`poetry update <single-pkg>` updates a different package with extras specification

- [x] I am on the [latest](https://github.com/python-poetry/poetry/releases/latest) Poetry version.
- [x] I have searched the [issues](https://github.com/python-poetry/poetry/issues) of this repo and believe that this is not a duplicate.
- [x] If an exception occurs when executing a command, I executed it again in debug mode (`-vvv` option).



- **OS version and name**: Ubuntu 16.04
- **Poetry version**: 1.1.2
- **Link of a [Gist](https://gist.github.com/) with the contents of your pyproject.toml file**: https://gist.github.com/immerrr/0d55d8958683d26a024153cade39b266



## Issue


It looks like packages with extras circumvent the whitelisting restriction when updating a single package with
```
poetry update <single-pkg>
```

Here's a repro:
- in the pyproject.toml linked above, change watchdog version to be strictly `0.10.2`, and do `poetry update`
- now, revert the watchdog version requirement to be `^0.10.2`, but this time do `poetry update decorator`
- expected behaviour: poetry does not change anything, as there is no new version of `decorator` package
- actual behaviour: 

<details>

<summary>
watchdog is updated to `0.10.3`
</summary>

```
$ poetry -V
Poetry version 1.1.2
$ poetry show --tree
decorator 4.4.2 Decorators for Humans
watchdog 0.10.2 Filesystem events monitoring
├── argh >=0.24.1
├── pathtools >=0.1.1
└── pyyaml >=3.10
$ poetry update decorator -vvv
Using virtualenv: /mnt/extraspace/virtualenvs/poetry-test-TzTtOsUh-py3.7
Updating dependencies
Resolving dependencies...
   1: fact: poetry-test is 0.1.0
   1: derived: poetry-test
   1: fact: poetry-test depends on watchdog[watchmedo] (^0.10.2)
   1: fact: poetry-test depends on decorator (^4.4.2)
   1: selecting poetry-test (0.1.0)
   1: derived: decorator (^4.4.2)
   1: derived: watchdog[watchmedo] (^0.10.2)
PyPI: No release information found for watchdog-0.3.4, skipping
PyPI: No release information found for watchdog-0.3.6, skipping
PyPI: No release information found for watchdog-0.6.1, skipping
PyPI: 2 packages found for watchdog >=0.10.2,<0.11.0
PyPI: No release information found for decorator-3.4.1, skipping
PyPI: No release information found for decorator-4.0.8, skipping
PyPI: 1 packages found for decorator >=4.4.2,<5.0.0
   1: selecting decorator (4.4.2)
   1: fact: watchdog[watchmedo] (0.10.3) depends on watchdog (0.10.3)
   1: fact: watchdog[watchmedo] (0.10.3) depends on pathtools (>=0.1.1)
   1: fact: watchdog[watchmedo] (0.10.3) depends on PyYAML (>=3.10)
   1: fact: watchdog[watchmedo] (0.10.3) depends on argh (>=0.24.1)
   1: selecting watchdog[watchmedo] (0.10.3)
   1: derived: argh (>=0.24.1)
   1: derived: PyYAML (>=3.10)
   1: derived: pathtools (>=0.1.1)
   1: derived: watchdog (0.10.3)
PyPI: No release information found for watchdog-0.3.4, skipping
PyPI: No release information found for watchdog-0.3.6, skipping
PyPI: No release information found for watchdog-0.6.1, skipping
PyPI: 1 packages found for watchdog 0.10.3
   1: selecting argh (0.26.2)
   1: selecting pyyaml (5.3.1)
   1: selecting pathtools (0.1.2)
   1: fact: watchdog (0.10.3) depends on pathtools (>=0.1.1)
   1: selecting watchdog (0.10.3)
   1: Version solving took 0.030 seconds.
   1: Tried 1 solutions.

Writing lock file

Finding the necessary packages for the current system

Package operations: 0 installs, 1 update, 0 removals

  • Updating watchdog (0.10.2 -> 0.10.3): Pending...
  • Updating watchdog (0.10.2 -> 0.10.3): Installing...
  • Updating watchdog (0.10.2 -> 0.10.3)
```

</details>

What leads me to believe this is somehow related to the extras specification, is that ...


<details>

<summary>
... if I remove the extras and repeat the repro with just `watchdog = {version = "^0.10.2"}`,  watchdog is *not* updated to 0.10.3 which is the expected behaviour.
</summary>

```
$ poetry -V
Poetry version 1.1.2
$ poetry show --tree
decorator 4.4.2 Decorators for Humans
watchdog 0.10.2 Filesystem events monitoring
└── pathtools >=0.1.1
$ poetry update decorator -vvv
Using virtualenv: /mnt/extraspace/virtualenvs/poetry-test-TzTtOsUh-py3.7
Updating dependencies
Resolving dependencies...
   1: fact: poetry-test is 0.1.0
   1: derived: poetry-test
   1: fact: poetry-test depends on watchdog (^0.10.2)
   1: fact: poetry-test depends on decorator (^4.4.2)
   1: selecting poetry-test (0.1.0)
   1: derived: decorator (^4.4.2)
   1: derived: watchdog (^0.10.2)
PyPI: No release information found for decorator-3.4.1, skipping
PyPI: No release information found for decorator-4.0.8, skipping
PyPI: 1 packages found for decorator >=4.4.2,<5.0.0
   1: selecting decorator (4.4.2)
   1: fact: watchdog (0.10.2) depends on pathtools (>=0.1.1)
   1: selecting watchdog (0.10.2)
   1: derived: pathtools (>=0.1.1)
   1: selecting pathtools (0.1.2)
   1: Version solving took 0.017 seconds.
   1: Tried 1 solutions.

Finding the necessary packages for the current system

No dependencies to install or update


```

</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`poetry update <single-pkg>` updates a different package with extras specification #3128

Issue

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

poetry update <single-pkg> updates a different package with extras specification #3128

Description

Issue

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

`poetry update <single-pkg>` updates a different package with extras specification #3128