poetry environment python version

[0xdolan]

The Python version specified in the pyproject.toml file is not being used when generating a poetry project on Docker (Ubuntu). Despite specifying the version as ^3.11.0, it is using Python 3.11.0rc1, which is a different version. Additionally, there are some vulnerabilities shown by the Docker vulnerability checks.

What is the best practice to ensure that the installed Python version in the environment matches the version specified in the pyproject.toml file? Also, please take care of the security CVE issues.

Please refer to the following screenshots for more information:

pyproject.toml python version:

python version in poetry environment:

docker CVE issues:

Thank you.

[dimbleby]

If you don't want to use python 3.11.0rc1 - then use a docker image that doesn't use python 3.11.0rc1.

please take care of the security CVE issues.

These are not poetry's issues: they are CVEs against the old version of python that you are using. You should take care of these CVEs - again, by using a docker image containing a more recent python.

[0xdolan]

Thank you. There are lots of different ways to resolve the issue with using the python version. I just wanted to know if the version the poetry virtual environment is generated is stand alone or it is dependent to the installed python globally. If it is dependent to the system wide python version, why it should use the rc version. That's why I asked it here to have some information on the process.

[radoering]

You can tell poetry, which Python version should be used (as long as it is allowed by the project's python constraint): https://python-poetry.org/docs/managing-environments/#switching-between-environments

Poetry does not bring its own Python. It can only use what's available on the system.