2.3.3

Fixed

• Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#10792).
• Fix an issue where git dependencies from annotated tags could not be updated (#10719).
• Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#10784).
• Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#10777).
• Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#10748).
• Fix an issue where poetry publish --no-interaction --build requested user interaction (#10769).
• Fix an issue where poetry init and poetry new created a deprecated project.license format (#10787).

Docs

• Clarify the differences between poetry install and poetry update (#10713).
• Clarify the section of fields in the pyproject.toml examples (#10753).
• Add a note about the different installation location when Python from the Microsoft Store is used (#10759).
• Fix the system requirements for Poetry (#10739).
• Fix the poetry cache clear example (#10749).
• Fix the link to pipx installation instructions (#10783).

poetry-core (2.3.2)

• Fix an issue where platform_release could not be parsed on Debian Trixie (#930).
• Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#914).
• Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#919).
• Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#922).
• Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#924).
• Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#925).
• Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#921).
• Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#920).
• Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#929).
• Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#927).

2.3.2

Changed

• Allow dulwich>=1.0 (#10701).

poetry-core (2.3.1)

• Fix an issue where platform_release could not be parsed on Windows Server (#911).

2.3.1

Fixed

• Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

• Document SHELL_VERBOSITY environment variable (#10678).

2.3.0

Added

• Add support for exporting pylock.toml files with poetry-plugin-export (#10677).
• Add support for specifying build constraints for dependencies (#10388).
• Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).
• Add support for editable project plugins (#10661).
• Check requires-poetry before any other validation (#10593).
• Validate the content of project.readme when running poetry check (#10604).
• Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).
• Automatically update the cache for packages where the locked files differ from cached files (#10657).
• Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).
• Propose poetry init when trying poetry new for an existing directory (#10563).
• Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).
• Show Poetry's own Python's path in poetry debug info (#10588).

Changed

• Drop support for Python 3.9 (#10634).
• Change the default of installer.re-resolve from true to false (#10622).
• PEP 735 dependency groups are considered in the lock file hash (#10621).
• Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).
• Improve managing free-threaded Python versions with poetry python (#10606).
• Prefer JSON API to HTML API in legacy repositories (#10672).
• When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).
• Raise an error if no hash can be determined for any distribution link of a package (#10673).
• Require dulwich>=0.25.0 (#10674).

Fixed

• Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#10587).
• Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#10590).
• Fix an issue where poetry add did not work for PEP 735 dependency groups with include-group items (#10636).
• Fix an issue where PEP 735 dependency groups were not considered in the lock file hash (#10621).
• Fix an issue where wrong markers were locked for a dependency that was required by several groups with different markers (#10613).
• Fix an issue where non-deterministic markers were created in a method used by poetry-plugin-export (#10667).
• Fix an issue where wrong wheels were chosen for installation in free-threaded Python environments if Poetry itself was not installed with free-threaded Python (#10614).
• Fix an issue where poetry publish used the metadata of the project instead of the metadata of the build artifact (#10624).
• Fix an issue where poetry env use just used another Python version instead of failing when the requested version was not supported by the project (#10685).
• Fix an issue where poetry env activate returned the wrong command for dash (#10696).
• Fix an issue where data-dir and python.installation-dir could not be set (#10595).
• Fix an issue where Python and pip executables were not correctly detected on Windows (#10645).
• Fix an issue where invalid template variables in virtualenvs.prompt caused an incomprehensible error message (#10648).

Docs

• Add a warning about ~/.netrc for Poetry credential configuration (#10630).
• Clarify that the local configuration takes precedence over the global configuration (#10676).
• Add an explanation in which cases packages are automatically detected (#10680).

poetry-core (2.3.0)

• Normalize versions (#893).
• Fix an issue where unsatisfiable requirements did not raise an error (#891).
• Fix an issue where the implicit main group did not exist if it was explicitly declared as not having any dependencies (#892).
• Fix an issue where python_full_version markers with pre-release versions were parsed incorrectly (#893).

2.2.1

Fixed

• Fix an issue where poetry self show failed with a message about an invalid output format (#10560).

Docs

• Remove outdated statements about dependency groups (#10561).

poetry-core (2.2.1)

• Fix an issue where it was not possible to declare a PEP 735 dependency group as optional (#888).

2.2.0

Added

• Add support for nesting dependency groups (#10166).
• Add support for PEP 735 dependency groups (#10130).
• Add support for PEP 639 license clarity (#10413).
• Add a --format option to poetry show to alternatively output json format (#10487).
• Add official support for Python 3.14 (#10514).

Changed

• Normalize dependency group names (#10387).
• Change installer.no-binary and installer.only-binary so that explicit package names will take precedence over :all: (#10278).
• Improve log output during poetry install when a wheel is built from source (#10404).
• Improve error message in case a file lock could not be acquired while cloning a git repository (#10535).
• Require dulwich>=0.24.0 (#10492).
• Allow virtualenv>=20.33 again (#10506).
• Allow findpython>=0.7 (#10510).
• Allow importlib-metadata>=8.7 (#10511).

Fixed

• Fix an issue where poetry new did not create the project structure in an existing empty directory (#10431).
• Fix an issue where a dependency that was required for a specific Python version was not installed into an environment of a pre-release Python version (#10516).

poetry-core (2.2.0)

• Deprecate table values and values that are not valid SPDX expressions for [project.license] (#870).
• Fix an issue where explicitly included files that are in .gitignore were not included in the distribution (#874).
• Fix an issue where marker operations could result in invalid markers (#875).

2.1.4

Changed

• Require virtualenv<20.33 to work around an issue where Poetry uses the wrong Python version (#10491).
• Improve the error messages for the validation of the pyproject.toml file (#10471).

Fixed

• Fix an issue where project plugins were installed even though poetry install was called with --no-plugins (#10405).
• Fix an issue where dependency resolution failed for self-referential extras with duplicate dependencies (#10488).

Docs

• Clarify how to include files that were automatically excluded via VCS ignore settings (#10442).
• Clarify the behavior of poetry add if no version constraint is explicitly specified (#10445).

2.1.3

Changed

• Require importlib-metadata<8.7 for Python 3.9 because of a breaking change in importlib-metadata 8.7 (#10374).

Fixed

• Fix an issue where re-locking failed for incomplete multiple-constraints dependencies with explicit sources (#10324).
• Fix an issue where the --directory option did not work if a plugin, which accesses the poetry instance during its activation, was installed (#10352).
• Fix an issue where poetry env activate -v printed additional information to stdout instead of stderr so that the output could not be used as designed (#10353).
• Fix an issue where the original error was not printed if building a git dependency failed (#10366).
• Fix an issue where wheels for the wrong platform were installed in rare cases. (#10361).

poetry-core (2.1.3)

• Fix an issue where the union of specific inverse or partially inverse markers was not simplified (#858).
• Fix an issue where optional dependencies defined in the project section were treated as non-optional when a source was defined for them in the tool.poetry section (#857).
• Fix an issue where markers with === were not parsed correctly (#860).
• Fix an issue where local versions with upper case letters caused an error (#859).
• Fix an issue where extra markers with a value starting with "in" were not validated correctly (#862).

2.1.2

Changed

• Improve performance of locking dependencies (#10275).

Fixed

• Fix an issue where markers were not locked correctly (#10240).
• Fix an issue where the result of poetry lock was not deterministic (#10276).
• Fix an issue where poetry env activate returned the wrong command for tcsh (#10243).
• Fix an issue where poetry env activate returned the wrong command for pwsh on Linux (#10256).

Docs

• Update basic usage section to reflect new default layout (#10203).

poetry-core (2.1.2)

• Improve performance of marker operations (#851).
• Fix an issue where incorrect markers were calculated when removing parts covered by the project's Python constraint (#841, #846).
• Fix an issue where extra markers were not simplified (#842, #845, #847).
• Fix an issue where the intersection and union of markers was not deterministic (#843).
• Fix an issue where the intersection of python_version markers was not recognized as empty (#849).
• Fix an issue where python_version markers were not simplified (#848, #851).
• Fix an issue where Python constraints on a package were converted into invalid markers (#853).

2.1.1

Fixed

• Fix an issue where poetry env use python does not choose the Python from the PATH (#10187).

poetry-core (2.1.1)

• Fix an issue where simplifying a python_version marker resulted in an invalid marker (#838).