Commits on Feb 26, 2024

1. build: update poetry to latest version …

   Poetry is the workflow management tool used for this project and forms
   the root of all other actions taken when working with this repository.
   It is also used to manage dependencies and therefore should be treated
   very carefully, with updates to newer versions taken deliberately.
   
   This PR updates `poetry` to the latest version of v1.8.1 to account for
   the [changes introduced](https://python-poetry.org/history) in both
   v1.8.0 and v1.8.1, with these actions taken:
   
   * Bump all instances of `poetry` to the new version
     * Installs in workflows
     * pre-commit hook revision
     * Dockerfiles
   * Update the lockfile with the new version of `poetry`
   
   None of the changes or new features in these new versions required any
   updates to the use of `poetry` in this project. Interestingly, a change
   to "Upgrade the warning about an inconsistent lockfile to an error"
   ([#8737](python-poetry/poetry#8737)) still does
   not address the lockfile injection attack outlined in the
   ["Bad Beat Poetry"](https://blog.phylum.io/bad-beat-poetry/) blog post.
   Therefore, it is still recommended to check and refresh the lockfile
   every time before using it to install an environment:
   
   ```
   poetry check --lock
   poetry lock --no-update --no-cache
   poetry install ...
   ```
   
   A review of the latest `poetry-core` release
   ([v1.9.0](https://github.com/python-poetry/poetry-core/releases/tag/1.9.0))
   did not prove that an upgrade to that version in the `phylum-ci` project
   is needed at this time.

   

   maxrake committed Feb 26, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 61c2a04
   • Browse repository at this point

   Copy the full SHA

   61c2a04 View commit details

   Browse the repository at this point in the history