Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Don't Remove Poetry Version From Lock File #7219

Closed
1 task done
Kurt-von-Laven opened this issue May 3, 2023 · 4 comments
Closed
1 task done

Don't Remove Poetry Version From Lock File #7219

Kurt-von-Laven opened this issue May 3, 2023 · 4 comments
Labels
L: python:poetry Python packages via poetry T: bug 🐞 Something isn't working

Comments

@Kurt-von-Laven
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

pip

Package manager version

Poetry 1.4.2

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  # Upgrade Poetry dependencies.
  - package-ecosystem: pip
    directory: /
    schedule:
      interval: daily
      time: "08:00"
      timezone: America/New_York
    open-pull-requests-limit: 1
    insecure-external-code-execution: deny
    allow:
      - dependency-type: development

Updated dependency

No response

What you expected to see, versus what you actually saw

Expected no modifications to first line of poetry.lock:

# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.

Experienced modification to first line of poetry.lock:

# This file is automatically @generated by Poetry and should not be changed by hand.

Native package manager behavior

Poetry adds the version number back in when, for example poetry lock --no-update, has work to do. If there are no substantive changes to be written, then Poetry doesn't modify poetry.lock at all. Poetry started including the Poetry version in the lock file in Poetry 1.4.0: python-poetry/poetry#7339.

Images of the diff or a link to the PR, issue, or logs

--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry and should not be changed by hand.

Smallest manifest that reproduces the issue

pyproject.toml:

[build-system]
requires = ["poetry-core>=1.5.2"]
build-backend = "poetry.core.masonry.api"

[tool]
  [tool.poetry]
  name = "Minimal Reproduction"
  version = "0.1.0"
  description = "Minimal Reproduction of Dependabot Issue"
  authors = ["Kurt von Laven <kurt.von.laven@gmail.com>"]

  [tool.poetry.dependencies]
  python = "==3.11.3"
@Kurt-von-Laven Kurt-von-Laven added the T: bug 🐞 Something isn't working label May 3, 2023
@danyeaw
Copy link

danyeaw commented May 18, 2023

I ran in to this as well with gaphor/gaphor#2310. I think this is due to an older version of poetry being used, it looks like this PR would fix this issue: #6758

@jeffwidman
Copy link
Member

Is this still happening @Kurt-von-Laven @danyeaw ?

Wondering if this was an upstream bug that no longer appears now that we're on poetry 1.5...

@jeffwidman jeffwidman added the L: python:poetry Python packages via poetry label Aug 3, 2023
@danyeaw
Copy link

danyeaw commented Aug 3, 2023

I expect that this is fixed by #7350

@jeffwidman
Copy link
Member

Sg, will close for now and if you see it again comment and we can reopen.

Note that I haven't deployed that code yet, I'll probably do so tomorrow though.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
L: python:poetry Python packages via poetry T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeffwidman @Kurt-von-Laven @danyeaw