poetry lock --no-update upgrades coverage version

[Parnassius]

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Debian 11
• Poetry version: 1.11.1, 1.2.0a2, 34ca165
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/Parnassius/1dc50ce25562b9a1bf779724d820b53d (contains both pyproject.toml and poetry.lock)

Issue

Running poetry lock --no-update with the above pyproject.toml and poetry.lock upgrades coverage from 6.0 to 6.0.1. Below is the output of the command run with the -vvv option (with poetry 1.1.11):

   1: fact: test-poetry-update is 0.1.0
   1: derived: test-poetry-update
   1: fact: test-poetry-update depends on pytest-cov (*)
   1: selecting test-poetry-update (0.1.0)
   1: derived: pytest-cov
   1: fact: pytest-cov (3.0.0) depends on pytest (>=4.6)
   1: fact: pytest-cov (3.0.0) depends on coverage (>=5.2.1)
   1: selecting pytest-cov (3.0.0)
   1: derived: coverage[toml] (>=5.2.1)
   1: derived: pytest (>=4.6)
PyPI: No release information found for coverage-2.5, skipping
PyPI: No release information found for coverage-2.6, skipping
PyPI: No release information found for coverage-2.75, skipping
PyPI: No release information found for coverage-2.76, skipping
PyPI: No release information found for coverage-2.77, skipping
PyPI: No release information found for coverage-2.78, skipping
PyPI: No release information found for coverage-2.8, skipping
PyPI: No release information found for coverage-2.80, skipping
PyPI: No release information found for coverage-2.85, skipping
PyPI: 7 packages found for coverage >=5.2.1
   1: fact: pytest (6.2.5) depends on attrs (>=19.2.0)
   1: fact: pytest (6.2.5) depends on iniconfig (*)
   1: fact: pytest (6.2.5) depends on packaging (*)
   1: fact: pytest (6.2.5) depends on pluggy (>=0.12,<2.0)
   1: fact: pytest (6.2.5) depends on py (>=1.8.2)
   1: fact: pytest (6.2.5) depends on toml (*)
   1: fact: pytest (6.2.5) depends on atomicwrites (>=1.0)
   1: fact: pytest (6.2.5) depends on colorama (*)
   1: selecting pytest (6.2.5)
   1: derived: colorama
   1: derived: atomicwrites (>=1.0)
   1: derived: toml
   1: derived: py (>=1.8.2)
   1: derived: pluggy (>=0.12,<2.0)
   1: derived: packaging
   1: derived: iniconfig
   1: derived: attrs (>=19.2.0)
   1: selecting toml (0.10.2)
   1: selecting py (1.10.0)
   1: selecting pluggy (1.0.0)
   1: fact: packaging (21.0) depends on pyparsing (>=2.0.2)
   1: selecting packaging (21.0)
   1: derived: pyparsing (>=2.0.2)
   1: selecting iniconfig (1.1.1)
   1: selecting attrs (21.2.0)
   1: selecting pyparsing (2.4.7)
   1: fact: coverage (6.0.1) depends on coverage (6.0.1)
   1: fact: coverage (6.0.1) depends on tomli (*)
   1: selecting coverage[toml] (6.0.1)
   1: derived: tomli
   1: derived: coverage (==6.0.1)
PyPI: No release information found for coverage-2.5, skipping
PyPI: No release information found for coverage-2.6, skipping
PyPI: No release information found for coverage-2.75, skipping
PyPI: No release information found for coverage-2.76, skipping
PyPI: No release information found for coverage-2.77, skipping
PyPI: No release information found for coverage-2.78, skipping
PyPI: No release information found for coverage-2.8, skipping
PyPI: No release information found for coverage-2.80, skipping
PyPI: No release information found for coverage-2.85, skipping
PyPI: 1 packages found for coverage 6.0.1
   1: selecting colorama (0.4.4)
   1: selecting atomicwrites (1.4.0)
   1: selecting tomli (1.2.1)
   1: selecting coverage (6.0.1)
   1: Version solving took 0.049 seconds.
   1: Tried 1 solutions.

Writing lock file

[radoering]

The version of coverage in the poetry.lock from the Gist already is 6.0.1. The lock file does not contain an older version of coverage. Did you upload the correct poetry.lock?

[Parnassius]

Uh, sorry, it seems I uploaded the wrong one. I updated the file on the gist, it's now the correct one

[radoering]

The issue seems to be that pytest-cov depends on coverage[toml] (>=5.2.1), which means coverage with its extra toml. When locking with --no-update, poetry is not able to use the locked version of coverage for the dependency coverage[toml]. Thus, when searching for a suitable version for coverage[toml], the latest version of coverage is selected...

In the attached PR, I changed the behavior so that a locked version is preferred.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.