Upgrade vendored poetry to support urllib3>2.0, conda-lock pin prevents latest boto3 versions #622
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Checklist
What is the idea?
conda-lock currently downgrades urllib3 to less than version 2.0,
https://github.com/conda/conda-lock/blob/main/pyproject.toml#L69
Poetry removed the pin for urllib with poetry version 1.6.0 (poetry-core 1.7.0, cleo >=2.0.0)
https://github.com/python-poetry/poetry/blob/1.6.0/pyproject.toml
Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt
with latest versions
Why is this needed?
Critical packages are now being updated with urllib3>=2.0 only
urllib3 <2.0.0 limits aiobotocore to 2.12.2, botocore to 1.34.51 and boto3 to 1.34.51 -
What should happen?
Revendor poetry https://github.com/conda/conda-lock/blob/main/conda_lock/_vendor/vendor.txt
change current versions
Poetry-related:
cleo==0.8.1
poetry==1.1.15
poetry-core==1.0.8
to
latest versions
Additional Context
No response
The text was updated successfully, but these errors were encountered: