Skip to content

chore: track poetry.lock for reproducible dependency resolution#286

Merged
thakur-patel merged 1 commit into
mozarkai:mainfrom
chinmayajha:chore/poetry-lock
May 20, 2026
Merged

chore: track poetry.lock for reproducible dependency resolution#286
thakur-patel merged 1 commit into
mozarkai:mainfrom
chinmayajha:chore/poetry-lock

Conversation

@chinmayajha

Copy link
Copy Markdown
Collaborator

Addresses the SonarCloud finding on PR #285 that flagged the missing lock file: "Dependency versions are not predictable if the lock file (uv.lock or poetry.lock) is missing."

  • .gitignore: comment out the poetry.lock line so poetry.lock is no longer ignored.
  • poetry.lock: add the freshly-generated lock file (poetry 2.4.1) pinning the full dependency graph resolved against pyproject.toml.

Going forward, dependency changes should bump pyproject.toml and re-run poetry lock so the lock file stays in sync. CI builds and contributor checkouts will now resolve to identical versions.

Addresses the SonarCloud finding on PR mozarkai#285 that flagged the missing
lock file: "Dependency versions are not predictable if the lock file
(uv.lock or poetry.lock) is missing."

- .gitignore: comment out the `poetry.lock` line so poetry.lock is no
  longer ignored.
- poetry.lock: add the freshly-generated lock file (poetry 2.4.1)
  pinning the full dependency graph resolved against pyproject.toml.

Going forward, dependency changes should bump pyproject.toml and re-run
`poetry lock` so the lock file stays in sync. CI builds and contributor
checkouts will now resolve to identical versions.
@sonarqubecloud

Copy link
Copy Markdown

@thakur-patel thakur-patel merged commit 5aa8389 into mozarkai:main May 20, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants