Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Poetry #2805

Closed
matejcik opened this issue Feb 8, 2023 · 7 comments · Fixed by #2890
Closed

Update Poetry #2805

matejcik opened this issue Feb 8, 2023 · 7 comments · Fixed by #2890
Labels
code Code improvements

Comments

@matejcik
Copy link
Contributor

matejcik commented Feb 8, 2023

dependabot PRs completely break our CI because they're using a newer version of poetry.lock.

We can, and should, update our Poetry to avoid this problem in the future.

@matejcik
Copy link
Contributor Author

this is actually breaking HWI tests now

@mmilata
Copy link
Member

mmilata commented Mar 2, 2023

We do want the hashes there for reproducibility reasons, right?

Currently we have poetry-1.1.13, today nixpkgs have 1.3.2 with 1.4.0 on the way NixOS/nixpkgs#218868.

@matejcik
Copy link
Contributor Author

matejcik commented Mar 2, 2023

We do want the hashes there for reproducibility reasons, right?

absolutely, yes. i'm seeing some hashes discussion here, do you know what that is about?

@matejcik
Copy link
Contributor Author

matejcik commented Mar 2, 2023

reproducibility reasons

security reasons, strictly speaking. if some part of the supply chain is attacked, we don't want to pull in a different thing just because it is called by the same name.

@mmilata
Copy link
Member

mmilata commented Mar 2, 2023

do you know what that is about?

No idea tbh. I'm asking because we used to have the hashes before 5196f24, and running poetry add freeetype-py with poetry-1.1.3 adds them again, was wondering what's going on.

@Hannsek Hannsek moved this to 🎯 To do in Firmware Mar 3, 2023
@prusnak
Copy link
Member

prusnak commented Mar 7, 2023

NixOS/nixpkgs@2db5027 is the first nixpkgs commit that contains poetry-1.4.0

Hopefully it propagates soon from staging-next to nixpkgs-unstable.

@prusnak
Copy link
Member

prusnak commented Mar 17, 2023

Hopefully it propagates soon from staging-next to nixpkgs-unstable.

Poetry 1.4.0 in nixpkgs-unstable now -> created PR #2890 which bumps nixpkgs to latest unstable and regenerates the poetry.lock file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
code Code improvements
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

3 participants