Skip to content

Bump poetry from 2.3.4 to 2.4.0#564

Merged
edmorley merged 2 commits into
mainfrom
dependabot/pip/poetry-2.4.0
May 7, 2026
Merged

Bump poetry from 2.3.4 to 2.4.0#564
edmorley merged 2 commits into
mainfrom
dependabot/pip/poetry-2.4.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 7, 2026
edited
Loading

Bumps poetry from 2.3.4 to 2.4.0.

Release notes

Sourced from poetry's releases.

2.4.0

Added

  • Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
  • Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
  • Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

  • Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
  • Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
  • Require installer>=1.0.0 (#10869).
  • Allow findpython>=0.8 (#10874).

Fixed

  • Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
  • Fix an issue where the order of markers in the lock file was not deterministic (#10720).
  • Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
  • Fix an issue where poetry env activate did not work for bash on Windows (#10716).
  • Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
  • Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
  • Fix an issue where a false warning about a circular dependency was printed (#10811).
  • Fix an issue where falsy config values were incorrectly treated as not set (#10808).
  • Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
  • Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
  • Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
  • Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
  • Fix an issue where further packages were installed even though installation should be aborted (#10742).
  • Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
  • Fix an issue where http-basic could not be set for repository names with periods (#10845).
  • Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

  • Clarify the precedence of configuration sources (#10757).
  • Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

poetry-core (2.4.0)

  • Update vendored packaging to 26.2 (#936).
Changelog

Sourced from poetry's changelog.

[2.4.0] - 2026-05-03

Added

  • Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
  • Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
  • Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

  • Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
  • Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
  • Require installer>=1.0.0 (#10869).
  • Allow findpython>=0.8 (#10874).

Fixed

  • Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
  • Fix an issue where the order of markers in the lock file was not deterministic (#10720).
  • Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
  • Fix an issue where poetry env activate did not work for bash on Windows (#10716).
  • Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
  • Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
  • Fix an issue where a false warning about a circular dependency was printed (#10811).
  • Fix an issue where falsy config values were incorrectly treated as not set (#10808).
  • Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
  • Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
  • Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
  • Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
  • Fix an issue where further packages were installed even though installation should be aborted (#10742).
  • Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
  • Fix an issue where http-basic could not be set for repository names with periods (#10845).
  • Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

  • Clarify the precedence of configuration sources (#10757).
  • Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

poetry-core (2.4.0)

  • Update vendored packaging to 26.2 (#936).
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Dependabot PRs that update Python dependencies labels May 7, 2026
@dependabot dependabot Bot requested a review from edmorley as a code owner May 7, 2026 12:59
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Dependabot PRs that update Python dependencies labels May 7, 2026
@edmorley
Copy link
Copy Markdown
Member

edmorley commented May 7, 2026

@dependabot rebase

@dependabot
Bump poetry from 2.3.4 to 2.4.0
6bfd4e5 
Bumps [poetry](https://github.com/python-poetry/poetry) from 2.3.4 to 2.4.0.
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.3.4...2.4.0)

---
updated-dependencies:
- dependency-name: poetry
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/poetry-2.4.0 branch from ee5ebbe to 6bfd4e5 Compare May 7, 2026 13:55
@edmorley edmorley enabled auto-merge (squash) May 7, 2026 14:00
@edmorley edmorley merged commit 518cf78 into main May 7, 2026
8 checks passed
@edmorley edmorley deleted the dependabot/pip/poetry-2.4.0 branch May 7, 2026 14:02
This was referenced May 7, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edmorley edmorley edmorley approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Dependabot PRs that update Python dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@edmorley