5,6 +5,7 @@
 
 # When switching from ruff.toml to pyproject.toml, use the section names that
 # start with [tool.ruff
+exclude = ["flask-dance", "requests-oauthlib", "bottle-oauthlib", "django-oauth-toolkit"]
 
 # [tool.ruff]
 lint.select = [