Update pip compatibility guide to note transitive URL dependency support #8081
Conversation
| constraint, override, or transitive dependency. | ||
| If uv rejects a transitive URL dependency, the best course of action is to provide the URL | ||
| dependency as a direct dependency in the relevant `pyproject.toml` or `requirement.in` file, as the | ||
| above constraints do not apply to direct dependencies. |
There was a problem hiding this comment.
When reading the original text and this version, it sounds (to me) like you are suggesting a workaround of adding the URL dependency to your pyproject.toml or requirements.in (in the case that you depend on registry package A which depends on package B with a URL dependency). Rather, I think the advice is to add the URL dependency directly to package A in that scenario. Would phrasing like this be more clear?
If uv rejects a transitive URL dependency in a package from a registry, the best course of action is to provide the URL dependency as a direct dependency in the
pyproject.tomlorrequirement.infile of the registry package, as the above constraints do not apply to direct dependencies.
Maybe it is a little clunky, but I definitely spent a few hours thinking I could just add the transitive URL dependency as a direct dependency in my package and that would satisfy uv.
There was a problem hiding this comment.
If you depend on a package A from the registry, which lists package B as a direct URL dependency (e.g., B @ https://...), adding package B to your pyproject.toml will work. That's the recommended solution. Something like:
[project]
dependencies = ["A", "B @ https://..."]There was a problem hiding this comment.
Ah, sorry -- I'm talking about one more layer of redirection. Say I'm writing a script with inline metadata. The script depends on registry package A. Registry package A depends on registry package B. In package B's pyproject.toml is a URL dependency. Adding that URL dependency directly to the inline metadata of a script will not satisfy uv run. I'm not sure there is a solution. Is there?
There was a problem hiding this comment.
I would actually still expect that to work. Are you running into a failure there? The way to think about it is: it's actually fine if registry packages depend on URL dependencies, but uv has to know about all possible URL dependencies upfront.
There was a problem hiding this comment.
If I run without adding the URL dependency, I get:
error: Package `openeye-toolkits-python3-osx-universal` attempted to resolve via URL: https://pypi.anaconda.org/openeye/simple/openeye-toolkits-python3-osx-universal/2023.1.1/OpenEye-toolkits-python3-osx-universal-2023.1.1.tar.gz. URL dependencies must be expressed as direct requirements or constraints....
If I add openeye-toolkits-python3-osx-universal @ https://... to my script metadata, I then see:
error: No `project` table found in: `/Volumes/xxx/pyproject.toml
If I use uv run --no-project I still see the same thing, confusingly.
❯ uv run tmp.py --no-project
error: No `project` table found in: `/Volumes/xxx/pyproject.toml`
(.venv)
The script metadata looks like this:
# /// script
# requires-python = ">=3.10"
# dependencies = [
# "package-hosted-on-internal-registry==3.3.0",
# "openeye-toolkits-python3-osx-universal @ https://pypi.anaconda.org/openeye/simple/openeye-toolkits-python3-osx-universal/2023.1.1/OpenEye-toolkits-python3-osx-universal-2023.1.1.tar.gz"
# ]
# ///
There was a problem hiding this comment.
I think you need to put the no-project flag before the filename, not after. Otherwise, it’s treated as an argument to the Python call.
There was a problem hiding this comment.
Ah! Great, thanks.
This comment of yours really helped:
The way to think about it is: it's actually fine if registry packages depend on URL dependencies, but uv has to know about all possible URL dependencies upfront.
And maybe some form could be put into the documentation.
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.4.20` -> `0.4.21` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.4.21`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0421) [Compare Source](astral-sh/uv@0.4.20...0.4.21) ##### Enhancements - Add support for managed installations of free-threaded Python ([#​8100](astral-sh/uv#8100)) - Add note about `uvx` to `uv tool run` short help ([#​7695](astral-sh/uv#7695)) - Enable HTTP/2 requests ([#​8049](astral-sh/uv#8049)) - Support `uv tree --no-dev` ([#​8109](astral-sh/uv#8109)) - Support PEP 723 metadata with `uv run -` ([#​8111](astral-sh/uv#8111)) - Support `pip install --exact` ([#​8044](astral-sh/uv#8044)) - Support `uv export --no-header` ([#​8096](astral-sh/uv#8096)) - ADd Python 3.13 images to Docker publish ([#​8105](astral-sh/uv#8105)) - Support remote (`https://`) scripts in `uv run` ([#​6375](astral-sh/uv#6375)) - Allow comma value-delimited arguments in `uv run --with` ([#​7909](astral-sh/uv#7909)) ##### Configuration - Support wildcards in `UV_INSECURE_HOST` ([#​8052](astral-sh/uv#8052)) ##### Performance - Use shared index when fetching metadata in lock satisfaction routine ([#​8147](astral-sh/uv#8147)) ##### Bug fixes - Add prerelease compatibility check to `uv python` CLI ([#​8020](astral-sh/uv#8020)) - Avoid deleting a project environment directory if we cannot tell if a `pyvenv.cfg` file exists ([#​8012](astral-sh/uv#8012)) - Avoid excluding valid wheels for exact `requires-python` bounds ([#​8140](astral-sh/uv#8140)) - Bump `netrc` crate to latest commit ([#​8021](astral-sh/uv#8021)) - Fix `uv python pin 3.13t` failure when parsing version for project requires check ([#​8056](astral-sh/uv#8056)) - Fix handling of != intersections in `requires-python` ([#​7897](astral-sh/uv#7897)) - Remove the newly created tool environment if sync failed ([#​8038](astral-sh/uv#8038)) - Respect dynamic extras in `uv lock` and `uv sync` ([#​8091](astral-sh/uv#8091)) - Treat resolver failures as fatal in lockfile validation ([#​8083](astral-sh/uv#8083)) - Use `git config --get` for author information for improved backwards compatibility ([#​8101](astral-sh/uv#8101)) - Use comma-separated values for `UV_FIND_LINKS` ([#​8061](astral-sh/uv#8061)) - Use shared resolver state between add and lock to avoid double Git update ([#​8146](astral-sh/uv#8146)) - Make `--relocatable` entrypoints robust to symlinking ([#​8079](astral-sh/uv#8079)) - Improve compatibility with VSCode PS1 prompt ([#​8006](astral-sh/uv#8006)) - Fix "Stream did not contain valid UTF-8" failures in Windows ([#​8120](astral-sh/uv#8120)) - Use `--with-requirements` in `uvx` error hint ([#​8112](astral-sh/uv#8112)) ##### Documentation - Include `uvx` installation in Docker examples ([#​8179](astral-sh/uv#8179)) - Make the instructions for the Windows standalone installer consistent across README and documentation ([#​8125](astral-sh/uv#8125)) - Update pip compatibility guide to note transitive URL dependency support ([#​8081](astral-sh/uv#8081)) - Document `--reinstall` with `--exclude-newer` to ensure downgrades ([#​6721](astral-sh/uv#6721)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Summary
Closes #8080.