feat: Support Poetry v2 requires-poetry version constraint#14684
Merged
markhallen merged 6 commits intomainfrom Apr 10, 2026
Merged
feat: Support Poetry v2 requires-poetry version constraint#14684markhallen merged 6 commits intomainfrom
markhallen merged 6 commits intomainfrom
Conversation
Parse the requires-poetry field from pyproject.toml and pass it as a requirement to PoetryPackageManager. Override raise_if_unsupported! to check the detected Poetry version against the project's declared constraint and raise ToolVersionNotSupported when not satisfied.
Cover PoetryPackageManager#raise_if_unsupported! with tests for satisfied, unsatisfied, absent, and multi-constraint ranges. Add file_parser integration tests verifying the constraint is parsed from pyproject.toml and wired through to the ecosystem.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds early, user-friendly failure when a project’s pyproject.toml declares a Poetry requires-poetry constraint that isn’t satisfied by the detected Poetry version, by surfacing ToolVersionNotSupported instead of failing later in the update pipeline.
Changes:
- Parse
tool.poetry.requires-poetryfrompyproject.tomland attach it as aDependabot::Python::Requirementto the detected Poetry package manager. - Enforce the constraint in
PoetryPackageManager#raise_if_unsupported!by raisingDependabot::ToolVersionNotSupportedwhen unsatisfied. - Add fixtures and specs covering satisfied/unsatisfied and multi-part constraints.
Show a summary per file
| File | Description |
|---|---|
| python/lib/dependabot/python/file_parser.rb | Parses requires-poetry from pyproject.toml and passes it into PoetryPackageManager during detection. |
| python/lib/dependabot/python/package_manager.rb | Adds constraint enforcement in PoetryPackageManager#raise_if_unsupported!. |
| python/spec/dependabot/python/file_parser_spec.rb | Integration tests verifying constraint parsing and enforcement via ecosystem.raise_if_unsupported!. |
| python/spec/dependabot/python/poetry_package_manager_spec.rb | Unit tests for requirement storage and #raise_if_unsupported! behavior. |
| python/spec/fixtures/pyproject_files/requires_poetry_satisfied.toml | Fixture with a satisfied requires-poetry constraint. |
| python/spec/fixtures/pyproject_files/requires_poetry_not_satisfied.toml | Fixture with an unsatisfied requires-poetry constraint. |
| python/spec/fixtures/pyproject_files/requires_poetry_complex.toml | Fixture with a multi-part requires-poetry constraint. |
Copilot's findings
- Files reviewed: 7/7 changed files
- Comments generated: 1
Wrap satisfied_by? return value in T.cast(..., T::Boolean) to satisfy Sorbet's typed: strong check on conditional branches.
…nstraint Add TomlRB::ValueOverwriteError to the rescue clause so that TOML files with duplicate keys return nil instead of raising, consistent with other TOML parsing in the Python ecosystem.
robaiken
approved these changes
Apr 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What are you trying to accomplish?
Poetry v2 introduced a
requires-poetryfield inpyproject.tomlthat allows projects to declare which Poetry versions are compatible. When Dependabot encounters a project with this constraint and the detected Poetry version doesn't satisfy it, the update should fail early with a clearToolVersionNotSupportederror rather than producing confusing failures downstream.This follows the same pattern used by npm_and_yarn for
enginesconstraints.Anything you want to highlight for special attention from reviewers?
requires_poetry_version_constraintmethod infile_parser.rbparses thetool.poetry.requires-poetryfield frompyproject.tomlusingTomlRBand wraps it in aDependabot::Python::Requirement. It returnsnilgracefully on parse errors or missing fields.PoetryPackageManager#raise_if_unsupported!override callssuperfirst (for existing deprecated/unsupported version checks), then checks the project's declared constraint against the detected version usingrequirement.satisfied_by?(version).dependency_snapshot.rb→ecosystem.raise_if_unsupported!→package_manager.raise_if_unsupported!pipeline — no changes to common/base classes were needed.How will you know you've accomplished your goal?
poetry_package_manager_spec.rbcovering#raise_if_unsupported!with no requirement, satisfied requirement, unsatisfied requirement (with error attribute checks), and multi-constraint ranges (within/above/below).file_parser_spec.rbcovering integration: satisfied constraint, unsatisfied constraint (raises viaecosystem.raise_if_unsupported!), complex multi-part constraints, and absent field.requires_poetry_satisfied.toml,requires_poetry_not_satisfied.toml,requires_poetry_complex.toml.Checklist