我在构建链中使用poetry.lock文件作为真相的来源,因此,我想确保它始终可靠。或者换句话说,鉴于我的依赖项都没有发布新版本,添加和删除依赖项会在锁文件中积累不必要的伪像吗?
特别是,在删除依赖项之后,有时我会删除锁文件,并使用poetry lock重新生成该锁文件,以作为一种警告措施,但是注意到结果始终与我刚刚删除的结果相同。这仅仅是偶然,还是可以保证的行为?
答案 0 :(得分:0)
这不是保证行为。例如,在我们的一个项目中,pyproject.toml中包含以下内容:
[tool.poetry.dependencies]
django-storages = {version = "1.7.1",extras = ["boto3"]}
当我现在在此项目上运行poetry lock时,结果差异如下所示,因为我们仅指定所需的django-storages版本,而不指定boto3的版本它应该使用:
diff --git a/poetry.lock b/poetry.lock
index 6d542df..0ec8d23 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -77,10 +77,10 @@ marker = "extra == \"boto3\""
name = "boto3"
optional = false
python-versions = "*"
-version = "1.9.189"
+version = "1.9.191"
[package.dependencies]
-botocore = ">=1.12.189,<1.13.0"
+botocore = ">=1.12.191,<1.13.0"
jmespath = ">=0.7.1,<1.0.0"
s3transfer = ">=0.2.0,<0.3.0"
@@ -91,7 +91,7 @@ marker = "extra == \"boto3\""
name = "botocore"
optional = false
python-versions = "*"
-version = "1.12.189"
+version = "1.12.191"
[package.dependencies]
docutils = ">=0.10"
@@ -359,8 +359,8 @@ category = "main"
description = "Docutils -- Python Documentation Utilities"
name = "docutils"
optional = false
-python-versions = "*"
-version = "0.14"
+python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
+version = "0.15.1"
[[package]]
category = "main"
运行pyproject.toml时,将更新poetry lock中未指定的任何内容。