Is there an existing issue for this?
Package ecosystem
pip
Package manager version
Poetry 1.4.2
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
version: 2
updates:
# Upgrade Poetry dependencies.
- package-ecosystem: pip
directory: /
schedule:
interval: daily
time: "08:00"
timezone: America/New_York
open-pull-requests-limit: 1
insecure-external-code-execution: deny
allow:
- dependency-type: developmentUpdated dependency
No response
What you expected to see, versus what you actually saw
Expected no modifications to first line of poetry.lock:
# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
Experienced modification to first line of poetry.lock:
# This file is automatically @generated by Poetry and should not be changed by hand.
Native package manager behavior
Poetry adds the version number back in when, for example poetry lock --no-update, has work to do. If there are no substantive changes to be written, then Poetry doesn't modify poetry.lock at all. Poetry started including the Poetry version in the lock file in Poetry 1.4.0: python-poetry/poetry#7339.
Images of the diff or a link to the PR, issue, or logs
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry and should not be changed by hand.
Smallest manifest that reproduces the issue
pyproject.toml:
[build-system]
requires = ["poetry-core>=1.5.2"]
build-backend = "poetry.core.masonry.api"
[tool]
[tool.poetry]
name = "Minimal Reproduction"
version = "0.1.0"
description = "Minimal Reproduction of Dependabot Issue"
authors = ["Kurt von Laven <[email protected]>"]
[tool.poetry.dependencies]
python = "==3.11.3"
Is there an existing issue for this?
Package ecosystem
pip
Package manager version
Poetry 1.4.2
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
Updated dependency
No response
What you expected to see, versus what you actually saw
Expected no modifications to first line of
poetry.lock:# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.Experienced modification to first line of
poetry.lock:# This file is automatically @generated by Poetry and should not be changed by hand.Native package manager behavior
Poetry adds the version number back in when, for example
poetry lock --no-update, has work to do. If there are no substantive changes to be written, then Poetry doesn't modifypoetry.lockat all. Poetry started including the Poetry version in the lock file in Poetry 1.4.0: python-poetry/poetry#7339.Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
pyproject.toml: