Normally poetry.lock is not commited to git for libraries

Question

Normally poetry.lock is not commited to git for libraries

Closed this issue a year ago · 1 comments

Answer 1 · 2023-06-15T13:31:50.000Z

@asmfstatoil, thank you for the feedback. The lock file is used for development and security purposes and does not have any effect on the published package on PyPI. The requirements when installing packages from PyPi is resolved based on the pyproject.toml and not poetry.lock.

Long story short. We want to share the poetry.lock file between developers and to pin dependencies when scanning for vulnerabilities.