Closed nariman closed 4 years ago
Oh, I just tried to reproduce this bug with a clear install of dependencies first (I tested issue in a container where git dependency has been already installed, that's why I reproduced it before) and it looks like I encountered another bug. Poetry just ignores revision for git dependency from lock file and always installs latest commit. 🤔 Not an expected behavior.
@sdispater Add info is here, that may help, I hope.
After some digging into the resolution process, I found out the next.
And, referencing the comment I wrote 3 weeks ago, I'm pretty sure it's ok to install newer version (ignoring lockfile) on dependencies like folder, file, or git on poetry install
command. Just a little strange for git, because Poetry saves reference to a commit.
Could you test again with the latest stable release, and also with the latest 1.0.0
prerelease to see if the issue still occurs. Closing this for now but feel free to reopen if the issue still occurs
Hello,
I am regarded by this issue.
Python: 3.8.2. Poetry: 1.0.5 OS: Windows 10
[tool.poetry.dependencies]
python = "^3.8"
trio = "^0.13.0"
trio_typing = "^0.4.0"
confuse = "^1.1.0"
attrs = "^19.3.0"
SQLAlchemy = "^1.3.16"
marshmallow-sqlalchemy = "^0.22.3"
punq = "^0.4.1"
kivy = { url = "https://kivy.org/downloads/ci/win/kivy/Kivy-2.0.0rc1-cp38-cp38-win_amd64.whl" }
"kivy_deps.glew" = "^0.2.0"
"kivy_deps.sdl2" = "^0.2.0"
kivymd = { git = "https://github.com/HeaTTheatR/KivyMD.git", rev = "6c5ca0e269d77062f059ebd0b1e6bd44906c5d38" }
atlas-copco = { url = "http://mes.simple.hu:83/atlas_copco/atlas_copco-0.1.1.tar.gz" }
cognex = {url = "http://mes.simple.hu:83/cognex/cognex-0.1.2.tar.gz"}
yocto = { url = "http://mes.simple.hu:83/yocto/yocto-0.1.1.tar.gz" }
zebra = { url = "http://mes.simple.hu:83/zebra/zebra-0.1.1.tar.gz" }
mysql-connector-python = "^8.0.19"
Now whenever I issue poetry add a_package
it installs the any_package
then updates the others.
Here is an example:
(venv) C:\Users\***\PycharmProjects\V316-Production-Line>poetry add mysql-connector-python
Using version ^8.0.19 for mysql-connector-python
Updating dependencies
Resolving dependencies...
Writing lock file
Package operations: 4 installs, 5 updates, 0 removals
- Installing six (1.14.0)
- Installing dnspython (1.16.0)
- Updating Kivy (2.0.0rc1 -> 2.0.0rc1 https://kivy.org/downloads/ci/win/kivy/Kivy-2.0.0rc1-cp38-cp38-win_amd64.whl)
- Installing protobuf (3.6.1)
- Updating atlas-copco (0.1.1 -> 0.1.1 http://mes.simple.hu:83/atlas_copco/atlas_copco-0.1.1.tar.gz)
- Updating cognex (0.1.2 -> 0.1.2 http://mes.simple.hu:83/cognex/cognex-0.1.2.tar.gz)
- Updating yocto (0.1.1 -> 0.1.1 http://mes.simple.hu:83/yocto/yocto-0.1.1.tar.gz)
- Updating zebra (0.1.1 -> 0.1.1 http://mes.simple.hu:83/zebra/zebra-0.1.1.tar.gz)
- Installing mysql-connector-python (8.0.19)
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
-vvv
option).Issue
Hi.
I use Dependabot for dependency updates in my project and recently it pushed a PR with a diff, where's git dependency was updated to the latest commit along with updated package this PR has been created for. After a quick check, I found out that it's a problem in Poetry. In theory, Poetry updates git deps with a branch pin every time on update requests. But should it update git dependency if packages to update explicitly specified?
Steps to reproduce:
regular-package
);poetry update regular-package
Git dependency will be updated as well. You can use a PR mentioned before to test on it, if needed. This PR is based on a commit, where's multiple packages needs to be updated by today.