Poetry update ignores git dependency

[ghost]

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Windows 10 (build 19041)

• Poetry version: 1.0.5

Issue

One of our dependency warrant depends on python-jose-cryptodome.
In our pyproject.toml, we added a git repo which should override the default python-jose-cryptodome from pypi.

[tool.poetry.dependencies]
python-jose-cryptodome = {git = "https://github.com/AlexionSoftware/python-jose-cryptodome", branch = "1.3.2"}
In our version we have remove the constrain that pycryptdome should be lower than <3.4.0.

When we install everything is fine. It uses the right versions, so we get pycryptdome version 3.9.7.

However, when we say poetry update we get pycryptdome 3.3.1. It completly ignores our git override. It even removes a part of the code which mentions the git repo in the poetry.lock.

A piece of the debug log

Resolving dependencies...
...
1: fact: random-string depends on python-jose-cryptodome ()
1: fact: random-string depends on warrant (^0.6.1)
...
1: derived: warrant (^0.6.1)
1: derived: python-jose-cryptodome ()
...
PyPI: 1 packages found for warrant >=0.6.1,<0.7.0
1: fact: warrant (0.6.1) depends on boto3 (>=1.4.3)
1: fact: warrant (0.6.1) depends on envs (>=0.3.0)
1: fact: warrant (0.6.1) depends on python-jose-cryptodome (>=1.3.2)
1: fact: warrant (0.6.1) depends on requests (>=2.13.0)
1: selecting warrant (0.6.1)
1: derived: python-jose-cryptodome (>=1.3.2)
1: derived: envs (>=0.3.0)
...
PyPI: 1 packages found for python-jose-cryptodome >=1.3.2
1: fact: python-jose-cryptodome (1.3.2) depends on pycryptodome (>=3.3.1,<3.4.0)
1: fact: python-jose-cryptodome (1.3.2) depends on six (<2.0)
1: fact: python-jose-cryptodome (1.3.2) depends on ecdsa (<1.0)
1: fact: python-jose-cryptodome (1.3.2) depends on future (<1.0)
1: selecting python-jose-cryptodome (1.3.2)
1: derived: future (<1.0)
1: derived: ecdsa (<1.0)
1: derived: six (<2.0)
1: derived: pycryptodome (>=3.3.1,<3.4.0)
...
PyPI: 1 packages found for pycryptodome >=3.3.1,<3.4.0
1: selecting pycryptodome (3.3.1)
...

[jayvdb]

I hit this, and the solution for me was to delete poetry.lock

[sohaiberrabii]

Closing as this is no longer an issue with Poetry 1.2.1. Only Poetry 1.2.x and Poetry 1.3-dev are supported.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.