Add warning about pip ignoring lock files #8117
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Deploy preview for website ready! ✅ Preview Built with commit 2e8091a. |
radoering
approved these changes
Jun 25, 2023
mwalbeck
pushed a commit
to mwalbeck/docker-python-poetry
that referenced
this pull request
Aug 27, 2023
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [poetry](https://python-poetry.org/) ([source](https://github.com/python-poetry/poetry), [changelog](https://python-poetry.org/history/)) | minor | `1.5.1` -> `1.6.1` | --- ### Release Notes <details> <summary>python-poetry/poetry (poetry)</summary> ### [`v1.6.1`](https://github.com/python-poetry/poetry/blob/HEAD/CHANGELOG.md#161---2023-08-21) [Compare Source](python-poetry/poetry@1.6.0...1.6.1) ##### Fixed - Update the minimum required version of `requests` ([#​8336](python-poetry/poetry#8336)). ### [`v1.6.0`](https://github.com/python-poetry/poetry/blob/HEAD/CHANGELOG.md#160---2023-08-20) [Compare Source](python-poetry/poetry@1.5.1...1.6.0) ##### Added - **Add support for repositories that do not provide a supported hash algorithm** ([#​8118](python-poetry/poetry#8118)). - **Add full support for duplicate dependencies with overlapping markers** ([#​7257](python-poetry/poetry#7257)). - **Improve performance of `poetry lock` for certain edge cases** ([#​8256](python-poetry/poetry#8256)). - Improve performance of `poetry install` ([#​8031](python-poetry/poetry#8031)). - `poetry check` validates that specified `readme` files do exist ([#​7444](python-poetry/poetry#7444)). - Add a downgrading note when updating to an older version ([#​8176](python-poetry/poetry#8176)). - Add support for `vox` in the `xonsh` shell ([#​8203](python-poetry/poetry#8203)). - Add support for `pre-commit` hooks for projects where the pyproject.toml file is located in a subfolder ([#​8204](python-poetry/poetry#8204)). - Add support for the `git+http://` scheme ([#​6619](python-poetry/poetry#6619)). ##### Changed - **Drop support for Python 3.7** ([#​7674](python-poetry/poetry#7674)). - Move `poetry lock --check` to `poetry check --lock` and deprecate the former ([#​8015](python-poetry/poetry#8015)). - Change future warning that PyPI will only be disabled automatically if there are no primary sources ([#​8151](python-poetry/poetry#8151)). ##### Fixed - Fix an issue where `build-system.requires` were not respected for projects with build scripts ([#​7975](python-poetry/poetry#7975)). - Fix an issue where the encoding was not handled correctly when calling a subprocess ([#​8060](python-poetry/poetry#8060)). - Fix an issue where `poetry show --top-level` did not show top level dependencies with extras ([#​8076](python-poetry/poetry#8076)). - Fix an issue where `poetry init` handled projects with `src` layout incorrectly ([#​8218](python-poetry/poetry#8218)). - Fix an issue where Poetry wrote `.pth` files with the wrong encoding ([#​8041](python-poetry/poetry#8041)). - Fix an issue where `poetry install` did not respect the source if the same version of a package has been locked from different sources ([#​8304](python-poetry/poetry#8304)). ##### Docs - Document **official Poetry badge** ([#​8066](python-poetry/poetry#8066)). - Update configuration folder path for macOS ([#​8062](python-poetry/poetry#8062)). - Add a warning about pip ignoring lock files ([#​8117](python-poetry/poetry#8117)). - Clarify the use of the `virtualenvs.in-project` setting. ([#​8126](python-poetry/poetry#8126)). - Change `pre-commit` YAML style to be consistent with pre-commit's own examples ([#​8146](python-poetry/poetry#8146)). - Fix command for listing installed plugins ([#​8200](python-poetry/poetry#8200)). - Mention the `nox-poetry` package ([#​8173](python-poetry/poetry#8173)). - Add an example with a PyPI source in the pyproject.toml file ([#​8171](python-poetry/poetry#8171)). - Use `reference` instead of deprecated `callable` in the scripts example ([#​8211](python-poetry/poetry#8211)). ##### poetry-core ([`1.7.0`](https://github.com/python-poetry/poetry-core/releases/tag/1.7.0)) - Improve performance of marker handling ([#​609](python-poetry/poetry-core#609)). - Allow `|` as a value separator in markers with the operators `in` and `not in` ([#​608](python-poetry/poetry-core#608)). - Put pretty name (instead of normalized name) in metadata ([#​620](python-poetry/poetry-core#620)). - Update list of supported licenses ([#​623](python-poetry/poetry-core#623)). - Fix an issue where PEP 508 dependency specifications with names starting with a digit could not be parsed ([#​607](python-poetry/poetry-core#607)). - Fix an issue where Poetry considered an unrelated `.gitignore` file resulting in an empty wheel ([#​611](python-poetry/poetry-core#611)). ##### poetry-plugin-export ([`^1.5.0`](https://github.com/python-poetry/poetry-plugin-export/releases/tag/1.5.0)) - Fix an issue where markers for dependencies required by an extra were not generated correctly ([#​209](python-poetry/poetry-plugin-export#209)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40Mi40IiwidXBkYXRlZEluVmVyIjoiMzYuNTIuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> Reviewed-on: https://git.walbeck.it/walbeck-it/docker-python-poetry/pulls/846 Co-authored-by: renovate-bot <bot@walbeck.it> Co-committed-by: renovate-bot <bot@walbeck.it>
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a warning about
pip installignoring the poetry.lock so that application developers know to always usepoetry install.Background:
I have a project with a simple flask web service which is bundled into a container image. I was using
pip installto install my project and its dependencies in the Dockerfile so that I wouldn't need an additional image layer to install poetry. I had incorrectly assumed that the poetry-core build backend would respect the poetry lock file and so I was unexpectedly getting the latest versions of my dependencies in my docker image.This PR is my attempt at helping other developers enjoy poetry without repeating this same mistake. Please feel free to modify or adjust this change however you see fit as this is really just my suggested wording and placement from a quick scan through the poetry online docs.