Recipes for updating poetry.lock

I’ve been using Poetry for package management in Python projects for a while now and, for what it’s worth, it’s working well for me. However, some regular tasks require multiple commands with specific arguments. Here are a few recipes you might find handy.

Updating the lock file after editing pyproject.toml After you edit pyproject.toml, you’ll want to update your lockfile and your virtualenv. Here are the right commands:

poetry lock --no-update
poetry install --sync

Without --no-update, Poetry will upgrade all dependencies that are not pinned down, which usually is not what you want. Without --sync, Poetry does not remove packages that you have removed from pyproject.toml.

I use these commands so often that I’ve put them into a script called poetry-locksync.

Upgrading a secondary dependency. If you want to update a direct dependency, you can edit pyproject.toml and run poetry lock --no-update. But how do you upgrade a dependency of one of your direct dependencies to a specific version? You might want to do that to upgrade a package with a security vulnerability, for example.

One way to do it is by adding the dependency as a direct dependency with poetry add and then removing it again.

poetry add --lock your-library@latest
poetry remove your-library

Resolving merge conflicts in the lockfile. If two developers change the dependencies at the same time, you will end up with a merge conflict in poetry.lock at least in the content-hash line. The easiest way to resolve them is to regenerate the file with Poetry. First, resolve any conflicts in pyproject.toml. Then you can run this script which I call git-resolve-poetry-lock

git checkout --ours poetry.lock
poetry lock --no-update
git add poetry.lock

Comments or questions? Send me an e-mail.