-
Notifications
You must be signed in to change notification settings - Fork 892
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Normalize specifiers by sorting #6333
Conversation
002ff34
to
cbcd655
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense to me, but as discussed offline, we need to decide how we want to handle changes like this where it could cause a change to the lock file contents. The most annoying manifestation likely occurs when multiple people working on the same project use different versions of uv
to make a change to the lock file. This could result in ping-ponging. Although it's worth saying that this change doesn't impact how lock files are read, so there is a high degree of compatibility.
I'm inclined to merge this as a bug fix, but I think there is a big known unknown here: we have no systematic way at present of measuring the impact of a change like this. For example, if most specifiers are sorted in lock files already, then this has very limited impact and seems okay to merge. On the other hand, if this changed almost every lock file, then that kind of impact would probably demand us to manage it differently.
My sense though, based on the snapshot updates here, is that the impact is much closer to the limited end of the spectrum.
We currently normalize package and extra names and drop the whitespace from version specifiers, but we were not normalizing the order of the specifiers. By sorting them we match the behavior of `packaging` and become independent of build backends reordering specifiers (#6332). Surprisingly, the snapshot diff isn't large - most people were already writing sorted specifiers. Still, this will lead to observable differences in lockfiles between releases.
cbcd655
to
f82baf4
Compare
I've confirmed that |
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.4.0` -> `0.4.4` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.4.4`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#044) [Compare Source](astral-sh/uv@0.4.3...0.4.4) ##### Enhancements - Allow customizing the project environment path with `UV_PROJECT_ENVIRONMENT` ([#​6834](astral-sh/uv#6834)) - Warn when `VIRTUAL_ENV` is set but will not be respected in project commands ([#​6864](astral-sh/uv#6864)) - Add `--no-hashes` to `uv export` ([#​6954](astral-sh/uv#6954)) - Make HTTP headers title case for backward compatibility ([#​6887](astral-sh/uv#6887)) - Pin `.python-version` in `uv init` ([#​6869](astral-sh/uv#6869)) - Support `file://` URLs for `UV_PYTHON_INSTALL_MIRROR` ([#​6950](astral-sh/uv#6950)) - Introduce more docker tags for uv ([#​6053](astral-sh/uv#6053)) ##### Bug fixes - Avoid canonicalizing the cache directory ([#​6949](astral-sh/uv#6949)) - Show all PyPy versions in `uv python list --all-versions` ([#​6917](astral-sh/uv#6917)) - Avoid incorrect `requires-python` marker simplifications ([#​6268](astral-sh/uv#6268)) ##### Documentation - Add documentation for `UV_PROJECT_ENVIRONMENT` ([#​6987](astral-sh/uv#6987)) - Add optional dependencies section to the lockfile document ([#​6982](astral-sh/uv#6982)) - Document use of the `file://` scheme in Python installation mirrors ([#​6984](astral-sh/uv#6984)) - Fix outdated references to the help menu documentation in the first steps page ([#​6980](astral-sh/uv#6980)) - Show env option in CLI reference documentation ([#​6863](astral-sh/uv#6863)) - Add bind mount example to `docker.md` ([#​6921](astral-sh/uv#6921)) ### [`v0.4.3`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#043) [Compare Source](astral-sh/uv@0.4.2...0.4.3) ##### Enhancements - Show build backend output when `--verbose` is provided ([#​6903](astral-sh/uv#6903)) - Allow `uv sync --frozen --package` without copying member `pyproject.toml` ([#​6943](astral-sh/uv#6943)) ##### Bug fixes - Avoid panic with missing temporary directory ([#​6929](astral-sh/uv#6929)) - Avoid updating incorrect dependencies for sorted `uv add` ([#​6939](astral-sh/uv#6939)) - Use lower-bound semantics for all Python compatibility comparisons ([#​6882](astral-sh/uv#6882)) ### [`v0.4.2`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#042) [Compare Source](astral-sh/uv@0.4.1...0.4.2) ##### Enhancements - Adding support for `.pyc` files in `uv run` ([#​6886](astral-sh/uv#6886)) - Treat missing `top_level.txt` as non-fatal ([#​6881](astral-sh/uv#6881)) ##### Bug fixes - Fix `is_disjoint` check for supported environments ([#​6902](astral-sh/uv#6902)) - Remove dangling archives in `uv cache clean ${package}` ([#​6915](astral-sh/uv#6915)) - Error when discovered Python is incompatible with `--isolated` workspace ([#​6885](astral-sh/uv#6885)) - Warn when discovered Python is incompatible with PEP 723 script ([#​6884](astral-sh/uv#6884)) ### [`v0.4.1`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#041) [Compare Source](astral-sh/uv@0.4.0...0.4.1) ##### Enhancements - Add `uv export --format requirements-txt` ([#​6778](astral-sh/uv#6778)) - Allow `@` references in `uv tool install --from` ([#​6842](astral-sh/uv#6842)) - Normalize version specifiers by sorting ([#​6333](astral-sh/uv#6333)) - Respect the user's upper-bound in `requires-python` ([#​6824](astral-sh/uv#6824)) - Use Windows registry to discover Python on Windows directly ([#​6761](astral-sh/uv#6761)) - Hint at `--no-workspace` in `uv init` failures ([#​6815](astral-sh/uv#6815)) - Update to last PyPy releases ([#​6784](astral-sh/uv#6784)) ##### Bug fixes - Avoid deadlocks when multiple uv processes lock resources ([#​6790](astral-sh/uv#6790)) - Expand tildes when matching against `PATH` ([#​6829](astral-sh/uv#6829)) - Fix `uv init --no-project` alias ([#​6837](astral-sh/uv#6837)) - Ignore pre-release segments when discovering via `requires-python` ([#​6813](astral-sh/uv#6813)) - Support inline optional tables in `uv add` and `uv remove` ([#​6787](astral-sh/uv#6787)) - Update default `hello.py` to pass `ruff format` ([#​6811](astral-sh/uv#6811)) - Avoid stripping root for user path display ([#​6865](astral-sh/uv#6865)) - Error when user-provided environments are disjoint with Python ([#​6841](astral-sh/uv#6841)) - Retain alphabetical sorting for `pyproject.toml` in `uv add` operations ([#​6388](astral-sh/uv#6388)))) ##### Documentation - Add a link to the multiple index docs in the alternative index guide ([#​6826](astral-sh/uv#6826)) - Add docs for inline exclude newer in PEP 723 scripts ([#​6831](astral-sh/uv#6831)) - Enumerate available Docker tags ([#​6768](astral-sh/uv#6768)) - Omit `[pip]` section from configuration file docs ([#​6814](astral-sh/uv#6814)) - Update `project.urls` in `pyproject.toml` ([#​6844](astral-sh/uv#6844)) - Add docs for AWS CodeArtifact usage ([#​6816](astral-sh/uv#6816)) ##### Other changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
We currently normalize package and extra names and drop the whitespace from version specifiers, but we were not normalizing the order of the specifiers. By sorting them we match the behavior of
packaging
and become independent of build backends reordering specifiers (#6332).Surprisingly, the snapshot diff isn't large - most people were already writing sorted specifiers. Still, this will lead to observable differences in lockfiles between releases in cases where there are entries in
requires-dist
that were not previously sorted (while the total number ofrequires-dist
is already small compared to the overall lockfile).