Skip to content

[uv] Compatible-release version specifier is not applied properly #13707

New issue
New issue
Open
Open
[uv] Compatible-release version specifier is not applied properly#13707
Assignees
a-schur
Labels
L: pythonL: python:uvT: bug 🐞Something isn't working
@David-Guillot

Description

@David-Guillot
David-Guillot
opened on Dec 4, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

uv

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

You can see it at https://github.com/betagouv/aides-agri/blob/9b98a62f629f128641afbfb3cc78b0957086315c/pyproject.toml:

[project]
requires-python = ">=3.13"
name = "aides-agri"
version = "0.1.0"
dependencies = [
  "beautifulsoup4 ~=4.13",
  "django ~=5.2",
  "django-admin-extra-buttons ~=2.1",
  "django-anymail[brevo] ~=13.0",
  "django-csp ~=4.0",
  "django-dsfr ~=3.2",
  "django-pgtrigger ~=4.15",
  "django-reversion ~=6.0",
  "django-tasks ~=0.6",
  "django-htmx ~=1.23",
  "django-two-factor-auth[phonenumberslite] ~=1.17",
  "dj-importmap ~=1.0",
  "gunicorn ~=23.0",
  "markdown ~=3.8",
  "markdown-grid-tables ~=0.6",
  "markdownify ~=1.1",
  "mjml-python ~=1.3",
  "psycopg[binary] ~=3.0",
  "qrcode ~=7.4",
  "requests ~=2.32",
  "sentry-sdk[django] ~=2.26",
  "whitenoise ~=6.8",
]

[dependency-groups]
dev = [
  "djade",
  "django-browser-reload",
  "django-debug-toolbar ~=5.2.0,<6",
  "ruff",
  "pytest",
  "pytest-cov",
  "pytest-django",
  "pytest-factoryboy",
  "requests-mock",
]

[tool.coverage.run]
omit = ["**/tests/*"]

[tool.coverage.report]
show_missing = true

dependabot.yml content

You can see it at https://github.com/betagouv/aides-agri/blob/9b98a62f629f128641afbfb3cc78b0957086315c/.github/dependabot.yml:

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2
updates:
  - package-ecosystem: "uv" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"

Updated dependency

As you can see, the django dependency is constrained to ~=5.2. Nonetheless it was upgraded from 5.2.9 to 6.0.

What you expected to see, versus what you actually saw

Expected behavior: django should not be upgraded
Actual behavior: django is upgraded to 6.0.0

Native package manager behavior

Neither uv lock --upgrade nor uv lock --upgrade-package django generate any bump of that dependency.

Images of the diff or a link to the PR, issue, or logs

betagouv/aides-agri#287

Smallest manifest that reproduces the issue

[project]
requires-python = ">=3.13"
name = "whatever"
version = "0.1.0"
dependencies = [
  "django ~=5.2",
]

Metadata

Metadata

Assignees

Labels

L: pythonL: python:uvT: bug 🐞Something isn't working

Type

No type

Projects

Dependabot

Status

No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions