Python
/
uv
mirror of https://github.com/astral-sh/uv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
uv/crates/uv-pep508
History
Aria Desires ff9c2c35d7
Support reading dependency-groups from pyproject.tomls with no project (#13742) 
(or legacy tool.uv.workspace).

This cleaves out a dedicated SourcedDependencyGroups type based on
RequiresDist but with only the DependencyGroup handling implemented.
This allows `uv pip` to read `dependency-groups` from pyproject.tomls
that only have that table defined, per PEP 735, and as implemented by
`pip`.

However we want our implementation to respect various uv features when
they're available:

* `tool.uv.sources`
* `tool.uv.index`
* `tool.uv.dependency-groups.mygroup.requires-python` (#13735)

As such we want to opportunistically detect "as much as possible" while
doing as little as possible when things are missing. The issue with the
old RequiresDist path was that it fundamentally wanted to build the
package, and if `[project]` was missing it would try to desperately run
setuptools on the pyproject.toml to try to find metadata and make a hash
of things.

At the same time, the old code also put in a lot of effort to try to
pretend that `uv pip` dependency-groups worked like `uv`
dependency-groups with defaults and non-only semantics, only to separate
them back out again. By explicitly separating them out, we confidently
get the expected behaviour.

Note that dependency-group support is still included in RequiresDist, as
some `uv` paths still use it. It's unclear to me if those paths want
this same treatment -- for now I conclude no.

Fixes #13138
 		2025-06-13 22:16:48 +00:00
..
src Support reading dependency-groups from pyproject.tomls with no project (#13742) 2025-06-13 22:16:48 +00:00
Cargo.toml Add `DisplaySafeUrl` newtype to prevent leaking of credentials by default (#13560) 2025-05-27 00:05:30 +02:00
Changelog.md Add `uv-` prefix to all internal crates (#7853) 2024-10-01 20:15:32 -04:00
License-Apache Add `uv-` prefix to all internal crates (#7853) 2024-10-01 20:15:32 -04:00
License-BSD Add `uv-` prefix to all internal crates (#7853) 2024-10-01 20:15:32 -04:00
Readme.md Use consistent commas around i.e. and e.g. (#12157) 2025-03-13 23:42:10 +00:00

Readme.md

Dependency specifiers (PEP 508) in Rust

Crates.io PyPI

A library for dependency specifiers, previously known as PEP 508.

Usage

use std::str::FromStr;
use pep508_rs::Requirement;

let marker = r#"requests [security,tests] >= 2.8.1, == 2.8.* ; python_version > "3.8""#;
let dependency_specification = Requirement::from_str(marker).unwrap();
assert_eq!(dependency_specification.name, "requests");
assert_eq!(dependency_specification.extras, Some(vec!["security".to_string(), "tests".to_string()]));

Markers

Markers allow you to install dependencies only in specific environments (python version, operating system, architecture, etc.) or when a specific feature is activated. E.g., you can say importlib-metadata ; python_version < "3.8" or itsdangerous (>=1.1.0) ; extra == 'security'. Unfortunately, the marker grammar has some oversights (e.g. https://github.com/pypa/packaging.python.org/pull/1181) and the design of comparisons (PEP 440 comparisons with lexicographic fallback) leads to confusing outcomes. This implementation tries to carefully validate everything and emit warnings whenever bogus comparisons with unintended semantics are made.