Poetry fails to resolve some dependencies from source with simple API only

[cr3]

Description

I am using poetry with an Artifactory source configured without priority, so as primary source. This source only supports the simple API (PEP 503) which seems to work fine except for some dependencies that are sometimes completely missing. For example, consider this section in poetry.lock for the openai dependency:

[[package]]
name = "openai"
version = "1.28.0"
description = ""
optional = false
python-versions = "*"
files = [
    {file = "openai-1.28.0-py3-none-any.whl", hash = "sha256:94b5a99f5121e1747dda1bb8fff31820d5ab4b49056a9cf2e3605f5c90011955"},
    {file = "openai-1.28.0.tar.gz", hash = "sha256:ac43b8b48aec70de4b76cfc96ae906bf8d5814427475b9dabb662f84f655f0e1"},
]

[package.source]
type = "legacy"
url = https://artifactory.mycompany.com/artifactory/api/pypi/mycompany-pypi/simple
reference = "artifactory"

If I remove the source to use pypi.org or if I change the priority to "supplemental" so that poetry now gets the openai dependency from pypi.org (same difference), the same section in poetry.lock for openai now includes dependencies:

[[package]]
name = "openai"
version = "1.28.0"
description = "The official Python library for the openai API"
optional = false
python-versions = ">=3.7.1"
files = [
    {file = "openai-1.28.0-py3-none-any.whl", hash = "sha256:94b5a99f5121e1747dda1bb8fff31820d5ab4b49056a9cf2e3605f5c90011955"},
    {file = "openai-1.28.0.tar.gz", hash = "sha256:ac43b8b48aec70de4b76cfc96ae906bf8d5814427475b9dabb662f84f655f0e1"},
]

[package.dependencies]
anyio = ">=3.5.0,<5"
distro = ">=1.7.0,<2"
httpx = ">=0.23.0,<1"
pydantic = ">=1.9.0,<3"
sniffio = "*"
tqdm = ">4"
typing-extensions = ">=4.7,<5"

[package.extras]
datalib = ["numpy (>=1)", "pandas (>=1.2.3)", "pandas-stubs (>=1.1.0.11)"]

Also note that clearing the cache with poetry cache clear artifactory --all and generating the poetry.lock file again does not solve the problem.

Workarounds

The partial workaround is to configure the Artifactory source with a "supplemental" priority. The reason this is partial is that dependencies for upstream packages will now resolve correctly but custom packages only available in Artifactory might still have the same problem resolving dependencies.

Poetry Installation Method

other

Operating System

Windows 10

Poetry Version

Poetry (version 1.6.1)

Poetry Configuration

cache-dir = "C:\\Users\\cr3\\AppData\\Local\\pypoetry\\Cache"
experimental.system-git-client = false
installer.max-workers = null
installer.modern-installation = true
installer.no-binary = null
installer.parallel = true
repositories.artifactory.url = "https://artifactory.mycompany.com/artifactory/api/pypi/mycompany-pypi/simple"
virtualenvs.create = true
virtualenvs.in-project = true
virtualenvs.options.always-copy = false
virtualenvs.options.no-pip = false
virtualenvs.options.no-setuptools = false
virtualenvs.options.system-site-packages = false
virtualenvs.path = "{cache-dir}\\virtualenvs"  # C:\Users\cr3\AppData\Local\pypoetry\Cache\virtualenvs
virtualenvs.prefer-active-python = false
virtualenvs.prompt = "{project_name}-py{python_version}"

Python Sysconfig

Platform: "win-amd64"
Python version: "3.12"
Current installation scheme: "nt"

Paths:
        data = ".venv"
        include = ".venv\Include"
        platinclude = ".venv\Include"
        platlib = ".venv\Lib\site-packages"
        platstdlib = ".venv\Lib"
        purelib = ".venv\Lib\site-packages"
        scripts = ".venv\Scripts"
        stdlib = ".venv\Lib"

Variables:
        BINDIR = ".venv"
        BINLIBDEST = ".venv\Lib"
        EXE = ".exe"
        EXT_SUFFIX = ".cp312-win_amd64.pyd"
        INCLUDEPY = ".venv\Include"
        LIBDEST = ".venv\Lib"
        TZPATH = ".venv\share\zoneinfo"
        VERSION = "312"
        VPATH = "..\.."
        abiflags = ""
        base = ".venv"
        exec_prefix = ".venv"
        installed_base = ".venv"
        installed_platbase = ".venv"
        platbase = "C.venv"
        platlibdir = "DLLs"
        prefix = ".venv"
        projectbase = ".venv"
        py_version = "3.12.3"
        py_version_nodot = "312"
        py_version_nodot_plat = "312"
        py_version_short = "3.12"
        srcdir = ".venv"
        userbase = "C:\Users\cr3\AppData\Roaming\Python"

Example pyproject.toml

Unfortunately, you'll need an Artifactory source to reproduce the problem or, if my diagnosis is correct, another source that only supports the simple API (PEP 503).

Poetry Runtime Logs

Poetry itself does not fail - it just produces an invalid poetry.lock file.

[dimbleby]

duplicate #9130, #9191, #9195, #9244, #9266, #9272, #9288, #9294, #9301, #9318, #9339, #9370 - with same resolution

please check for duplicates next time - and please close

[cr3]

from #9130, poetry install -U pkginfo

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.