CoefficientSystems / modern-data-cookiecutter

Cookiecutter template for Coefficient projects.
https://coefficient.ai
18 stars 5 forks source link

Bump poetry from 1.5.1 to 1.8.2 in /.github/workflows #224

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps poetry from 1.5.1 to 1.8.2.

Release notes

Sourced from poetry's releases.

1.8.2

Fixed

  • Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
  • Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
  • Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
  • Improve lazy-wheel to allow redirects for HEAD requests (#9087).
  • Improve debug logging for lazy-wheel errors (#9059).
  • Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
  • Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
  • Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

1.8.1

Fixed

  • Update the minimum required version of packaging (#9031).
  • Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

  • Rename master branch to main (#9022).

1.8.0

Added

  • Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
  • Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
  • Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
  • Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
  • poetry check validates that no unknown sources are referenced in dependencies (#8709).
  • Add archive validation during installation for further hash algorithms (#8851).
  • Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
  • Add a config option to disable keyring (#8910).
  • Add a --sync option to poetry update (#8931).
  • Add an --output option to poetry build (#8828).
  • Add a --dist-dir option to poetry publish (#8828).

Changed

  • The implicit PyPI source is disabled if at least one primary source is configured (#8771).
  • Deprecate source priority default (#8771).
  • Upgrade the warning about an inconsistent lockfile to an error (#8737).
  • Deprecate setting installer.modern-installation to false (#8988).
  • Drop support for pip<19 (#8894).
  • Require requests-toolbelt>=1 (#8680).
  • Allow platformdirs 4.x (#8668).
  • Allow and require xattr 1.x on macOS (#8801).
  • Improve venv shell activation in fish (#8804).
  • Rename system to base in output of poetry env info (#8832).
  • Use pretty name in output of poetry version (#8849).

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.8.2] - 2024-03-02

Fixed

  • Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
  • Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
  • Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
  • Improve lazy-wheel to allow redirects for HEAD requests (#9087).
  • Improve debug logging for lazy-wheel errors (#9059).
  • Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
  • Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
  • Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

[1.8.1] - 2024-02-26

Fixed

  • Update the minimum required version of packaging (#9031).
  • Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

  • Rename master branch to main (#9022).

[1.8.0] - 2024-02-25

Added

  • Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
  • Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
  • Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
  • Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
  • poetry check validates that no unknown sources are referenced in dependencies (#8709).
  • Add archive validation during installation for further hash algorithms (#8851).
  • Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
  • Add a config option to disable keyring (#8910).
  • Add a --sync option to poetry update (#8931).
  • Add an --output option to poetry build (#8828).
  • Add a --dist-dir option to poetry publish (#8828).

Changed

  • The implicit PyPI source is disabled if at least one primary source is configured (#8771).
  • Deprecate source priority default (#8771).
  • Upgrade the warning about an inconsistent lockfile to an error (#8737).
  • Deprecate setting installer.modern-installation to false (#8988).
  • Drop support for pip<19 (#8894).

... (truncated)

Commits
  • c3e22d6 release: bump version to 1.8.2
  • 70d4f58 Improve error message when installing non-package in package-mode
  • 03f3232 Hash metadata as bytes (#9049)
  • 33b7618 lazy-wheel: allow redirects for HEAD request
  • 58995de lazy-wheel: improve handling of servers that tell us that they support range ...
  • d8afecb lazy-wheel: be more robust with regard to Artifactory's incorrect handling of...
  • 3e43146 repo/http: add debug log for lazy wheel error
  • f2bfacb harden lazy wheel wheel error handling
  • 304c54a non-package-mode: fix poetry add (#9046)
  • 78f7dd6 release: bump version to 1.8.1
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
john-sandall commented 7 months ago

@dependabot rebase

john-sandall commented 7 months ago

@dependabot rebase

dependabot[bot] commented 7 months ago

Looks like poetry is up-to-date now, so this is no longer needed.