Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for updating Poetry pyproject.toml, not just poetry.lock? #8603

Open
1 task done
glennmatthews opened this issue Dec 13, 2023 · 3 comments
Open
1 task done

Support for updating Poetry pyproject.toml, not just poetry.lock? #8603

glennmatthews opened this issue Dec 13, 2023 · 3 comments
Labels
L: python:poetry Python packages via poetry L: python T: bug 🐞 Something isn't working

Comments

@glennmatthews
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

poetry

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

/pyproject.toml, /poetry.lock

dependabot.yml content

Default configuration (no dependabot.yml)

Updated dependency

No response

What you expected to see, versus what you actually saw

Given that the documentation specifies that the default versioning-strategy for the Python ecosystem is auto, I'd expect Dependabot PRs to by default update pyproject.toml as per either theincrease or widen strategies.

Instead, only the poetry.lock is updated by Dependabot. This is of very limited usefulness since poetry.lock only influences what gets installed when working directly in the repository, and has no impact on the dependencies that are specified when packaging and distributing our code via PyPI. As a result, we almost always have to manually "fix up" Dependabot's pull requests (usually by pulling down the branch and manually running poetry add <dependency>~<new-version>) to include appropriate pyproject.toml updates in order to actually affect the packaging of our project.

I'm guessing that this may be because Dependabot states support for PEP 621 compliant pyproject.toml files, and Poetry's pyproject.toml is not currently PEP 621 compliant. But as an end user of Dependabot, it would be useful to have this variant file format supported as well.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@glennmatthews glennmatthews added the T: bug 🐞 Something isn't working label Dec 13, 2023
@gshpychka
Copy link

The docs don't even mention the capability to make updates to poetry.lock, making this even more confusing

@jakecoffman jakecoffman added L: python:poetry Python packages via poetry L: python labels Dec 19, 2023
@watermarkhu
Copy link

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

@gvegayon gvegayon mentioned this issue Apr 3, 2024
Merged
@carlincherry
Copy link
Member

cc @carlincherry @cmrice

@lwjohnst86 lwjohnst86 mentioned this issue May 24, 2024
Merged
8 tasks
@mluypaert mluypaert mentioned this issue May 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: python:poetry Python packages via poetry L: python T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jakecoffman @glennmatthews @watermarkhu @gshpychka @carlincherry