fix(deps): switch from pip-compile to uv pip compile#4202
Merged
lawrence-u10d merged 2 commits intomainfrom Jan 21, 2026
Merged
fix(deps): switch from pip-compile to uv pip compile#4202lawrence-u10d merged 2 commits intomainfrom
lawrence-u10d merged 2 commits intomainfrom
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Switches dependency compilation from pip-compile to uv pip compile to fix Renovate compatibility issues with the --no-strip-extras flag. Benefits: - Renovate supports --no-strip-extras for uv pip compile - 10-100x faster compilation times - Aligns with unstructured-inference and platform-plugins - Drop-in replacement with same command structure Ref: Renovate pip-compile manager only supports --no-strip-extras for uv, not for regular pip-compile
277d516 to
0117c40
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
- Add --python-version 3.10 flag to ensure consistent dependency resolution - Add --no-emit-package flags for pip and setuptools (matches pip-compile behavior) - Fix compile-all-base to use proper shell for loop instead of $(foreach) - Re-add --upgrade flag to all compile commands Expected diff changes from pip-compile to uv pip compile: - Header format updated to uv style - Constraint paths normalized with ./ prefix (deps/constraints.txt → ./deps/constraints.txt) - coverage[toml] → coverage (not needed since we use .coveragerc) - importlib-metadata + zipp added (Python 3.10 backports, correctly included by uv) - exceptiongroup and tomli handling improved for Python 3.10 compatibility Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
8de630a to
0584298
Compare
jer
approved these changes
Jan 21, 2026
lawrence-u10d
added a commit
to Unstructured-IO/unstructured-api
that referenced
this pull request
Jan 21, 2026
## Summary Switches dependency compilation from pip-compile to uv pip compile to fix Renovate compatibility issues with the `--no-strip-extras` flag. ## Problem Renovate's pip-compile manager has a bug where it only supports `--no-strip-extras` for `uv pip compile`, not for regular `pip-compile`. This blocks Renovate from creating security vulnerability PRs for Python dependencies. ## Solution Switch from `pip-compile` to `uv pip compile` which: - ✅ Supports `--no-strip-extras` flag in Renovate - ✅ 10-100x faster compilation times - ✅ Drop-in replacement with same command structure - ✅ Aligns with unstructured and unstructured-inference repos ## Changes ### Makefile - Targets Python 3.12 (via `--python-version 3.12`) - Adds `--no-emit-package pip` and `--no-emit-package setuptools` flags - Replaces all `pip-compile` commands with `uv pip compile` ### Requirements Files Expected differences from `pip-compile` to `uv pip compile`: **Cosmetic changes:** - Header format updated to reflect uv compilation - Path references include `./` prefix (e.g., `-r ./requirements/base.in`) - Footer wording changed from "unsafe" to "excluded from the output" **constraints.txt expansion:** - `uv` includes transitive dependencies of constrained packages - Added `cryptography`, `cffi`, `charset-normalizer`, `pycparser` (all dependencies of pinned `pdfminer-six==20260107`) - This improves reproducibility by locking the entire dependency tree for constrained packages No version changes to any packages - all dependencies remain at the same versions as before. ## Testing ```bash make pip-compile ``` ## References - Renovate source: [common.ts](https://github.com/renovatebot/renovate/blob/main/lib/modules/manager/pip-compile/common.ts) - uv pip compile docs: https://docs.astral.sh/uv/pip/compile/ - Companion PR in unstructured: Unstructured-IO/unstructured#4202 <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Switches dependency compilation to `uv pip compile` and updates generated requirement files accordingly. > > - Replace `pip-compile` with `uv pip compile` in `Makefile`, targeting Python 3.12 and adding `--no-emit-package pip`/`setuptools`; update `compile-all-base` loop > - Regenerate `requirements/base.txt`, `test.txt`, and `constraints.txt` with uv headers/footers and `./` path prefixes > - Expand `constraints.txt` to include transitive deps of constrained packages (e.g., `cryptography`, `cffi`, `charset-normalizer`, `pycparser`) > - No dependency version changes > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ba94b9a. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Switches dependency compilation from pip-compile to uv pip compile to fix Renovate compatibility issues with the
--no-strip-extrasflag.Problem
Renovate's pip-compile manager has a bug where it only supports
--no-strip-extrasforuv pip compile, not for regularpip-compile. This causes 32 warnings in every Renovate run:This blocks Renovate from creating security vulnerability PRs for Python dependencies.
Solution
Switch from
pip-compiletouv pip compilewhich:--no-strip-extrasflag in RenovateImplementation Details
The Makefile now uses:
--python-version 3.10flag to ensure consistent dependency resolution--no-emit-package pip --no-emit-package setuptoolsflags (matches pip-compile's "unsafe" package behavior)forloop instead of$(foreach)for better variable expansion--upgradeflag on all compile commandsExpected Diff Changes
The following differences in
.txtfiles are expected and safe when switching from pip-compile to uv pip compile:./prefix (deps/constraints.txt→./deps/constraints.txt)coverage[toml]→coverage(test.txt) - Since we use.coveragercfor config (notpyproject.toml), the[toml]extra isn't needed. pip-compile was including it unnecessarily.importlib-metadata+zippadded (dev.txt) - These are Python 3.10 backports (stdlib in 3.11+). uv correctly includes them for Python 3.10.Testing
References
Note
Migrates dependency compilation to
uv pip compileand refreshes all requirement lockfiles accordingly.pip-compilewithuv pip compileinrequirements/Makefile(adds--python-version 3.10,--upgrade,--no-emit-package pip/setuptools, and uses a shellforloop for batch compilation; includes--no-strip-extrasfor base files)requirements/*.txtwith uv: new uv headers, normalized./-prefixed paths (including constraints), and updated "via" commentsdev.txtnow includesimportlib-metadataandzippfor Python 3.10 compatibility; otherwise versions remain consistentWritten by Cursor Bugbot for commit 0584298. This will update automatically on new commits. Configure here.