Adding and Managing Dependencies

00:00 In the previous lesson, we saw how Poetry can be used to manage virtual environments for program execution. In this lesson, I’ll show you how to add and manage dependencies in your Poetry project.

00:11 Managing dependencies is a core feature of Poetry and it ensures that your project always uses the right versions of external packages. When you created the rp-poetry project, or the project name you provided using Poetry, it created the pyproject.toml, file. And in it you have the [tool.poetry .dependencies] table or section. While editing the pyproject.toml file manually is an option, Poetry’s command-line interface is built to do most of the work for you.

00:42 You can run commands like poetry add or poetry install, and it will update the pyproject .toml file accordingly.

00:49 Now you’re going to add dependencies to your project through the command-line interface and you can observe what happens in the pyproject .toml file.

00:59 To add a dependency to your project, you can use the poetry add command followed by the package name. For example, if you want to add the requests library to your project, you would run poetry add requests, and to add multiple libraries, you can append onto this command and run poetry add requests, and then beautifulsoup4.

01:20 This will also include and install the Beautiful Soup library in your virtual environment.

01:26 As you can see, these libraries have now been added to our pyproject.toml file, and also into our project’s virtual environment.

01:35 If no constraints is specified, which you and I will see soon, Poetry will automatically add the latest compatible versions of these packages and update your pyproject.toml file with the new dependencies.

01:47 It will also handle any sub dependencies required by these packages. The other of these declaration in the TOML file reflects the order in which you specify those packages in the command line.

02:00 Now that you have these dependencies added to the file, this will ensure that anyone working on your project will install the same versions as you.

02:09 The first time you add a package, Poetry also creates a .lock file. You and I will explore this file later to understand it better. It’s an internal file Poetry uses to keep track of the dependencies you install.

02:26 You can use version constraints to restrict the versions of packages permitted in your project. First, you need to understand that packages are usually published with either a major, minor, or patch update.

02:38 These are called semantic versioning. You can explore more details on the theory behind this on your own, but understanding this can help you decide the restrictions you then apply using Poetry.

02:51 These are examples of some of the ways you apply constraints in Poetry. You can use the caret symbol to apply updates restricted to just the minor and patch versions.

03:02 For example, ^1.4.0 will allow all compatible versions before the version 2.0. Or the tilde symbol for restricting to update limits to a maximum patch release only.

03:16 There is also the @latest, which installs the latest version of a package, then the == for installing exact versions of packages.

03:27 Also, the greater or less than constraints for specifying versions greater than or less than a specified value. And finally, a wildcard allowing just certain patch versions within a specified minor version.

03:41 A link to a documentation describing the Poetry version constraints further is in a description under this video.

03:49 You have seen the poetry add command, which is used to add dependencies. You can also use version constraints to allow flexibility or constraints and the versions used.

03:59 For example, notice the version of the requests libraries you have currently in your py project.toml file. You can change that by using the caret symbol version constraints.

04:09 For example, you can run poetry add requests ^ 2.12.1.

04:18 What this means is that Poetry will add the most recent minor version that follows the version you specify, which means that it will not add requests version three and above.

04:31 The caret symbol is the default specification used by Poetry if you do not specify any constraint. Another method is using the tilde version. For example, poetry add requests ~ 2.12.1.

04:48 This type adds a bit more constraints. Using this allows Poetry to update to a newer patch version within the same minor version. So in this case,

05:00 it’ll install requests starting from 2.12.1 and allow updates to any version up to, but not beyond 2.12.x, like 2.12.2 or 2.12.3 and so on.

05:13 However, it won’t go as far as 2.13 or higher.

05:19 Other examples include adding specific versions, and you can run multiple installs simultaneously, like poetry add requests with exact version 2.25.1, and beautifulsoup4 with versions less than 4.10.

05:36 I have added the beautifulsoup4 and its constraints in quotes because of the less than symbol, which your terminal or shell could interpret as a file redirection operation.

05:47 The quote ensures that Poetry correctly interprets the version requirement for beautifulsoup4 without any interference from the shell.

05:57 Poetry will first remove any previously installed versions of these packages and downgrade their indirect dependencies as needed. It’ll then determine the most suitable versions of these packages taking into account all their existing constraints to resolve potential conflicts.

06:15 You can use the poetry show command to see the states of your package. This shows you the states of the packages you’ve installed.

06:26 All of these are updated in the poetry.lock file when you add dependencies. This file locks the exact versions of each dependencies. You can think of this file as a snapshot of your project’s dependencies at any given point in time.

06:40 It can help ensure that even when new versions of libraries are released, your project will continue to work with the same tested versions.

06:49 Next, we’ll have a look at how to group dependencies you add to your project.