Most active commenters
  • incognito124(4)

←back to thread

uv: An extremely fast Python package and project manager, written in Rust

(github.com)
741 points chirau | 17 comments | 23 Jun 25 16:27 UTC | HN request time: 0.414s | source | bottom
Show context
incognito124 ◴[23 Jun 25 18:17 UTC] No.44358514[source]
uv is almost perfect. my only pet peeve is updating dependencies. sometimes I just want to go "uv, bump all my dependencies to the as latest version as possible while respecting their constraints". I still haven't found an elegant way to do this, but I have written a script that parses pyproject.toml, removes the deps, and invokes `uv add --upgrade` with them.

other than that, it's invaluable to me, with the best features being uvx and PEP 723

replies(4): >>44358537 #>>44358636 #>>44358716 #>>44374060 #
1. jmtulloss ◴[23 Jun 25 18:19 UTC] No.44358537[source]
Does `uv lock —upgrade` not do what you want?
replies(1): >>44358602 #
2. incognito124 ◴[23 Jun 25 18:27 UTC] No.44358602[source]
Unfortunately, no. Only `uv.lock` gets updated, but the dependencies in `pyproject.toml` are frozen at their original constraints.

What I want is, if my project depends on `package1==0.4.0` and there are new versions of package1, for uv to try install the newer version. and to do that for a) all the deps, simultaneously, b) without me explicitly stating the dependencies in the command line since they're already written in the pyproject.toml. an `uv refresh` of sorts

replies(5): >>44358700 #>>44358709 #>>44358807 #>>44358867 #>>44358896 #
3. wtallis ◴[23 Jun 25 18:38 UTC] No.44358700[source]
> What I want is, if my project depends on `package1==0.4.0` and there are new version of package1, for uv to try install the newer version.

I think you're just specifying your dependency constraints wrong. What you're asking for is not what the `==` operator is for; you probably want `~=`.

4. Eridrus ◴[23 Jun 25 18:39 UTC] No.44358709[source]
Why not depend on package1>=0.4.0 rather than specifying an explicit version? Then uv will upgrade it to the latest version.

pyproject.toml is meant to encode the actual constraints for when your app will function correctly, not hardcode exact versions, which is what the lockfile is for.

replies(1): >>44360531 #
5. gschizas ◴[23 Jun 25 18:48 UTC] No.44358807[source]
I think what you want is `uv sync --upgrade`
6. petters ◴[23 Jun 25 18:55 UTC] No.44358867[source]
You are writing your project file incorrectly. It's not a lock file
replies(1): >>44359152 #
7. hxtk ◴[23 Jun 25 18:57 UTC] No.44358896[source]
If you specify your constraints in pyproject.toml like this: `package1==0.4.0`; then that is the latest (and only) version satisfying your constraints. Not upgrading is expected behavior, because upgrading would violate constraints.

pyproject.toml’s dependency list specifies compatibility: we expect the program to run with versions that satisfy constraints.

If you want to specify an exact version as a validated configuration for a reproducible build with guaranteed functionality, well, that’s what the lock file is for.

In serious projects, I usually write that dependency section by hand so that I can specify the constraints that match my needs (e.g., what is the earliest version receiving security patches or the earliest version with the functionality I need?). In unserious projects, I’ll leave the constraints off entirely until a breakage is discovered in practice.

If `uv` is adding things with `==` constraints, that’s why upgrades are not occurring, but the solution is to relax the constraints to indicate where you are okay with upgrades happening.

replies(1): >>44359125 #
8. incognito124 ◴[23 Jun 25 19:22 UTC] No.44359125{3}[source]
> ... the solution is to relax the constraints to indicate where you are okay with upgrades happening.

Yeah, that's pretty much what I've been doing with my workaround script. And btw most of my projects are deeply unserious, and I do understand why one should not do that in any other scenario.

Still, I dream of `uv refresh` :D

replies(1): >>44380319 #
9. incognito124 ◴[23 Jun 25 19:25 UTC] No.44359152{3}[source]
I never, ever, write my project file[1]. uv {add,remove} is all I ever use.

[1]: I do sometimes write the title or the description. But never the deps themselves

replies(3): >>44359356 #>>44360378 #>>44380539 #
10. wtallis ◴[23 Jun 25 19:50 UTC] No.44359356{4}[source]
Even using `uv add`, you don't have to limit yourself to declaring exact versions when your intention is to allow newer versions.
11. pests ◴[23 Jun 25 21:33 UTC] No.44360378{4}[source]
You can specify bounds when using uv add:

uv add example>=0.4.0

Then it will update as you are thinking.

12. IshKebab ◴[23 Jun 25 21:51 UTC] No.44360531{3}[source]
Because then you don't get to use the new features in 0.5.0.

Though I do think with Python in particular it's probably better to manually upgrade when needed, rather than opportunistically require the latest, because Python can't handle two versions of the same package in one venv.

replies(1): >>44365231 #
13. lucky_cloud ◴[24 Jun 25 12:03 UTC] No.44365231{4}[source]
Then make your dependency package1>=0.4

https://packaging.python.org/en/latest/specifications/depend...

replies(1): >>44368230 #
14. IshKebab ◴[24 Jun 25 16:52 UTC] No.44368230{5}[source]
> then you don't get to use the new features in 0.5.0.
replies(1): >>44380255 #
15. lucky_cloud ◴[25 Jun 25 18:12 UTC] No.44380255{6}[source]
Yes you do

package1>=0.4.0 means 0.4.0, 0.4.1, 0.4.100, 0.4.100.1 and so on

package1>=0.4 includes the above plus 0.5.0, 0.5.1, 0.6.0, 0.100.0 and so on

16. collinmanderson ◴[25 Jun 25 18:18 UTC] No.44380319{4}[source]
There's an open issue for "Upgrade dependencies in pyproject.toml (uv upgrade)":

https://github.com/astral-sh/uv/issues/6794

17. petters ◴[25 Jun 25 18:39 UTC] No.44380539{4}[source]
Whichever method you use, you need to produce a different file that better reflects your intentions