lock upgrades some locked dependencies with no --upgrade flag #16436
Description
Summary
UV updates some packages when locking with no upgrade flag:
Take a pyproject.toml file with two packages.
Here, requests and an example package:
[project]
name = "lock-test"
version = "0.1.0"
description = "Add your description here"
readme = "README.md"
requires-python = ">=3.13"
dependencies = [ "requests<=2.29", "example-package<=2.29"]run uv lock → both are locked to the matching version 2.29.0
change the pyproject toml to allow higher version (or upload a new package version):
[project]
name = "lock-test"
version = "0.1.0"
description = "Add your description here"
readme = "README.md"
requires-python = ">=3.13"
dependencies = [ "requests>=2.29", "example-package>=2.29"]run uv lock
expected behavior:
lockfile is updated but no dependencies change
observed behavior:
requests stays with the locked version, but example-package is updated to the latest version.
I have done some investigation and it seems to be related to the uploaded distributions. example-package only contains py3-none-any wheel files: GET $INDEX/simple/example-package ->
example-package-2.29.0-py3-none-any.whl, example-package-2.29.1-py3-none-any.whl
This error occurs on any package where this is the case and does not appear as soon as sdist or an additional wheel platform was uploaded.
Platform
macOS26
Version
0.9.4
Python version
3.10-3.13