I’ve been using Poetry for package management in Python projects for a while now and, for what it’s worth, it’s working well for me. However, some regular tasks require multiple commands with specific arguments. Here are a few recipes you might find handy.
Updating the lock file after editing pyproject.toml After you edit
pyproject.toml, you’ll want to update your lockfile and your virtualenv.
Here are the right commands:
poetry lock --no-update
poetry install --sync
Without --no-update, Poetry will upgrade all dependencies that are not pinned
down, which usually is not what you want. Without --sync, Poetry does not remove packages that you have removed from pyproject.toml.
I use these commands so often that I’ve put them into a script called poetry-locksync.
Upgrading a secondary dependency. If you want to update a direct dependency,
you can edit pyproject.toml and run poetry lock --no-update. But how do you
upgrade a dependency of one of your direct dependencies to a specific version?
You might want to do that to upgrade a package with a security vulnerability,
for example.
One way to do it is by adding the dependency as a direct dependency with poetry add and then removing it again.
poetry add --lock your-library@latest
poetry remove your-library
Resolving merge conflicts in the lockfile. If two developers change the
dependencies at the same time, you will end up with a merge conflict in
poetry.lock at least in the content-hash line. The easiest way to resolve
them is to regenerate the file with Poetry. First, resolve any conflicts in
pyproject.toml. Then you can run this script which I call
git-resolve-poetry-lock
git checkout --ours poetry.lock
poetry lock --no-update
git add poetry.lock