Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`poetry update <single-pkg>` updates a different package with extras specification

See original GitHub issue

I am on the latest Poetry version.
I have searched the issues of this repo and believe that this is not a duplicate.
If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

OS version and name: Ubuntu 16.04
Poetry version: 1.1.2
Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/immerrr/0d55d8958683d26a024153cade39b266

Issue

It looks like packages with extras circumvent the whitelisting restriction when updating a single package with

poetry update <single-pkg>

Here’s a repro:

in the pyproject.toml linked above, change watchdog version to be strictly 0.10.2, and do poetry update
now, revert the watchdog version requirement to be ^0.10.2, but this time do poetry update decorator
expected behaviour: poetry does not change anything, as there is no new version of decorator package
actual behaviour:

watchdog is updated to `0.10.3`

$ poetry -V
Poetry version 1.1.2
$ poetry show --tree
decorator 4.4.2 Decorators for Humans
watchdog 0.10.2 Filesystem events monitoring
├── argh >=0.24.1
├── pathtools >=0.1.1
└── pyyaml >=3.10
$ poetry update decorator -vvv
Using virtualenv: /mnt/extraspace/virtualenvs/poetry-test-TzTtOsUh-py3.7
Updating dependencies
Resolving dependencies...
   1: fact: poetry-test is 0.1.0
   1: derived: poetry-test
   1: fact: poetry-test depends on watchdog[watchmedo] (^0.10.2)
   1: fact: poetry-test depends on decorator (^4.4.2)
   1: selecting poetry-test (0.1.0)
   1: derived: decorator (^4.4.2)
   1: derived: watchdog[watchmedo] (^0.10.2)
PyPI: No release information found for watchdog-0.3.4, skipping
PyPI: No release information found for watchdog-0.3.6, skipping
PyPI: No release information found for watchdog-0.6.1, skipping
PyPI: 2 packages found for watchdog >=0.10.2,<0.11.0
PyPI: No release information found for decorator-3.4.1, skipping
PyPI: No release information found for decorator-4.0.8, skipping
PyPI: 1 packages found for decorator >=4.4.2,<5.0.0
   1: selecting decorator (4.4.2)
   1: fact: watchdog[watchmedo] (0.10.3) depends on watchdog (0.10.3)
   1: fact: watchdog[watchmedo] (0.10.3) depends on pathtools (>=0.1.1)
   1: fact: watchdog[watchmedo] (0.10.3) depends on PyYAML (>=3.10)
   1: fact: watchdog[watchmedo] (0.10.3) depends on argh (>=0.24.1)
   1: selecting watchdog[watchmedo] (0.10.3)
   1: derived: argh (>=0.24.1)
   1: derived: PyYAML (>=3.10)
   1: derived: pathtools (>=0.1.1)
   1: derived: watchdog (0.10.3)
PyPI: No release information found for watchdog-0.3.4, skipping
PyPI: No release information found for watchdog-0.3.6, skipping
PyPI: No release information found for watchdog-0.6.1, skipping
PyPI: 1 packages found for watchdog 0.10.3
   1: selecting argh (0.26.2)
   1: selecting pyyaml (5.3.1)
   1: selecting pathtools (0.1.2)
   1: fact: watchdog (0.10.3) depends on pathtools (>=0.1.1)
   1: selecting watchdog (0.10.3)
   1: Version solving took 0.030 seconds.
   1: Tried 1 solutions.

Writing lock file

Finding the necessary packages for the current system

Package operations: 0 installs, 1 update, 0 removals

  • Updating watchdog (0.10.2 -> 0.10.3): Pending...
  • Updating watchdog (0.10.2 -> 0.10.3): Installing...
  • Updating watchdog (0.10.2 -> 0.10.3)

What leads me to believe this is somehow related to the extras specification, is that …

... if I remove the extras and repeat the repro with just `watchdog = {version = "^0.10.2"}`, watchdog is *not* updated to 0.10.3 which is the expected behaviour.

$ poetry -V
Poetry version 1.1.2
$ poetry show --tree
decorator 4.4.2 Decorators for Humans
watchdog 0.10.2 Filesystem events monitoring
└── pathtools >=0.1.1
$ poetry update decorator -vvv
Using virtualenv: /mnt/extraspace/virtualenvs/poetry-test-TzTtOsUh-py3.7
Updating dependencies
Resolving dependencies...
   1: fact: poetry-test is 0.1.0
   1: derived: poetry-test
   1: fact: poetry-test depends on watchdog (^0.10.2)
   1: fact: poetry-test depends on decorator (^4.4.2)
   1: selecting poetry-test (0.1.0)
   1: derived: decorator (^4.4.2)
   1: derived: watchdog (^0.10.2)
PyPI: No release information found for decorator-3.4.1, skipping
PyPI: No release information found for decorator-4.0.8, skipping
PyPI: 1 packages found for decorator >=4.4.2,<5.0.0
   1: selecting decorator (4.4.2)
   1: fact: watchdog (0.10.2) depends on pathtools (>=0.1.1)
   1: selecting watchdog (0.10.2)
   1: derived: pathtools (>=0.1.1)
   1: selecting pathtools (0.1.2)
   1: Version solving took 0.017 seconds.
   1: Tried 1 solutions.

Finding the necessary packages for the current system

No dependencies to install or update

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:6 (1 by maintainers)

Top GitHub Comments

2reactions

skylerwshawcommented, Jan 24, 2021

@immerrr I found your issue after experiencing the same but was able to resolve it with the following:

Run poetry lock --no-update, which was required in my case because my poetry.lock file was generated by a Poetry version earlier than 1.1. This regenerates the lock file with no version changes, a migration of lockfile formatting of sorts. Commit this update.
Now run poetry update <single-pkg>. You’ll likely find that only the one dependency updates, including its child dependencies.

Without digging, I think this happens because the poetry update command in 1.1+ can’t read your old-format lockfile so regenerates the lockfile without awareness of the old lockfile’s version locks.

cc @finswimmer

0reactions

radoeringcommented, Nov 13, 2021

Relates to #4612. The attached PR seems to resolve this issue, too.