Dependabot dropped several hashes from poetry.lock

[roniemartinez]

Running poetry lock --no-update reverts these changes and brings back the hashes.

Package ecosystem
pip/python - poetry

Package manager version

Language version

Manifest location and content before the Dependabot update

dependabot.yml content

Updated dependency

What you expected to see, versus what you actually saw

Native package manager behavior

Images of the diff or a link to the PR, issue, or logs
https://github.com/roniemartinez/dude/pull/188/files

🕹 Bonus points: Smallest manifest that reproduces the issue

[mkniewallner]

Issue is not with Dependabot, but something related to Poetry.
Recently released version 1.1.14 solves the issue, so made #5352, since Dependabot won't make a PR before a few hours.

You can find more details about the issue in python-poetry/poetry#5972, but in the meantime, Dependabot will basically not be able to lock correctly until #5352 is merged and a new version is released (but you can manually lock dependencies yourself in the meantime, if you use 1.1.14).

[roniemartinez]

@mkniewallner Thanks for writing a fix.

[mkniewallner]

Didn't test it myself, but a new version of Dependabot has been released, including a bump of Poetry to 1.1.14, so this should fix the missing hashes.

[levrik]

@mkniewallner It doesn't seem to be online on GitHub yet. I let Dependabot recreate all open PRs but hashes were still missing.

Update: Seems to be fixed now!

[jurre]

Yes if I understand correctly the bumped version of Poetry should have resolved this, going to close this out for now but please let us know if you run into issues with this