Unexplained dependency (and metadata) removal from lockfile when dependabot updates a single dependency #7116
-
Hi, I know the Poetry team aren't responsible for Dependabot, but I wanted to mention the following dependabot bug I've just raised in case it's of interest. dependabot/dependabot-core#6226 TL;DR: a dependabot update to one package unexpectedly removed a bunch of metadata and actual dependencies from the lockfile. Running Has anyone else encountered behaviour like this? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
poetry-core update won't have been picked up by any released version of poetry (which pins to an earlier version). So that shouldn't be related. Seems much more likely to be a dependabot bug, I left a suggestion at dependabot/dependabot-core#6226 (comment) |
Beta Was this translation helpful? Give feedback.
poetry-core update won't have been picked up by any released version of poetry (which pins to an earlier version). So that shouldn't be related.
Seems much more likely to be a dependabot bug, I left a suggestion at dependabot/dependabot-core#6226 (comment)