Summary
When working behind a proxy, package downloads can sometimes fail with 403 responses because a specific package version is blocked due to a known CVE.
Currently, uv surfaces the error immediately, which means I have to manually identify and pin an earlier non-vulnerable version. This can be especially difficult when the affected package is a transitive dependency.
It would be helpful if uv add supported an option to automatically skip versions that return 403 errors and continue resolving to earlier compatible versions until a successful resolution is found.
Example
uv add any_package
… Fails with 403 on version X
… Skip version X and proceed with versions <X
Summary
When working behind a proxy, package downloads can sometimes fail with 403 responses because a specific package version is blocked due to a known CVE.
Currently, uv surfaces the error immediately, which means I have to manually identify and pin an earlier non-vulnerable version. This can be especially difficult when the affected package is a transitive dependency.
It would be helpful if uv add supported an option to automatically skip versions that return 403 errors and continue resolving to earlier compatible versions until a successful resolution is found.
Example