blog: announce poetry 1.6.0

radoering · radoering · commit df6864543020 · 2023-08-20T18:04:01.000+02:00
diff --git a/content/blog/2023-08-20-announcing-poetry-1-6-0.md b/content/blog/2023-08-20-announcing-poetry-1-6-0.md
@@ -0,0 +1,95 @@
+---
+layout: single
+title: "Announcing Poetry 1.6.0"
+date: 2023-08-20
+categories: [releases]
+tags: ["1.x", "1.6"]
+---
+
+The Poetry team is pleased to announce the immediate availability of Poetry **1.6.0**.
+
+<!--more-->
+
+If you have a previous version of Poetry installed via the [official installer](/docs/#installation),
+getting Poetry **1.6.0** is as easy as:
+
+```bash
+$ poetry self update
+```
+
+## Highlights
+
+### Official Poetry badge
+
+Poetry provides an official badge that can be used to indicate that a project is managed with Poetry.
+See the [documentation](docs/community/#badge) for details.
+
+### Support for repositories that do not provide a supported hash algorithm
+
+Some outdated package indices do only provide insecure MD5 hashes.
+Poetry 1.6 supports these repositories by calculating a SHA256 hash for the lockfile by itself.
+
+{{% note %}}
+If you care about security, you should still switch to modern package indices that provide secure hashes.
+{{% /note %}}
+
+### Full support for duplicate dependencies with overlapping markers
+
+Poetry 1.6 fully supports duplicate dependencies with overlapping markers.
+Therefore, it transforms a set of dependencies with overlapping markers into
+an equivalent set of dependencies mutually exclusive markers during dependency resolution.
+For example,
+
+```toml
+my-package = [
+    { version = ">=1.0" },
+    { version = "<2", markers = "python_version < '3.10'" },
+    { version = ">=1.5", markers = "sys_platform == 'win32'" },
+]
+```
+
+becomes
+
+```toml
+my-package = [
+    { version = ">=1.0", markers = "python_version >= '3.10' and sys_platform != 'win32'" },
+    { version = "<2", markers = "python_version < '3.10' and sys_platform != 'win32'" },
+    { version = ">=1.5", markers = "python_version >= '3.10' and sys_platform = 'win32'" },
+    { version = ">=1.5,<2", markers = "python_version < '3.10' and sys_platform == 'win32'" },
+]
+```
+
+so that for each of the resulting markers a valid solution can be found.
+
+If there is a conflict between the constraints of duplicate dependencies with overlapping markers,
+a comprehensive error message is displayed.
+Previously, overlapping markers could result in incorrect dependency resolutions.
+
+### Improved performance of `poetry lock` for certain edge cases
+
+Especially since the release of urllib3 2.0, Poetry has been affected
+by a dramatic performance regression under certain circumstances when boto3 or botocore
+were among the dependencies. That's because Poetry's algorithm decided to resolve
+dependencies with fewer candidates first to find conflicts faster
+(urllib3 has far fewer releases than boto3/botocore). However, all of the many versions
+of boto3/botocore are incompatible with `urllib3 >= 2.0`, so the algorithm has
+to try all of them before it chooses an older version of urllib3.
+Even though resolving dependencies with fewer candidates first will find conflicts
+a bit faster in some cases, it tends to be a lot slower in other cases.
+Therefore, we inverted the heuristics to resolve dependencies with more candidates first,
+which seems to be a bit slower in some cases, but a lot faster in other cases.
+
+## Other important Changes
+
+### Dropping support for Python 3.7 as runtime environment
+
+Poetry 1.6 drops runtime support for Python 3.7.
+
+{{% note %}}
+This change is about installing and running Poetry itself.
+Managing projects requiring Python 3.7 might still work.
+{{% /note %}}
+
+## Changelog
+
+### TODO: insert changelog
diff --git a/content/history.md b/content/history.md
@@ -4,6 +4,8 @@ layout: single
 title: History
 ---
 
+## TODO: add changelog
+
 ## [1.5.1] - 2023-05-29
 
 ### Added
@@ -1807,6 +1809,8 @@ This release **must** be downloaded via the `get-poetry.py` script and not via t
 
 Initial release
 
+### TODO: update
+
 [unreleased]: https://github.com/python-poetry/poetry/compare/1.5.1...master
 [1.5.1]: https://github.com/python-poetry/poetry/releases/tag/1.5.1
 [1.5.0]: https://github.com/python-poetry/poetry/releases/tag/1.5.0
diff --git a/pyproject.toml b/pyproject.toml
@@ -67,7 +67,7 @@ tags = "/blog/tag/:title/"
 description = "Python dependency management and packaging made easy"
 
 [tool.website.config.params.documentation]
-defaultVersion = "1.5"
+defaultVersion = "1.5"  # TODO: update
 
 [tool.website.config.markup.goldmark.renderer]
 unsafe = true
@@ -76,7 +76,7 @@ unsafe = true
 keepWhitespace = true
 
 [tool.website.versions]
-"1.5" = "1.5"
+"1.5" = "1.5"  # TODO: update
 "1.4" = "1.4"
 
 [build-system]
