Closed Kurt-von-Laven closed 1 year ago
I ran in to this as well with https://github.com/gaphor/gaphor/pull/2310. I think this is due to an older version of poetry being used, it looks like this PR would fix this issue: https://github.com/dependabot/dependabot-core/pull/6758
Is this still happening @Kurt-von-Laven @danyeaw ?
Wondering if this was an upstream bug that no longer appears now that we're on poetry
1.5
...
I expect that this is fixed by https://github.com/dependabot/dependabot-core/pull/7350
Sg, will close for now and if you see it again comment and we can reopen.
Note that I haven't deployed that code yet, I'll probably do so tomorrow though.
Is there an existing issue for this?
Package ecosystem
pip
Package manager version
Poetry 1.4.2
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
Updated dependency
No response
What you expected to see, versus what you actually saw
Expected no modifications to first line of
poetry.lock
:# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
Experienced modification to first line of
poetry.lock
:# This file is automatically @generated by Poetry and should not be changed by hand.
Native package manager behavior
Poetry adds the version number back in when, for example
poetry lock --no-update
, has work to do. If there are no substantive changes to be written, then Poetry doesn't modifypoetry.lock
at all. Poetry started including the Poetry version in the lock file in Poetry 1.4.0: python-poetry/poetry#7339.Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
pyproject.toml
: