-
-
Notifications
You must be signed in to change notification settings - Fork 669
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Poetry #2805
Comments
this is actually breaking HWI tests now |
We do want the hashes there for reproducibility reasons, right? Currently we have poetry-1.1.13, today nixpkgs have 1.3.2 with 1.4.0 on the way NixOS/nixpkgs#218868. |
absolutely, yes. i'm seeing some hashes discussion here, do you know what that is about? |
security reasons, strictly speaking. if some part of the supply chain is attacked, we don't want to pull in a different thing just because it is called by the same name. |
No idea tbh. I'm asking because we used to have the hashes before 5196f24, and running |
NixOS/nixpkgs@2db5027 is the first nixpkgs commit that contains poetry-1.4.0 Hopefully it propagates soon from |
Poetry 1.4.0 in nixpkgs-unstable now -> created PR #2890 which bumps nixpkgs to latest unstable and regenerates the poetry.lock file |
dependabot PRs completely break our CI because they're using a newer version of
poetry.lock
.We can, and should, update our Poetry to avoid this problem in the future.
The text was updated successfully, but these errors were encountered: