Suggestion
Add rules to check that:
- Each required dependency has a minimum allowed version
- Each optional dependency has a minimum allowed version
- Each dependency group dependency has a minimum allowed version
Motivation
Specifying the minimum allowed version of dependencies is a really helpful practice, though it's somewhat common for packages to not specify the minimum versions of its dependencies (for example, in the scientific pythoniverse).
The lowest and lowest-direct resolution strategies of uv solve for an environment with the lowest allowed versions of all dependencies and direct dependencies, respectively.
I've found the lowest resolution strategy to be fraught with peril since, in practice, it requires that all indirect dependencies list a minimum allowed version for each of their dependencies. If not, then some packages will be installed with their first release on PyPI (like v0.0.0.1 😅) which often is missing critical features.
Alternative possibilities
It would be great to have an autofix, though I'd propose including it in uv (e.g., astral-sh/uv#7515) since it would likely require querying PyPI.
Gratitude
Thank you to everyone for creating a wonderful package!
Suggestion
Add rules to check that:
Motivation
Specifying the minimum allowed version of dependencies is a really helpful practice, though it's somewhat common for packages to not specify the minimum versions of its dependencies (for example, in the scientific pythoniverse).
The
lowestandlowest-directresolution strategies of uv solve for an environment with the lowest allowed versions of all dependencies and direct dependencies, respectively.I've found the
lowestresolution strategy to be fraught with peril since, in practice, it requires that all indirect dependencies list a minimum allowed version for each of their dependencies. If not, then some packages will be installed with their first release on PyPI (likev0.0.0.1😅) which often is missing critical features.Alternative possibilities
It would be great to have an autofix, though I'd propose including it in uv (e.g., astral-sh/uv#7515) since it would likely require querying PyPI.
Gratitude
Thank you to everyone for creating a wonderful package!