chore(dev): update dependency poetry to v2.4.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
poetry (changelog)	2.3.2 → 2.4.1

---

Release Notes

python-poetry/poetry (poetry)

v2.4.1

Compare Source

Changed

• Re-allow installer==0.7.0 (#​10887).

Fixed

• Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#​10885).

v2.4.0

Compare Source

Added

• Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#​10824).
• Add solver.min-release-age-exclude to exclude selected packages from age filtering (#​10824).
• Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#​10824).

Changed

• Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#​10721).
• Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#​10785).
• Require installer>=1.0.0 (#​10869).
• Allow findpython>=0.8 (#​10874).

Fixed

• Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#​10869).
• Fix an issue where the order of markers in the lock file was not deterministic (#​10720).
• Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#​10715).
• Fix an issue where poetry env activate did not work for bash on Windows (#​10716).
• Fix an issue where poetry debug resolve failed when there was a package with a marker (#​10807).
• Fix an issue where the error message about a build backend failure contained garbled --config-settings (#​10804).
• Fix an issue where a false warning about a circular dependency was printed (#​10811).
• Fix an issue where falsy config values were incorrectly treated as not set (#​10808).
• Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#​10802).
• Fix an issue where poetry publish was aborted instead of retrying after package registration (#​10801).
• Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#​10800).
• Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#​10806).
• Fix an issue where further packages were installed even though installation should be aborted (#​10742).
• Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#​10860).
• Fix an issue where http-basic could not be set for repository names with periods (#​10845).
• Fix an issue where calculating the hash of large wheels failed with a memory error (#​10814).

Docs

• Clarify the precedence of configuration sources (#​10757).
• Add a note about the influence of .gitignore on tool.poetry.packages (#​10835).

poetry-core (2.4.0)

• Update vendored packaging to 26.2 (#​936).

v2.3.4

Compare Source

Fixed

• Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (#​10821).
• Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (#​10837).

v2.3.3

Compare Source

Fixed

• Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#​10792).
• Fix an issue where git dependencies from annotated tags could not be updated (#​10719).
• Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#​10784).
• Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#​10777).
• Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#​10748).
• Fix an issue where poetry publish --no-interaction --build requested user interaction (#​10769).
• Fix an issue where poetry init and poetry new created a deprecated project.license format (#​10787).

Docs

• Clarify the differences between poetry install and poetry update (#​10713).
• Clarify the section of fields in the pyproject.toml examples (#​10753).
• Add a note about the different installation location when Python from the Microsoft Store is used (#​10759).
• Fix the system requirements for Poetry (#​10739).
• Fix the poetry cache clear example (#​10749).
• Fix the link to pipx installation instructions (#​10783).

poetry-core (2.3.2)

• Fix an issue where platform_release could not be parsed on Debian Trixie (#​930).
• Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#​914).
• Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#​919).
• Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#​922).
• Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#​924).
• Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#​925).
• Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#​921).
• Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#​920).
• Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#​929).
• Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#​927).

---

Configuration

📅 Schedule: (in timezone America/Chicago)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: mise.lock

mise ERROR error parsing config file: /tmp/renovate/repos/github/bryanforbes/asyncpg-stubs/mise.toml
mise ERROR Config files in /tmp/renovate/repos/github/bryanforbes/asyncpg-stubs/mise.toml are not trusted.
Trust them with `mise trust`. See https://mise.en.dev/cli/trust.html for more information.
mise ERROR Run with --verbose or MISE_VERBOSE=1 for more information

Command failed: mise lock poetry
mise ERROR error parsing config file: /tmp/renovate/repos/github/bryanforbes/asyncpg-stubs/mise.toml
mise ERROR Config files in /tmp/renovate/repos/github/bryanforbes/asyncpg-stubs/mise.toml are not trusted.
Trust them with `mise trust`. See https://mise.en.dev/cli/trust.html for more information.
mise ERROR Run with --verbose or MISE_VERBOSE=1 for more information