Latest Results
Support scoped dependency overrides (#19970)
## Summary
`override-dependencies` currently applies every override globally, which
makes it impossible to patch a dependency requirement for one dependent
package version without also changing direct requirements and
requirements from other packages.
This allows structured entries alongside existing requirement strings:
```toml
override-dependencies = [
"idna==3.1",
{ package = { name = "anyio", version = "3.7.0" }, dependencies = ["idna==3.2"] },
]
```
A structured entry replaces requirements for the listed dependencies
only when resolving dependency metadata for the matching package. The
version is optional, matching all versions when omitted; an
exact-version entry takes precedence over a versionless entry, and
scoped requirements take precedence over global overrides for the same
dependency.
Scoped overrides currently support registry version specifiers only.
Direct URL, path, and Git sources and explicit indexes are rejected with
targeted errors rather than being applied without matching package
context.
Pre-release and yanked-version permissions are initialized before
resolution determines which package scopes apply, so an explicit
pre-release or yanked-version pin in any scoped override opts that
dependency into the corresponding candidate-selection behavior for the
entire resolution, even if the scope is not selected. Latest Branches
+6%
charlie/scoped-overrides-add-dependencies -1%
-1%
zsol/proxy-index-02-exact-index-metadata © 2026 CodSpeed Technology