Back

uv #17703

Add `--no-upgrade-package` to opt-out of upgrading a specific package (#7177)

by cscanlin · Feb 06, 2026 at 19:06 UTC · scan-3093443303f3313a

View on Github · Download JSON
Critical Risk (100%)

Get this automatically on every PR

Install the Axiomo GitHub App to get Signals as check runs and PR comments on every pull request.

Install App

Risk Assessment

Risk level: Critical (100%)

Risk Drivers

  • large_diff: Large change: 528 lines modified
  • multiple_concerns: Spans 7 directories
  • new_contributor: First contribution from cscanlin
  • cross_concern_spread: Touches 3 functional domains: configuration, frontend, testing
  • api_surface_change: API surface changed in 1 file(s)

Intent

2/3 criteria met

Add `--no-upgrade-package` option to globally opt-out of upgrading a specified package.

Non-Goals

  • - Complete documentation
  • - Thorough bug fixing

Acceptance Criteria

  • โœ“
    The `--no-upgrade-package` option is implemented.

    `no_upgrade_package` added to `ToolUpgradeArgs` in lib.rs

  • โœ“
    Tests are added for the new option.

    398 lines added in tests/it/lock.rs

  • โœ—
    Documentation is updated for the new CLI option.

    No mention of documentation updates in the diff.

Confidence: 90.0% Source: diff analysis AI: openai

Contributors

cscanlin PR Author 15 commits ? New Contributor
Account Age: 4813 days
Prior PRs: 1

First-time contributor to this repository. unfamiliar with 10 files being modified.

Evidence

Evidence Completeness: 50.0%
tests_passing Unavailable
ci_passing Unavailable
build_successful Unavailable
lint_passing Passing
Missing: security_scan_clean, coverage_maintained

Supply Chain

None Risk
Modifies dependencies
Modifies lockfile
Modifies CI config
Modifies build scripts

Focus Files

Review 1 high-priority file(s)

crates/uv/tests/it/lock.rs +398

398 lines changed; Source code

high
crates/uv-configuration/src/package_options.rs +68

68 lines changed; Source code

medium
crates/uv-settings/src/settings.rs +24

Source code

medium
crates/uv-cli/src/lib.rs +12

Source code

medium
crates/uv-cli/src/options.rs +8

Source code

medium
crates/uv-requirements/src/upgrade.rs +4

Source code

medium
crates/uv-settings/src/lib.rs +4

Source code

medium
crates/uv/src/settings.rs +7

Source code

medium
crates/uv/src/commands/project/lock.rs +1

Source code

medium
crates/uv/tests/it/show_settings.rs +2

Source code

medium

Triage

82

minutes to review

extensive

effort level

none

staleness risk

Schedule dedicated review time; consider pair review

Recommendation

REQUEST CHANGES 30.0% readiness

Critical risk level requires changes before approval

Next Steps

Question

Why is security_scan_clean missing? Consider adding this check.

Question

Why is coverage_maintained missing? Consider adding this check.

Nitpick

First contribution - consider welcoming and providing extra context