Open rxm7706 opened 2 months ago
conda-lock currently downgrades urllib3 to less than version 2.0, https://github.com/conda/conda-lock/blob/main/pyproject.toml#L69 Poetry removed the pin for urllib with poetry version 1.6.0 (poetry-core 1.7.0, cleo >=2.0.0) https://github.com/python-poetry/poetry/blob/1.6.0/pyproject.toml
Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt with latest versions
Critical packages are now being updated with urllib3>=2.0 only urllib3 <2.0.0 limits aiobotocore to 2.12.2, botocore to 1.34.51 and boto3 to 1.34.51 -
Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt change current versions
cleo==0.8.1 poetry==1.1.15 poetry-core==1.0.8 to latest versions
No response
Checklist
What is the idea?
conda-lock currently downgrades urllib3 to less than version 2.0, https://github.com/conda/conda-lock/blob/main/pyproject.toml#L69 Poetry removed the pin for urllib with poetry version 1.6.0 (poetry-core 1.7.0, cleo >=2.0.0) https://github.com/python-poetry/poetry/blob/1.6.0/pyproject.toml
Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt with latest versions
Why is this needed?
Critical packages are now being updated with urllib3>=2.0 only urllib3 <2.0.0 limits aiobotocore to 2.12.2, botocore to 1.34.51 and boto3 to 1.34.51 -
What should happen?
Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt change current versions
Poetry-related:
cleo==0.8.1 poetry==1.1.15 poetry-core==1.0.8 to latest versions
Additional Context
No response