Poetry integration messes up with package extras #13728
Description
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
pip
Package manager version
poetry 2.2.1
Language version
Python 3.13
Manifest location and content before the Dependabot update
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/pyproject.toml
https://github.com/MobileTeleSystems/syncmaster/blob/41427e500a1b1b9da7240afc9f4fd1b918e222d7/poetry.lock
dependabot.yml content
Updated dependency
fastapi 0.124.0 -> 0.125.0
black 25.11.0 -> 25.12.0
What you expected to see, versus what you actually saw
I use poetry to manage package dependencies. Package has multiple extras:
data-syncmaster- pydantic + pydantic-settings + sqlalchemydata-syncmaster[server]- fastapi + uvicorndata-syncmaster[scheduler]- apschedulerdata-syncmaster[worker]- celery + pyspark + onetl[ftp,ftps,hdfs,sftp,s3,webdav]
Dependabot correctly updates FastAPI version in pyproject.toml [tool.poetry.dependencies] section.
But in poetry.lock something strange happens:
- it drops some dependencies defined with
extras == "worker", likeftputil(fromonetl[ftp]),paramiko(fromonetl[s3]),minio(fromonetl[s3]->minio),webdavclient3(fromonetl[webdav]) - for some dependencies with
extras == "worker"it convertsoptional = truetooptional = false, likeetl-entities(fromonetlwithout extras),psutilorbidict(fromonetl->etl-entities)
I cannot reproduce this by running poetry add fastapi==0.124.0 --optional server or poetry add black==25.12.0 --group dev - these commands touche only fastapi and black versions, and do not mess up with dependencies of extras == "worker".
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
MobileTeleSystems/syncmaster@e73659d
https://github.com/MobileTeleSystems/syncmaster/pull/306/files
Smallest manifest that reproduces the issue
No response