Skip to content

Avoid invalidating the lockfile versions after an exclude newer change #17721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zanieb merged 2 commits into from
Feb 5, 2026
Merged

Avoid invalidating the lockfile versions after an exclude newer change #17721

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e942fdb
Avoid invalidating the lockfile versions after an exclude newer change
zanieb Jan 27, 2026
f5557be
Update the tests
zanieb Jan 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crates/uv/src/commands/project/lock.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1053,7 +1053,7 @@ impl ValidatedLock {
printer.stderr(),
"Ignoring existing lockfile due to {change}",
Copy link
Member

@woodruffw woodruffw Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this warning still accurate if the lockfile doesn't get invalidated?

Copy link
Member Author

@zanieb zanieb Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's our common wording right now though I agree it could be clearer

);
return Ok(Self::Unusable(lock));
return Ok(Self::Preferable(lock));
}
}

Expand Down
129 changes: 125 additions & 4 deletions crates/uv/tests/it/lock_exclude_newer_relative.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,8 @@ fn lock_exclude_newer_relative() -> Result<()> {
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.env(EnvVars::UV_TEST_CURRENT_TIMESTAMP, current_timestamp)
.arg("--exclude-newer")
.arg("2 weeks"), @"
.arg("2 weeks")
.arg("--upgrade"), @"
success: true
exit_code: 0
----- stdout -----
Expand Down Expand Up @@ -208,6 +209,123 @@ fn lock_exclude_newer_relative() -> Result<()> {
Ok(())
}

/// Test that exclude-newer changes in either direction work correctly:
/// - Getting OLDER (more restrictive): forces downgrade of invalid versions
/// - Getting NEWER (less restrictive): keeps existing versions stable (use --upgrade to get newer)
///
/// Uses idna which has releases at:
/// - 3.6: 2023-11-25
/// - 3.7: 2024-04-11
#[test]
fn lock_exclude_newer_older_vs_newer() -> Result<()> {
let context = TestContext::new("3.12");
let pyproject_toml = context.temp_dir.child("pyproject.toml");
pyproject_toml.write_str(
r#"
[project]
name = "project"
version = "0.1.0"
requires-python = ">=3.12"
dependencies = ["idna"]
"#,
)?;

// Start with a cutoff that allows idna 3.7 (released 2024-04-11)
// 2 weeks before 2024-05-01 is 2024-04-17, which is AFTER idna 3.7 release
let current_timestamp = "2024-05-01T00:00:00Z";
uv_snapshot!(context.filters(), context
.lock()
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.env(EnvVars::UV_TEST_CURRENT_TIMESTAMP, current_timestamp)
.arg("--exclude-newer")
.arg("2 weeks"), @"
success: true
exit_code: 0
----- stdout -----

----- stderr -----
Resolved 2 packages in [TIME]
");

let lock = context.read("uv.lock");
assert!(
lock.contains("version = \"3.7\""),
"Expected idna 3.7 in lockfile"
);

// Now make exclude-newer OLDER (more restrictive): 3 weeks back from 2024-05-01 is 2024-04-10
// This is BEFORE idna 3.7 release (2024-04-11), so 3.7 becomes INVALID and must be replaced
uv_snapshot!(context.filters(), context
.lock()
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.env(EnvVars::UV_TEST_CURRENT_TIMESTAMP, current_timestamp)
.arg("--exclude-newer")
.arg("3 weeks"), @"
success: true
exit_code: 0
----- stdout -----

----- stderr -----
Ignoring existing lockfile due to change of exclude newer span from `P2W` to `P3W`
Resolved 2 packages in [TIME]
Updated idna v3.7 -> v3.6
");

let lock = context.read("uv.lock");
assert!(
lock.contains("version = \"3.6\""),
"Expected idna 3.6 in lockfile after downgrade"
);

// Now make exclude-newer NEWER (less restrictive): back to 2 weeks (2024-04-17)
// This allows idna 3.7 again, but existing version (3.6) is still valid so it stays
uv_snapshot!(context.filters(), context
.lock()
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.env(EnvVars::UV_TEST_CURRENT_TIMESTAMP, current_timestamp)
.arg("--exclude-newer")
.arg("2 weeks"), @"
success: true
exit_code: 0
----- stdout -----

----- stderr -----
Ignoring existing lockfile due to change of exclude newer span from `P3W` to `P2W`
Resolved 2 packages in [TIME]
");

let lock = context.read("uv.lock");
assert!(
lock.contains("version = \"3.6\""),
"Expected idna 3.6 to stay stable without --upgrade"
);

// With --upgrade, should now get idna 3.7 since the constraint allows it
uv_snapshot!(context.filters(), context
.lock()
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.env(EnvVars::UV_TEST_CURRENT_TIMESTAMP, current_timestamp)
.arg("--exclude-newer")
.arg("2 weeks")
.arg("--upgrade"), @"
success: true
exit_code: 0
----- stdout -----

----- stderr -----
Resolved 2 packages in [TIME]
Updated idna v3.6 -> v3.7
");

let lock = context.read("uv.lock");
assert!(
lock.contains("version = \"3.7\""),
"Expected idna 3.7 after --upgrade"
);

Ok(())
}

/// Lock with a relative exclude-newer-package value.
///
/// Uses idna which has releases at:
Expand Down Expand Up @@ -300,7 +418,8 @@ fn lock_exclude_newer_package_relative() -> Result<()> {
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.env(EnvVars::UV_TEST_CURRENT_TIMESTAMP, current_timestamp)
.arg("--exclude-newer-package")
.arg("idna=2 weeks"), @"
.arg("idna=2 weeks")
.arg("--upgrade"), @"
success: true
exit_code: 0
----- stdout -----
Expand Down Expand Up @@ -663,7 +782,8 @@ fn lock_exclude_newer_relative_global_and_package() -> Result<()> {
.arg("--exclude-newer")
.arg("2 weeks")
.arg("--exclude-newer-package")
.arg("typing-extensions=2 weeks"), @"
.arg("typing-extensions=2 weeks")
.arg("--upgrade"), @"
success: true
exit_code: 0
----- stdout -----
Expand Down Expand Up @@ -1013,7 +1133,8 @@ fn lock_exclude_newer_relative_values() -> Result<()> {
----- stderr -----
Ignoring existing lockfile due to removal of exclude newer span
× No solution found when resolving dependencies:
╰─▶ Because there are no versions of iniconfig and your project depends on iniconfig, we can conclude that your project's requirements are unsatisfiable.
╰─▶ Because there are no versions of iniconfig and iniconfig==2.0.0 was published after the exclude newer time, we can conclude that all versions of iniconfig cannot be used.
And because your project depends on iniconfig, we can conclude that your project's requirements are unsatisfiable.
");

uv_snapshot!(context.filters(), context
Expand Down
6 changes: 4 additions & 2 deletions crates/uv/tests/it/sync.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12680,7 +12680,8 @@ dependencies = [
.arg("--exclude-newer")
.arg("2022-04-04T12:00:00Z")
.arg("--exclude-newer-package")
.arg("tqdm=2022-09-04T00:00:00Z"), @"
.arg("tqdm=2022-09-04T00:00:00Z")
.arg("--upgrade"), @"
success: true
exit_code: 0
----- stdout -----
Expand Down Expand Up @@ -12763,7 +12764,8 @@ exclude-newer-package = { tqdm = "2022-09-04T00:00:00Z" }
// Sync again with the package-specific override
uv_snapshot!(context.filters(), context
.sync()
.env_remove(EnvVars::UV_EXCLUDE_NEWER), @"
.env_remove(EnvVars::UV_EXCLUDE_NEWER)
.arg("--upgrade"), @"
success: true
exit_code: 0
----- stdout -----
Expand Down
Loading