Open charliermarsh opened 1 month ago
I'm looking into this now.
There are two parts to this:
I am working on (1). It's not totally trivial, we currently defer that extraction to the resolver.
There are several things that make (2) hard:
@ibraheemdev and I discussed this in Discord. A summary:
There's something confusing in https://github.com/astral-sh/uv/issues/3925 though... In the lockfile, we don't actually store the version constraints, we just store the locked version. That might be fine? But if we translate that back to a requirement, we will have to translate to an ==
requirement. I haven't thought through the implications of that.
To add more motivation here: When running uv lock
transformers with all extras with a fitting lock, we take 100ms on main, but 60ms with https://github.com/astral-sh/uv/pull/4495.
One thing we lose by doing this is the check for yanked releases, those versions that are part of the lock file but have yanked since.
As long as the lockfile satisfies the requirements, we should accept it (even if dependencies are outdated). Updating the lockfile should be done via
uv update
oruv lock
or comparable.