(fix) Handle Poetry group metadata without dependencies table

python/lib/dependabot/python/file_parser/pyproject_files_parser.rb

@@ -113,12 +113,12 @@ def pep621_pep735_dependencies
         sig do
           params(
             type: String,
-            deps_hash: T::Hash[String,
-                               T.untyped]
+            deps_hash: T.nilable(T::Hash[String, T.untyped])
           ).returns(Dependabot::FileParsers::Base::DependencySet)
         end
         def parse_poetry_dependency_group(type, deps_hash)
           dependencies = Dependabot::FileParsers::Base::DependencySet.new
+          return dependencies if deps_hash.nil?
 
           deps_hash.each do |name, req|
             next if normalise(name) == "python"

python/lib/dependabot/python/update_checker/poetry_version_resolver.rb

@@ -341,8 +341,10 @@ def set_target_dependency_req(pyproject_content, updated_requirement)
           TomlRB.dump(pyproject_object)
         end
 
-        sig { params(toml_node: T::Hash[String, T.untyped], requirement: String).void }
+        sig { params(toml_node: T.nilable(T::Hash[String, T.untyped]), requirement: String).void }
         def update_dependency_requirement(toml_node, requirement)
+          return unless toml_node
+
           names = toml_node.keys
           pkg_name = names.find { |nm| normalise(nm) == dependency.name }
           return unless pkg_name

python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb

@@ -329,6 +329,21 @@
       end
     end
 
+    context "with optional poetry group metadata and pep735 groups" do
+      subject(:dependency_names) { dependencies.map(&:name) }
+
+      let(:pyproject_fixture_name) { "poetry_group_optional_without_dependencies.toml" }
+
+      it "parses without error when tool.poetry.group has no dependencies table" do
+        expect { parser.dependency_set }.not_to raise_error
+      end
+
+      it "includes dependencies declared in dependency-groups" do
+        expect(dependency_names).to include("requests")
+        expect(dependency_names).to include("onnxruntime-gpu")
+      end
+    end
+
     context "with a group that has no dependencies key" do
       subject(:dependency_names) { dependencies.map(&:name) }
 

python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb

@@ -98,6 +98,14 @@
       it { is_expected.to eq(Gem::Version.new("2.18.4")) }
     end
 
+    context "with a metadata-only poetry group" do
+      let(:pyproject_fixture_name) { "poetry_metadata_only_group.toml" }
+
+      it "resolves the latest version when a poetry group has no dependencies table" do
+        expect(latest_resolvable_version).to eq(Gem::Version.new("2.18.4"))
+      end
+    end
+
     context "with a non-package mode project" do
       let(:pyproject_fixture_name) { "poetry_non_package_mode_simple.toml" }
       let(:lockfile_fixture_name) { "version_not_specified.lock" }

python/spec/fixtures/pyproject_files/poetry_group_optional_without_dependencies.toml

@@ -0,0 +1,19 @@
+[tool.poetry]
+name = "poetry-group-optional-without-dependencies"
+version = "0.1.0"
+description = ""
+authors = ["Dependabot <support@dependabot.com>"]
+
+[tool.poetry.dependencies]
+python = ">=3.11"
+
+[dependency-groups]
+dev = [
+    "requests==2.18.0",
+]
+gpu = [
+    "onnxruntime-gpu==1.23.2",
+]
+
+[tool.poetry.group.gpu]
+optional = true

python/spec/fixtures/pyproject_files/poetry_metadata_only_group.toml

@@ -0,0 +1,20 @@
+[tool.poetry]
+name = "poetry-metadata-only-group"
+version = "2.0.0"
+homepage = "https://github.com/roghu/py3_projects"
+license = "MIT"
+readme = "README.md"
+authors = ["Dependabot <support@dependabot.com>"]
+description = "Various small python projects."
+
+[tool.poetry.dependencies]
+python = "3.11.1"
+requests = "2.18.0"
+
+[dependency-groups]
+gpu = [
+  "onnxruntime-gpu==1.23.2",
+]
+
+[tool.poetry.group.gpu]
+optional = true