Poetry update with "^0" requirements.

[vacarme]

Hello, i do not understand the recent behavior of the caret requirements for version starting with a 0.

Here is the setup:

• Poetry version: 1.7.1
• Python version: 3.12.0
• OS version and name: macOs 14.1.1
• pyproject.toml: https://gist.github.com/vacarme/d1f5f0be35a4cee3da4b530a1e39f948

Issue

I understood that setting fastapi = "^0" was the correct way to update fastapi to the latest but today I noticed, fastapi was stuck on 0.106.0 whereas 0.108.0 is available.

running poetry update --with=testing --with=quality --with=typing --dry-run does not upgrade fastapi. • Installing fastapi (0.106.0): Skipped for the following reason: Already installed

if I update the pyproject.toml to hardcode fastapi = "^0.108" it's working. • Updating fastapi (0.106.0 -> 0.108.0)

Not a major issue but definitely something I do not understand is happening here.

[dimbleby]

Impossible to reproduce without a poetry.lock.

Perhaps there are two projects whose latest versions are not compatible and so one can only be upgraded if the other is downgraded

[CharlesPerrotMinotHCHB]

Notices a couple things (unrelated, but to note):

• Your [tool.poetry] doesn't have authors
• https://redacted.com gives you a nice message that Redacted, Inc has closed in June 2023

More importantly, if I poetry lock the file you gave, the resulting poetry.lock file does point to fastapi 0.108.0 I unfortunately wasn't able to reproduce the issue you describe either.

1. Put the pyproject.toml you gave in an empty dir, with fastapi = "^0.106.0"
2. poetry lock
3. poetry install
4. Update fastapi in the pyproject.toml to fastapi = "^0"
5. Use poetry update --with=testing --with=quality --with=typing --dry-run

The output contains the fastapi update:

poetry update --with=testing --with=quality --with=typing --dry-run Updating dependencies Resolving dependencies... (0.7s) Package operations: 11 installs, 3 updates, 0 removals, 31 skipped • Updating anyio (3.7.1 -> 4.2.0) • Installing iniconfig (2.0.0) • Installing packaging (23.2) • Installing pluggy (1.3.0) • Installing mypy-extensions (1.0.0) • Installing pytest (7.4.4) • Updating starlette (0.27.0 -> 0.32.0.post1) • Installing annotated-types (0.6.0): Skipped for the following reason: Already installed • Installing authlib (1.3.0): Skipped for the following reason: Already installed • Installing certifi (2023.11.17): Skipped for the following reason: Already installed • Installing cffi (1.16.0): Skipped for the following reason: Already installed • Installing click (8.1.7): Skipped for the following reason: Already installed • Installing coverage (7.4.0) • Installing cryptography (41.0.7): Skipped for the following reason: Already installed • Installing dnspython (2.4.2): Skipped for the following reason: Already installed • Installing email-validator (2.1.0.post1): Skipped for the following reason: Already installed • Updating fastapi (0.106.0 -> 0.108.0) • Installing greenlet (3.0.3): Skipped for the following reason: Already installed • Installing h11 (0.14.0): Skipped for the following reason: Already installed • Installing httpcore (0.17.3): Skipped for the following reason: Already installed • Installing httptools (0.6.1): Skipped for the following reason: Already installed • Installing httpx (0.24.1): Skipped for the following reason: Already installed • Installing idna (3.6): Skipped for the following reason: Already installed • Installing itsdangerous (2.1.2): Skipped for the following reason: Already installed • Installing mypy (1.8.0) • Installing psycopg (3.1.16): Skipped for the following reason: Already installed • Installing psycopg-c (3.1.16): Skipped for the following reason: Already installed • Installing pycparser (2.21): Skipped for the following reason: Already installed • Installing pydantic (2.5.3): Skipped for the following reason: Already installed • Installing pydantic-core (2.14.6): Skipped for the following reason: Already installed • Installing pytest-asyncio (0.21.1) • Installing python-dateutil (2.8.2): Skipped for the following reason: Already installed • Installing pytest-env (0.8.2) • Installing ruff (0.1.9) • Installing python-dotenv (1.0.0): Skipped for the following reason: Already installed • Installing six (1.16.0): Skipped for the following reason: Already installed • Installing sniffio (1.3.0): Skipped for the following reason: Already installed • Installing sqlalchemy (2.0.24): Skipped for the following reason: Already installed • Installing typing-extensions (4.9.0): Skipped for the following reason: Already installed • Installing pyyaml (6.0.1): Skipped for the following reason: Already installed • Installing uvloop (0.19.0): Skipped for the following reason: Already installed • Installing websockets (12.0): Skipped for the following reason: Already installed • Installing watchfiles (0.21.0): Skipped for the following reason: Already installed • Installing uvicorn (0.25.0): Skipped for the following reason: Already installed • Installing types-python-dateutil (2.8.19.14)

[allanlewis]

I'm seeing something similar. I have this in pyproject.toml:

[tool.poetry.dependencies]
python = "~3.9"
...
holidays = "^0.54"
...

My lock-file has holidays v0.54. Running poetry update holidays doesn't update holidays to the latest, which is 0.56 at time of writing. Even poetry lock (without --no-update) doesn't update it. So presumably ^0.54 only includes 0.54.x and not 0.55 or greater?

[dimbleby]

please read the docs https://python-poetry.org/docs/dependency-specification/#caret-requirements