Breaking change in Warehouse breaks poetry lock file creation #5970
Comments
cyraxjoe
added
kind/bug
|
I can confirm that this issue is also affecting Poetry 1.1.13 as it is taking down all of our builds. |
|
👍 We're seeing the same with Poetry 1.1.8 |
|
I suspect a lot of people are about to learn a hard lesson about the dangers of relying on public repositories.... diff --git a/src/poetry/repositories/pypi_repository.py b/src/poetry/repositories/pypi_repository.py
index 0e5beab6..142b29d8 100644
--- a/src/poetry/repositories/pypi_repository.py
+++ b/src/poetry/repositories/pypi_repository.py
@@ -204,7 +204,7 @@ class PyPiRepository(HTTPRepository):
)
try:
- version_info = json_data["releases"][version]
+ version_info = json_data["urls"]
except KeyError:
version_info = []looks like it should fix things on master. |
|
#5972 draft for now, because there may be other places where Also backported the change for 1.1 in https://github.com/mkniewallner/poetry/commits/fix/fix-releases-key-pypi-repository-1.1 |
|
Thanks a lot everyone for reporting, debugging and starting a PR 👍 Will have a look at your PR @mkniewallner |
Resolves #6076 I've taken the JSON version of the simple API and converted it into a `LinkSource` so that the package-finding logic in the `PyPiRepository` is very similar to - but annoyingly not quite the same as! - the `LegacyRepository`. I've also taken the opportunity to refactor the `LegacyRepository` ever so slightly to emphasise that similarity. I think I've probably fixed a small bug re caching and pre-releases: previously the processing for ignored pre-releases was skipped when reading from the cache. I believe this change will tend to be a modest performance hit. Eg consider a package like `cryptography`, for which there are maybe a couple of dozen downloads available at each release: to get the available versions we now have to iterate over each of those files and parse their names, rather than simply reading the answer. However if the API that poetry currently uses is truly deprecated I see little choice but to suck that up - or risk being in an awkward spot when it is turned off. cf #5970, but worse. Most of the changes are in the test fixtures: - unversioned fixtures were generated from the existing fixtures: I didn't want to download fresh data and start getting different answers than the tests were expecting - new versioned fixtures were downloaded fresh
Resolves #6076 I've taken the JSON version of the simple API and converted it into a `LinkSource` so that the package-finding logic in the `PyPiRepository` is very similar to - but annoyingly not quite the same as! - the `LegacyRepository`. I've also taken the opportunity to refactor the `LegacyRepository` ever so slightly to emphasise that similarity. I think I've probably fixed a small bug re caching and pre-releases: previously the processing for ignored pre-releases was skipped when reading from the cache. I believe this change will tend to be a modest performance hit. Eg consider a package like `cryptography`, for which there are maybe a couple of dozen downloads available at each release: to get the available versions we now have to iterate over each of those files and parse their names, rather than simply reading the answer. However if the API that poetry currently uses is truly deprecated I see little choice but to suck that up - or risk being in an awkward spot when it is turned off. cf #5970, but worse. Most of the changes are in the test fixtures: - unversioned fixtures were generated from the existing fixtures: I didn't want to download fresh data and start getting different answers than the tests were expecting - new versioned fixtures were downloaded fresh (cherry picked from commit b61a4dd)
Resolves #6076 I've taken the JSON version of the simple API and converted it into a `LinkSource` so that the package-finding logic in the `PyPiRepository` is very similar to - but annoyingly not quite the same as! - the `LegacyRepository`. I've also taken the opportunity to refactor the `LegacyRepository` ever so slightly to emphasise that similarity. I think I've probably fixed a small bug re caching and pre-releases: previously the processing for ignored pre-releases was skipped when reading from the cache. I believe this change will tend to be a modest performance hit. Eg consider a package like `cryptography`, for which there are maybe a couple of dozen downloads available at each release: to get the available versions we now have to iterate over each of those files and parse their names, rather than simply reading the answer. However if the API that poetry currently uses is truly deprecated I see little choice but to suck that up - or risk being in an awkward spot when it is turned off. cf #5970, but worse. Most of the changes are in the test fixtures: - unversioned fixtures were generated from the existing fixtures: I didn't want to download fresh data and start getting different answers than the tests were expecting - new versioned fixtures were downloaded fresh (cherry picked from commit b61a4dd)
|
It seems that Poetry 1.2.2 fixed it but 1.3.1 is back with the same issue, any idea why? |
|
@Natim: Please open a new issue with steps to reproduce if you encounter any problems (I don't have any). |
|
We haven't encountered this issue on Poetry 1.3.1 either. |
|
Sorry, you are both right, the issue is not related, the poetry.lock file structure changed in between 1.2.2 and 1.3.1 which made disappear the metadata section, but the hashes are correctly computed in the package file section in 1.3.1. |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
-vvvoption).Issue
The warehouse project (backend of pypi.org) applied a breaking change that affects
poetry lockthereleaseskey is no longer present in the responses, required for the pypi_repository implementation.It can be easily verified by removing the local cache and inspecting the generated lock file, it would have an empty
metadata.filesproperty, something like:The text was updated successfully, but these errors were encountered: