Allow per-package overrides

[adzenith]

This comment discusses a second type of dependency overriding:

Replace the requirement on foo==1.2.3 in bar with foo==4.5.6. With this, you say "While bar wants foo 1.2.3, i have confirmed that it is actually compatible with foo 4.5.6, too". It requires more effort on the user side, but is less risky and gives good errors messages when new requirements on foo are added outside of bar.

The parent ticket was resolved based on the first idea (global overrides) and I didn't see another ticket to track this second idea, which as stated is less risky and could give better error messages. I would love to see this feature!

Thanks! I've been having an amazing time with uv so far.

[hmc-cs-mdrissi]

Supportive of this and hit it today. I have several libraries that depend on library A with various constraints. Most of them have flexible enough constraints that I want them to be used and resolved. A few have constraints that are too tight and I've tested and have confidence it's ok to relax a bit.

I ended up working around this by dropping dependencies I knew I could relax, resolving, then adding them back and adding override. Would be safer experience if I could say this directly.

[charliermarsh]

This might now exist as [[tool.uv.dependency-metadata]]?

https://docs.astral.sh/uv/concepts/resolution/#dependency-metadata

[Kitryn]

ran into this today and not sure if I'm understanding the solution correctly

issue: we have some dependency solders that both anchorpy and solana depend on. solana==0.36.1 depends on solders~=0.23.0, whereas anchorpy==0.20.1 depends on solders~=0.21.0, thus uv fails as expected, but we know (assume...) that anchorpy==0.20.1 in fact can work with solders~=0.23.0

We can solve this with global overrides, but ideally we'd like to do this with per-package overrides as previously mentioned. Tried using [[tool.uv.dependency-metadata]]:

[[tool.uv.dependency-metadata]]
name = "anchorpy"
version = "0.20.1"
requires-dist = ["solders~=0.23.0"]

Is this what the above solution was referring to? Does that mean we have to include anchorpy's entire list of dependencies in this field? Since if we don't, this replaces the entire dependency list of anchorpy with the contents of requires-dist so other dependencies don't get installed

example pyproject.toml:

[project]
name = "test-uv"
version = "0.1.0"
description = "Add your description here"
readme = "README.md"
requires-python = ">=3.12"
dependencies = [
    "solana~=0.36.1",
    "anchorpy~=0.20.0"
]

[[tool.uv.dependency-metadata]]
name = "anchorpy"
version = "0.20.0"
requires-dist = ["solders~=0.23.0"]

Resultant uv.lock snippet:

...
[[manifest.dependency-metadata]]
name = "anchorpy"
version = "0.20.0"
requires-dist = ["solders~=0.23.0"]

[[package]]
name = "anchorpy"
version = "0.20.0"
source = { registry = "https://pypi.org/simple" }
dependencies = [
    { name = "solders" },
]
sdist = { url = "https://files.pythonhosted.org/packages/1b/52/9a2a6a515d5f8aec195c691f26222ef2788f442e867bf3ef6de742b972e2/anchorpy-0.20.0.tar.gz", hash = "sha256:4bb4b558f3d566b23e7438b78b441040a52d980ac573fdf3897600b555d37fd9", size = 48047 }
wheels = [
    { url = "https://files.pythonhosted.org/packages/17/18/9ff75cbcbdcdce7c79daf7932ef26e168e5ba6ddd09b4cc01eb6339c4092/anchorpy-0.20.0-py3-none-any.whl", hash = "sha256:173cfbe9bab0ec0ea2548fc82864077880168dc62270b291192b73bb821bb13c", size = 63048 },
]
...

Also (don't know if related) - if solana was commented out in the pyproject.toml (i.e. single anchorpy dependency with the tool.uv.dependency-metadata field still included, attempting to override solders version), then the resultant uv.lock is as if there's no override (solders==0.21.0 gets installed)

Thanks! uv has been really great in our monorepo.

[rinarakaki]

I want this feature when I know I can safely ignore dependency conflicts.

[Kitryn]

any update on this? thanks