Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn when there are missing bounds on transitive deps in lowest #5953

Merged
merged 3 commits into from
Aug 9, 2024
Merged

Warn when there are missing bounds on transitive deps in lowest #5953

merged 3 commits into from
Aug 9, 2024

Conversation

konstin
Copy link
Member

@konstin konstin commented Aug 9, 2024

Warn when there are missing bounds on transitive dependencies with --resolution lowest.

Implemented as a lazy resolution graph check. Dev deps are odd because they are missing the edge from the root that extras have (they are currently orphans in the resolution graph), but this is more complex to solve properly because we can put dev dep information in a Requirement so i special cased them here.

Closes #2797
Should help with #1718

@konstin konstin added the enhancement New feature or request label Aug 9, 2024
ibraheemdev
ibraheemdev approved these changes Aug 9, 2024
View reviewed changes
crates/uv-resolver/src/resolution/graph.rs Outdated Show resolved Hide resolved
zanieb
zanieb reviewed Aug 9, 2024
View reviewed changes
crates/uv/tests/lock.rs Outdated
----- stderr -----
warning: `uv lock` is experimental and may change without warning
Resolved 6 packages in [TIME]
warning: The transitive dependency `packaging` is unpinned. Consider setting a lower bound when using `--resolution-strategy lowest` to avoid using outdated versions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we should say "Consider adding a lower bound with a constraint when using...".

Do we have a version we could use in a hint? Or is that impossible?

konstin and others added 3 commits August 9, 2024 19:44
@konstin
Warn when there are missing bounds on transitive deps in lowest
62b3d37 
Warn when there are missing bounds on transitive dependencies with `--resolution lowest`.

Implemented as a lazy resolution graph check. Dev deps are odd because they are missing the edge from the root that extras have, but this is more complex because we can put dev dep information in a `Requirement` so i special cased them here.

Closes #2797
Should help with #1718
@konstin @ibraheemdev
Update crates/uv-resolver/src/resolution/graph.rs
2bec34b 
Co-authored-by: Ibraheem Ahmed <ibraheem@ibraheem.ca>
@konstin
Update message
45ce5bb
@konstin konstin force-pushed the konsti/warn-unbound-indirect-deps branch from 3b50dc6 to 45ce5bb Compare August 9, 2024 17:48
@konstin konstin enabled auto-merge (squash) August 9, 2024 17:48
@konstin konstin merged commit a129cf7 into main Aug 9, 2024
56 checks passed
@konstin konstin deleted the konsti/warn-unbound-indirect-deps branch August 9, 2024 17:55
zanieb pushed a commit that referenced this pull request Aug 9, 2024
@konstin @ibraheemdev @zanieb
Warn when there are missing bounds on transitive deps in lowest (#5953)
03d0e95 
Warn when there are missing bounds on transitive dependencies with
`--resolution lowest`.

Implemented as a lazy resolution graph check. Dev deps are odd because
they are missing the edge from the root that extras have (they are
currently orphans in the resolution graph), but this is more complex to
solve properly because we can put dev dep information in a `Requirement`
so i special cased them here.

Closes #2797
Should help with #1718

---------

Co-authored-by: Ibraheem Ahmed <ibraheem@ibraheem.ca>
@BrewTestBot BrewTestBot mentioned this pull request Aug 10, 2024
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Aug 10, 2024
@tmeijn
build(deps): update astral-sh/uv to v0.2.35
8aff83d 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.2.33` -> `0.2.35` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.2.35`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0235)

[Compare Source](astral-sh/uv@0.2.34...0.2.35)

##### CLI

-   Deprecate `--system` and `--no-system` in `uv venv` ([#&#8203;5925](astral-sh/uv#5925))
-   Make `--upgrade` imply `--refresh` ([#&#8203;5943](astral-sh/uv#5943))
-   Warn when there are missing bounds on transitive dependencies with `--resolution-strategy lowest` ([#&#8203;5953](astral-sh/uv#5953))

##### Configuration

-   Add support for `no-build-isolation-package` ([#&#8203;5894](astral-sh/uv#5894))

##### Performance

-   Enable LTO optimizations in release builds to reduce binary size ([#&#8203;5904](astral-sh/uv#5904))
-   Prefetch metadata in `--no-deps` mode ([#&#8203;5918](astral-sh/uv#5918))

##### Bug fixes

-   Display portable paths in POSIX virtual environment activation commands ([#&#8203;5956](astral-sh/uv#5956))
-   Respect subdirectories when locating Git workspaces ([#&#8203;5944](astral-sh/uv#5944))

##### Documentation

-   Improve the `uv venv` CLI documentation ([#&#8203;5963](astral-sh/uv#5963))

### [`v0.2.34`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0234)

[Compare Source](astral-sh/uv@0.2.33...0.2.34)

##### Enhancements

-   Always strip in release mode ([#&#8203;5745](astral-sh/uv#5745))
-   Assume `git+` prefix when URLs end in `.git` ([#&#8203;5868](astral-sh/uv#5868))
-   Support build constraints ([#&#8203;5639](astral-sh/uv#5639))

##### CLI

-   Create help sections for build, install, resolve, and index ([#&#8203;5693](astral-sh/uv#5693))
-   Improve CLI documentation for global options ([#&#8203;5834](astral-sh/uv#5834))
-   Improve `--python` CLI documentation ([#&#8203;5869](astral-sh/uv#5869))
-   Improve display order of top-level commands ([#&#8203;5830](astral-sh/uv#5830))

##### Bug fixes

-   Allow downloading wheels for metadata with `--no-binary` ([#&#8203;5707](astral-sh/uv#5707))
-   Reject `pyproject.toml` in `--config-file` ([#&#8203;5842](astral-sh/uv#5842))
-   Remove double-proxy nodes in error reporting ([#&#8203;5738](astral-sh/uv#5738))
-   Respect pre-release preferences from input files ([#&#8203;5736](astral-sh/uv#5736))
-   Support overlapping local and non-local requirements in forks ([#&#8203;5812](astral-sh/uv#5812))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zanieb zanieb zanieb left review comments

@ibraheemdev ibraheemdev ibraheemdev approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add warning for packages without lower bound with --resolution=lowest
3 participants
@konstin @zanieb @ibraheemdev