-
Notifications
You must be signed in to change notification settings - Fork 773
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tracking issue: Stabilize uv.lock
format
#4893
Comments
it could use version = 1
source = { registry = "https://pypi.org/simple" }
# or:
# source.registry = "https://pypi.org/simple"
[[distribution]]
name = "a"
version = "0.1.0"
sdist = { url = "https://example.com", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3", size = 0 }
[[distribution]]
name = "a"
version = "0.1.1"
sdist = { url = "https://example.com", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3", size = 0 }
[[distribution]]
name = "b"
version = "0.1.0"
source = { editable = "path/to/dir" }
Idk, but I expected
I vote to don't change it, or |
This is nitpicking semantics but I think |
uv.lock
formatuv.lock
format
Can we have an option to exclude |
@tinovyatkin we're planning on redacting credentials from the lockfile (see #5119), is that going to be sufficient or is there more to your use-case? |
Unfortunately in our case we are using "authentication proxies" on developers machines (so address starts like Can |
Currently, we're repeating the same `source` line for every package, so the lockfiles have a lot of: ```toml source = { registry = "https://pypi.org/simple" } ``` This PR introduces a top level `default-source` entry set to the default index URL, if any. When the source matches, we don't repeat the `source` entry. This reduces the number of lines in `uv.lock` noticeably across the board: * A small data science project: 421 -> 394 * A small bot: 455 -> 426 * Transformers: 5683 -> 5419 * Warehouse: 4632 -> 4306 * Airflow: 2709 -> 2576 Caveat: We don't have good multi-index coverage (#5882). 3/3 for #4893
There are three options that determine resolver behavior: * resolution mode * prerelease mode * exclude newer They are different from the other top level options: If they mismatch, we recreate the resolution. To distinguish them from the rest of the lockfile, we group them under an `[options]` header. 1/3 for #4893
Currently, we're repeating the same `source` line for every package, so the lockfiles have a lot of: ```toml source = { registry = "https://pypi.org/simple" } ``` This PR introduces a top level `default-source` entry set to the default index URL, if any. When the source matches, we don't repeat the `source` entry. This reduces the number of lines in `uv.lock` noticeably across the board: * A small data science project: 421 -> 394 * A small bot: 455 -> 426 * Transformers: 5683 -> 5419 * Warehouse: 4632 -> 4306 * Airflow: 2709 -> 2576 Caveat: We don't have good multi-index coverage (#5882). 3/3 for #4893
Currently, we're repeating the same `source` line for every package, so the lockfiles have a lot of: ```toml source = { registry = "https://pypi.org/simple" } ``` This PR introduces a top level `default-source` entry set to the default index URL, if any. When the source matches, we don't repeat the `source` entry. This reduces the number of lines in `uv.lock` noticeably across the board: * A small data science project: 421 -> 394 * A small bot: 455 -> 426 * Transformers: 5683 -> 5419 * Warehouse: 4632 -> 4306 * Airflow: 2709 -> 2576 Caveat: We don't have good multi-index coverage (#5882). 3/3 for #4893
Currently, we're repeating the same `source` line for every package, so the lockfiles have a lot of: ```toml source = { registry = "https://pypi.org/simple" } ``` This PR introduces a top level `default-source` entry set to the default index URL, if any. When the source matches, we don't repeat the `source` entry. This reduces the number of lines in `uv.lock` noticeably across the board: * A small data science project: 421 -> 394 * A small bot: 455 -> 426 * Transformers: 5683 -> 5419 * Warehouse: 4632 -> 4306 * Airflow: 2709 -> 2576 Caveat: We don't have good multi-index coverage (#5882). 3/3 for #4893
Currently, the entry for a package+version+source table is called `distribution`. That is incorrect, the `sdist` and `wheel` fields inside of that table are distributions, the table itself is for a package. We also align ourselves closer with PEP 751. I went through `lock.rs` and renamed all occurrences of "distribution" that actually referred to a "package". This change invalidates all existing lockfiles. Bikeshedding: Do we call it `package` or `packages`? See also python/peps#3877 `package` is nice because it looks like a header: ```toml [[package]] name = "anyio" version = "4.3.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "idna" }, { name = "sniffio" }, ] sdist = { url = "https://files.pythonhosted.org/packages/db/4d/3970183622f0330d3c23d9b8a5f52e365e50381fd484d08e3285104333d3/anyio-4.3.0.tar.gz", hash = "sha256:f75253795a87df48568485fd18cdd2a3fa5c4f7c5be8e5e36637733fce06fed6", size = 159642 } wheels = [ { url = "https://files.pythonhosted.org/packages/14/fd/2f20c40b45e4fb4324834aea24bd4afdf1143390242c0b33774da0e2e34f/anyio-4.3.0-py3-none-any.whl", hash = "sha256:048e05d0f6caeed70d731f3db756d35dcc1f35747c8c403364a8332c630441b8", size = 85584 }, ] ``` `packages` is nice because the field is not a single entry, but a list. 2/3 for #4893 --------- Co-authored-by: Charlie Marsh <charlie.r.marsh@gmail.com>
We have the format ready for the release. |
This is a tracking issue for making breaking changes the schema and contents of
uv.lock
before the release.dependencies
beforesdist
in lockfile #4889source
line? The lockfile is long and should try to get it as small as possible without sacrificing readability and diffability.The text was updated successfully, but these errors were encountered: