Is there an existing issue for this?
Package ecosystem
pip
Package manager version
poetry 2.2.1
Language version
Python 3.13
Manifest location and content before the Dependabot update
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/pyproject.toml
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/poetry.lock
dependabot.yml content
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/.github/dependabot.yml
Updated dependency
fastapi 0.124.0 -> 0.125.0
black 25.11.0 -> 25.12.0
What you expected to see, versus what you actually saw
I use poetry to manage package dependencies. Package has multiple extras:
data-syncmaster - pydantic + pydantic-settings + sqlalchemydata-syncmaster[server] - fastapi + uvicorndata-syncmaster[scheduler] - apschedulerdata-syncmaster[worker] - celery + pyspark + onetl[ftp,ftps,hdfs,sftp,s3,webdav]
Dependabot correctly updates FastAPI version in pyproject.toml [tool.poetry.dependencies] section.
But in poetry.lock something strange happens:
- it drops some dependencies defined with
extras == "worker", like ftputil (from onetl[ftp]), paramiko (from onetl[s3]), minio (from onetl[s3] -> minio), webdavclient3 (from onetl[webdav])
- for some dependencies with
extras == "worker" it converts optional = true to optional = false, like etl-entities (from onetl without extras), psutil or bidict (from onetl -> etl-entities)
I cannot reproduce this by running poetry add fastapi==0.124.0 --optional server or poetry add black==25.12.0 --group dev - these commands touche only fastapi and black versions, and do not mess up with dependencies of extras == "worker".
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
MTSWebServices/syncmaster@e73659d
https://github.com/MobileTeleSystems/syncmaster/pull/306/files
Smallest manifest that reproduces the issue
No response
Is there an existing issue for this?
Package ecosystem
pip
Package manager version
poetry 2.2.1
Language version
Python 3.13
Manifest location and content before the Dependabot update
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/pyproject.toml
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/poetry.lock
dependabot.yml content
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/.github/dependabot.yml
Updated dependency
fastapi 0.124.0 -> 0.125.0
black 25.11.0 -> 25.12.0
What you expected to see, versus what you actually saw
I use poetry to manage package dependencies. Package has multiple extras:
data-syncmaster- pydantic + pydantic-settings + sqlalchemydata-syncmaster[server]- fastapi + uvicorndata-syncmaster[scheduler]- apschedulerdata-syncmaster[worker]- celery + pyspark + onetl[ftp,ftps,hdfs,sftp,s3,webdav]Dependabot correctly updates FastAPI version in pyproject.toml
[tool.poetry.dependencies]section.But in poetry.lock something strange happens:
extras == "worker", likeftputil(fromonetl[ftp]),paramiko(fromonetl[s3]),minio(fromonetl[s3]->minio),webdavclient3(fromonetl[webdav])extras == "worker"it convertsoptional = truetooptional = false, likeetl-entities(fromonetlwithout extras),psutilorbidict(fromonetl->etl-entities)I cannot reproduce this by running
poetry add fastapi==0.124.0 --optional serverorpoetry add black==25.12.0 --group dev- these commands touche onlyfastapiandblackversions, and do not mess up with dependencies ofextras == "worker".Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
MTSWebServices/syncmaster@e73659d
https://github.com/MobileTeleSystems/syncmaster/pull/306/files
Smallest manifest that reproduces the issue
No response