pypi poetry 2.3.3
on Python PyPI

4 hours ago

Fixed

  • Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#10792).
  • Fix an issue where git dependencies from annotated tags could not be updated (#10719).
  • Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#10784).
  • Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#10777).
  • Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#10748).
  • Fix an issue where poetry publish --no-interaction --build requested user interaction (#10769).
  • Fix an issue where poetry init and poetry new created a deprecated project.license format (#10787).

Docs

  • Clarify the differences between poetry install and poetry update (#10713).
  • Clarify the section of fields in the pyproject.toml examples (#10753).
  • Add a note about the different installation location when Python from the Microsoft Store is used (#10759).
  • Fix the system requirements for Poetry (#10739).
  • Fix the poetry cache clear example (#10749).
  • Fix the link to pipx installation instructions (#10783).

poetry-core (2.3.2)

  • Fix an issue where platform_release could not be parsed on Debian Trixie (#930).
  • Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#914).
  • Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#919).
  • Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#922).
  • Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#924).
  • Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#925).
  • Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#921).
  • Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#920).
  • Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#929).
  • Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#927).
Check out latest releases or
releases around poetry 2.3.3

Don't miss a new poetry release

NewReleases is sending notifications on new releases.

Get notifications