Support for updating Poetry pyproject.toml, not just poetry.lock? #8603
Description
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
poetry
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
/pyproject.toml, /poetry.lock
dependabot.yml content
Default configuration (no dependabot.yml)
Updated dependency
No response
What you expected to see, versus what you actually saw
Given that the documentation specifies that the default versioning-strategy for the Python ecosystem is auto, I'd expect Dependabot PRs to by default update pyproject.toml as per either theincrease or widen strategies.
Instead, only the poetry.lock is updated by Dependabot. This is of very limited usefulness since poetry.lock only influences what gets installed when working directly in the repository, and has no impact on the dependencies that are specified when packaging and distributing our code via PyPI. As a result, we almost always have to manually "fix up" Dependabot's pull requests (usually by pulling down the branch and manually running poetry add <dependency>~<new-version>) to include appropriate pyproject.toml updates in order to actually affect the packaging of our project.
I'm guessing that this may be because Dependabot states support for PEP 621 compliant pyproject.toml files, and Poetry's pyproject.toml is not currently PEP 621 compliant. But as an end user of Dependabot, it would be useful to have this variant file format supported as well.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response