chore(deps): bump poetry from 2.2.1 to 2.4.1

[dependabot]

Bumps poetry from 2.2.1 to 2.4.1.

Release notes

Sourced from poetry's releases.

2.4.1

Changed

• Re-allow installer==0.7.0 (#10887).

Fixed

• Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).

2.4.0

Added

• Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
• Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
• Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

• Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
• Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
• Require installer>=1.0.0 (#10869).
• Allow findpython>=0.8 (#10874).

Fixed

• Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
• Fix an issue where the order of markers in the lock file was not deterministic (#10720).
• Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
• Fix an issue where poetry env activate did not work for bash on Windows (#10716).
• Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
• Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
• Fix an issue where a false warning about a circular dependency was printed (#10811).
• Fix an issue where falsy config values were incorrectly treated as not set (#10808).
• Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
• Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
• Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
• Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
• Fix an issue where further packages were installed even though installation should be aborted (#10742).
• Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
• Fix an issue where http-basic could not be set for repository names with periods (#10845).
• Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

• Clarify the precedence of configuration sources (#10757).
• Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

poetry-core (2.4.0)

• Update vendored packaging to 26.2 (#936).

... (truncated)

Changelog

Sourced from poetry's changelog.

[2.4.1] - 2026-05-09

Changed

• Re-allow installer==0.7.0 (#10887).

Fixed

• Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).

[2.4.0] - 2026-05-03

Added

• Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution (#10824).
• Add solver.min-release-age-exclude to exclude selected packages from age filtering (#10824).
• Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering (#10824).

Changed

• Raise an error instead of silently ignoring a package name that is not a dependency when it is passed to poetry update (#10721).
• Automatically add a trailing slash to legacy repository URLs (used for publishing) if missing (#10785).
• Require installer>=1.0.0 (#10869).
• Allow findpython>=0.8 (#10874).

Fixed

• Fix an issue where requires-plugins fails on Windows if scheme paths are on different drives (#10869).
• Fix an issue where the order of markers in the lock file was not deterministic (#10720).
• Fix an issue where the wrong command was suggested when poetry self commands failed due to an outdated lock file (#10715).
• Fix an issue where poetry env activate did not work for bash on Windows (#10716).
• Fix an issue where poetry debug resolve failed when there was a package with a marker (#10807).
• Fix an issue where the error message about a build backend failure contained garbled --config-settings (#10804).
• Fix an issue where a false warning about a circular dependency was printed (#10811).
• Fix an issue where falsy config values were incorrectly treated as not set (#10808).
• Fix an issue where poetry publish --build ignored failing builds and uploaded stale artifacts (#10802).
• Fix an issue where poetry publish was aborted instead of retrying after package registration (#10801).
• Fix an issue where zip files were not closed after fetching metadata via lazy-wheel (#10800).
• Fix an issue where data fetched via lazy-wheel was corrupted when part of it had already been cached (#10806).
• Fix an issue where further packages were installed even though installation should be aborted (#10742).
• Fix an issue where installed packages without a METADATA file caused an exception on Python 3.15+ (#10860).
• Fix an issue where http-basic could not be set for repository names with periods (#10845).
• Fix an issue where calculating the hash of large wheels failed with a memory error (#10814).

Docs

• Clarify the precedence of configuration sources (#10757).
• Add a note about the influence of .gitignore on tool.poetry.packages (#10835).

... (truncated)

Commits

• 811a12d release: bump version to 2.4.1
• c273de5 deps: re-allow installer 0.7.0 (#10887)
• e75f034 test: assert config migration results (#10884)
• 409c83c fix poetry update \<dep> where <dep> is a transitive dependency (#10885)
• ca5b500 ci: remove temporary workaround (#10886)
• 3fc8b33 release: bump version to 2.4.0
• 6b100d5 chore: update dependencies (#10879)
• ca51dac feat: add a solver.min-release-age-exclude-source config option (#10824)
• 5b4307a feat: add a solver.min-release-age-exclude config option (#10824)
• c54c3b0 feat: add a solver.min-release-age config option (#10824)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mergify]

Merge Protections

🟢 All 3 merge protections satisfied — ready to merge.

Show 3 satisfied protections

🟢 Enforce conventional commit

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:

🟢 🔎 Reviews

• #changes-requested-reviews-by = 0
• #review-requested = 0
• #review-threads-unresolved = 0

🟢 📕 PR description

• body ~= (?ms:.{48,})