chore(deps): update dependencies (minor)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
poetry (source, changelog)	1.4.2 -> 1.8.4						minor
pre-commit/pre-commit-hooks	v4.4.0 -> v4.6.0					repository	minor
public.ecr.aws/lambda/python	3.9 -> 3.13					final	minor
python	~3.10 -> ~3.13.0					dependencies	minor
python	3.10-slim-bullseye -> 3.13-slim-bullseye					stage	minor
python	3.10.15 -> 3.13.0						minor

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

python-poetry/poetry (poetry)

v1.8.4

Compare Source

Added

• Add official support for Python 3.13 (#​9523).

Changed

• Require virtualenv>=20.26.6 to mitigate potential command injection when running poetry shell in untrusted projects (#​9757).

poetry-core (1.9.1)

• Add 3.13 to the list of available Python versions (#​747).

v1.8.3

Compare Source

Added

• Add support for untagged CPython builds with versions ending with a + (#​9207).

Changed

• Require pkginfo>=1.10 to ensure support for packages with metadata version 2.3 (#​9130).
• Improve locking on FIPS systems (#​9152).

Fixed

• Fix an issue where unrecognized package metadata versions silently resulted in empty dependencies (#​9203, #​9226).
• Fix an issue where trailing slashes in git URLs where not handled correctly (#​9205).
• Fix an issue where poetry self commands printed a warning that the current project cannot be installed (#​9302).
• Fix an issue where poetry install sporadically failed with a KeyError due to a race condition (#​9335).

Docs

• Fix incorrect information about poetry shell (#​9060).
• Add a git subdirectory example to poetry add (#​9080).
• Mention interactive credential configuration (#​9074).
• Add notes for optional advanced installation steps (#​9098).
• Add reference to configuration credentials in documentation of poetry publish (#​9110).
• Improve documentation for configuring credentials via environment variables (#​9121).
• Remove misleading wording around virtual environments (#​9213).
• Remove outdated advice regarding seeding keyring backends (#​9164).
• Add a pyproject.toml example for a dependency with multiple extras (#​9138).
• Clarify help of poetry add (#​9230).
• Add a note how to configure credentials for TestPyPI for poetry publish (#​9255).
• Fix information about the --readme option in poetry new (#​9260).
• Clarify what is special about the Python constraint in dependencies (#​9256).
• Update how to uninstall plugins via pipx (#​9320).

v1.8.2

Compare Source

Fixed

• Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#​9051).
• Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#​9082).
• Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#​9084).
• Improve lazy-wheel to allow redirects for HEAD requests (#​9087).
• Improve debug logging for lazy-wheel errors (#​9059).
• Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#​9048).
• Fix an issue where poetry add failed in non-package mode if no project name was set (#​9046).
• Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#​9073).

v1.8.1

Compare Source

Fixed

• Update the minimum required version of packaging (#​9031).
• Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#​9030).

Docs

• Rename master branch to main (#​9022).

v1.8.0

Compare Source

Added

• Add a non-package mode for use cases where Poetry is only used for dependency management (#​8650).
• Add support for PEP 658 to fetch metadata without having to download wheels (#​5509).
• Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#​8815,
  #​8941).
• Improve performance of dependency resolution by using shallow copies instead of deep copies (#​8671).
• poetry check validates that no unknown sources are referenced in dependencies (#​8709).
• Add archive validation during installation for further hash algorithms (#​8851).
• Add a to key in tool.poetry.packages to allow custom subpackage names (#​8791).
• Add a config option to disable keyring (#​8910).
• Add a --sync option to poetry update (#​8931).
• Add an --output option to poetry build (#​8828).
• Add a --dist-dir option to poetry publish (#​8828).

Changed

• The implicit PyPI source is disabled if at least one primary source is configured (#​8771).
• Deprecate source priority default (#​8771).
• Upgrade the warning about an inconsistent lockfile to an error (#​8737).
• Deprecate setting installer.modern-installation to false (#​8988).
• Drop support for pip<19 (#​8894).
• Require requests-toolbelt>=1 (#​8680).
• Allow platformdirs 4.x (#​8668).
• Allow and require xattr 1.x on macOS (#​8801).
• Improve venv shell activation in fish (#​8804).
• Rename system to base in output of poetry env info (#​8832).
• Use pretty name in output of poetry version (#​8849).
• Improve error handling for invalid entries in tool.poetry.scripts (#​8898).
• Improve verbose output for dependencies with extras during dependency resolution (#​8834).
• Improve message about an outdated lockfile (#​8962).

Fixed

• Fix an issue where poetry shell failed when Python has been installed with MSYS2 (#​8644).
• Fix an issue where Poetry commands failed in a terminal with a non-UTF-8 encoding (#​8608).
• Fix an issue where a missing project name caused an incomprehensible error message (#​8691).
• Fix an issue where Poetry failed to install an sdist path dependency (#​8682).
• Fix an issue where poetry install failed because an unused extra was not available (#​8548).
• Fix an issue where poetry install --sync did not remove an unrequested extra (#​8621).
• Fix an issue where poetry init did not allow specific characters in the author field (#​8779).
• Fix an issue where Poetry could not download sdists from misconfigured servers (#​8701).
• Fix an issue where metadata of sdists that call CLI tools of their build requirements could not be determined (#​8827).
• Fix an issue where Poetry failed to use the currently activated environment (#​8831).
• Fix an issue where poetry shell failed in zsh if a space was in the venv path (#​7245).
• Fix an issue where scripts with extras could not be installed (#​8900).
• Fix an issue where explicit sources where not propagated correctly (#​8835).
• Fix an issue where debug prints where swallowed when using a build script (#​8760).
• Fix an issue where explicit sources of locked dependencies where not propagated correctly (#​8948).
• Fix an issue where Poetry's own environment was falsely identified as system environment (#​8970).
• Fix an issue where dependencies from a setup.py were ignored silently (#​9000).
• Fix an issue where environment variables for virtualenv.options were ignored (#​9015).
• Fix an issue where virtualenvs.options.no-pip and virtualenvs.options.no-setuptools were not normalized (#​9015).

Docs

• Replace deprecated --no-dev with --without dev in the FAQ (#​8659).
• Recommend poetry-check instead of the deprecated poetry-lock pre-commit hook (#​8675).
• Clarify the names of the environment variables to provide credentials for repositories (#​8782).
• Add note how to install several version of Poetry in parallel (#​8814).
• Improve description of poetry show --why (#​8817).
• Improve documentation of poetry update (#​8706).
• Add a warning about passing variables that may start with a hyphen via command line (#​8850).
• Mention that the virtual environment in which Poetry itself is installed should not be activated (#​8833).
• Add note about poetry run and externally managed environments (#​8748).
• Update FAQ entry about tox for tox 4.x (#​8658).
• Fix documentation for default format option for include and exclude value (#​8852).
• Add note about tox and configured credentials (#​8888).
• Add note and link how to install pipx (#​8878).
• Fix examples for poetry add with git dependencies over ssh (#​8911).
• Remove reference to deprecated scripts extras feature (#​8903).
• Change examples to prefer --only main instead of --without dev (#​8921).
• Mention that the develop attribute is a Poetry-specific feature and not propagated to other tools (#​8971).
• Fix examples for adding supplemental and secondary sources (#​8953).
• Add PyTorch example for explicit sources (#​9006).

poetry-core (1.9.0)

• Deprecate scripts that depend on extras (#​690).
• Add support for path dependencies that do not define a build system (#​675).
• Update list of supported licenses (#​659,
  #​669,
  #​678,
  #​694).
• Rework list of files included in build artifacts (#​666).
• Fix an issue where insignificant errors were printed if the working directory is not inside a git repository (#​684).
• Fix an issue where the project's directory was not recognized as git repository on Windows due to an encoding issue (#​685).

v1.7.1

Compare Source

Fixed

• Fix an issue where sdists that call CLI tools of their build requirements could not be installed (#​8630).
• Fix an issue where sdists with symlinks could not be installed due to a broken tarfile datafilter (#​8649).
• Fix an issue where poetry init failed when trying to add dependencies (#​8655).
• Fix an issue where poetry install failed if virtualenvs.create was set to false (#​8672).

v1.7.0

Compare Source

Added

• Add official support for Python 3.12 (#​7803, #​8544).
• Print a future warning that poetry-plugin-export will not be installed by default anymore (#​8562).
• Add poetry-install pre-commit hook (#​8327).
• Add --next-phase option to poetry version (#​8089).
• Print a warning when overwriting files from another package at installation (#​8386).
• Print a warning if the current project cannot be installed (#​8369).
• Report more details on build backend exceptions (#​8464).

Changed

• Set Poetry as user-agent for all HTTP requests (#​8394).
• Do not install setuptools per default in Python 3.12 (#​7803).
• Do not install wheel per default (#​7803).
• Remove setuptools and wheel when running poetry install --sync if they are not required by the project (#​8600).
• Improve error message about PEP-517 support (#​8463).
• Improve keyring handling (#​8227).
• Read the description field when extracting metadata from setup.py files (#​8545).

Fixed

• Fix an issue where dependencies of inactive extras were locked and installed (#​8399).
• Fix an issue where build requirements were not installed due to a race condition in the artifact cache (#​8517).
• Fix an issue where packages included in the system site packages were installed even though virtualenvs.options.system-site-packages was set (#​8359).
• Fix an issue where git dependencies' submodules with relative URLs were handled incorrectly (#​8020).
• Fix an issue where a failed installation of build dependencies was not noticed directly (#​8479).
• Fix an issue where poetry shell did not work completely with nushell (#​8478).
• Fix an issue where a confusing error messages was displayed when running poetry config pypi-token.pypi without a value (#​8502).
• Fix an issue where a cryptic error message is printed if there is no metadata entry in the lockfile (#​8523).
• Fix an issue with the encoding with special characters in the virtualenv's path (#​8565).
• Fix an issue where the connection pool size was not adjusted to the number of workers (#​8559).

Docs

• Improve the wording regarding a project's supported Python range (#​8423).
• Make pipx the preferred (first mentioned) installation method (#​8090).
• Add a warning about poetry self on Windows (#​8090).
• Fix example for poetry add with a git dependency (#​8438).
• Add information about auto-included files in wheels and sdist (#​8555).
• Fix documentation of the POETRY_REPOSITORIES_ variables docs (#​8492).
• Add CITATION.cff file (#​8510).

poetry-core (1.8.1)

• Add support for creating packages dynamically in the build script (#​629).
• Improve marker logic for extra markers (#​636).
• Update list of supported licenses (#​635, #​646).
• Fix an issue where projects with extension modules were not installed in editable mode (#​633).
• Fix an issue where the wrong or no lib folder was added to the wheel (#​634).

poetry-plugin-export (^1.6.0)

• Add an --all-extras option (#​241).
• Fix an issue where git dependencies are exported with the branch name instead of the resolved commit hash (#​213).

v1.6.1

Compare Source

Fixed

• Update the minimum required version of requests (#​8336).

v1.6.0

Compare Source

Added

• Add support for repositories that do not provide a supported hash algorithm (#​8118).
• Add full support for duplicate dependencies with overlapping markers (#​7257).
• Improve performance of poetry lock for certain edge cases (#​8256).
• Improve performance of poetry install (#​8031).
• poetry check validates that specified readme files do exist (#​7444).
• Add a downgrading note when updating to an older version (#​8176).
• Add support for vox in the xonsh shell (#​8203).
• Add support for pre-commit hooks for projects where the pyproject.toml file is located in a subfolder (#​8204).
• Add support for the git+http:// scheme (#​6619).

Changed

• Drop support for Python 3.7 (#​7674).
• Move poetry lock --check to poetry check --lock and deprecate the former (#​8015).
• Change future warning that PyPI will only be disabled automatically if there are no primary sources (#​8151).

Fixed

• Fix an issue where build-system.requires were not respected for projects with build scripts (#​7975).
• Fix an issue where the encoding was not handled correctly when calling a subprocess (#​8060).
• Fix an issue where poetry show --top-level did not show top level dependencies with extras (#​8076).
• Fix an issue where poetry init handled projects with src layout incorrectly (#​8218).
• Fix an issue where Poetry wrote .pth files with the wrong encoding (#​8041).
• Fix an issue where poetry install did not respect the source if the same version of a package has been locked from different sources (#​8304).

Docs

• Document official Poetry badge (#​8066).
• Update configuration folder path for macOS (#​8062).
• Add a warning about pip ignoring lock files (#​8117).
• Clarify the use of the virtualenvs.in-project setting. (#​8126).
• Change pre-commit YAML style to be consistent with pre-commit's own examples (#​8146).
• Fix command for listing installed plugins (#​8200).
• Mention the nox-poetry package (#​8173).
• Add an example with a PyPI source in the pyproject.toml file (#​8171).
• Use reference instead of deprecated callable in the scripts example (#​8211).

poetry-core (1.7.0)

• Improve performance of marker handling (#​609).
• Allow | as a value separator in markers with the operators in and not in (#​608).
• Put pretty name (instead of normalized name) in metadata (#​620).
• Update list of supported licenses (#​623).
• Fix an issue where PEP 508 dependency specifications with names starting with a digit could not be parsed (#​607).
• Fix an issue where Poetry considered an unrelated .gitignore file resulting in an empty wheel (#​611).

poetry-plugin-export (^1.5.0)

• Fix an issue where markers for dependencies required by an extra were not generated correctly (#​209).

v1.5.1

Compare Source

Added

• Improve dependency resolution performance in cases with a lot of backtracking (#​7950).

Changed

• Disable wheel content validation during installation (#​7987).

Fixed

• Fix an issue where partially downloaded wheels were cached (#​7968).
• Fix an issue where poetry run did no longer execute relative-path scripts (#​7963).
• Fix an issue where dependencies were not installed in in-project environments (#​7977).
• Fix an issue where no solution was found for a transitive dependency on a pre-release of a package (#​7978).
• Fix an issue where cached repository packages were incorrectly parsed, leading to its dependencies being ignored (#​7995).
• Fix an issue where an explicit source was ignored so that a direct origin dependency was used instead (#​7973).
• Fix an issue where the installation of big wheels consumed a lot of memory (#​7987).

Docs

• Add information about multiple constraints dependencies with direct origin and version dependencies (#​7973).

poetry-core (1.6.1)

• Fix an endless recursion in marker handling (#​593).
• Fix an issue where the wheel tag was not built correctly under certain circumstances (#​591).

poetry-plugin-export (^1.4.0)

• Fix an issue where --extra-index-url and --trusted-host was not generated for sources with priority explicit (#​205).

v1.5.0

Compare Source

Added

• Introduce the new source priorities explicit and supplemental (#​7658,
  #​6879).
• Introduce the option to configure the priority of the implicit PyPI source (#​7801).
• Add handling for corrupt cache files (#​7453).
• Improve caching of URL and git dependencies (#​7693,
  #​7473).
• Add option to skip installing directory dependencies (#​6845,
  #​7923).
• Add --executable option to poetry env info (#​7547).
• Add --top-level option to poetry show (#​7415).
• Add --lock option to poetry remove (#​7917).
• Add experimental POETRY_REQUESTS_TIMEOUT option (#​7081).
• Improve performance of wheel inspection by avoiding unnecessary file copy operations (#​7916).

Changed

• Remove the old deprecated installer and the corresponding setting experimental.new-installer (#​7356).
• Introduce priority key for sources and deprecate flags default and secondary (#​7658).
• Deprecate poetry run <entry point> if the entry point was not previously installed via poetry install (#​7606).
• Only write the lock file if the installation succeeds (#​7498).
• Do not write the unused package category into the lock file (#​7637).

Fixed

• Fix an issue where Poetry's internal pyproject.toml continually grows larger with empty lines (#​7705).
• Fix an issue where Poetry crashes due to corrupt cache files (#​7453).
• Fix an issue where the Retry-After in HTTP responses was not respected and retries were handled inconsistently (#​7072).
• Fix an issue where Poetry silently ignored invalid groups (#​7529).
• Fix an issue where Poetry does not find a compatible Python version if not given explicitly (#​7771).
• Fix an issue where the direct_url.json of an editable install from a git dependency was invalid (#​7473).
• Fix an issue where error messages from build backends were not decoded correctly (#​7781).
• Fix an infinite loop when adding certain dependencies (#​7405).
• Fix an issue where pre-commit hooks skip pyproject.toml files in subdirectories (#​7239).
• Fix an issue where pre-commit hooks do not use the expected Python version (#​6989).
• Fix an issue where an unclear error message is printed if the project name is the same as one of its dependencies (#​7757).
• Fix an issue where poetry install returns a zero exit status even though the build script failed (#​7812).
• Fix an issue where an existing .venv was not used if in-project was not set (#​7792).
• Fix an issue where multiple extras passed to poetry add were not parsed correctly (#​7836).
• Fix an issue where poetry shell did not send a newline to fish (#​7884).
• Fix an issue where poetry update --lock printed operations that were not executed (#​7915).
• Fix an issue where poetry add --lock did perform a full update of all dependencies (#​7920).
• Fix an issue where poetry shell did not work with nushell (#​7919).
• Fix an issue where subprocess calls failed on Python 3.7 (#​7932).
• Fix an issue where keyring was called even though the password was stored in an environment variable (#​7928).

Docs

• Add information about what to use instead of --dev (#​7647).
• Promote semantic versioning less aggressively (#​7517).
• Explain Poetry's own versioning scheme in the FAQ (#​7517).
• Update documentation for configuration with environment variables (#​6711).
• Add details how to disable the virtualenv prompt (#​7874).
• Improve documentation on whether to commit poetry.lock (#​7506).
• Improve documentation of virtualenv.create (#​7608).

poetry-core (1.6.0)

• Improve error message for invalid markers (#​569).
• Increase robustness when deleting temporary directories on Windows (#​460).
• Replace tomlkit with tomli, which changes the interface of some internal classes (#​483).
• Deprecate Package.category (#​561).
• Fix a performance regression in marker handling (#​568).
• Fix an issue where wildcard version constraints were not handled correctly (#​402).
• Fix an issue where poetry build created duplicate Python classifiers if they were specified manually (#​578).
• Fix an issue where local versions where not handled correctly (#​579).

pre-commit/pre-commit-hooks (pre-commit/pre-commit-hooks)

v4.6.0: pre-commit-hooks v4.6.0

Compare Source

Features

• requirements-txt-fixer: remove duplicate packages.
  • #​1014 PR by @​vhoulbreque-withings.
  • #​960 issue @​csibe17.

Migrating

• fix-encoding-pragma: deprecated -- will be removed in 5.0.0. use
  pyupgrade or some other tool.
  • #​1033 PR by @​mxr.
  • #​1032 issue by @​mxr.

v4.5.0

Compare Source

containerbase/python-prebuild (python)

v3.13.0

Compare Source

Bug Fixes

• deps: update dependency python to v3.13.0

v3.12.7

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.7

v3.12.6

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.6

v3.12.5

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.5

v3.12.4

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.4

v3.12.3

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.3

v3.12.2

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.2

v3.12.1

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.1

v3.12.0

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.0

v3.11.10

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.10

v3.11.9

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.9

v3.11.8

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.8

v3.11.7

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.7

v3.11.6

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.6

v3.11.5

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.5

v3.11.4

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.4

v3.11.3

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.3

v3.11.2

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.2

v3.11.1

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.1

v3.11.0

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.0

python/cpython (python)

v3.13.0

Compare Source

v3.12.7

Compare Source

v3.12.6

Compare Source

v3.12.5

Compare Source

v3.12.4

Compare Source

v3.12.3

Compare Source

v3.12.2

Compare Source

v3.12.1

Compare Source

v3.12.0

Compare Source

v3.11.10

Compare Source

v3.11.9

Compare Source

v3.11.8

Compare Source

v3.11.7

Compare Source

v3.11.6

Compare Source

v3.11.5

Compare Source

v3.11.4

Compare Source

v3.11.3

Compare Source

v3.11.2

Compare Source

v3.11.1

Compare Source

v3.11.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "every weekday,after 9am and before 5pm" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.