astral-sh · charliermarsh · Dec 29, 2024 · Dec 27, 2024
diff --git a/crates/uv-resolver/src/resolver/mod.rs b/crates/uv-resolver/src/resolver/mod.rs
@@ -621,6 +621,7 @@ impl<InstalledPackages: InstalledPackagesProvider> ResolverState<InstalledPackag
                             &self.indexes,
                             dependencies.clone(),
                             &self.git,
+                            &self.workspace_members,
                             self.selector.resolution_strategy(),
                         )?;
 
@@ -861,6 +862,7 @@ impl<InstalledPackages: InstalledPackagesProvider> ResolverState<InstalledPackag
                     &self.indexes,
                     fork.dependencies.clone(),
                     &self.git,
+                    &self.workspace_members,
                     self.selector.resolution_strategy(),
                 )?;
                 // Emit a request to fetch the metadata for each registry package.
@@ -2498,6 +2500,7 @@ impl ForkState {
         indexes: &Indexes,
         dependencies: Vec<PubGrubDependency>,
         git: &GitResolver,
+        workspace_members: &BTreeSet<PackageName>,
         resolution_strategy: &ResolutionStrategy,
     ) -> Result<(), ResolveError> {
         for dependency in &dependencies {
@@ -2524,12 +2527,15 @@ impl ForkState {
                 }
             }
 
-            if let Some(name) = self.pubgrub.package_store[for_package].name_no_root() {
+            if let Some(name) = self.pubgrub.package_store[for_package]
+                .name_no_root()
+                .filter(|name| !workspace_members.contains(name))
+            {
                 debug!(
                     "Adding transitive dependency for {name}=={for_version}: {package}{version}"
                 );
             } else {
-                // A dependency from the root package or requirements.txt.
+                // A dependency from the root package or `requirements.txt`.
                 debug!("Adding direct dependency: {package}{version}");
 
                 // Warn the user if a direct dependency lacks a lower bound in `--lowest` resolution.

diff --git a/crates/uv/tests/it/lock.rs b/crates/uv/tests/it/lock.rs
@@ -6957,7 +6957,7 @@ fn lock_same_version_multiple_urls() -> Result<()> {
     Ok(())
 }
 
-/// When locking with `--resolution-mode=lowest`, we shouldn't warn on unbounded direct
+/// When locking with `--resolution-mode=lowest`, we should warn on unbounded direct
 /// dependencies.
 #[test]
 fn lock_unsafe_lowest() -> Result<()> {
@@ -6988,6 +6988,7 @@ fn lock_unsafe_lowest() -> Result<()> {
     ----- stdout -----
 
     ----- stderr -----
+    warning: The direct dependency `iniconfig` is unpinned. Consider setting a lower bound when using `--resolution lowest` to avoid using outdated versions.
     Resolved 2 packages in [TIME]
     "###);
 
@@ -14860,7 +14861,7 @@ fn lock_explicit_default_index() -> Result<()> {
     DEBUG Solving with target Python version: >=3.12
     DEBUG Adding direct dependency: project*
     DEBUG Searching for a compatible version of project @ file://[TEMP_DIR]/ (*)
-    DEBUG Adding transitive dependency for project==0.1.0: anyio*
+    DEBUG Adding direct dependency: anyio*
     DEBUG Searching for a compatible version of anyio (*)
     DEBUG No compatible version found for: anyio
     DEBUG Recording unit propagation conflict of anyio from incompatibility of (project)