build(deps): bump poetry from 1.7.1 to 1.8.2 in /devtools by dependabot[bot] · Pull Request #2743 · RDFLib/rdflib (original) (raw)

Bumps poetry from 1.7.1 to 1.8.2.

Release notes

Sourced from poetry's releases.

1.8.2

Fixed

• Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
• Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
• Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
• Improve lazy-wheel to allow redirects for HEAD requests (#9087).
• Improve debug logging for lazy-wheel errors (#9059).
• Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
• Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
• Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

1.8.1

Fixed

• Update the minimum required version of packaging (#9031).
• Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

• Rename master branch to main (#9022).

1.8.0

Added

• Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
• Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
• Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815, #8941).
• Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
• poetry check validates that no unknown sources are referenced in dependencies (#8709).
• Add archive validation during installation for further hash algorithms (#8851).
• Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
• Add a config option to disable keyring (#8910).
• Add a --sync option to poetry update (#8931).
• Add an --output option to poetry build (#8828).
• Add a --dist-dir option to poetry publish (#8828).

Changed

• The implicit PyPI source is disabled if at least one primary source is configured (#8771).
• Deprecate source priority default (#8771).
• Upgrade the warning about an inconsistent lockfile to an error (#8737).
• Deprecate setting installer.modern-installation to false (#8988).
• Drop support for pip<19 (#8894).
• Require requests-toolbelt>=1 (#8680).
• Allow platformdirs 4.x (#8668).
• Allow and require xattr 1.x on macOS (#8801).
• Improve venv shell activation in fish (#8804).
• Rename system to base in output of poetry env info (#8832).
• Use pretty name in output of poetry version (#8849).

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.8.2] - 2024-03-02

Fixed

• Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
• Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
• Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
• Improve lazy-wheel to allow redirects for HEAD requests (#9087).
• Improve debug logging for lazy-wheel errors (#9059).
• Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
• Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
• Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

[1.8.1] - 2024-02-26

Fixed

• Update the minimum required version of packaging (#9031).
• Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

• Rename master branch to main (#9022).

[1.8.0] - 2024-02-25

Added

• Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
• Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
• Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815,#8941).
• Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
• poetry check validates that no unknown sources are referenced in dependencies (#8709).
• Add archive validation during installation for further hash algorithms (#8851).
• Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
• Add a config option to disable keyring (#8910).
• Add a --sync option to poetry update (#8931).
• Add an --output option to poetry build (#8828).
• Add a --dist-dir option to poetry publish (#8828).

Changed

• The implicit PyPI source is disabled if at least one primary source is configured (#8771).
• Deprecate source priority default (#8771).
• Upgrade the warning about an inconsistent lockfile to an error (#8737).
• Deprecate setting installer.modern-installation to false (#8988).
• Drop support for pip<19 (#8894).

... (truncated)

Commits

• c3e22d6 release: bump version to 1.8.2
• 70d4f58 Improve error message when installing non-package in package-mode
• 03f3232 Hash metadata as bytes (#9049)
• 33b7618 lazy-wheel: allow redirects for HEAD request
• 58995de lazy-wheel: improve handling of servers that tell us that they support range ...
• d8afecb lazy-wheel: be more robust with regard to Artifactory's incorrect handling of...
• 3e43146 repo/http: add debug log for lazy wheel error
• f2bfacb harden lazy wheel wheel error handling
• 304c54a non-package-mode: fix poetry add (#9046)
• 78f7dd6 release: bump version to 1.8.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)