• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• (N/A) If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

Poetry
Version: 1.1.2
Python:  3.6.11

Virtualenv
Python:         3.6.11
Implementation: CPython
Path:           /tmp/tmp.1eGGnOnKny/.venv
Valid:          True

System
Platform: linux
OS:       posix
Python:   /home/tobyh/.pyenv/versions/3.6.11

• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/tharradine/9e5b7ea9c165a749e581697ee92fc54f (poetry.lock also included)

Issue

It seems as though when specifying a dependency with a 4-part (or possibly higher) version number, that the ~= operator violates PEP 440. An example is included in my pyproject.toml and poetry.lock.

Specifically, when locking:

Input:

• anchor-exp = "~=0.0.0.5"

Expected locked version:

• anchor-exp = "==0.0.0.6"

Actual locked version:

• anchor-exp = "==0.0.2.0"

This does not match the example shown in PEP 440:

The padding rules for release segment comparisons means that the assumed degree of forward compatibility in a compatible release clause can be controlled by appending additional zeros to the version specifier:

~= 2.2.0
>= 2.2.0, == 2.2.*

~= 1.4.5.0
>= 1.4.5.0, == 1.4.5.*

Current workaround

Specify the correctly resolved version constraints manually (e.g. anchor-exp~=0.0.0.5 -> anchor-exp>=0.0.0.5,==0.0.0.*). This works fine for primary dependencies, but may be problematic with transitive dependencies. Edit: It seems as though doing this results in the same version, which tells me the issue could actually be in the version-matching with *. Actual workaround can be anchor-exp~=0.0.0.5 -> anchor-exp>=0.0.0.5,<0.0.1