Merge branch 'python-poetry:master' into master

.github/workflows/main.yml

@@ -28,7 +28,7 @@ jobs:
     strategy:
       matrix:
         os: [Ubuntu, macOS, Windows]
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11-dev"]
+        python-version: ["3.7", "3.8", "3.9", "3.10"]
         include:
           - os: Ubuntu
             image: ubuntu-22.04

.pre-commit-config.yaml

@@ -33,26 +33,26 @@ repos:
         additional_dependencies: &flake8_deps
           - flake8-annotations==2.9.0
           - flake8-broken-line==0.4.0
-          - flake8-bugbear==22.4.25
+          - flake8-bugbear==22.7.1
           - flake8-comprehensions==3.10.0
           - flake8-eradicate==1.2.1
           - flake8-quotes==3.3.1
-          - flake8-simplify==0.19.2
+          - flake8-simplify==0.19.3
           - flake8-tidy-imports==4.8.0
-          - flake8-type-checking==1.5.0
+          - flake8-type-checking==2.1.0
           - flake8-typing-imports==1.12.0
-          - flake8-use-fstring==1.3
-          - pep8-naming==0.12.1
+          - flake8-use-fstring==1.4
+          - pep8-naming==0.13.1
 
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.34.0
+    rev: v2.37.2
     hooks:
       - id: pyupgrade
         args: [--py37-plus]
         exclude: ^(install|get)-poetry.py$
 
   - repo: https://github.com/hadialqattan/pycln
-    rev: v1.3.3
+    rev: v2.0.4
     hooks:
       - id: pycln
         args: [--all]
@@ -75,7 +75,7 @@ repos:
         args: [--lines-after-imports, "-1"]
 
   - repo: https://github.com/psf/black
-    rev: 22.3.0
+    rev: 22.6.0
     hooks:
       - id: black
 
@@ -86,6 +86,6 @@ repos:
         additional_dependencies: *flake8_deps
 
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v2.19.0
+    rev: v2.20.0
     hooks:
       - id: validate_manifest

CHANGELOG.md

@@ -1,5 +1,76 @@
 # Change Log
 
+## [1.2.0b3] - 2022-07-13
+
+**Important**: This release fixes a critical issue that prevented hashes from being retrieved when locking dependencies,
+due to a breaking change on PyPI JSON API (see [#5972](https://github.com/python-poetry/poetry/pull/5972)
+and [the upstream change](https://github.com/pypi/warehouse/pull/11775) for more details).
+
+After upgrading, you have to clear Poetry cache manually to get that feature working correctly again:
+
+```bash
+$ poetry cache clear pypi --all
+```
+
+### Added
+
+- Added `--only-root` to `poetry install` to install a project without its
+  dependencies ([#5783](https://github.com/python-poetry/poetry/pull/5783))
+
+### Changed
+
+- Improved user experience of `poetry init` ([#5838](https://github.com/python-poetry/poetry/pull/5838))
+- Added default timeout for all HTTP requests, to avoid hanging
+  requests ([#5881](https://github.com/python-poetry/poetry/pull/5881))
+- Updated `poetry init` to better specify how to skip adding
+  dependencies ([#5946](https://github.com/python-poetry/poetry/pull/5946))
+- Updated Poetry repository names to avoid clashes with user-defined
+  repositories ([#5910](https://github.com/python-poetry/poetry/pull/5910))
+
+### Fixed
+
+- Fixed an issue where extras where not handled if they did not match the case-sensitive name of the
+  packages ([#4122](https://github.com/python-poetry/poetry/pull/4122))
+- Fixed configuration of `experimental.system-git-client` option
+  through `poetry config` ([#5818](https://github.com/python-poetry/poetry/pull/5818))
+- Fixed uninstallation of git dependencies on Windows ([#5836](https://github.com/python-poetry/poetry/pull/5836))
+- Fixed an issue where `~` was not correctly expanded
+  in `virtualenvs.path` ([#5848](https://github.com/python-poetry/poetry/pull/5848))
+- Fixed an issue where installing/locking dependencies would hang when setting an incorrect git
+  repository ([#5880](https://github.com/python-poetry/poetry/pull/5880))
+- Fixed an issue in `poetry publish` when keyring was not properly
+  configured ([#5889](https://github.com/python-poetry/poetry/pull/5889))
+- Fixed duplicated line output in console ([#5890](https://github.com/python-poetry/poetry/pull/5890))
+- Fixed an issue where the same wheels where downloaded multiple times during
+  installation ([#5871](https://github.com/python-poetry/poetry/pull/5871))
+- Fixed an issue where dependencies hashes could not be retrieved when locking due to a breaking change on PyPI JSON
+  API ([#5973](https://github.com/python-poetry/poetry/pull/5973))
+- Fixed an issue where a dependency with non-requested extras could not be installed if it is requested with extras by
+  another dependency ([#5770](https://github.com/python-poetry/poetry/pull/5770))
+- Updated git backend to correctly read local/global git config when using dulwich as a git
+  backend ([#5935](https://github.com/python-poetry/poetry/pull/5935))
+- Fixed an issue where optional dependencies where not correctly exported when defining
+  groups ([#5819](https://github.com/python-poetry/poetry/pull/5819))
+
+### Docs
+
+- Fixed configuration instructions for repositories
+  specification ([#5809](https://github.com/python-poetry/poetry/pull/5809))
+- Added a link to dependency specification
+  from `pyproject.toml` ([#5815](https://github.com/python-poetry/poetry/pull/5815))
+- Improved `zsh` autocompletion instructions ([#5859](https://github.com/python-poetry/poetry/pull/5859))
+- Improved installation and update documentations ([#5857](https://github.com/python-poetry/poetry/pull/5857))
+- Improved exact requirements documentation ([#5874](https://github.com/python-poetry/poetry/pull/5874))
+- Added documentation for `@` operator ([#5822](https://github.com/python-poetry/poetry/pull/5822))
+- Improved autocompletion documentation ([#5879](https://github.com/python-poetry/poetry/pull/5879))
+- Improved `scripts` definition documentation ([#5884](https://github.com/python-poetry/poetry/pull/5884))
+
+## [1.1.14] - 2022-07-08
+
+## Fixed
+
+- Fixed an issue where dependencies hashes could not be retrieved when locking due to a breaking change on PyPI JSON API ([#5973](https://github.com/python-poetry/poetry/pull/5973))
+
 ## [1.2.0b2] - 2022-06-07
 
 ### Added
@@ -196,6 +267,7 @@
 -   Fixed the detection of the system environment when the setting `virtualenvs.create` is deactivated. ([#4507](https://github.com/python-poetry/poetry/pull/4507))
 -   Fixed an issue where unsafe parameters could be passed to `git` commands. ([python-poetry/poetry-core#203](https://github.com/python-poetry/poetry-core/pull/203))
 -   Fixed an issue where the wrong `git` executable could be used on Windows. ([python-poetry/poetry-core#205](https://github.com/python-poetry/poetry-core/pull/205))
+
 ## [1.1.8] - 2021-08-19
 
 ### Fixed
@@ -1375,11 +1447,13 @@ Initial release
 
 
 
-[Unreleased]: https://github.com/python-poetry/poetry/compare/1.2.0b2...master
-[1.2.0b2]: https://github.com/python-poetry/poetry/compare/1.2.0b2
-[1.2.0b1]: https://github.com/python-poetry/poetry/compare/1.2.0b1
-[1.2.0a2]: https://github.com/python-poetry/poetry/compare/1.2.0a2
-[1.2.0a1]: https://github.com/python-poetry/poetry/compare/1.2.0a1
+[Unreleased]: https://github.com/python-poetry/poetry/compare/1.2.0b3...master
+[1.2.0b3]: https://github.com/python-poetry/poetry/releases/tag/1.2.0b3
+[1.2.0b2]: https://github.com/python-poetry/poetry/releases/tag/1.2.0b2
+[1.2.0b1]: https://github.com/python-poetry/poetry/releases/tag/1.2.0b1
+[1.2.0a2]: https://github.com/python-poetry/poetry/releases/tag/1.2.0a2
+[1.2.0a1]: https://github.com/python-poetry/poetry/releases/tag/1.2.0a1
+[1.1.14]: https://github.com/python-poetry/poetry/releases/tag/1.1.14
 [1.1.13]: https://github.com/python-poetry/poetry/releases/tag/1.1.13
 [1.1.12]: https://github.com/python-poetry/poetry/releases/tag/1.1.12
 [1.1.11]: https://github.com/python-poetry/poetry/releases/tag/1.1.11

