Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot dropped several hashes from poetry.lock #5351

Closed
roniemartinez opened this issue Jul 8, 2022 · 5 comments
Closed

Dependabot dropped several hashes from poetry.lock #5351

roniemartinez opened this issue Jul 8, 2022 · 5 comments
Labels
T: bug 🐞 Something isn't working

Comments

@roniemartinez
Copy link

Running poetry lock --no-update reverts these changes and brings back the hashes.

Package ecosystem
pip/python - poetry

Package manager version

Language version

Manifest location and content before the Dependabot update

dependabot.yml content

Updated dependency

What you expected to see, versus what you actually saw

Native package manager behavior

Images of the diff or a link to the PR, issue, or logs
https://github.com/roniemartinez/dude/pull/188/files
image

🕹 Bonus points: Smallest manifest that reproduces the issue
@roniemartinez roniemartinez added the T: bug 🐞 Something isn't working label Jul 8, 2022
@mkniewallner mkniewallner mentioned this issue Jul 8, 2022
Closed
@mkniewallner
Copy link

Issue is not with Dependabot, but something related to Poetry.
Recently released version 1.1.14 solves the issue, so made #5352, since Dependabot won't make a PR before a few hours.

You can find more details about the issue in python-poetry/poetry#5972, but in the meantime, Dependabot will basically not be able to lock correctly until #5352 is merged and a new version is released (but you can manually lock dependencies yourself in the meantime, if you use 1.1.14).

@roniemartinez
Copy link
Author

@mkniewallner Thanks for writing a fix.

This was referenced Jul 9, 2022
Merged
Merged
Closed
Closed
@roniemartinez roniemartinez mentioned this issue Jul 11, 2022
Merged
PerchunPak added a commit to fire-square/fire-square-style that referenced this issue Jul 11, 2022
@PerchunPak
Return hashes in poetry.lock
ebfb90e 
See dependabot/dependabot-core#5351 for details.
PerchunPak added a commit to fire-square/fire-square-style that referenced this issue Jul 11, 2022
@PerchunPak
Return hashes in poetry.lock
460392e 
See dependabot/dependabot-core#5351 for details.
PerchunPak added a commit to fire-square/fire-square-style that referenced this issue Jul 11, 2022
@dependabot @PerchunPak
Bump pre-commit from 2.19.0 to 2.20.0 (#59)
f993874 
* Bump pre-commit from 2.19.0 to 2.20.0

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.19.0 to 2.20.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v2.19.0...v2.20.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Return hashes in poetry.lock

See dependabot/dependabot-core#5351 for details.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: PerchunPak <perchunpak@gmail.com>
@mkniewallner
Copy link

Didn't test it myself, but a new version of Dependabot has been released, including a bump of Poetry to 1.1.14, so this should fix the missing hashes.

@levrik
Copy link

levrik commented Jul 12, 2022
edited

@mkniewallner It doesn't seem to be online on GitHub yet. I let Dependabot recreate all open PRs but hashes were still missing.

Update: Seems to be fixed now!

@jurre
Copy link
Member

jurre commented Jul 12, 2022

Yes if I understand correctly the bumped version of Poetry should have resolved this, going to close this out for now but please let us know if you run into issues with this

@jurre jurre closed this as completed Jul 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build(deps): bump poetry from 1.1.13 to 1.1.14 in /python/helpers
4 participants
@jurre @roniemartinez @mkniewallner @levrik