Unwanted updates in dependencies with extras when updating another dependency

[thibaudcolas]

• [x] I am on the latest Poetry version.
• [x] I have searched the issues of this repo and believe that this is not a duplicate.
• [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS 12.3 Monterey
• Poetry version: 1.1.13
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/thibaudcolas/48dc9a2b34f5c0a72e4082cb28b4728b

Issue

I’m getting unwanted updates to my dependencies defining extras, when updating other unrelated dependencies with poetry update <package> / poetry add <package>@latest / manual pyproject.toml updates.

For example, take the following dependencies:

tablib = { version ="~3.2.0", extras = ["xls"] }
djhtml = "^1.4.11"

I have a lockfile where tablib was pinned to v3.2.0, and djhtml was pinned to v1.4.11. Running poetry install in a fresh virtual environment, I get the expected v3.2.0 and v1.4.11 versions installed.

Now if I want to update to the latest djhtml, I run poetry update djhtml and get an unexpected version bump on tablib as well (which djhtml doesn’t depend on):

[…]
Package operations: 0 installs, 2 updates, 0 removals

  - Updating djhtml (1.4.11 -> 1.5.0)
  - Updating tablib (3.2.0 -> 3.2.1)

---

This only seems to happen when the tablib version is defined with extras. If I repeat all of the above but with tablib defined as tablib = "~3.2.0" (and a matching lockfile), poetry update djhtml gives the correct output:

[…]
Package operations: 0 installs, 1 update, 0 removals

  - Updating djhtml (1.4.11 -> 1.5.0)

Looking at other issues, #5010 seems potentially related but it’s a stretch (I’m on Python 3.9.1). I couldn’t find anything else about unwanted updates though there are other issues about different behavior with extras.

[radoering]

Can you please check if the issue still exists with poetry 1.2.0b1?

[adamchainz]

Poetry 1.2.0b1 does seem to fix this.