• [x] I am on the latest Poetry version.
• [x] I have searched the issues of this repo and believe that this is not a duplicate.
• [ ] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: MacOS 10.15.5
• Poetry version: 1.1.2
• Link of a Gist with the contents of your pyproject.toml file: N/A

Issue

I have notice a regression compared to poetry 1.0.10 in the following case:

• I add package dependency with a python version constraint ("typing-extensions")
• I add a development dependency having the same sub-dependency with no python version constraint ("black").

The command poetry export give a wrong result with poetry 1.1.2 (it's OK with 1.0.10)

How to reproduce:

poetry new example
cd example
sed -i '/^python = /s/3.8/3.7/' pyproject.toml
poetry add --python="<3.8" typing-extensions
poetry export -f requirements.txt | grep typing
poetry add --dev black
poetry export -f requirements.txt | grep typing

Output for Poetry 1.0.10 (Python 3.8.6):

...
typing-extensions==3.7.4.3; python_version < "3.8" \
...
typing-extensions==3.7.4.3 \

Output for Poetry 1.1.2 (Python 3.8.6):

...
typing-extensions==3.7.4.3; python_version < "3.8" \
...
typing-extensions==3.7.4.3; python_version < "3.8" \

• [x] I am on the latest Poetry version.
• [x] I have searched the issues of this repo and believe that this is not a duplicate.
• [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS Mojave 10.14.6
• Poetry version: 1.1.3 with python-poetry/poetry#3251 fix

Issue

This issue is a follow-up to the problem identified in python-poetry/poetry#3238:

But... there's one more thing. I've also run: poetry@3251 export -f requirements.txt -o requirements.txt --without-hashes --with-credentials and the first line of the output file is: --extra-index-url http://repository.intranet.foobar.com/artifactory/api/pypi/pypi-virtual/simple

When using default = true we get then: --index-url http://repository.intranet.foobar.com/artifactory/api/pypi/pypi-virtual/simple

At first sight it seems okay, but we have to remember about the issue with pip and --extra-index-url: https://pydist.com/blog/extra-index-url https://github.com/pypa/pip/issues/5045 I assume it's already handled by Poetry itself, but to make it error-prone when exporting the requirements.txt file imho we should also keep the approach of specifying individual index per each package, e.g.: --index-url http://repository.intranet.foobar.com/artifactory/api/pypi/pypi-virtual/simple anyconfig==0.9.11

PS Of course there should be also --trusted-host flag in any of these scenarios due to http, but there was another PR for that, afair - already merged, just not released yet.

@abn has already confirmed the validity of the issue, but also provided one concern:

@jaklan appreciate the input on that. I'd suggest we raise that as a new issue. I agree that a per package index is better for the extra-index case. One worry, however, is that people seem to be attached to the current export format because some do text processing of the output it for various reasons.

So we also have to consider how to introduce such a change not to break any existing workflows.

I've been using poetry export to generate a constraints file for use with pip. Sometime after the poetry 1.2.0a2 and poetry-core 1.1.0a7 releases, this command is now includes extras in its output such as docker[ssh]==6.0.0 which is not supported in pip constraints files.

Would you be open to at least adding an option to change this behavior? The easiest to implement would probably be something like a --no-extras flag (which may need a better name to avoid confusion with --extras). Another option would be to add support for a constraints.txt format.

Poetry 1.2.0 cannot export a project with a cyclic dependency. I'm unsure if this is an exporter or a Poetry issue, or what would be involved in fixing it, as I have not dug into it myself yet.

$ pipx install poetry==1.2.0
$ git clone https://github.com/python-poetry/poetry && cd poetry
$ poetry export -f requirements.txt -o requirements.txt

Dependency walk failed at poetry (>=1.2.0b3,<2.0.0)

Ironically, that version constraint comes from this repository itself (poetry = ^1.2.0b3).

• Poetry version: 1.2.2
• Python version: 3.8.13
• OS version and name: macOS 13.0.1
• pyproject.toml:

`[tool.poetry] name = "debug" version = "0.1.0" description = "" authors = [] readme = "README.md"

[tool.poetry.dependencies] python = "^3.8" statsmodels = "^0.13.5"

[build-system] requires = ["poetry-core"] build-backend = "poetry.core.masonry.api"`

• [ x ] I am on the latest stable Poetry version, installed using a recommended method.
• [ x ] I have searched the issues of this repo and believe that this is not a duplicate.
• [ x ] I have consulted the FAQ and blog for any relevant entries or release notes.
• [ x ] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

When trying to export poetry.lock to requirements.txt format i receive an error: Dependency walk failed at scipy(>=1.3, <1.9)

After digging deeper it seems like the error is coming from statsmodels which leads to scipy being in poetry.lock with 2 different versions.

poetry.lock: scipy = [ {file = "scipy-1.8.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:65b77f20202599c51eb2771d11a6b899b97989159b7975e9b5259594f1d35ef4"}, {file = "scipy-1.8.1-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:e013aed00ed776d790be4cb32826adb72799c61e318676172495383ba4570aa4"}, {file = "scipy-1.8.1-cp310-cp310-macosx_12_0_universal2.macosx_10_9_x86_64.whl", hash = "sha256:02b567e722d62bddd4ac253dafb01ce7ed8742cf8031aea030a41414b86c1125"}, {file = "scipy-1.8.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1da52b45ce1a24a4a22db6c157c38b39885a990a566748fc904ec9f03ed8c6ba"}, {file = "scipy-1.8.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a0aa8220b89b2e3748a2836fbfa116194378910f1a6e78e4675a095bcd2c762d"}, {file = "scipy-1.8.1-cp310-cp310-win_amd64.whl", hash = "sha256:4e53a55f6a4f22de01ffe1d2f016e30adedb67a699a310cdcac312806807ca81"}, {file = "scipy-1.8.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:28d2cab0c6ac5aa131cc5071a3a1d8e1366dad82288d9ec2ca44df78fb50e649"}, {file = "scipy-1.8.1-cp38-cp38-macosx_12_0_arm64.whl", hash = "sha256:6311e3ae9cc75f77c33076cb2794fb0606f14c8f1b1c9ff8ce6005ba2c283621"}, {file = "scipy-1.8.1-cp38-cp38-macosx_12_0_universal2.macosx_10_9_x86_64.whl", hash = "sha256:3b69b90c9419884efeffaac2c38376d6ef566e6e730a231e15722b0ab58f0328"}, {file = "scipy-1.8.1-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:6cc6b33139eb63f30725d5f7fa175763dc2df6a8f38ddf8df971f7c345b652dc"}, {file = "scipy-1.8.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9c4e3ae8a716c8b3151e16c05edb1daf4cb4d866caa385e861556aff41300c14"}, {file = "scipy-1.8.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:23b22fbeef3807966ea42d8163322366dd89da9bebdc075da7034cee3a1441ca"}, {file = "scipy-1.8.1-cp38-cp38-win32.whl", hash = "sha256:4b93ec6f4c3c4d041b26b5f179a6aab8f5045423117ae7a45ba9710301d7e462"}, {file = "scipy-1.8.1-cp38-cp38-win_amd64.whl", hash = "sha256:70ebc84134cf0c504ce6a5f12d6db92cb2a8a53a49437a6bb4edca0bc101f11c"}, {file = "scipy-1.8.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f3e7a8867f307e3359cc0ed2c63b61a1e33a19080f92fe377bc7d49f646f2ec1"}, {file = "scipy-1.8.1-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:2ef0fbc8bcf102c1998c1f16f15befe7cffba90895d6e84861cd6c6a33fb54f6"}, {file = "scipy-1.8.1-cp39-cp39-macosx_12_0_universal2.macosx_10_9_x86_64.whl", hash = "sha256:83606129247e7610b58d0e1e93d2c5133959e9cf93555d3c27e536892f1ba1f2"}, {file = "scipy-1.8.1-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:93d07494a8900d55492401917a119948ed330b8c3f1d700e0b904a578f10ead4"}, {file = "scipy-1.8.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d3b3c8924252caaffc54d4a99f1360aeec001e61267595561089f8b5900821bb"}, {file = "scipy-1.8.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70de2f11bf64ca9921fda018864c78af7147025e467ce9f4a11bc877266900a6"}, {file = "scipy-1.8.1-cp39-cp39-win32.whl", hash = "sha256:1166514aa3bbf04cb5941027c6e294a000bba0cf00f5cdac6c77f2dad479b434"}, {file = "scipy-1.8.1-cp39-cp39-win_amd64.whl", hash = "sha256:9dd4012ac599a1e7eb63c114d1eee1bcfc6dc75a29b589ff0ad0bb3d9412034f"}, {file = "scipy-1.8.1.tar.gz", hash = "sha256:9e3fb1b0e896f14a85aa9a28d5f755daaeeb54c897b746df7a55ccb02b340f33"}, {file = "scipy-1.9.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:1884b66a54887e21addf9c16fb588720a8309a57b2e258ae1c7986d4444d3bc0"}, {file = "scipy-1.9.3-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:83b89e9586c62e787f5012e8475fbb12185bafb996a03257e9675cd73d3736dd"}, {file = "scipy-1.9.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1a72d885fa44247f92743fc20732ae55564ff2a519e8302fb7e18717c5355a8b"}, {file = "scipy-1.9.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d01e1dd7b15bd2449c8bfc6b7cc67d630700ed655654f0dfcf121600bad205c9"}, {file = "scipy-1.9.3-cp310-cp310-win_amd64.whl", hash = "sha256:68239b6aa6f9c593da8be1509a05cb7f9efe98b80f43a5861cd24c7557e98523"}, {file = "scipy-1.9.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b41bc822679ad1c9a5f023bc93f6d0543129ca0f37c1ce294dd9d386f0a21096"}, {file = "scipy-1.9.3-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:90453d2b93ea82a9f434e4e1cba043e779ff67b92f7a0e85d05d286a3625df3c"}, {file = "scipy-1.9.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:83c06e62a390a9167da60bedd4575a14c1f58ca9dfde59830fc42e5197283dab"}, {file = "scipy-1.9.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:abaf921531b5aeaafced90157db505e10345e45038c39e5d9b6c7922d68085cb"}, {file = "scipy-1.9.3-cp311-cp311-win_amd64.whl", hash = "sha256:06d2e1b4c491dc7d8eacea139a1b0b295f74e1a1a0f704c375028f8320d16e31"}, {file = "scipy-1.9.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:5a04cd7d0d3eff6ea4719371cbc44df31411862b9646db617c99718ff68d4840"}, {file = "scipy-1.9.3-cp38-cp38-macosx_12_0_arm64.whl", hash = "sha256:545c83ffb518094d8c9d83cce216c0c32f8c04aaf28b92cc8283eda0685162d5"}, {file = "scipy-1.9.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0d54222d7a3ba6022fdf5773931b5d7c56efe41ede7f7128c7b1637700409108"}, {file = "scipy-1.9.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cff3a5295234037e39500d35316a4c5794739433528310e117b8a9a0c76d20fc"}, {file = "scipy-1.9.3-cp38-cp38-win_amd64.whl", hash = "sha256:2318bef588acc7a574f5bfdff9c172d0b1bf2c8143d9582e05f878e580a3781e"}, {file = "scipy-1.9.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d644a64e174c16cb4b2e41dfea6af722053e83d066da7343f333a54dae9bc31c"}, {file = "scipy-1.9.3-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:da8245491d73ed0a994ed9c2e380fd058ce2fa8a18da204681f2fe1f57f98f95"}, {file = "scipy-1.9.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4db5b30849606a95dcf519763dd3ab6fe9bd91df49eba517359e450a7d80ce2e"}, {file = "scipy-1.9.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c68db6b290cbd4049012990d7fe71a2abd9ffbe82c0056ebe0f01df8be5436b0"}, {file = "scipy-1.9.3-cp39-cp39-win_amd64.whl", hash = "sha256:5b88e6d91ad9d59478fafe92a7c757d00c59e3bdc3331be8ada76a4f8d683f58"}, {file = "scipy-1.9.3.tar.gz", hash = "sha256:fbc5c05c85c1a02be77b1ff591087c83bc44579c6d2bd9fb798bb64ea5e1a027"},

Original error: `Source (poetry-locked): 1 packages found for statsmodels >=0.13.5,<0.14.0

Stack trace:

12 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/cleo/application.py:329 in run 327│ 328│ try: → 329│ exit_code = self._run(io) 330│ except Exception as e: 331│ if not self._catch_exceptions:

11 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry/console/application.py:185 in _run 183│ self._load_plugins(io) 184│ → 185│ exit_code: int = super()._run(io) 186│ return exit_code 187│

10 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/cleo/application.py:423 in _run 421│ io.input.set_stream(stream) 422│ → 423│ exit_code = self._run_command(command, io) 424│ self._running_command = None 425│

9 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/cleo/application.py:465 in _run_command 463│ 464│ if error is not None: → 465│ raise error 466│ 467│ return event.exit_code

8 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/cleo/application.py:449 in _run_command 447│ 448│ if event.command_should_run(): → 449│ exit_code = command.run(io) 450│ else: 451│ exit_code = ConsoleCommandEvent.RETURN_CODE_DISABLED

7 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/cleo/commands/base_command.py:119 in run 117│ io.input.validate() 118│ → 119│ status_code = self.execute(io) 120│ 121│ if status_code is None:

6 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/cleo/commands/command.py:83 in execute 81│ 82│ try: → 83│ return self.handle() 84│ except KeyboardInterrupt: 85│ return 1

5 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry_plugin_export/command.py:107 in handle 105│ exporter.with_credentials(self.option("with-credentials")) 106│ exporter.with_urls(not self.option("without-urls")) → 107│ exporter.export(fmt, Path.cwd(), output or self.io) 108│

4 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry_plugin_export/exporter.py:86 in export 84│ raise ValueError(f"Invalid export format: {fmt}") 85│ → 86│ getattr(self, self.EXPORT_METHODS[fmt])(cwd, output) 87│ 88│ def _export_generic_txt(

3 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry_plugin_export/exporter.py:101 in _export_generic_txt 99│ ) 100│ → 101│ for dependency_package in get_project_dependency_packages( 102│ self._poetry.locker, 103│ project_requires=root.all_requires,

2 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry_plugin_export/walker.py:103 in get_project_dependency_packages 101│ selected.append(dependency) 102│ → 103│ for package, dependency in get_project_dependencies( 104│ project_requires=selected, 105│ locked_packages=repository.packages,

1 ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry_plugin_export/walker.py:129 in get_project_dependencies 127│ ) 128│ → 129│ nested_dependencies = walk_dependencies( 130│ dependencies=project_requires, 131│ packages_by_name=packages_by_name,

RuntimeError

Dependency walk failed at scipy (>=1.3,<1.9)

at ~/Library/Application Support/pypoetry/venv/lib/python3.8/site-packages/poetry_plugin_export/walker.py:155 in walk_dependencies 151│ requirement, packages_by_name, nested_dependencies 152│ ) 153│ 154│ if not locked_package: → 155│ raise RuntimeError(f"Dependency walk failed at {requirement}") 156│ 157│ if requirement.extras: 158│ locked_package = locked_package.with_features(requirement.extras)`

• [*] I am on the latest Poetry version.
• [*] I have searched the issues of this repo and believe that this is not a duplicate.

• OS version and name: kubuntu 21.10
• Poetry version: 1.1.11

Issue

The poetry export command doesn't export md5 hashes.

Added

• Add support for exporting constraints.txt files (#128).

Fixed

• Fix an issue where a relative path passed via -o was not interpreted relative to the current working directory (#130).
• Fix an issue where the names of extras were not normalized according to PEP 685 (#123).

export command provides single hash for yamllint

yamllint==1.28.0 ; python_version >= "3.10" and python_version < "4.0" \
    --hash=sha256:9e3d8ddd16d0583214c5fdffe806c9344086721f107435f68bad990e5a88826b

And pip fails

poetry export -f requirements.txt --with dev | poetry run -- pip install -r /dev/stdin

• Poetry version: 1.2.1
• Python version: 3.9.14
• OS version and name: 20.04
• pyproject.toml: https://github.com/DontShaveTheYak/cloud-radar/pull/160

• [x] I am on the latest stable Poetry version, installed using a recommended method.
• [x] I have searched the issues of this repo and believe that this is not a duplicate.
• [x] I have consulted the FAQ and blog for any relevant entries or release notes.
• [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

Before upgrading to poetry 1.2.1, I was using 1.1.4. In my CICD pipeline I had nox installing my dependencies by having poetry export a requirements.txt. This was the command nox would run.

$ poetry export --with dev --format=requirements.txt --without-hashes --output=/tmp/tmpzi691uyz

It then ran this command:

$ python -m pip install --constraint=/tmp/tmpke1yt5pq flake8 flake8-black flake8-bugbear flake8-import-order

This used to work correctly but now I get this:

$ nox > Command python -m pip install --constraint=/tmp/tmpke1yt5pq flake8 flake8-black flake8-bugbear flake8-import-order failed with exit code 1:
DEPRECATION: Constraints are only allowed to take the form of a package name and a version specifier. Other forms were originally permitted as an accident of the implementation, but were undocumented. The new implementation of the resolver no longer supports these forms. A possible replacement is replacing the constraint with a requirement. Discussion can be found at https://github.com/pypa/pip/issues/8210
ERROR: Constraints cannot have extras
nox > Session lint-3.9 failed.

When I cat the requirements file I see coverage twice (its the only dependency I have where I use an "extra").

coverage==6.4.4 ; python_version >= "3.8" and python_version < "4.0"
coverage[toml]==6.4.4 ; python_version >= "3.8" and python_version < "4.0"

I don't know why its listed twice. I do know that the generated file does install correctly from a new venv, so its only broken when used as a constraint file.

I created an empty project, ran poetry add s3fs, and export created a broken file. https://gist.github.com/shai4lt/c5306a9c2221203c7368532c6951814a

(I should probably note that, having looked now, the packages missing hashes seem to miss them already in the lock file, so maybe export is not the culprit -- but export is where it causes issues.

poetry 1.2.0b2 with the export plugin (AFAICT poetry 1.1.13 and 1.1.14 behave the same)

• [x] I am on the latest Poetry version.

• [x] I have searched the issues of this repo and believe that this is not a duplicate.

• OS version and name: RHEL Linux 7.6, Python 3.7.4

• Poetry version: 1.0.9

Issue

I think I found a bug... I have two internal repos (the second one requries credentials which I have stored in my pyproject.toml):

[[tool.poetry.source]]
name = "internal-mirror"
url = "https://server/artifactory/api/pypi/pypi-remote/simple"
default = true

[[tool.poetry.source]]
name = "myproject"
url = "https://server/artifactory/api/pypi/myproject-pypi-local/simple"
secondary = true

Poetry successfully installs using both repos, nice! But when I export to requirements.txt, I only get the --index-url and not the --extra-index-url definitions, which makes this requirements file incomplete and pip is unable to find my secondary repo:

$ poetry export --format requirements.txt --without-hashes --output requirements.txt

--index-url https://server/artifactory/api/pypi/pypi-remote/simple

myproject==3.1.7

To me, this looks like a bug. I would expect that the --extra-index-url would also appear in the exported requirements.txt file, right?

• Poetry version: 1.2.2, 1.3.1
• Python version: 3.10
• OS version and name: Ubuntu 22.04, docker: python:3.10
• pyproject.toml: https://gist.github.com/narel/a22d155534d242a4b75b3a3e5ef29ef3

Exported requirements are broken for git repositories:

poetry add 'git+https://github.com/hbldh/bankkonto'
poetry export --without-hashes -o requirements.txt
pip install -r requirements.txt

gives:

Collecting bankkonto@ git+https://github.com/hbldh/bankkonto@HEAD
  Cloning https://github.com/hbldh/bankkonto (to revision HEAD) to /tmp/pip-install-6mm0ux77/bankkonto_ebbff97884e64ad791b34a74e1e1f8ee
  Running command git clone --filter=blob:none --quiet https://github.com/hbldh/bankkonto /tmp/pip-install-6mm0ux77/bankkonto_ebbff97884e64ad791b34a74e1e1f8ee
  Running command git checkout -b HEAD --track origin/HEAD
  fatal: 'HEAD' is not a valid branch name.
  error: subprocess-exited-with-error

It works without any problems on poetry 1.1.15.

• [x] I have searched the issues of this repo and believe that this is not a duplicate.
• [x] I have searched the FAQ and general documentation and believe that my question is not already covered.

Feature Request

We benefited greatly from python-poetry/poetry#2773 and I think adding it to the exported requirements files would be a great idea as well.

I would be happy to tackle this.

I'm not certain the cause of the problem here, but this plugin fails if poetry 1.3.1 and tox 3.27.1 are selected in poetry.lock. This currently happens right now even if you let Poetry pick the poetry and tox versions. For instance, with this simple pyproject.toml file, right now I see the following:

$ poetry lock
Updating dependencies
Resolving dependencies... (1.2s)
$ poetry export

Dependency walk failed at virtualenv (>=16.0.0,!=20.0.0,!=20.0.1,!=20.0.2,!=20.0.3,!=20.0.4,!=20.0.5,!=20.0.6,!=20.0.7)

Here's the created poetry.lock file.

This may be related to https://github.com/python-poetry/poetry-plugin-export/issues/118.

updates:

• github.com/pre-commit/pre-commit-hooks: v4.3.0 → v4.4.0
• github.com/asottile/pyupgrade: v3.2.2 → v3.3.1
• github.com/pycqa/isort: 5.10.1 → 5.11.4
• github.com/psf/black: 22.10.0 → 22.12.0
• github.com/pycqa/flake8: 5.0.4 → 6.0.0

On windows os.linesep includes a carriage return, so when the output file is opened in text mode, \n is translated to \r\n. This can be disabled by passing newline='' when opening the file.

Whether this should be the default is another question. Personally I would prefer it if poetry produced identical output files regardless of the system. 🤷‍♂️ If this cannot be the default, then a flag or configuration option would be sufficient.

• Poetry version: Poetry (version 1.2.2)
• Python version: 3.11.0
• OS version and name: Arch Linux
• pyproject.toml: -

• [x] I am on the latest stable Poetry version, installed using a recommended method.
• [x] I have searched the issues of this repo and believe that this is not a duplicate.
• [x] I have consulted the FAQ and blog for any relevant entries or release notes.
• [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

Given something along django-fsm-admin = { url = "https://github.com/infarm/django-fsm-admin/archive/38f2719935be16a7c01d110651ad8ea8383bbe1d.zip" } in [tool.poetry.dependencies] it results in django-fsm-admin @ https://github.com/infarm/django-fsm-admin/archive/38f2719935be16a7c01d110651ad8ea8383bbe1d.zip ; python_version >= "3.11" and python_version < "4.0" when using poetry export -f requirements.txt -o "requirements-main.txt" --only=main.

When using pip install -r requirements-main.txt it causes the following error:

ERROR: Hashes are required in --require-hashes mode, but they are missing from some requirements. Here is a list of those requirements along with the hashes their downloaded archives actually had. Add lines like these to your requirements files to prevent tampering. (If you did not enable --require-hashes manually, note that it turns on automatically when any package has a hash.) https://github.com/infarm/django-fsm-admin/archive/38f2719935be16a7c01d110651ad8ea8383bbe1d.zip --hash=sha256:32bc3205cec3ec83a78dd0fd0b5f02f25d81a9689493c2580c8fdb4e02c6f4ec

I think with "url" requirements hashes can and should get included in the exported file.

For reference: this was fixed in PDM in https://github.com/pdm-project/pdm/commit/1a1f8748 (via https://github.com/pdm-project/pdm/issues/1103), where the output in requirements.txt looks as follows:

django-fsm-admin @ https://github.com/infarm/django-fsm-admin/archive/38f2719935be16a7c01d110651ad8ea8383bbe1d.zip \
    --hash=sha256:32bc3205cec3ec83a78dd0fd0b5f02f25d81a9689493c2580c8fdb4e02c6f4ec