Skip to content

Update dependency poetry to v2.3.3#81

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/poetry-2.x
Open

Update dependency poetry to v2.3.3#81
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/poetry-2.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Sep 14, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
poetry (changelog) 2.1.42.3.3 age confidence

Release Notes

python-poetry/poetry (poetry)

v2.3.3

Compare Source

Fixed
  • Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#​10792).
  • Fix an issue where git dependencies from annotated tags could not be updated (#​10719).
  • Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#​10784).
  • Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#​10777).
  • Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#​10748).
  • Fix an issue where poetry publish --no-interaction --build requested user interaction (#​10769).
  • Fix an issue where poetry init and poetry new created a deprecated project.license format (#​10787).
Docs
  • Clarify the differences between poetry install and poetry update (#​10713).
  • Clarify the section of fields in the pyproject.toml examples (#​10753).
  • Add a note about the different installation location when Python from the Microsoft Store is used (#​10759).
  • Fix the system requirements for Poetry (#​10739).
  • Fix the poetry cache clear example (#​10749).
  • Fix the link to pipx installation instructions (#​10783).
poetry-core (2.3.2)
  • Fix an issue where platform_release could not be parsed on Debian Trixie (#​930).
  • Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#​914).
  • Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#​919).
  • Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#​922).
  • Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#​924).
  • Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#​925).
  • Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#​921).
  • Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#​920).
  • Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#​929).
  • Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#​927).

v2.3.2

Compare Source

Changed
poetry-core (2.3.1)
  • Fix an issue where platform_release could not be parsed on Windows Server (#​911).

v2.3.1

Compare Source

Fixed
  • Fix an issue where cached information about each package was always considered outdated (#​10699).
Docs
  • Document SHELL_VERBOSITY environment variable (#​10678).

v2.3.0

Compare Source

Added
  • Add support for exporting pylock.toml files with poetry-plugin-export (#​10677).
  • Add support for specifying build constraints for dependencies (#​10388).
  • Add support for publishing artifacts whose version is determined dynamically by the build-backend (#​10644).
  • Add support for editable project plugins (#​10661).
  • Check requires-poetry before any other validation (#​10593).
  • Validate the content of project.readme when running poetry check (#​10604).
  • Add the option to clear all caches by making the cache name in poetry cache clear optional (#​10627).
  • Automatically update the cache for packages where the locked files differ from cached files (#​10657).
  • Suggest to clear the cache if running a command with --no-cache solves an issue (#​10585).
  • Propose poetry init when trying poetry new for an existing directory (#​10563).
  • Add support for poetry publish --skip-existing for new Nexus OSS versions (#​10603).
  • Show Poetry's own Python's path in poetry debug info (#​10588).
Changed
  • Drop support for Python 3.9 (#​10634).
  • Change the default of installer.re-resolve from true to false (#​10622).
  • PEP 735 dependency groups are considered in the lock file hash (#​10621).
  • Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#​10634).
  • Improve managing free-threaded Python versions with poetry python (#​10606).
  • Prefer JSON API to HTML API in legacy repositories (#​10672).
  • When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#​10679).
  • Raise an error if no hash can be determined for any distribution link of a package (#​10673).
  • Require dulwich>=0.25.0 (#​10674).
Fixed
  • Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#​10587).
  • Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#​10590).
  • Fix an issue where poetry add did not work for PEP 735 dependency groups with include-group items (#​10636).
  • Fix an issue where PEP 735 dependency groups were not considered in the lock file hash (#​10621).
  • Fix an issue where wrong markers were locked for a dependency that was required by several groups with different markers (#​10613).
  • Fix an issue where non-deterministic markers were created in a method used by poetry-plugin-export (#​10667).
  • Fix an issue where wrong wheels were chosen for installation in free-threaded Python environments if Poetry itself was not installed with free-threaded Python (#​10614).
  • Fix an issue where poetry publish used the metadata of the project instead of the metadata of the build artifact (#​10624).
  • Fix an issue where poetry env use just used another Python version instead of failing when the requested version was not supported by the project (#​10685).
  • Fix an issue where poetry env activate returned the wrong command for dash (#​10696).
  • Fix an issue where data-dir and python.installation-dir could not be set (#​10595).
  • Fix an issue where Python and pip executables were not correctly detected on Windows (#​10645).
  • Fix an issue where invalid template variables in virtualenvs.prompt caused an incomprehensible error message (#​10648).
Docs
  • Add a warning about ~/.netrc for Poetry credential configuration (#​10630).
  • Clarify that the local configuration takes precedence over the global configuration (#​10676).
  • Add an explanation in which cases packages are automatically detected (#​10680).
poetry-core (2.3.0)
  • Normalize versions (#​893).
  • Fix an issue where unsatisfiable requirements did not raise an error (#​891).
  • Fix an issue where the implicit main group did not exist if it was explicitly declared as not having any dependencies (#​892).
  • Fix an issue where python_full_version markers with pre-release versions were parsed incorrectly (#​893).

v2.2.1

Compare Source

Fixed
  • Fix an issue where poetry self show failed with a message about an invalid output format (#​10560).
Docs
  • Remove outdated statements about dependency groups (#​10561).
poetry-core (2.2.1)
  • Fix an issue where it was not possible to declare a PEP 735 dependency group as optional (#​888).

v2.2.0

Compare Source

Added
  • Add support for nesting dependency groups (#​10166).
  • Add support for PEP 735 dependency groups (#​10130).
  • Add support for PEP 639 license clarity (#​10413).
  • Add a --format option to poetry show to alternatively output json format (#​10487).
  • Add official support for Python 3.14 (#​10514).
Changed
  • Normalize dependency group names (#​10387).
  • Change installer.no-binary and installer.only-binary so that explicit package names will take precedence over :all: (#​10278).
  • Improve log output during poetry install when a wheel is built from source (#​10404).
  • Improve error message in case a file lock could not be acquired while cloning a git repository (#​10535).
  • Require dulwich>=0.24.0 (#​10492).
  • Allow virtualenv>=20.33 again (#​10506).
  • Allow findpython>=0.7 (#​10510).
  • Allow importlib-metadata>=8.7 (#​10511).
Fixed
  • Fix an issue where poetry new did not create the project structure in an existing empty directory (#​10431).
  • Fix an issue where a dependency that was required for a specific Python version was not installed into an environment of a pre-release Python version (#​10516).
poetry-core (2.2.0)
  • Deprecate table values and values that are not valid SPDX expressions for [project.license] (#​870).
  • Fix an issue where explicitly included files that are in .gitignore were not included in the distribution (#​874).
  • Fix an issue where marker operations could result in invalid markers (#​875).

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update dependency poetry to v2.2.0 Update dependency poetry to v2.2.1 Sep 21, 2025
@renovate renovate bot force-pushed the renovate/poetry-2.x branch from 8550ae2 to d897062 Compare September 21, 2025 16:25
@renovate renovate bot force-pushed the renovate/poetry-2.x branch from d897062 to 8ab58b9 Compare January 8, 2026 19:15
@renovate renovate bot changed the title Update dependency poetry to v2.2.1 Update dependency poetry to v2.3.0 Jan 18, 2026
@renovate renovate bot force-pushed the renovate/poetry-2.x branch 2 times, most recently from 93712b6 to bf660bb Compare January 20, 2026 16:57
@renovate renovate bot changed the title Update dependency poetry to v2.3.0 Update dependency poetry to v2.3.1 Jan 20, 2026
@renovate renovate bot changed the title Update dependency poetry to v2.3.1 Update dependency poetry to v2.3.2 Feb 1, 2026
@renovate renovate bot force-pushed the renovate/poetry-2.x branch from bf660bb to d93fb52 Compare February 1, 2026 17:47
@renovate renovate bot changed the title Update dependency poetry to v2.3.2 Update dependency poetry to v2.3.3 Mar 29, 2026
@renovate renovate bot force-pushed the renovate/poetry-2.x branch from d93fb52 to ed78094 Compare March 29, 2026 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants