ci: bump the ci group in /.github/workflows with 2 updates (#261)

dependabot[bot] · web-flow · commit c39bebfa2301 · 2025-05-05T13:41:35.000Z
Bumps the ci group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [poetry](https://github.com/python-poetry/poetry). Updates `pip` from 25.1 to 25.1.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1.1 (2025-05-02)</h1> <h2>Bug Fixes</h2> <ul> <li>Fix <code>req.source_dir</code> AssertionError when using the legacy resolver. (<code>[#13353](pypa/pip#13353) &lt;https://github.com/pypa/pip/issues/13353&gt;</code>_)</li> <li>Fix crash on Python 3.9.6 and lower when pip failed to compile a Python module during installation. (<code>[#13364](pypa/pip#13364) &lt;https://github.com/pypa/pip/issues/13364&gt;</code>_)</li> <li>Names in dependency group includes are now normalized before lookup, which fixes incorrect <code>Dependency group '...' not found</code> errors. (<code>[#13372](pypa/pip#13372) &lt;https://github.com/pypa/pip/issues/13372&gt;</code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Fix issues with using tomllib from the stdlib if available, rather than tomli</li> <li>Upgrade dependency-groups to 1.3.1</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/01857ef79f59a98db592bacb6e7b48f354528c80"><code>01857ef</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/08d8bb91e2c7734f98f828e28215aba15784012a"><code>08d8bb9</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13374">#13374</a> from pfmoore/fixups</li> <li><a href="https://github.com/pypa/pip/commit/2bff84e495a3d31008088c168c5ab9bfa633a172"><code>2bff84e</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13363">#13363</a> from sbidoul/fix-source_dir-assert</li> <li><a href="https://github.com/pypa/pip/commit/644e71d6e339035836dce0adbf59f881b334e186"><code>644e71d</code></a> News file fixups</li> <li><a href="https://github.com/pypa/pip/commit/426856f496a8f84f1e36fded83b3d5e74968a786"><code>426856f</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13364">#13364</a> from ichard26/bugfix/python39</li> <li><a href="https://github.com/pypa/pip/commit/b7e3aead483baf42ca00e29b9758338ad19c130b"><code>b7e3aea</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13356">#13356</a> from eli-schwartz/tomllib</li> <li><a href="https://github.com/pypa/pip/commit/8c678fe85daaf11d8dd6a43b7835088513944655"><code>8c678fe</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13373">#13373</a> from sirosen/update-vendored-dependency-groups</li> <li><a href="https://github.com/pypa/pip/commit/7d006399c0d0d38e55d56a6b0732e959bf75f796"><code>7d00639</code></a> Update newsfiles for dependency-groups patch</li> <li><a href="https://github.com/pypa/pip/commit/6d28bbf065a292f67d3d66d8f47fba15a1a2d512"><code>6d28bbf</code></a> Update version of <code>dependency-groups</code> to v1.3.1</li> <li><a href="https://github.com/pypa/pip/commit/94bd66d615d5f9036c53196f4f2acb7c71d5010c"><code>94bd66d</code></a> Revert StreamWrapper removal to restore Python 3.9.{0,6} compat</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.1...25.1.1">compare view</a></li> </ul> </details> <br /> Updates `poetry` from 2.1.2 to 2.1.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-poetry/poetry/releases">poetry's releases</a>.</em></p> <blockquote> <h2>2.1.3</h2> <h3>Changed</h3> <ul> <li>Require <code>importlib-metadata&lt;8.7</code> for Python 3.9 because of a breaking change in importlib-metadata 8.7 (<a href="https://redirect.github.com/python-poetry/poetry/pull/10374">#10374</a>).</li> </ul> <h3>Fixed</h3> <ul> <li>Fix an issue where re-locking failed for incomplete multiple-constraints dependencies with explicit sources (<a href="https://redirect.github.com/python-poetry/poetry/pull/10324">#10324</a>).</li> <li>Fix an issue where the <code>--directory</code> option did not work if a plugin, which accesses the poetry instance during its activation, was installed (<a href="https://redirect.github.com/python-poetry/poetry/pull/10352">#10352</a>).</li> <li>Fix an issue where <code>poetry env activate -v</code> printed additional information to stdout instead of stderr so that the output could not be used as designed (<a href="https://redirect.github.com/python-poetry/poetry/pull/10353">#10353</a>).</li> <li>Fix an issue where the original error was not printed if building a git dependency failed (<a href="https://redirect.github.com/python-poetry/poetry/pull/10366">#10366</a>).</li> <li>Fix an issue where wheels for the wrong platform were installed in rare cases. (<a href="https://redirect.github.com/python-poetry/poetry/pull/10361">#10361</a>).</li> </ul> <h3>poetry-core (<a href="https://github.com/python-poetry/poetry-core/releases/tag/2.1.3"><code>2.1.3</code></a>)</h3> <ul> <li>Fix an issue where the union of specific inverse or partially inverse markers was not simplified (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/858">#858</a>).</li> <li>Fix an issue where optional dependencies defined in the <code>project</code> section were treated as non-optional when a source was defined for them in the <code>tool.poetry</code> section (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/857">#857</a>).</li> <li>Fix an issue where markers with <code>===</code> were not parsed correctly (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/860">#860</a>).</li> <li>Fix an issue where local versions with upper case letters caused an error (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/859">#859</a>).</li> <li>Fix an issue where <code>extra</code> markers with a value starting with &quot;in&quot; were not validated correctly (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/862">#862</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md">poetry's changelog</a>.</em></p> <blockquote> <h2>[2.1.3] - 2025-05-04</h2> <h3>Changed</h3> <ul> <li>Require <code>importlib-metadata&lt;8.7</code> for Python 3.9 because of a breaking change in importlib-metadata 8.7 (<a href="https://redirect.github.com/python-poetry/poetry/pull/10374">#10374</a>).</li> </ul> <h3>Fixed</h3> <ul> <li>Fix an issue where re-locking failed for incomplete multiple-constraints dependencies with explicit sources (<a href="https://redirect.github.com/python-poetry/poetry/pull/10324">#10324</a>).</li> <li>Fix an issue where the <code>--directory</code> option did not work if a plugin, which accesses the poetry instance during its activation, was installed (<a href="https://redirect.github.com/python-poetry/poetry/pull/10352">#10352</a>).</li> <li>Fix an issue where <code>poetry env activate -v</code> printed additional information to stdout instead of stderr so that the output could not be used as designed (<a href="https://redirect.github.com/python-poetry/poetry/pull/10353">#10353</a>).</li> <li>Fix an issue where the original error was not printed if building a git dependency failed (<a href="https://redirect.github.com/python-poetry/poetry/pull/10366">#10366</a>).</li> <li>Fix an issue where wheels for the wrong platform were installed in rare cases. (<a href="https://redirect.github.com/python-poetry/poetry/pull/10361">#10361</a>).</li> </ul> <h3>poetry-core (<a href="https://github.com/python-poetry/poetry-core/releases/tag/2.1.3"><code>2.1.3</code></a>)</h3> <ul> <li>Fix an issue where the union of specific inverse or partially inverse markers was not simplified (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/858">#858</a>).</li> <li>Fix an issue where optional dependencies defined in the <code>project</code> section were treated as non-optional when a source was defined for them in the <code>tool.poetry</code> section (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/857">#857</a>).</li> <li>Fix an issue where markers with <code>===</code> were not parsed correctly (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/860">#860</a>).</li> <li>Fix an issue where local versions with upper case letters caused an error (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/859">#859</a>).</li> <li>Fix an issue where <code>extra</code> markers with a value starting with &quot;in&quot; were not validated correctly (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/862">#862</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-poetry/poetry/commit/84eeadc21f92a04d46ea769e3e39d7c902e44136"><code>84eeadc</code></a> release: bump version to 2.1.3</li> <li><a href="https://github.com/python-poetry/poetry/commit/aa08f25982fa8851b8e5e773978a2cb790212353"><code>aa08f25</code></a> chore: update dependencies (especially poetry-core) ... (<a href="https://redirect.github.com/python-poetry/poetry/issues/10374">#10374</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/865e928a000a1715ded7be294939b4469f3c5a85"><code>865e928</code></a> add useful information to error message (<a href="https://redirect.github.com/python-poetry/poetry/issues/10367">#10367</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/b0a982ea2afca288c17fb4c06febcbf50dc27420"><code>b0a982e</code></a> Rename ruff ruleset: <code>TCH</code> → <code>TC</code> (<a href="https://redirect.github.com/python-poetry/poetry/issues/10373">#10373</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/14221f593c35a26c9d993a105199d7a10cd28800"><code>14221f5</code></a> fix <code>get_supported_tags</code> in cases where the target env has a different platfo...</li> <li><a href="https://github.com/python-poetry/poetry/commit/b739891f60000d368057ce4cd3d4c2e712a2d53c"><code>b739891</code></a> fix error handling for git dependencies (<a href="https://redirect.github.com/python-poetry/poetry/issues/10366">#10366</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/13e78bab899941fec2aa093cc0c3b1c7f2f31979"><code>13e78ba</code></a> docs: update path dependency specification example (<a href="https://redirect.github.com/python-poetry/poetry/issues/10171">#10171</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/b51680113e57e102ed18e5f8cc938834544a8bc4"><code>b516801</code></a> outputs 'env activate' verbose message on stderr (<a href="https://redirect.github.com/python-poetry/poetry/issues/10353">#10353</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/8e5426df948cf7dc3be2721fb858c8424ea5f5d7"><code>8e5426d</code></a> Poetry documentation proofread (<a href="https://redirect.github.com/python-poetry/poetry/issues/10354">#10354</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/7cb58f6a299ff6f08b6786d5f205b9cf331ad51a"><code>7cb58f6</code></a> chore: update dependencies and actions (<a href="https://redirect.github.com/python-poetry/poetry/issues/10362">#10362</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python-poetry/poetry/compare/2.1.2...2.1.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/constraints.txt b/.github/workflows/constraints.txt
@@ -1,2 +1,2 @@
-pip==25.1
-poetry==2.1.2
+pip==25.1.1
+poetry==2.1.3
