What's a good practice to implement passive version updates

[KnightArthurRen]

Hi guys, as the title suggested, I wish to use poetry for passive package updates and I'm wondering what's the best way to do it.

For example let's say I have a pyproject.yml and corresponding poetry.lock file. When I update one package version or add a new one in, I want poetry to

1. add/update the target package to it's desired version
2. update related package(s) if and only if it's necessary in order to solve an otherwise unsolvable dependency conflict.

Currently for the related package(s), I can achieve point 2 by locking it to a fixed version but this brings a new problem of updating any package can require me to update all related package to a new fixed version.

However if I'm not fixing a version then poetry will try to update all related packages to as new as possible (even if the original currently installed version works) and this sometimes breaks stuff (e.g. a package changed from 11.2 to 11.4 and behavior changed).

Sorry for the long article! I'm wondering what would be a good practice for achieving 1 and 2 here 🤔

[radoering]

Solution 1:

1. edit pyproject.toml
2. run poetry lock --no-update
3. run poetry install

Solution 2:

run poetry add <constraint>

This will update the constraint of an existing dependency in pyproject.toml and basically do step 2 and 3 of solution 1 automatically. However, it will probably not work for multiple-constraints dependencies or other special cases.

[KnightArthurRen]

Oh awesome thank you @radoering! Would it be possible to do something like poetry add <package> --no-update?

[radoering]

poetry add already updates only the added dependency (and its transient dependencies, which have to be updated to find a solution). If you only want to update the lockfile without installing dependencies you can run poetry add --lock.

[KnightArthurRen]

Thanks for the clarification! Would poetry update <package@version> behavior similarly as poetry add where it only updates dependencies it need in order to find a solution?

[radoering]

poetry add adds or updates the package version/constraint in pyproject.toml. poetry update does only accept package names (not versions) because it does not change the constraint in pyproject.toml but just updates poetry.lock. So if you want to update a package's version in pyproject.toml, just run poetry add <package@version>.