cjolowicz / cookiecutter-hypermodern-python

Hypermodern Python Cookiecutter
http://cookiecutter-hypermodern-python.readthedocs.io/
MIT License
1.82k stars 236 forks source link

Bump poetry from 1.3.2 to 1.8.1 in /.github/workflows #1364

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 9 months ago

Bumps poetry from 1.3.2 to 1.8.1.

Release notes

Sourced from poetry's releases.

1.8.1

Fixed

  • Update the minimum required version of packaging (#9031).
  • Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

  • Rename master branch to main (#9022).

1.8.0

Added

  • Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
  • Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
  • Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
  • Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
  • poetry check validates that no unknown sources are referenced in dependencies (#8709).
  • Add archive validation during installation for further hash algorithms (#8851).
  • Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
  • Add a config option to disable keyring (#8910).
  • Add a --sync option to poetry update (#8931).
  • Add an --output option to poetry build (#8828).
  • Add a --dist-dir option to poetry publish (#8828).

Changed

  • The implicit PyPI source is disabled if at least one primary source is configured (#8771).
  • Deprecate source priority default (#8771).
  • Upgrade the warning about an inconsistent lockfile to an error (#8737).
  • Deprecate setting installer.modern-installation to false (#8988).
  • Drop support for pip<19 (#8894).
  • Require requests-toolbelt>=1 (#8680).
  • Allow platformdirs 4.x (#8668).
  • Allow and require xattr 1.x on macOS (#8801).
  • Improve venv shell activation in fish (#8804).
  • Rename system to base in output of poetry env info (#8832).
  • Use pretty name in output of poetry version (#8849).
  • Improve error handling for invalid entries in tool.poetry.scripts (#8898).
  • Improve verbose output for dependencies with extras during dependency resolution (#8834).
  • Improve message about an outdated lockfile (#8962).

Fixed

  • Fix an issue where poetry shell failed when Python has been installed with MSYS2 (#8644).
  • Fix an issue where Poetry commands failed in a terminal with a non-UTF-8 encoding (#8608).
  • Fix an issue where a missing project name caused an incomprehensible error message (#8691).
  • Fix an issue where Poetry failed to install an sdist path dependency (#8682).
  • Fix an issue where poetry install failed because an unused extra was not available (#8548).
  • Fix an issue where poetry install --sync did not remove an unrequested extra (#8621).

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.8.1] - 2024-02-26

Fixed

  • Update the minimum required version of packaging (#9031).
  • Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

  • Rename master branch to main (#9022).

[1.8.0] - 2024-02-25

Added

  • Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
  • Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
  • Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
  • Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
  • poetry check validates that no unknown sources are referenced in dependencies (#8709).
  • Add archive validation during installation for further hash algorithms (#8851).
  • Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
  • Add a config option to disable keyring (#8910).
  • Add a --sync option to poetry update (#8931).
  • Add an --output option to poetry build (#8828).
  • Add a --dist-dir option to poetry publish (#8828).

Changed

  • The implicit PyPI source is disabled if at least one primary source is configured (#8771).
  • Deprecate source priority default (#8771).
  • Upgrade the warning about an inconsistent lockfile to an error (#8737).
  • Deprecate setting installer.modern-installation to false (#8988).
  • Drop support for pip<19 (#8894).
  • Require requests-toolbelt>=1 (#8680).
  • Allow platformdirs 4.x (#8668).
  • Allow and require xattr 1.x on macOS (#8801).
  • Improve venv shell activation in fish (#8804).
  • Rename system to base in output of poetry env info (#8832).
  • Use pretty name in output of poetry version (#8849).
  • Improve error handling for invalid entries in tool.poetry.scripts (#8898).
  • Improve verbose output for dependencies with extras during dependency resolution (#8834).
  • Improve message about an outdated lockfile (#8962).

Fixed

  • Fix an issue where poetry shell failed when Python has been installed with MSYS2 (#8644).
  • Fix an issue where Poetry commands failed in a terminal with a non-UTF-8 encoding (#8608).

... (truncated)

Commits
  • 78f7dd6 release: bump version to 1.8.1
  • 465aa8c lazy-wheel: handle unexpected status codes as "negative offsets not supported"
  • ed8cb8b deps: require packaging >= 23.1 for packaging.metadata (#9031)
  • 00967d3 doc: rename master branch to main (#9022)
  • a3789fe release: bump version to 1.8.0
  • cc32ce6 chore: update dependencies (#8984)
  • 4844189 ci: add python 3.12 to skip workflow
  • 8ca6c6d config: fix handling of venv opts env vars
  • 468f658 config: normalize venv opts no-pip/no-setuptools
  • e1159b0 doc: add reference to package source for add
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 8 months ago

Superseded by #1371.