uv seems to incorrectly match local versions on triple-equals

[geofft]

Summary

From https://packaging.python.org/en/latest/specifications/version-specifiers/#arbitrary-equality :

Arbitrary equality comparisons are simple string equality operations which do not take into account any of the semantic information such as zero padding or local versions. [...]
This operator may also be used to explicitly require an unpatched version of a project such as ===1.0 which would not match for a version 1.0+downstream1.

However, the following test case produces a package and environment with a dependency on dependency===1.0 that is locked to 1.0+downstream1:

#!/bin/bash

set -eux

uv init --lib dependency
cd dependency
uv version 1.0
uv build
uv version 1.0+downstream1
uv build
cd ..
uv init consumer
cd consumer
uv add ../dependency/dist/dependency-1.0-py3-none-any.whl
uv add ../dependency/dist/dependency-1.0+downstream1-py3-none-any.whl
uv add dependency===1.0
cat pyproject.toml
cat uv.lock

I think the code appears to handle the ExactEqual case right, so I'm not totally sure what's wrong. Linking #8797 which implemented local version handling.

Platform

Ubuntu 24.04, x86_64

Version

uv 0.8.4

Python version

3.13.3

[zanieb]

As a note, it seems dubious that this is worth prioritizing.

[notatallshaw]

uv is incorrect here but only on a "may", and more importantly:

The primary use case for arbitrary equality is to allow for specifying a version which cannot otherwise be represented by this specification. This operator is special and acts as an escape hatch to allow someone using a tool which implements this specification to still install a legacy version which is otherwise incompatible with this specification.

This is increasingly less relevant, as almost all tools now only accept valid version numbers.