Dependabot not updating grouped dependencies with Poetry
cecheta opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
poetry
Package manager version
1.8.3
Language version
3.10.13
Manifest location and content before the Dependabot update
/pyproject.toml
/poetry.lock
dependabot.yml content
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
groups:
langchain:
patterns:
- "langchain*"
Updated dependency
langchain
: 0.1.20 -> 0.2.1
langchain-community
: 0.1.20 -> 0.2.1
What you expected to see, versus what you actually saw
Expected behaviour: Because both dependencies are in the same group, they should be both updated to the latest version (0.2.1
), in the same PR.
Actual behaviour: No updates or PRs raised.
Native package manager behavior
The packages can't be updated individually due to incompatibility:
poetry add langchain@0.2.1
Updating dependencies
Resolving dependencies... (0.0s)
Resolving dependencies... (0.1s)
Because langchain (0.2.1) depends on langchain-core (>=0.2.0,<0.3.0)
and langchain-community (0.0.38) depends on langchain-core (>=0.1.52,<0.2.0), langchain (0.2.1) is incompatible with langchain-community (0.0.38).
So, because non-package-mode depends on both langchain-community (0.0.38) and langchain (0.2.1), version solving failed.
However, they can be updated together
poetry add langchain@0.2.1 langchain-community@0.2.1
Updating dependencies
Resolving dependencies... (0.2s)
Package operations: 0 installs, 4 updates, 0 removals
- Updating langchain-core (0.1.52 -> 0.2.1)
- Updating langchain-text-splitters (0.0.2 -> 0.2.0)
- Updating langchain (0.1.20 -> 0.2.1)
- Updating langchain-community (0.0.38 -> 0.2.1)
Writing lock file