Bump poetry from 1.3.2 to 1.4.2 in /.github/workflows

[dependabot]

Bumps poetry from 1.3.2 to 1.4.2.

Release notes

Sourced from poetry's releases.

1.4.2

Changed

• When trying to install wheels with invalid RECORD files, Poetry does not fail anymore but only prints a warning. This mitigates an unintended change introduced in Poetry 1.4.1 (#7694).

Fixed

• Fix an issue where relative git submodule urls were not parsed correctly (#7017).
• Fix an issue where Poetry could freeze when building a project with a build script if it generated enough output to fill the OS pipe buffer (#7699).

1.4.1

Fixed

• Fix an issue where poetry install did not respect the requirements for building editable dependencies (#7579).
• Fix an issue where poetry init crashed due to bad input when adding packages interactively (#7569).
• Fix an issue where poetry install ignored the subdirectory argument of git dependencies (#7580).
• Fix an issue where installing packages with no-binary could result in a false hash mismatch (#7594).
• Fix an issue where the hash of sdists was neither validated nor written to the direct_url.json during installation (#7594).
• Fix an issue where poetry install --sync attempted to remove itself (#7626).
• Fix an issue where wheels with non-normalized dist-info directory names could not be installed (#7671).
• Fix an issue where poetry install --compile compiled with optimization level 1 (#7666).

Docs

• Clarify the behavior of the --extras option (#7563).
• Expand the FAQ on reasons for slow dependency resolution (#7620).

1.4.0

Added

• Add a modern installer (installer.modern-installation) for faster installation of packages and independence from pip (#6205).
• Add support for Private :: trove classifiers (#7271).
• Add the version of poetry in the @generated comment at the beginning of the lock file (#7339).
• Add support for virtualenvs.prefer-active-python when running poetry new and poetry init (#7100).

Changed

• Deprecate the old installer, i.e. setting experimental.new-installer to false (#7358).
• Remove unused platform field from cached package info and bump the cache version (#7304).
• Extra dependencies of the root project are now sorted in the lock file (#7375).
• Remove upper boundary for importlib-metadata dependency (#7434).
• Validate path dependencies during use instead of during construction (#6844).
• Remove the deprecated repository modules (#7468).

Fixed

• Fix an issue where an unconditional dependency of an extra was not installed in specific environments (#7175).
• Fix an issue where a pre-release of a dependency was chosen even if a stable release fulfilled the constraint (#7225, #7236).
• Fix an issue where HTTP redirects were not handled correctly during publishing (#7160).

... (truncated)

Changelog

Sourced from poetry's changelog.

[1.4.2] - 2023-04-02

Changed

• When trying to install wheels with invalid RECORD files, Poetry does not fail anymore but only prints a warning. This mitigates an unintended change introduced in Poetry 1.4.1 (#7694).

Fixed

• Fix an issue where relative git submodule urls were not parsed correctly (#7017).
• Fix an issue where Poetry could freeze when building a project with a build script if it generated enough output to fill the OS pipe buffer (#7699).

[1.4.1] - 2023-03-19

Fixed

• Fix an issue where poetry install did not respect the requirements for building editable dependencies (#7579).
• Fix an issue where poetry init crashed due to bad input when adding packages interactively (#7569).
• Fix an issue where poetry install ignored the subdirectory argument of git dependencies (#7580).
• Fix an issue where installing packages with no-binary could result in a false hash mismatch (#7594).
• Fix an issue where the hash of sdists was neither validated nor written to the direct_url.json during installation (#7594).
• Fix an issue where poetry install --sync attempted to remove itself (#7626).
• Fix an issue where wheels with non-normalized dist-info directory names could not be installed (#7671).
• Fix an issue where poetry install --compile compiled with optimization level 1 (#7666).

Docs

• Clarify the behavior of the --extras option (#7563).
• Expand the FAQ on reasons for slow dependency resolution (#7620).

poetry-core (1.5.2)

• Fix an issue where wheels built on Windows could contain duplicate entries in the RECORD file (#555).

[1.4.0] - 2023-02-27

Added

• Add a modern installer (installer.modern-installation) for faster installation of packages and independence from pip (#6205).
• Add support for Private :: trove classifiers (#7271).
• Add the version of poetry in the @generated comment at the beginning of the lock file (#7339).
• Add support for virtualenvs.prefer-active-python when running poetry new and poetry init (#7100).

Changed

• Deprecate the old installer, i.e. setting experimental.new-installer to false (#7358).
• Remove unused platform field from cached package info and bump the cache version (#7304).

... (truncated)

Commits

• c4c857e release: bump version to 1.4.2
• d74fdb3 installer: do not fail on invalid wheels, print only a warning (#7694)
• 5955c6a remove stdout=subprocess.PIPE from env._call, which can cause poetry install ...
• 84cc8b1 Correctly parse Git submodule URLs (#7017)
• fc1014b release: bump version to 1.4.1
• 0b387ff installer: improve error messages for building dependencies (#7667)
• b98c15c installer: fix optimization level (#7666)
• 7b021d4 chore: update poetry-core (#7676)
• 6beaef9 update installer to 0.7.0 (#7671)
• aba7baf add missing env keyword in Env._run (#7626)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (c577503) 100.00% compared to head (e2202db) 100.00%.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #224   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            4         4           
  Lines          115       115           
  Branches        15        15           
=========================================
  Hits           115       115           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.