build(deps): bump poetry from 1.1.15 to 1.2.0 in /python/helpers#5599
build(deps): bump poetry from 1.1.15 to 1.2.0 in /python/helpers#5599
Conversation
dependabot
bot
added
dependencies
python
|
Merging this will fix #5296 |
|
Looks like this needs a little bit of work to get the tests passing, I won't have time to look at them today but maybe someone else does |
deivid-rodriguez
left a comment
deivid-rodriguez
left a comment
There was a problem hiding this comment.
So you have updated the output, so that we now support both poetry 1.1 and 1.2, correct? Do we use/have installed multiple poetry versions? If not, do we need to keep old poetry 1.1 support?
|
We have to keep around poetry 1.1 support to maintain python 3.6 support as poetry 1.2 moved to python >= 3.7. |
deivid-rodriguez
left a comment
deivid-rodriguez
left a comment
There was a problem hiding this comment.
Aaaah I see! Makes sense!
jeffwidman
force-pushed
the
dependabot/pip/python/helpers/poetry-1.2.0
branch
from
bf384f8 to
48cc572
Compare
Bumps [poetry](https://github.com/python-poetry/poetry) from 1.1.15 to 1.2.0. - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/master/CHANGELOG.md) - [Commits](python-poetry/poetry@1.1.15...1.2.0) --- updated-dependencies: - dependency-name: poetry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
pavera
force-pushed
the
dependabot/pip/python/helpers/poetry-1.2.0
branch
from
4c53fc2 to
e8c893a
Compare
|
There has been a bit of weirdness between Poetry 1.1 and 1.2 lockfiles. I think a good summary of what's going on is at python-poetry/website#79. Is there a way to target explicitly the 1.1 version of Poetry in the My use case is that most of my projects currently use Poetry 1.1. I need to go through and update them for 1.2, but in the meantime some of my projects require setuptools to build wheels and all of the Dependabot PRs fail as the FWIW I'm using GitHub's native dependabot. |
|
@phillipuniverse Unfortunately I'm not aware of a way to choose your poetry version. I think we basically install the latest poetry version compatible with your Python version. However, are these lockfiles really incompatible? My understanding was that upgrades would create a lot of churn because of different orderings inside the lock file, but that it should be compatible other than that? |
|
This pull request shows a difference in the casing of PyYAML between the output of |
Bummer, that's what I was afraid of.
It depends. If you don't need to build any wheels for any of your dependencies 1.2 is mostly a drop-in. If you do need to build wheels or have other needs for setuptools, you're kind of hosed. I'm not even 100% sure I truly understand what the problem is on the Poetry side, something about the special treatment of setuptools. When you do a The details of this are probably more suited on the Poetry issue tracker, I was just hoping there was a straightforward Dependabot workaround to keep the old behavior. Unfortunate there isn't but I get it! |
|
FWIW there are cases where the lockfile generated by poetry in version 1.2.0 is incompatible when running poetry install with version 1.1.15. This can happen when the service uses a private pypi repository which does not support sha256 hashes. See python-poetry/poetry#6301 for more information. In my case all dependabot PRs are now failing on CI because of this problem, so adjusting the poetry version would also be desirable from my perspective, at least until we can get the whole of our internal stack onto 1.2.0 and our internal PYPI server upgraded. |
8 participants
Bumps poetry from 1.1.15 to 1.2.0.
Release notes
Sourced from poetry's releases.
... (truncated)
Changelog
Sourced from poetry's changelog.
... (truncated)
Commits
85993dfrelease: bump to version 1.2.03092769fix: skip cloning badly defined submodulese3ae93adocs:--onlyno longer skips project's package installationa8b1da9[1.2] doc(configuration): improve documentation (#6255)c55d5actest(installer): use locked version of vcs dependency without reference (bran...a4d4caddocs: mention how to add a git dependency with a subdirectory (#6218)3bce76adeps: update poetry-core dependency74d6781release: bump to version 1.2.0rc2f25b801locker: always use base_pep_508_name (for any constraint base_pep_508_name is...57f589arepository: keep (uncanonicalized) pretty_nameDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)