Support for updating Poetry pyproject.toml, not just poetry.lock?

[glennmatthews]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

poetry

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

/pyproject.toml, /poetry.lock

dependabot.yml content

Default configuration (no dependabot.yml)

Updated dependency

No response

What you expected to see, versus what you actually saw

Given that the documentation specifies that the default versioning-strategy for the Python ecosystem is auto, I'd expect Dependabot PRs to by default update pyproject.toml as per either theincrease or widen strategies.

Instead, only the poetry.lock is updated by Dependabot. This is of very limited usefulness since poetry.lock only influences what gets installed when working directly in the repository, and has no impact on the dependencies that are specified when packaging and distributing our code via PyPI. As a result, we almost always have to manually "fix up" Dependabot's pull requests (usually by pulling down the branch and manually running poetry add <dependency>~<new-version>) to include appropriate pyproject.toml updates in order to actually affect the packaging of our project.

I'm guessing that this may be because Dependabot states support for PEP 621 compliant pyproject.toml files, and Poetry's pyproject.toml is not currently PEP 621 compliant. But as an end user of Dependabot, it would be useful to have this variant file format supported as well.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[gshpychka]

The docs don't even mention the capability to make updates to poetry.lock, making this even more confusing

[watermarkhu]

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

[carlincherry]

cc @carlincherry @cmrice

[lucasoskorep]

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

This dependency has been merged in - is this ticket completed or just something that can be actively worked on now*?

[mluypaert]

This will be solved if python-poetry/poetry-core#708 is merged, which makes poetry PEP 621 Compliant

This dependency has been merged in - is this ticket completed or just something that can be actively worked on now*?

While python-poetry/poetry-core#708 has indeed been merged, it hasn't been released to public yet (will come as a new 2.*.* poetry release), which is presumably waiting for python-poetry/poetry#9136 to be completed. Until that time, there's no reliable way for poetry end-users to use these PEP-621 compliant pyproject.toml dependencies, and hence this ticket cannot be called completed until then. At the very least, the dependabot docs should be updated to reflect that dependabot only supports poetry 2.* and only when using PEP-621 compliant pyproject.toml.