Martin Mahner
You can force transitive dependencies to resolve to specific versions without adding them to your main dependencies using constraint-dependencies in pyproject.toml:
[tool.uv]
constraint-dependencies = ["urllib3>=2"]
This is useful when a sub-dependency has a bug or security issue and you need to enforce a minimum version, but you don't actually import it directly. Before this, you'd have to pollute your [project.dependencies] with packages you don't directly use just to pin them. Constraints apply during resolution without declaring a direct dependency.