Normalize index URLs to remove trailing slash #14245
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jtfmumm
force-pushed
the
jtfm/normalize-index-url-trailing-slash
branch
from
644f360 to
89f7c18
Compare
jtfmumm
force-pushed
the
jtfm/normalize-index-url-trailing-slash
branch
from
89f7c18 to
0458081
Compare
jtfmumm
commented
Jun 24, 2025
| /// Add a package with an `--index` URL with no trailing slash. Run `uv lock --locked` | ||
| /// with a `pyproject.toml` with that same URL but with a trailing slash. | ||
| #[test] | ||
| fn lock_with_inconsistent_trailing_slash() -> Result<()> { |
Contributor
Author
There was a problem hiding this comment.
Here's the new test
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
konstin
approved these changes
Jun 24, 2025
Member
|
In the "Is this lockfile up-to-date check?", should we also strip trailing slashes? |
Contributor
Author
Updated and added a test for a pre-existing lockfile with trailing slashes in registry sources. |
jtfmumm
force-pushed
the
jtfm/normalize-index-url-trailing-slash
branch
from
5db67b0 to
8fcffbb
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
| Some(_) => { | ||
| // Ex) `https://pypi.org/simple` | ||
| VerbatimUrl::parse_url(path)? | ||
| Some(scheme) => { |
Member
There was a problem hiding this comment.
Could this be Some(Scheme::file), instead of the nested if?
Contributor
Author
There was a problem hiding this comment.
That was what I initially wanted to do, but there numerous other Scheme variants for things like bzr+file
charliermarsh
approved these changes
Jun 27, 2025
| self.as_ref() | ||
| .strip_suffix('/') | ||
| .map(SmallString::from) | ||
| .unwrap_or_else(|| self.0.clone()), |
Member
There was a problem hiding this comment.
I think this and without_fragment could both return Cow? But that can be a separate PR if you want to try it.
Contributor
Author
There was a problem hiding this comment.
Makes sense to me. I'll open as a separate PR
charliermarsh
pushed a commit
that referenced
this pull request
Jun 27, 2025
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Jun 29, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.7.14` -> `0.7.16` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.7.16`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0716) [Compare Source](astral-sh/uv@0.7.15...0.7.16) ##### Python - Add Python 3.14.0b3 See the [`python-build-standalone` release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250626) for more details. ##### Enhancements - Include path or URL when failing to convert in lockfile ([#​14292](astral-sh/uv#14292)) - Warn when `~=` is used as a Python version specifier without a patch version ([#​14008](astral-sh/uv#14008)) ##### Preview features - Ensure preview default Python installs are upgradeable ([#​14261](astral-sh/uv#14261)) ##### Performance - Share workspace cache between lock and sync operations ([#​14321](astral-sh/uv#14321)) ##### Bug fixes - Allow local indexes to reference remote files ([#​14294](astral-sh/uv#14294)) - Avoid rendering desugared prefix matches in error messages ([#​14195](astral-sh/uv#14195)) - Avoid using path URL for workspace Git dependencies in `requirements.txt` ([#​14288](astral-sh/uv#14288)) - Normalize index URLs to remove trailing slash ([#​14245](astral-sh/uv#14245)) - Respect URL-encoded credentials in redirect location ([#​14315](astral-sh/uv#14315)) - Lock the source tree when running setuptools, to protect concurrent builds ([#​14174](astral-sh/uv#14174)) ##### Documentation - Note that GCP Artifact Registry download URLs must have `/simple` component ([#​14251](astral-sh/uv#14251)) ### [`v0.7.15`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0715) [Compare Source](astral-sh/uv@0.7.14...0.7.15) ##### Enhancements - Consistently use `Ordering::Relaxed` for standalone atomic use cases ([#​14190](astral-sh/uv#14190)) - Warn on ambiguous relative paths for `--index` ([#​14152](astral-sh/uv#14152)) - Skip GitHub fast path when rate-limited ([#​13033](astral-sh/uv#13033)) - Preserve newlines in `schema.json` descriptions ([#​13693](astral-sh/uv#13693)) ##### Bug fixes - Add check for using minor version link when creating a venv on Windows ([#​14252](astral-sh/uv#14252)) - Strip query parameters when parsing source URL ([#​14224](astral-sh/uv#14224)) ##### Documentation - Add a link to PyPI FAQ to clarify what per-project token is ([#​14242](astral-sh/uv#14242)) ##### Preview features - Allow symlinks in the build backend ([#​14212](astral-sh/uv#14212)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC42Mi4xIiwidXBkYXRlZEluVmVyIjoiNDAuNjIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
charliermarsh
added a commit
that referenced
this pull request
Jun 29, 2025
## Summary In #14245, we started normalizing index URLs by dropping the trailing slash in the lockfile. We added tests to ensure that this didn't cause existing lockfiles to be invalidated, but we missed one of the constructors (specifically, the path that's used with `tool.uv.sources`).
zanieb
added a commit
that referenced
this pull request
Jul 9, 2025
Reverts: - #14349 - #14346 - #14245 Retains the test cases. Includes a `find-links` test case. Supersedes - #14387 - #14503 We originally got a report at #13707 that inclusion of a trailing slash on an index URL was causing lockfile churn despite having no semantic meaning and resolved the issue by adding normalization that stripped trailing slashes at parse time. We then discovered that, while there are not semantic differences for trailing slashes on Simple API index URLs, there are differences for some flat (or find links) indexes. As reported in #14367, the change in #14245 caused a regression for at least one user. We attempted to fix the regression via a few approaches. #14387 attempted to differentiate between Simple API and flat index URL parsing, but failed to account for the `Deserialize` implementation, which always assumed Simple API-style index URLs and incorrectly trimmed trailing slashes in various cases where we deserialized the `IndexUrl` type from a file. I attempted to resolve this by performing a larger refactor, but it ended up being quite painful. In particular, the `Index` type was a blocker — we don't know the `IndexUrl` variant until we've parsed the `IndexFormat` and having a multi-stage deserializer is not appealing but adding a new intermediate type (i.e., `RawIndex`) is painful due to the pervasiveness of `Index`. Given that we've regressed behavior here and there's not a straight-forward fix, we're reverting the normalization entirely. #14503 attempted to perform normalization at compare-time, but that means we'd fail to invalidate the lockfile when the a trailing slash was added or removed and given that a trailing slash has semantic meaning for a find-links URL... we'd have another correctness problem. After this revert, we'll retain all index URLs verbatim. The downside to this approach is that we'll be adding a bunch of trailing slashes back to lockfiles that we previously normalized out, and we'll be reverting our fix for users with inconsistent trailing slashes on their index URLs. Users affected by the original motivating issue should use consistent trailing slashes on their URLs, as they do frequently have semantic meaning. We may want to revisit normalization and type aware index URL parsing as part of a larger change. Closes #14367
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates
IndexUrlparsing to normalize non-file URLs by removing trailing slashes. It also normalizes registry source URLs when using them to validate the lockfile.Prior to this change, when writing an index URL to the lockfile, uv would use a trailing slash if present in the provided URL and no trailing slash otherwise. This can cause surprising behavior. For example,
uv lock --lockedwill fail when a package is added with an--indexvalue without a trailing slash and thenuv lock --lockedis run with apyproject.tomlversion of the index URL that contains a trailing slash. This PR fixes this and adds a test for the scenario.It might be safe to normalize file URLs in the same way, but since slashes have a well-defined meaning in the context of files and directories, I chose not to normalize them here.
Closes #13707.