docs/dependency-specification.md

@@ -145,6 +145,20 @@ flask = { git = "https://github.com/pallets/flask.git", rev = "38eb5d3b" }
 numpy = { git = "https://github.com/numpy/numpy.git", tag = "v0.13.2" }
 ```
 
+In cases where the package you want to install is located in a subdirectory of the VCS repository, you can use the `subdirectory` option, similarly to what [pip](https://pip.pypa.io/en/stable/topics/vcs-support/#url-fragments) provides:
+
+```toml
+[tool.poetry.dependencies]
+# Install a package named `subdir_package` from a folder called `subdir` within the repository
+subdir_package = { git = "https://github.com/myorg/mypackage_with_subdirs.git", subdirectory = "subdir" }
+```
+
+with the corresponding `add` call:
+
+```bash
+poetry add "https://github.com/myorg/mypackage_with_subdirs.git#subdirectory=subdir"
+```
+
 To use an SSH connection, for example in the case of private repositories, use the following example syntax:
 
 ```toml

docs/faq.md

@@ -14,12 +14,12 @@ menu:
 ### Why is the dependency resolution process slow?
 
 While the dependency resolver at the heart of Poetry is highly optimized and
-should be fast enough for most cases, sometimes, with some specific set of dependencies,
+should be fast enough for most cases, with certain sets of dependencies
 it can take time to find a valid solution.
 
 This is due to the fact that not all libraries on PyPI have properly declared their metadata
 and, as such, they are not available via the PyPI JSON API. At this point, Poetry has no choice
-but downloading the packages and inspect them to get the necessary information. This is an expensive
+but to download the packages and inspect them to get the necessary information. This is an expensive
 operation, both in bandwidth and time, which is why it seems this is a long process.
 
 At the moment there is no way around it.
@@ -57,20 +57,58 @@ requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
 ```
 
-And use a `tox.ini` configuration file similar to this:
+`tox` can be configured in multiple ways. It depends on what should be the code under test and which dependencies
+should be installed.
 
-```INI
+#### Usecase #1
+```ini
 [tox]
 isolated_build = true
-envlist = py27, py37
 
 [testenv]
-allowlist_externals = poetry
+deps =
+    pytest
 commands =
-    poetry install -v
-    poetry run pytest tests/
+    pytest tests/ --import-mode importlib
 ```
 
+`tox` will create an `sdist` package of the project and uses `pip` to install it in a fresh environment.
+Thus, dependencies are resolved by `pip`.
+
+#### Usecase #2
+```ini
+[tox]
+isolated_build = true
+
+[testenv]
+whitelist_externals = poetry
+commands_pre =
+    poetry install --no-root --sync
+commands =
+    poetry run pytest tests/ --import-mode importlib
+```
+
+`tox` will create an `sdist` package of the project and uses `pip` to install it in a fresh environment.
+Thus, dependencies are resolved by `pip` in the first place. But afterwards we run Poetry,
+ which will install the locked dependencies into the environment.
+
+#### Usecase #3
+```ini
+[tox]
+isolated_build = true
+
+[testenv]
+skip_install = true
+whitelist_externals = poetry
+commands_pre =
+    poetry install
+commands =
+    poetry run pytest tests/ --import-mode importlib
+```
+
+`tox` will not do any install. Poetry installs all the dependencies and the current package an editable mode.
+Thus, tests are running against the local files and not the builded and installed package.
+
 ### I don't want Poetry to manage my virtual environments. Can I disable it?
 
 While Poetry automatically creates virtual environments to always work isolated

get-poetry.py

@@ -309,7 +309,6 @@ def expanduser(path):
 
 
 class Installer:
-
     CURRENT_PYTHON = sys.executable
     CURRENT_PYTHON_VERSION = sys.version_info[:2]
     METADATA_URL = "https://pypi.org/pypi/poetry/json"
@@ -472,7 +471,9 @@ def _is_supported(x):
                 "warning",
                 "This installer is deprecated. Poetry versions installed using this"
                 " script will not be able to use 'self update' command to upgrade to"
-                " 1.2.0a1 or later.",
+                " 1.2.0a1 or later. It is recommended to use"
+                " https://install.python-poetry.org instead. Instructions are"
+                " available at https://python-poetry.org/docs/#installation",
             )
         )