What you expected to see, versus what you actually saw
It should consider aiohttp==3.7.4.post0 as up to date, but it wants me to update the dependency to an older version (3.7.4).
Native package manager behavior
poetry and pip both correctly consider 3.7.4.post0 to be newer than 3.7.4, per https://www.python.org/dev/peps/pep-0440/#post-releasesImages of the diff or a link to the PR, issue or logs
jeffwidman
commented
1 year ago
Package ecosystem: poetry / pip Package manager version: poetry 1.2.0a1, pip 21.1.2 Language version: 3.9.5 Manifest location and content prior to update:
What you expected to see, versus what you actually saw It should consider
aiohttp==3.7.4.post0as up to date, but it wants me to update the dependency to an older version (3.7.4). Native package manager behavior poetry and pip both correctly consider 3.7.4.post0 to be newer than 3.7.4, per https://www.python.org/dev/peps/pep-0440/#post-releases Images of the diff or a link to the PR, issue or logsIf I actually try creating a security update, however, it says it is "no longer vulnerable":
🕹 Bonus points: Smallest manifest that reproduces the issue requirements.txt: