You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Manifest location and content before the Dependabot update
/pyproject.toml, /poetry.lock
dependabot.yml content
Default configuration (no dependabot.yml)
Updated dependency
No response
What you expected to see, versus what you actually saw
Given that the documentation specifies that the default versioning-strategy for the Python ecosystem is auto, I'd expect Dependabot PRs to by default update pyproject.toml as per either theincrease or widen strategies.
Instead, only the poetry.lock is updated by Dependabot. This is of very limited usefulness since poetry.lockonly influences what gets installed when working directly in the repository, and has no impact on the dependencies that are specified when packaging and distributing our code via PyPI. As a result, we almost always have to manually "fix up" Dependabot's pull requests (usually by pulling down the branch and manually running poetry add <dependency>~<new-version>) to include appropriate pyproject.toml updates in order to actually affect the packaging of our project.
I'm guessing that this may be because Dependabot states support for PEP 621 compliant pyproject.toml files, and Poetry's pyproject.toml is not currently PEP 621 compliant. But as an end user of Dependabot, it would be useful to have this variant file format supported as well.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Package ecosystem
poetry
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
/pyproject.toml
,/poetry.lock
dependabot.yml content
Default configuration (no dependabot.yml)
Updated dependency
No response
What you expected to see, versus what you actually saw
Given that the documentation specifies that the default
versioning-strategy
for the Python ecosystem isauto
, I'd expect Dependabot PRs to by default updatepyproject.toml
as per either theincrease
orwiden
strategies.Instead, only the
poetry.lock
is updated by Dependabot. This is of very limited usefulness sincepoetry.lock
only influences what gets installed when working directly in the repository, and has no impact on the dependencies that are specified when packaging and distributing our code via PyPI. As a result, we almost always have to manually "fix up" Dependabot's pull requests (usually by pulling down the branch and manually runningpoetry add <dependency>~<new-version>
) to include appropriatepyproject.toml
updates in order to actually affect the packaging of our project.I'm guessing that this may be because Dependabot states support for PEP 621 compliant
pyproject.toml
files, and Poetry'spyproject.toml
is not currently PEP 621 compliant. But as an end user of Dependabot, it would be useful to have this variant file format supported as well.Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: