Fix using Poetry with outdated Python patch versions#1687
Merged
Conversation
The existing Poetry bootstrap process added in #1682 used the pip wheel bundled within the Python stdlib. This required use of pip's `--python` option, which was added to pip in v22.3 in 2022. All of the major Python versions we support have been updated to that pip version or newer, the older patch releases of some of those major Python versions can contain pip versions that are older. Whilst we strongly recommend upgrading to newer patch releases (since older versions are missing security updates and so likely insecure), we still want to support using Poetry on these versions, so the I've adjusted the bootstrap process to no longer use `--python`.
dzuelke
approved these changes
Nov 6, 2024
Merged
edmorley
added a commit
that referenced
this pull request
Feb 24, 2025
This is an alternative approach to installing Poetry that means we can skip installing pip into its virtual environment, but still support the outdated Python versions which bundle older pip (that don't support the `--python` option; see #1687) or that don't correctly isolate the environment when running `ensurepip` (see #1698). Skipping installing pip speeds up the cold cache build for Poetry slightly, and also reduces the build cache size (which will help with the cache save and restore times for warm builds too). The pip installed in the Poetry venv wasn't exposed to apps (since it wasn't on `PATH`) so is safe to remove. GUS-W-17895154.
edmorley
added a commit
that referenced
this pull request
Feb 24, 2025
This is an alternative approach to installing Poetry that means we can skip installing pip into its virtual environment, but still support the outdated Python versions which bundle older pip (that don't support the `--python` option; see #1687) or that don't correctly isolate the environment when running `ensurepip` (see #1698). Skipping installing pip speeds up the cold cache build for Poetry slightly, and also reduces the build cache size (which will help with the cache save and restore times for warm builds too). The pip installed in the Poetry venv wasn't exposed to apps (since it wasn't on `PATH`) so is safe to remove. GUS-W-17895154.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The existing Poetry bootstrap process added in #1682 used the pip wheel bundled within the Python stdlib.
This required use of pip's
--pythonoption, which was added to pip in v22.3 in 2022. All of the major Python versions we support have been updated to that pip version or newer, however, the older patch releases of some of those major Python versions can contain pip versions that are older (for example, whilst latest Python 3.9.x bundles pip v23.0.1, Python 3.9.0 bundles pip v20.2.1).Previously, using those older patch versions would result in:
Whilst we strongly recommend users upgrade to newer patch releases (since older versions are missing security updates and so likely insecure), we still want to support using Poetry on these versions, so the I've adjusted the bootstrap process to no longer use
--pythonto prevent that error.