From 85d727cfba03e07986213656d666c44ee53147ee Mon Sep 17 00:00:00 2001
From: Tom Rochette <roctom@gmail.com>
Date: Thu, 9 Jan 2020 21:09:06 -0500
Subject: [PATCH 1/2] Set default poetry to 1.0.0

---
 python/helpers/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
index 4e24379c42..a67f862a09 100644
--- a/python/helpers/requirements.txt
+++ b/python/helpers/requirements.txt
@@ -3,7 +3,7 @@ pip-tools==4.3.0
 hashin==0.14.6
 pipenv==2018.11.26
 pipfile==0.0.2
-poetry==0.12.17
+poetry==1.0.0
 
 # Some dependencies will only install if Cython is present
 Cython==0.29.14

From ffbd4ee9441ffe0e0481c06b6eaa130be735d597 Mon Sep 17 00:00:00 2001
From: Tom Rochette <roctom@gmail.com>
Date: Thu, 9 Jan 2020 21:11:17 -0500
Subject: [PATCH 2/2] Install poetry 0.12.17 for pre-1.0.0 lock files

In the case that a poetry.lock file is discovered with a
metadata.hashes entry, we should use poetry 0.12.17 to update
the lockfile in order to preserve version compatibility. Otherwise
assume that the user wants to use the latest poetry version (1.0.0
at this time).
---
 .../update_checker/poetry_version_resolver.rb | 32 ++++++++++++++++---
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb
index 76410c77c2..15d86b7074 100644
--- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb
+++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb
@@ -80,14 +80,12 @@ def fetch_latest_resolvable_version_string(requirement:)
                   )
                 end
 
+                update_poetry_binary_version
+
                 # Shell out to Poetry, which handles everything for us.
                 run_poetry_command(poetry_update_command)
 
-                updated_lockfile =
-                  if File.exist?("poetry.lock") then File.read("poetry.lock")
-                  else File.read("pyproject.lock")
-                  end
-                updated_lockfile = TomlRB.parse(updated_lockfile)
+                updated_lockfile = read_lockfile
 
                 fetch_version_from_parsed_lockfile(updated_lockfile)
               rescue SharedHelpers::HelperSubprocessFailed => e
@@ -96,6 +94,30 @@ def fetch_latest_resolvable_version_string(requirement:)
             end
         end
 
+        def update_poetry_binary_version
+          # TODO: I'm not sure if the case where there's no lockfile is
+          # already handled by dependabot.
+          lockfile = read_lockfile
+
+          # Before version 1.0.0, poetry used a metadata.hashes to store
+          # package dependencies hashes. After 1.0.0, it is stored in
+          # metadata.files.
+          pre100 = lockfile.dig("metadata", "hashes")
+
+          return unless pre100
+
+          puts " => downgrading poetry to 0.12.17 due to pre-1.0.0 lockfile"
+          run_poetry_command("pyenv exec pip install poetry==0.12.17")
+        end
+
+        def read_lockfile
+          updated_lockfile =
+            if File.exist?("poetry.lock") then File.read("poetry.lock")
+            else File.read("pyproject.lock")
+            end
+          TomlRB.parse(updated_lockfile)
+        end
+
         def fetch_version_from_parsed_lockfile(updated_lockfile)
           version =
             updated_lockfile.fetch("package", []).