uv dependabot removes extras

[therefromhere]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

uv

Package manager version

uv 0.6.9

Language version

python 3.13

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
enable-beta-ecosystems: true
updates:
  - package-ecosystem: "uv"
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

https://github.com/therefromhere/dependabot-uv-bug-11896/blob/ce88a54a4f78f5adfee224c4f79a0f55ef36628b/.github/dependabot.yml#L1-L11

Updated dependency

django-storages[google] lost the extras in this PR https://github.com/therefromhere/dependabot-uv-bug-11896/pull/1/files

What you expected to see, versus what you actually saw

uv dependabot is incorrectly removing extras.

This bug has been referenced by a few people, but I'm not sure it's been logged.

• Support updating uv.lock #10478 (comment)
• Support updating uv.lock #10478 (comment)
• Support updating uv.lock #10478 (comment)

Native package manager behavior

$ uv --version
uv 0.6.9

$ uv lock --upgrade
Resolved 30 packages in 305ms
Updated whitenoise v6.8.2 -> v6.9.0

$ git diff
diff --git a/uv.lock b/uv.lock
index 2a0e3fe..7232276 100644
--- a/uv.lock
+++ b/uv.lock
@@ -369,9 +369,9 @@ wheels = [
 
 [[package]]
 name = "whitenoise"
-version = "6.8.2"
+version = "6.9.0"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/68/49/c21ebb5b911888c349a849ec7d1ead2dffbbcc4e2be0f6af2a7dbac03393/whitenoise-6.8.2.tar.gz", hash = "sha256:486bd7267a375fa9650b136daaec156ac572971acc8bf99add90817a530dd1d4", size = 25892 }
+sdist = { url = "https://files.pythonhosted.org/packages/b9/cf/c15c2f21aee6b22a9f6fc9be3f7e477e2442ec22848273db7f4eb73d6162/whitenoise-6.9.0.tar.gz", hash = "sha256:8c4a7c9d384694990c26f3047e118c691557481d624f069b7f7752a2f735d609", size = 25920 }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/8c/3a/8d22513e1942899270dcdbd47f9886309836442cd7ede4b0d00be79715f5/whitenoise-6.8.2-py3-none-any.whl", hash = "sha256:df12dce147a043d1956d81d288c6f0044147c6d2ab9726e5772ac50fb45d2280", size = 20158 },
+    { url = "https://files.pythonhosted.org/packages/64/b2/2ce9263149fbde9701d352bda24ea1362c154e196d2fda2201f18fc585d7/whitenoise-6.9.0-py3-none-any.whl", hash = "sha256:c8a489049b7ee9889617bb4c274a153f3d979e8f51d2efd0f5b403caf41c57df", size = 20161 },
 ]

Images of the diff or a link to the PR, issue, or logs

https://github.com/therefromhere/dependabot-uv-bug-11896/pull/1/files

job-logs.txt

Smallest manifest that reproduces the issue

pyproject.toml:

[project]
name = "dependabot-uv-bug-11896"
version = "0.1.0"
description = "Add your description here"
readme = "README.md"
requires-python = ">=3.13"
dependencies = [
    "django>=5.1.7",
    "django-storages[google]>=1.14.5",
    "whitenoise>=6.8.2",
]

[dependency-groups]
dev = [
    "pytest>=8.3.5",
]