uv: An extremely fast Python package and project manager, written in Rust

(github.com)

740 points chirau | 1 comments | 23 Jun 25 16:27 UTC | HN request time: 0.358s | source

Show context

incognito124 ◴[23 Jun 25 18:17 UTC] No.44358514[source]▶

uv is almost perfect. my only pet peeve is updating dependencies. sometimes I just want to go "uv, bump all my dependencies to the as latest version as possible while respecting their constraints". I still haven't found an elegant way to do this, but I have written a script that parses pyproject.toml, removes the deps, and invokes `uv add --upgrade` with them.

other than that, it's invaluable to me, with the best features being uvx and PEP 723

replies(4): >>44358537 #>>44358636 #>>44358716 #>>44374060 #

jmtulloss ◴[23 Jun 25 18:19 UTC] No.44358537[source]▶

>>44358514 #

Does `uv lock —upgrade` not do what you want?

replies(1): >>44358602 #

incognito124 ◴[23 Jun 25 18:27 UTC] No.44358602[source]▶

>>44358537 #

Unfortunately, no. Only `uv.lock` gets updated, but the dependencies in `pyproject.toml` are frozen at their original constraints.

What I want is, if my project depends on `package1==0.4.0` and there are new versions of package1, for uv to try install the newer version. and to do that for a) all the deps, simultaneously, b) without me explicitly stating the dependencies in the command line since they're already written in the pyproject.toml. an `uv refresh` of sorts

replies(5): >>44358700 #>>44358709 #>>44358807 #>>44358867 #>>44358896 #

hxtk ◴[23 Jun 25 18:57 UTC] No.44358896[source]▶

>>44358602 #

If you specify your constraints in pyproject.toml like this: `package1==0.4.0`; then that is the latest (and only) version satisfying your constraints. Not upgrading is expected behavior, because upgrading would violate constraints.

pyproject.toml’s dependency list specifies compatibility: we expect the program to run with versions that satisfy constraints.

If you want to specify an exact version as a validated configuration for a reproducible build with guaranteed functionality, well, that’s what the lock file is for.

In serious projects, I usually write that dependency section by hand so that I can specify the constraints that match my needs (e.g., what is the earliest version receiving security patches or the earliest version with the functionality I need?). In unserious projects, I’ll leave the constraints off entirely until a breakage is discovered in practice.

If `uv` is adding things with `==` constraints, that’s why upgrades are not occurring, but the solution is to relax the constraints to indicate where you are okay with upgrades happening.

replies(1): >>44359125 #

incognito124 ◴[23 Jun 25 19:22 UTC] No.44359125[source]▶

>>44358896 #

> ... the solution is to relax the constraints to indicate where you are okay with upgrades happening.

Yeah, that's pretty much what I've been doing with my workaround script. And btw most of my projects are deeply unserious, and I do understand why one should not do that in any other scenario.

Still, I dream of `uv refresh` :D

replies(1): >>44380319 #

1. collinmanderson ◴[25 Jun 25 18:18 UTC] No.44380319[source]▶

>>44359125 #

There's an open issue for "Upgrade dependencies in pyproject.toml (uv upgrade)":

https://github.com/astral-sh/uv/issues/6794

↑