Skip to content

Bump poetry from 2.3.2 to 2.3.3#2064

Merged
edmorley merged 2 commits intomainfrom
dependabot/pip/poetry-2.3.3
Apr 2, 2026
Merged

Bump poetry from 2.3.2 to 2.3.3#2064
edmorley merged 2 commits intomainfrom
dependabot/pip/poetry-2.3.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps poetry from 2.3.2 to 2.3.3.

Release notes

Sourced from poetry's releases.

2.3.3

Fixed

  • Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#10792).
  • Fix an issue where git dependencies from annotated tags could not be updated (#10719).
  • Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#10784).
  • Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#10777).
  • Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#10748).
  • Fix an issue where poetry publish --no-interaction --build requested user interaction (#10769).
  • Fix an issue where poetry init and poetry new created a deprecated project.license format (#10787).

Docs

  • Clarify the differences between poetry install and poetry update (#10713).
  • Clarify the section of fields in the pyproject.toml examples (#10753).
  • Add a note about the different installation location when Python from the Microsoft Store is used (#10759).
  • Fix the system requirements for Poetry (#10739).
  • Fix the poetry cache clear example (#10749).
  • Fix the link to pipx installation instructions (#10783).

poetry-core (2.3.2)

  • Fix an issue where platform_release could not be parsed on Debian Trixie (#930).
  • Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#914).
  • Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#919).
  • Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#922).
  • Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#924).
  • Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#925).
  • Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#921).
  • Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#920).
  • Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#929).
  • Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#927).
Changelog

Sourced from poetry's changelog.

[2.3.3] - 2026-03-29

Fixed

  • Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#10792).
  • Fix an issue where git dependencies from annotated tags could not be updated (#10719).
  • Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#10784).
  • Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#10777).
  • Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#10748).
  • Fix an issue where poetry publish --no-interaction --build requested user interaction (#10769).
  • Fix an issue where poetry init and poetry new created a deprecated project.license format (#10787).

Docs

  • Clarify the differences between poetry install and poetry update (#10713).
  • Clarify the section of fields in the pyproject.toml examples (#10753).
  • Add a note about the different installation location when Python from the Microsoft Store is used (#10759).
  • Fix the system requirements for Poetry (#10739).
  • Fix the poetry cache clear example (#10749).
  • Fix the link to pipx installation instructions (#10783).
Commits
  • 3d0151a release: bump version to 2.3.3
  • 89f09aa fix long path issue on Windows (#10794)
  • e068177 installer: fix path traversal (#10792)
  • d76a2f6 chore: require new poetry-core version (#10790)
  • 859d443 Update init & new commands for PEP 639 (License) (#10787)
  • 2ff2845 fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...
  • 286e43b env: improve error handling if .venv is not a directory but a file (#10777)
  • d6e72c9 Fix publish --build prompt behavior in non-interactive mode (#10769)
  • 9fced1a fix(env): treat empty VIRTUAL_ENV/CONDA_PREFIX as unset (#10784)
  • 9688382 docs: fix pipx install directions link (#10783)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Dependabot pull requests that update Python dependencies labels Mar 30, 2026
@dependabot dependabot bot requested a review from edmorley as a code owner March 30, 2026 16:20
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Dependabot pull requests that update Python dependencies labels Mar 30, 2026
@edmorley
Copy link
Copy Markdown
Member

edmorley commented Apr 2, 2026

@dependabot rebase

@dependabot
Bump poetry from 2.3.2 to 2.3.3
7bd5063 
Bumps [poetry](https://github.com/python-poetry/poetry) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.3.2...2.3.3)

---
updated-dependencies:
- dependency-name: poetry
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/poetry-2.3.3 branch from dd6e936 to 7bd5063 Compare April 2, 2026 12:13
@edmorley edmorley merged commit c5545e9 into main Apr 2, 2026
6 checks passed
@edmorley edmorley deleted the dependabot/pip/poetry-2.3.3 branch April 2, 2026 12:17
@heroku-linguist heroku-linguist bot mentioned this pull request Apr 2, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edmorley edmorley edmorley approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Dependabot pull requests that update Python dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@edmorley