Poetry
Unexplained dependency (and metadata) removal from lockfile when dependabot updates a single dependency #7116
-
|
Hi, I know the Poetry team aren't responsible for Dependabot, but I wanted to mention the following dependabot bug I've just raised in case it's of interest. dependabot/dependabot-core#6226 TL;DR: a dependabot update to one package unexpectedly removed a bunch of metadata and actual dependencies from the lockfile. Running Has anyone else encountered behaviour like this? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
poetry-core update won't have been picked up by any released version of poetry (which pins to an earlier version). So that shouldn't be related. Seems much more likely to be a dependabot bug, I left a suggestion at dependabot/dependabot-core#6226 (comment) |
Beta Was this translation helpful? Give feedback.
-
|
Many thanks for taking a look!
Aha, that makes complete sense. (In the past we saw some pain because we didn't pin poetry-core in our build-requirements; I think that's what was going through my mind when I wrote this out. Sorry for the red herring!) |
Beta Was this translation helpful? Give feedback.
poetry-core update won't have been picked up by any released version of poetry (which pins to an earlier version). So that shouldn't be related.
Seems much more likely to be a dependabot bug, I left a suggestion at dependabot/dependabot-core#6226 (comment)