build(deps): bump poetry from 1.0.10 to 1.1.9

[dependabot[bot]]

Bumps poetry from 1.0.10 to 1.1.9.

Release notes

Sourced from poetry's releases.

1.1.9

Fixed

• Fixed a security issue where file hashes were not checked prior to installation. (#4420, #4444, python-poetry/poetry-core#193)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4507)
• Fixed an issue where unsafe parameters could be passed to git commands. (python-poetry/poetry-core#203)
• Fixed an issue where the wrong git executable could be used on Windows. (python-poetry/poetry-core#205)

1.1.8

Fixed

• Fixed an error with repository prioritization when specifying secondary repositories. (#4241)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4330, #4407)
• Fixed the evaluation of relative path dependencies. (#4246)
• Fixed environment detection for Python 3.10 environments. (#4387)
• Fixed an error in the evaluation of in/not in markers (python-poetry/poetry-core#189)

1.1.7

Note: Lock files might need to be regenerated for the first fix below to take effect. You can use poetry lock to do so without the --no-update option.

Changed

• This release is compatible with the install-poetry.py installation script to ease the migration path from 1.1 releases to 1.2 releases. (#4192)

Fixed

• Fixed an issue where transitive dependencies of directory or VCS dependencies were not installed or otherwise removed. (#4203)
• Fixed an issue where the combination of the --tree and --no-dev options for the show command was still displaying development dependencies. (#3992)

1.1.6

Fixed

• Fixed export format for path dependencies. (#3121)
• Fixed errors caused by environment modification when executing some commands. (#3253)
• Fixed handling of wheel files with single-digit versions. (#3338)
• Fixed an error when handling single-digit Python markers. (poetry-core#156)
• Fixed dependency markers not being properly copied when changing the constraint leading to resolution errors. (poetry-core#163)
• Fixed an error where VCS dependencies were always updated. (#3947)
• Fixed an error where the incorrect version of a package was locked when using environment markers. (#3945)

1.1.5

Fixed

• Fixed an error in the export command when no lock file existed and a verbose flag was passed to the command. (#3310)
• Fixed an error where the pyproject.toml was not reverted when using the add command. (#3622)
• Fixed errors when using non-HTTPS indices. (#3622)
• Fixed errors when handling simple indices redirection. (#3622)
• Fixed errors when trying to handle newer wheels by using the latest version of poetry-core and packaging. (#3677)
• Fixed an error when using some versions of poetry-core due to an incorrect import . (#3696)

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.1.9] - 2021-09-18

Fixed

• Fixed a security issue where file hashes were not checked prior to installation. (#4420, #4444, python-poetry/poetry-core#193)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4507)
• Fixed an issue where unsafe parameters could be passed to git commands. (python-poetry/poetry-core#203)
• Fixed an issue where the wrong git executable could be used on Windows. (python-poetry/poetry-core#205)

[1.1.8] - 2021-08-19

Fixed

• Fixed an error with repository prioritization when specifying secondary repositories. (#4241)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4330, #4407)
• Fixed the evaluation of relative path dependencies. (#4246)
• Fixed environment detection for Python 3.10 environments. (#4387)
• Fixed an error in the evaluation of in/not in markers (python-poetry/poetry-core#189)

[1.2.0a2] - 2021-08-01

Added

• Poetry now supports dependency groups. (#4260)
• The install command now supports a --sync option to synchronize the environment with the lock file. (#4336)

Changed

• Improved the way credentials are retrieved to better support keyring backends. (#4086)
• The --remove-untracked option of the install command is now deprecated in favor of the new --sync option. (#4336)
• The user experience when installing dependency groups has been improved. (#4336)

Fixed

• Fixed performance issues when resolving dependencies. (#3839)
• Fixed an issue where transitive dependencies of directory or VCS dependencies were not installed or otherwise removed. (#4202)
• Fixed the behavior of the init command in non-interactive mode. (#2899)
• Fixed the detection of the system environment when the setting virtualenvs.create is deactivated. (#4329)
• Fixed the display of possible solutions for some common errors. (#4332)

[1.1.7] - 2021-06-25

Note: Lock files might need to be regenerated for the first fix below to take effect.
You can use poetry lock to do so without the --no-update option.

Changed

• This release is compatible with the install-poetry.py installation script to ease the migration path from 1.1 releases to 1.2 releases. (#4192)

Fixed

... (truncated)

Commits

• 69bd682 Bump version to 1.1.9
• 9d8aed4 Update lock file
• a9e59ed Merge pull request #4507 from python-poetry/1.1-fix-system-env-detection
• 459c8c9 Fix system env detection
• 634bb23 Merge pull request #4420 from pietrodn/fix/hash-check-backport-1.1
• d033cba style: linting
• 8268795 Merge pull request #4444 from python-poetry/1.1-fix-archive-hash-generation
• 8238cab Fix archive hash generation
• 8956a0c fix: python 2.7 syntax
• 435ff81 Throw a RuntimeError on hash mismatch in Chooser._get_links (#3885)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.