Skip to content

Fix: Prevent matching package names starting with 'uv' in dependency parsing #490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix: Prevent matching package names starting with 'uv' in dependency parsing #490

wants to merge 1 commit into from
+2 −2

Conversation

phpmypython
Copy link

@phpmypython phpmypython commented Jul 17, 2025
edited by eifinger
Loading

Summary

This PR fixes a bug introduced in #486 where packages starting with 'uv' (like 'uvicorn', 'uvloop') were incorrectly being parsed as uv version specifications.

The Problem

The current code uses dep.startsWith("uv") which matches any package name starting with 'uv', not just the 'uv' package itself. This causes:

  • uvicorn==0.35.0 to be parsed as icorn==0.35.0
  • uvloop==0.19.0 to be parsed as loop==0.19.0
  • Any other package starting with 'uv' to be incorrectly interpreted

The Solution

Changed the matching logic to only match dependencies that start with 'uv' followed immediately by a version specifier character (=, <, >, ~, \!):

// Before
.find((dep: string) => dep.startsWith("uv"))

// After  
.find((dep: string) => dep.match(/^uv[=<>~\!]/))

This ensures we only match actual 'uv' package specifications like:

  • uv==0.35.0
  • uv>=0.35.0
  • uv~=0.35.0

And correctly ignores other packages:

  • uvicorn==0.35.0
  • uvloop==0.19.0
  • uv-tool==1.0.0

Testing

The existing test with uv==0.6.17 continues to work correctly. This fix prevents false positives from other packages.

Fixes the issue reported where GitHub Actions were failing with:

Found version for uv in /path/to/pyproject.toml: icorn==0.35.0
No version found for icorn==0.35.0

Fixes: #489

@phpmypython
fix: prevent matching package names starting with 'uv' in dependency …
5a9b0f0 
…parsing

The previous regex would match any package starting with 'uv' (like 'uvicorn', 'uvloop', etc.) and incorrectly parse them as uv version specifications. This fix ensures we only match the actual 'uv' package by requiring a version specifier character immediately after 'uv'.

Fixes the issue where 'uvicorn==0.35.0' was being parsed as 'icorn==0.35.0'.
@phpmypython phpmypython requested a review from eifinger as a code owner July 17, 2025 20:45
@phpmypython phpmypython mentioned this pull request Jul 17, 2025
Closed
hagemt
hagemt approved these changes Jul 17, 2025
View reviewed changes
Copy link

@hagemt hagemt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My approval probably doesn't count enough, but I support this change.

@eifinger
Copy link
Collaborator

Thank you for the fast and the thourough explanation. To have a faster release I adapted your changes in #492 with the correct formatting etc.

@eifinger eifinger closed this Jul 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hagemt hagemt hagemt approved these changes

@milindsai milindsai milindsai approved these changes

@kenny-sojiai kenny-sojiai kenny-sojiai approved these changes

@eifinger eifinger Awaiting requested review from eifinger eifinger is a code owner

Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Uvicorn falsely parsed as uv with version icorn
5 participants
@phpmypython @eifinger @hagemt @milindsai @kenny-sojiai