I’ve been using Poetry for package management in Python projects for a while now and, for what it’s worth, it’s working well for me. However, some regular tasks require multiple commands with specific arguments. Here are a few recipes you might find handy.
Updating the lock file after editing pyproject.toml After you edit
pyproject.toml, you’ll want to update your lockfile and your virtualenv.
Here are the right commands:
poetry lock --no-update poetry install --sync
--no-update, Poetry will upgrade all dependencies that are not pinned
down, which usually is not what you want. Without
--sync, Poetry does not remove packages that you have removed from
I use these commands so often that I’ve put them into a script called
Upgrading a secondary dependency. If you want to update a direct dependency,
you can edit
pyproject.toml and run
poetry lock --no-update. But how do you
upgrade a dependency of one of your direct dependencies to a specific version?
You might want to do that to upgrade a package with a security vulnerability,
One way to do it is by adding the dependency as a direct dependency with
poetry add and then removing it again.
poetry add --lock your-library@latest poetry remove your-library
Resolving merge conflicts in the lockfile. If two developers change the
dependencies at the same time, you will end up with a merge conflict in
poetry.lock at least in the
content-hash line. The easiest way to resolve
them is to regenerate the file with Poetry. First, resolve any conflicts in
pyproject.toml. Then you can run this script which I call
git checkout --ours poetry.lock poetry lock --no-update git add poetry.lock