Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump poetry from 1.7.1 to 1.8.2 in /devtools #2743

Merged
merged 2 commits into from
Apr 18, 2024
Merged

build(deps): bump poetry from 1.7.1 to 1.8.2 in /devtools #2743

merged 2 commits into from
Apr 18, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2024
edited

Bumps poetry from 1.7.1 to 1.8.2.

Release notes

Sourced from poetry's releases.

1.8.2

Fixed

  • Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
  • Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
  • Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
  • Improve lazy-wheel to allow redirects for HEAD requests (#9087).
  • Improve debug logging for lazy-wheel errors (#9059).
  • Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
  • Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
  • Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

1.8.1

Fixed

  • Update the minimum required version of packaging (#9031).
  • Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

  • Rename master branch to main (#9022).

1.8.0

Added

  • Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
  • Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
  • Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
  • Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
  • poetry check validates that no unknown sources are referenced in dependencies (#8709).
  • Add archive validation during installation for further hash algorithms (#8851).
  • Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
  • Add a config option to disable keyring (#8910).
  • Add a --sync option to poetry update (#8931).
  • Add an --output option to poetry build (#8828).
  • Add a --dist-dir option to poetry publish (#8828).

Changed

  • The implicit PyPI source is disabled if at least one primary source is configured (#8771).
  • Deprecate source priority default (#8771).
  • Upgrade the warning about an inconsistent lockfile to an error (#8737).
  • Deprecate setting installer.modern-installation to false (#8988).
  • Drop support for pip<19 (#8894).
  • Require requests-toolbelt>=1 (#8680).
  • Allow platformdirs 4.x (#8668).
  • Allow and require xattr 1.x on macOS (#8801).
  • Improve venv shell activation in fish (#8804).
  • Rename system to base in output of poetry env info (#8832).
  • Use pretty name in output of poetry version (#8849).

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.8.2] - 2024-03-02

Fixed

  • Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
  • Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
  • Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
  • Improve lazy-wheel to allow redirects for HEAD requests (#9087).
  • Improve debug logging for lazy-wheel errors (#9059).
  • Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
  • Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
  • Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

[1.8.1] - 2024-02-26

Fixed

  • Update the minimum required version of packaging (#9031).
  • Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

  • Rename master branch to main (#9022).

[1.8.0] - 2024-02-25

Added

  • Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
  • Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
  • Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
  • Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
  • poetry check validates that no unknown sources are referenced in dependencies (#8709).
  • Add archive validation during installation for further hash algorithms (#8851).
  • Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
  • Add a config option to disable keyring (#8910).
  • Add a --sync option to poetry update (#8931).
  • Add an --output option to poetry build (#8828).
  • Add a --dist-dir option to poetry publish (#8828).

Changed

  • The implicit PyPI source is disabled if at least one primary source is configured (#8771).
  • Deprecate source priority default (#8771).
  • Upgrade the warning about an inconsistent lockfile to an error (#8737).
  • Deprecate setting installer.modern-installation to false (#8988).
  • Drop support for pip<19 (#8894).

... (truncated)

Commits
  • c3e22d6 release: bump version to 1.8.2
  • 70d4f58 Improve error message when installing non-package in package-mode
  • 03f3232 Hash metadata as bytes (#9049)
  • 33b7618 lazy-wheel: allow redirects for HEAD request
  • 58995de lazy-wheel: improve handling of servers that tell us that they support range ...
  • d8afecb lazy-wheel: be more robust with regard to Artifactory's incorrect handling of...
  • 3e43146 repo/http: add debug log for lazy wheel error
  • f2bfacb harden lazy wheel wheel error handling
  • 304c54a non-package-mode: fix poetry add (#9046)
  • 78f7dd6 release: bump version to 1.8.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 18, 2024
@coveralls
Copy link

Coverage Status

coverage: 90.959%. remained the same
when pulling edbab24 on dependabot/pip/devtools/poetry-1.8.2
into 9834665 on main.

@edmondchuc edmondchuc mentioned this pull request Mar 18, 2024
Merged
8 tasks
@dependabot
build(deps): bump poetry from 1.7.1 to 1.8.2 in /devtools
4b1fd41 
Bumps [poetry](https://github.com/python-poetry/poetry) from 1.7.1 to 1.8.2.
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@1.7.1...1.8.2)

---
updated-dependencies:
- dependency-name: poetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/devtools/poetry-1.8.2 branch from edbab24 to 4b1fd41 Compare March 20, 2024 01:46
@nicholascar nicholascar merged commit 27c81f0 into main Apr 18, 2024
20 checks passed
@nicholascar nicholascar deleted the dependabot/pip/devtools/poetry-1.8.2 branch April 18, 2024 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@coveralls @nicholascar