Bump poetry from 1.0.10 to 1.1.9

[dependabot[bot]]

Bumps poetry from 1.0.10 to 1.1.9.

Release notes

Sourced from poetry's releases.

1.1.9

Fixed

• Fixed a security issue where file hashes were not checked prior to installation. (#4420, #4444, python-poetry/poetry-core#193)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4507)
• Fixed an issue where unsafe parameters could be passed to git commands. (python-poetry/poetry-core#203)
• Fixed an issue where the wrong git executable could be used on Windows. (python-poetry/poetry-core#205)

1.1.8

Fixed

• Fixed an error with repository prioritization when specifying secondary repositories. (#4241)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4330, #4407)
• Fixed the evaluation of relative path dependencies. (#4246)
• Fixed environment detection for Python 3.10 environments. (#4387)
• Fixed an error in the evaluation of in/not in markers (python-poetry/poetry-core#189)

1.1.7

Note: Lock files might need to be regenerated for the first fix below to take effect. You can use poetry lock to do so without the --no-update option.

Changed

• This release is compatible with the install-poetry.py installation script to ease the migration path from 1.1 releases to 1.2 releases. (#4192)

Fixed

• Fixed an issue where transitive dependencies of directory or VCS dependencies were not installed or otherwise removed. (#4203)
• Fixed an issue where the combination of the --tree and --no-dev options for the show command was still displaying development dependencies. (#3992)

1.1.6

Fixed

• Fixed export format for path dependencies. (#3121)
• Fixed errors caused by environment modification when executing some commands. (#3253)
• Fixed handling of wheel files with single-digit versions. (#3338)
• Fixed an error when handling single-digit Python markers. (poetry-core#156)
• Fixed dependency markers not being properly copied when changing the constraint leading to resolution errors. (poetry-core#163)
• Fixed an error where VCS dependencies were always updated. (#3947)
• Fixed an error where the incorrect version of a package was locked when using environment markers. (#3945)

1.1.5

Fixed

• Fixed an error in the export command when no lock file existed and a verbose flag was passed to the command. (#3310)
• Fixed an error where the pyproject.toml was not reverted when using the add command. (#3622)
• Fixed errors when using non-HTTPS indices. (#3622)
• Fixed errors when handling simple indices redirection. (#3622)
• Fixed errors when trying to handle newer wheels by using the latest version of poetry-core and packaging. (#3677)
• Fixed an error when using some versions of poetry-core due to an incorrect import . (#3696)

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.1.9] - 2021-09-18

Fixed

• Fixed a security issue where file hashes were not checked prior to installation. (#4420, #4444, python-poetry/poetry-core#193)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4507)
• Fixed an issue where unsafe parameters could be passed to git commands. (python-poetry/poetry-core#203)
• Fixed an issue where the wrong git executable could be used on Windows. (python-poetry/poetry-core#205)

[1.1.8] - 2021-08-19

Fixed

• Fixed an error with repository prioritization when specifying secondary repositories. (#4241)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4330, #4407)
• Fixed the evaluation of relative path dependencies. (#4246)
• Fixed environment detection for Python 3.10 environments. (#4387)
• Fixed an error in the evaluation of in/not in markers (python-poetry/poetry-core#189)

[1.2.0a2] - 2021-08-01

Added

• Poetry now supports dependency groups. (#4260)
• The install command now supports a --sync option to synchronize the environment with the lock file. (#4336)

Changed

• Improved the way credentials are retrieved to better support keyring backends. (#4086)
• The --remove-untracked option of the install command is now deprecated in favor of the new --sync option. (#4336)
• The user experience when installing dependency groups has been improved. (#4336)

Fixed

• Fixed performance issues when resolving dependencies. (#3839)
• Fixed an issue where transitive dependencies of directory or VCS dependencies were not installed or otherwise removed. (#4202)
• Fixed the behavior of the init command in non-interactive mode. (#2899)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4329)
• Fixed the display of possible solutions for some common errors. (#4332)

[1.1.7] - 2021-06-25

Note: Lock files might need to be regenerated for the first fix below to take effect.
You can use poetry lock to do so without the --no-update option.

Changed

• This release is compatible with the install-poetry.py installation script to ease the migration path from 1.1 releases to 1.2 releases. (#4192)

Fixed

... (truncated)

Commits

• 69bd682 Bump version to 1.1.9
• 9d8aed4 Update lock file
• a9e59ed Merge pull request #4507 from python-poetry/1.1-fix-system-env-detection
• 459c8c9 Fix system env detection
• 634bb23 Merge pull request #4420 from pietrodn/fix/hash-check-backport-1.1
• d033cba style: linting
• 8268795 Merge pull request #4444 from python-poetry/1.1-fix-archive-hash-generation
• 8238cab Fix archive hash generation
• 8956a0c fix: python 2.7 syntax
• 435ff81 Throw a RuntimeError on hash mismatch in Chooser._get_links (#3885)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MicroPyramid/opensource-job-portal/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.