豆豆友情提示:这是一个非官方 GitHub 代理镜像,主要用于网络测试或访问加速。请勿在此进行登录、注册或处理任何敏感信息。进行这些操作请务必访问官方网站 github.com。 Raw 内容也通过此代理提供。
Skip to content

feat: Support Poetry v2 requires-poetry version constraint#14684

Merged
markhallen merged 6 commits intomainfrom
poetry-requires-poetry-constraint
Apr 10, 2026
Merged

feat: Support Poetry v2 requires-poetry version constraint#14684
markhallen merged 6 commits intomainfrom
poetry-requires-poetry-constraint

Conversation

@markhallen
Copy link
Copy Markdown
Contributor

What are you trying to accomplish?

Poetry v2 introduced a requires-poetry field in pyproject.toml that allows projects to declare which Poetry versions are compatible. When Dependabot encounters a project with this constraint and the detected Poetry version doesn't satisfy it, the update should fail early with a clear ToolVersionNotSupported error rather than producing confusing failures downstream.

This follows the same pattern used by npm_and_yarn for engines constraints.

Anything you want to highlight for special attention from reviewers?

  • The requires_poetry_version_constraint method in file_parser.rb parses the tool.poetry.requires-poetry field from pyproject.toml using TomlRB and wraps it in a Dependabot::Python::Requirement. It returns nil gracefully on parse errors or missing fields.
  • The PoetryPackageManager#raise_if_unsupported! override calls super first (for existing deprecated/unsupported version checks), then checks the project's declared constraint against the detected version using requirement.satisfied_by?(version).
  • The validation is wired through the existing dependency_snapshot.rbecosystem.raise_if_unsupported!package_manager.raise_if_unsupported! pipeline — no changes to common/base classes were needed.

How will you know you've accomplished your goal?

  • 14 new tests added and all passing:
    • 7 tests in poetry_package_manager_spec.rb covering #raise_if_unsupported! with no requirement, satisfied requirement, unsatisfied requirement (with error attribute checks), and multi-constraint ranges (within/above/below).
    • 4 tests in file_parser_spec.rb covering integration: satisfied constraint, unsatisfied constraint (raises via ecosystem.raise_if_unsupported!), complex multi-part constraints, and absent field.
    • 3 fixture files: requires_poetry_satisfied.toml, requires_poetry_not_satisfied.toml, requires_poetry_complex.toml.
  • RuboCop passes on all changed files with no offenses.

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

Parse the requires-poetry field from pyproject.toml and pass it as a
requirement to PoetryPackageManager. Override raise_if_unsupported! to
check the detected Poetry version against the project's declared
constraint and raise ToolVersionNotSupported when not satisfied.
Cover PoetryPackageManager#raise_if_unsupported! with tests for
satisfied, unsatisfied, absent, and multi-constraint ranges. Add
file_parser integration tests verifying the constraint is parsed from
pyproject.toml and wired through to the ecosystem.
@markhallen markhallen requested a review from a team as a code owner April 10, 2026 11:58
Copilot AI review requested due to automatic review settings April 10, 2026 11:58
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds early, user-friendly failure when a project’s pyproject.toml declares a Poetry requires-poetry constraint that isn’t satisfied by the detected Poetry version, by surfacing ToolVersionNotSupported instead of failing later in the update pipeline.

Changes:

  • Parse tool.poetry.requires-poetry from pyproject.toml and attach it as a Dependabot::Python::Requirement to the detected Poetry package manager.
  • Enforce the constraint in PoetryPackageManager#raise_if_unsupported! by raising Dependabot::ToolVersionNotSupported when unsatisfied.
  • Add fixtures and specs covering satisfied/unsatisfied and multi-part constraints.
Show a summary per file
File Description
python/lib/dependabot/python/file_parser.rb Parses requires-poetry from pyproject.toml and passes it into PoetryPackageManager during detection.
python/lib/dependabot/python/package_manager.rb Adds constraint enforcement in PoetryPackageManager#raise_if_unsupported!.
python/spec/dependabot/python/file_parser_spec.rb Integration tests verifying constraint parsing and enforcement via ecosystem.raise_if_unsupported!.
python/spec/dependabot/python/poetry_package_manager_spec.rb Unit tests for requirement storage and #raise_if_unsupported! behavior.
python/spec/fixtures/pyproject_files/requires_poetry_satisfied.toml Fixture with a satisfied requires-poetry constraint.
python/spec/fixtures/pyproject_files/requires_poetry_not_satisfied.toml Fixture with an unsatisfied requires-poetry constraint.
python/spec/fixtures/pyproject_files/requires_poetry_complex.toml Fixture with a multi-part requires-poetry constraint.

Copilot's findings

  • Files reviewed: 7/7 changed files
  • Comments generated: 1

Comment thread python/lib/dependabot/python/file_parser.rb Outdated
Wrap satisfied_by? return value in T.cast(..., T::Boolean) to satisfy
Sorbet's typed: strong check on conditional branches.
…nstraint

Add TomlRB::ValueOverwriteError to the rescue clause so that TOML
files with duplicate keys return nil instead of raising, consistent
with other TOML parsing in the Python ecosystem.
@markhallen markhallen merged commit 6e4b185 into main Apr 10, 2026
95 checks passed
@markhallen markhallen deleted the poetry-requires-poetry-constraint branch April 10, 2026 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants