Nox-poetry

Latest version: v1.1.0

Safety actively analyzes 708703 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 4

0.8.0

Not secure
Changes

This release brings a major API redesign: nox-poetry now ships its own `session` decorator. Decorate your session functions with it, and `session.install` will use Poetry's lock file to pin dependencies. Thanks brechtm for the initial idea!

This release deprecates the following functions and modules:

| Deprecation | Replacement |
| --- | --- |
| module `patch` | `session` |
| function `install` | `session.install` |
| function `installroot` | `session.poetry.installroot` |
| function `build_package` | `session.poetry.build_package` |
| function `export_requirements` | `session.poetry.export_requirements` |

Read on for a complete list of changes.

:rocket: Features

* Add nox.session drop-in replacement (259) cjolowicz
* Use wheel as default for installroot and build_package (265) cjolowicz
* Allow distribution format to be specified as a string (261) cjolowicz

:fire: Removals and Deprecations

* Deprecate functions from core module (262) cjolowicz

:construction_worker: Continuous Integration

* Ignore CVE-2020-28476 affecting all versions of tornado (257) cjolowicz

:books: Documentation

* Use intersphinx for links to pip and Nox docs (267) cjolowicz
* docs: Invoke Nox inside the Poetry environment for testing (264) cjolowicz

:hammer: Refactoring

* Omit SHA256 hash for the locally built package (260) cjolowicz

:package: Dependencies

* Bump actions/cache from v2.1.3 to v2.1.4 (263) dependabot
* Bump coverage from 5.3.1 to 5.4 (247) dependabot
* Bump darglint from 1.5.8 to 1.6.0 (253) dependabot
* Bump mypy from 0.790 to 0.800 (245) dependabot
* Bump pip from 20.3.3 to 21.0 in /.github/workflows (244) dependabot
* Bump pip from 21.0 to 21.0.1 in /.github/workflows (255) dependabot
* Bump poetry from 1.1.2 to 1.1.4 in /.github/workflows (148) dependabot
* Bump pre-commit from 2.9.3 to 2.10.0 (252) dependabot
* Bump pytest from 6.2.1 to 6.2.2 (246) dependabot
* Bump safety from 1.10.2.post1 to 1.10.3 (240) dependabot
* Bump tornado from 6.0.4 to 6.1 (256) cjolowicz
* Bump typeguard from 2.9.1 to 2.10.0 (142) dependabot
* Bump virtualenv from 20.3.1 to 20.4.0 in /.github/workflows (241) dependabot
* Bump virtualenv from 20.4.0 to 20.4.2 in /.github/workflows (258) dependabot
* Bump xdoctest from 0.15.0 to 0.15.4 (251) dependabot

0.7.1

Not secure
:beetle: Fixes

* Decode pyproject.toml as UTF-8 regardless of system locale (233) staticdev

:rotating_light: Testing

* Add test for non-ASCII characters in pyproject.toml (234) cjolowicz

:package: Dependencies

* Bump pre-commit-hooks from 3.3.0 to 3.4.0 (202) dependabot
* Bump pygments from 2.7.3 to 2.7.4 (237) dependabot
* Bump safety from 1.9.0 to 1.10.2.post1 (235) dependabot
* Bump nox from 2020.8.22 to 2020.12.31 (239) dependabot
* Bump actions/upload-artifact from v2.2.1 to v2.2.2 (236) dependabot
* Bump actions/download-artifact from v2.0.6 to v2.0.8 (219) dependabot
* Bump furo from 2020.12.9b21 to 2020.12.30b24 in /docs (216) dependabot
* Bump furo from 2020.12.9b21 to 2020.12.30b24 (226) dependabot
* Bump nox from 2020.8.22 to 2020.12.31 in /.github/workflows (217) dependabot
* Bump sphinx from 3.3.1 to 3.4.3 in /docs (228) dependabot
* Bump sphinx from 3.3.1 to 3.4.3 (229) dependabot
* Bump codecov/codecov-action from v1.1.0 to v1.2.1 (227) dependabot
* Bump release-drafter/release-drafter from v5.12.1 to v5.13.0 (214) dependabot
* Bump actions/setup-python from v2.2.0 to v2.2.1 (206) dependabot
* Bump crazy-max/ghaction-github-labeler from v3.1.0 to v3.1.1 (203) dependabot
* Bump pytest from 6.1.2 to 6.2.1 (201) dependabot
* Bump virtualenv from 20.2.1 to 20.3.1 in /.github/workflows (232) dependabot
* Bump pip from 20.3.1 to 20.3.3 in /.github/workflows (200) dependabot

0.7.0

Not secure
This release fixes an issue when using nox-poetry with pip's new dependency resolver, due to limitations when using constraints files in hash-checking mode. This fix involved a breaking change: Requirements are no longer exported with hashes.

Changes

:boom: Breaking Changes

* Use without-hashes when exporting requirements (222) epenet

:package: Dependencies

* Security update to py 1.10.0 and cryptography 3.3.1 (224) cjolowicz
* Bump coverage from 5.3 to 5.3.1 (208) dependabot
* Bump codecov/codecov-action from v1.0.15 to v1.1.0 (204) dependabot
* Bump actions/setup-python from v2.1.4 to v2.2.0 (205) dependabot
* Bump furo from 2020.11.27b19 to 2020.12.9b21 in /docs (194) dependabot
* Bump furo from 2020.11.27b19 to 2020.12.9b21 (195) dependabot
* Bump pre-commit from 2.9.2 to 2.9.3 (193) dependabot
* Bump pygments from 2.7.2 to 2.7.3 (191) dependabot
* Bump pip from 20.3 to 20.3.1 in /.github/workflows (190) dependabot

0.6.0

Not secure
Changes

:boom: Breaking Changes

* Use "." in install() instead of DistributionFormat (183) cjolowicz

:rocket: Features

* Support package extras when installing the local package (181) cjolowicz
* Add function to install the local package (182) cjolowicz

:beetle: Fixes

* Fix broken sdist support due to missing egg fragment (178) cjolowicz

:rotating_light: Testing

* Add functional tests (186) cjolowicz

:books: Documentation

* Declare the project as alpha (128) cjolowicz
* Minor documentation cleanup (115) cjolowicz

:hammer: Refactoring

* Read package name from pyproject.toml (188) cjolowicz

:package: Dependencies

<details>
<summary>Show</summary>

* Bump actions/checkout from v2.3.3 to v2.3.4 (155) dependabot
* Bump actions/download-artifact from v2.0.5 to v2.0.6 (165) dependabot
* Bump actions/setup-python from v2.1.2 to v2.1.3 (116) dependabot
* Bump actions/setup-python from v2.1.3 to v2.1.4 (134) dependabot
* Bump actions/upload-artifact from v2.2.0 to v2.2.1 (164) dependabot
* Bump codecov/codecov-action from v1.0.13 to v1.0.14 (139) dependabot
* Bump codecov/codecov-action from v1.0.14 to v1.0.15 (168) dependabot
* Bump darglint from 1.5.4 to 1.5.5 (122) dependabot
* Bump darglint from 1.5.5 to 1.5.8 (175) dependabot
* Bump flake8 from 3.8.3 to 3.8.4 (124) dependabot
* Bump flake8-bugbear from 20.1.4 to 20.11.1 (176) dependabot
* Bump furo from 2020.10.13b12 to 2020.10.15b13 (136) dependabot
* Bump furo from 2020.10.13b12 to 2020.10.15b13 in /docs (137) dependabot
* Bump furo from 2020.10.15b13 to 2020.11.10b15 (159) dependabot
* Bump furo from 2020.10.15b13 to 2020.11.10b15 in /docs (158) dependabot
* Bump furo from 2020.10.5b9 to 2020.10.13b12 (133) dependabot
* Bump furo from 2020.10.5b9 to 2020.10.13b12 in /docs (131) dependabot
* Bump furo from 2020.11.10b15 to 2020.11.15b17 (167) dependabot
* Bump furo from 2020.11.10b15 to 2020.11.15b17 in /docs (163) dependabot
* Bump furo from 2020.11.15b17 to 2020.11.19b18 (169) dependabot
* Bump furo from 2020.11.15b17 to 2020.11.19b18 in /docs (170) dependabot
* Bump furo from 2020.11.19b18 to 2020.11.27b19 (180) dependabot
* Bump furo from 2020.11.19b18 to 2020.11.27b19 in /docs (179) dependabot
* Bump furo from 2020.9.28b8 to 2020.10.5b9 (123) dependabot
* Bump furo from 2020.9.28b8 to 2020.10.5b9 in /docs (121) dependabot
* Bump mypy from 0.782 to 0.790 (130) dependabot
* Bump pip from 20.2.3 to 20.2.4 in /.github/workflows (140) dependabot
* Bump pip from 20.2.4 to 20.3 in /.github/workflows (185) dependabot
* Bump poetry from 1.0.10 to 1.1.1 in /.github/workflows (126) dependabot
* Bump poetry from 1.1.1 to 1.1.2 in /.github/workflows (129) dependabot
* Bump pre-commit from 2.7.1 to 2.8.2 (152) dependabot
* Bump pre-commit from 2.8.2 to 2.9.0 (172) dependabot
* Bump pre-commit from 2.9.0 to 2.9.2 (177) dependabot
* Bump pre-commit-hooks from 3.2.0 to 3.3.0 (145) dependabot
* Bump pytest from 6.1.0 to 6.1.1 (125) dependabot
* Bump pytest from 6.1.1 to 6.1.2 (149) dependabot
* Bump release-drafter/release-drafter from v5.11.0 to v5.12.0 (143) dependabot
* Bump release-drafter/release-drafter from v5.12.0 to v5.12.1 (144) dependabot
* Bump reorder-python-imports from 2.3.5 to 2.3.6 (156) dependabot
* Bump sphinx from 3.2.1 to 3.3.0 (157) dependabot
* Bump sphinx from 3.2.1 to 3.3.0 in /docs (154) dependabot
* Bump sphinx from 3.3.0 to 3.3.1 (161) dependabot
* Bump sphinx from 3.3.0 to 3.3.1 in /docs (160) dependabot
* Bump virtualenv from 20.0.31 to 20.0.32 in /.github/workflows (117) dependabot
* Bump virtualenv from 20.0.32 to 20.0.33 in /.github/workflows (120) dependabot
* Bump virtualenv from 20.0.33 to 20.0.34 in /.github/workflows (132) dependabot
* Bump virtualenv from 20.0.34 to 20.0.35 in /.github/workflows (138) dependabot
* Bump virtualenv from 20.0.35 to 20.1.0 in /.github/workflows (147) dependabot
* Bump virtualenv from 20.1.0 to 20.2.0 in /.github/workflows (171) dependabot
* Bump virtualenv from 20.2.0 to 20.2.1 in /.github/workflows (174) dependabot
* Update actions/checkout requirement to v2.3.4 (166) dependabot
* Update cookiecutter-hypermodern-python to e7f0a16 (162) cjolowicz
</details>

0.5.0

Not secure
Changes

* nox-poetry 0.5.0 (114) cjolowicz

:boom: Breaking Changes

* Patch Nox by importing `nox_poetry.patch` (110) cjolowicz

:books: Documentation

* Add logo (109) cjolowicz
* Add API reference (113) cjolowicz

:package: Dependencies

* Bump pytest from 6.0.2 to 6.1.0 (112) dependabot
* Bump pypa/gh-action-pypi-publish from v1.3.1 to v1.4.1 (111) dependabot

0.4.0

Not secure
Changes

:rocket: Features

* Add function to monkey-patch Session.install (108) cjolowicz

:hammer: Refactoring

* Remove redundant noqa: F401 (107) cjolowicz

Page 3 of 4

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.