⬆️ Update dependency poetry to v2.4.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
poetry (changelog)	==2.3.3 → ==2.4.0

---

Release Notes

python-poetry/poetry (poetry)

v2.4.0

Compare Source

Added

• Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#​10824).
• Add solver.min-release-age-exclude to exclude selected packages from age filtering (#​10824).
• Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#​10824).

Changed

• Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#​10721).
• Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#​10785).
• Require installer>=1.0.0 (#​10869).
• Allow findpython>=0.8 (#​10874).

Fixed

• Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#​10869).
• Fix an issue where the order of markers in the lock file was not deterministic (#​10720).
• Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#​10715).
• Fix an issue where poetry env activate did not work for bash on Windows (#​10716).
• Fix an issue where poetry debug resolve failed when there was a package with a marker (#​10807).
• Fix an issue where the error message about a build backend failure contained garbled --config-settings (#​10804).
• Fix an issue where a false warning about a circular dependency was printed (#​10811).
• Fix an issue where falsy config values were incorrectly treated as not set (#​10808).
• Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#​10802).
• Fix an issue where poetry publish was aborted instead of retrying after package registration (#​10801).
• Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#​10800).
• Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#​10806).
• Fix an issue where further packages were installed even though installation should be aborted (#​10742).
• Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#​10860).
• Fix an issue where http-basic could not be set for repository names with periods (#​10845).
• Fix an issue where calculating the hash of large wheels failed with a memory error (#​10814).

Docs

• Clarify the precedence of configuration sources (#​10757).
• Add a note about the influence of .gitignore on tool.poetry.packages (#​10835).

poetry-core (2.4.0)

• Update vendored packaging to 26.2 (#​936).

v2.3.4

Compare Source

Fixed

• Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (#​10821).
• Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (#​10837).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.