Updating and Upgrading Dependencies

00:00 In the last lesson, you saw how to lock and synchronize your dependencies. Now let’s dive into updating and upgrading dependencies. Imagine you added the requests library to your project a while back when the latest version was say, 2.25.1.

00:15 By default, Poetry uses a caret symbol in your py project.toml file. This means that non-breaking updates are allowed, giving you flexibility with future versions.

00:27 Over time, you’ve likely to have added more dependencies to your project, and Poetry has automatically picked up on newer versions of requests as long as they satisfied the version constraints.

00:39 For instance, maybe your project now uses requests version 2.29.0, which is pinned in the poetry.lock file. Fast forward to today, and the latest version is, say, 2.31.0.

00:52 To check if there are newer versions available for your locked dependencies, you can run this command: poetry show --latest --top-level.

01:06 This command compares your locked dependencies to the latest available versions on PyPI. It might show something like this in your output, a list of all your installed dependencies, the installed versions, and the available versions on PyPI.

01:23 In my case, I have equal versions for the requests library, but I can see that a beautifulsoup4 library is not the latest version, and even though there are newer versions, running poetry install again won’t update the dependencies.

01:37 This is because Poetry prioritizes the versions listed in the poetry.lock file to maintain reproducibility. To update your dependencies to the latest compatible versions, you have a few options.

01:51 One is removing the poetry.lock file and running poetry install again to resolve everything from scratch. Two, run poetry lock followed by poetry install. Three, use the poetry update command. Well before updating, you can also perform a dry run to see what changes will be made.

02:13 For that, you can run the command poetry update, --dry-run.

02:21 You should see something like this: Package operations, the number of installs, the number of updates, the number of removals, and the number of skipped operations.

02:33 This way, you can preview the updates without actually applying them, and if there are updates, Poetry will let you know. When you run poetry update, Poetry will lock and update all packages to the latest compatible versions.

02:48 So in your terminal, you can run poetry update.

02:54 In my case, I see no dependencies to update or install. If you had any, it will update them here.

03:02 If you only want to update specific packages, you can list them as arguments like poetry update beautifulsoup4.

03:12 This will update those packages and their dependencies while leaving others untouched.

03:18 What if you want to upgrade a package to a version that is outside of the version constraints in your pyproject .toml file? You can adjust the file manually or force an upgrade by using the poetry add command with the @latest keyword.

03:32 For example, poetry add beautifulsoup4@latest.

03:38 To get your project to work with the latest version of beautifulsoup4 since we saw that it’s not used the latest version as compared to that published on PyPI, this command tells Poetry to ignore the current version constraints and install the latest version available.

03:55 As you should see, the beautifulsoup4 library now becomes beautifulsoup4, version 4.12.3, the latest version as of the time of this recording.

04:08 Lastly, comparing the pyproject.toml and the poetry.lock file. While the version constraints in the pyproject.toml can be fairly flexible, allowing for future updates, the poetry.lock file pins the exact versions of the packages your project uses.

04:25 This ensures consistency and reproducibility, which is critical when collaborating with others.

04:33 You’ve covered quite a lot in the last two lessons. In the next lesson, I’ll show you how to integrate Poetry into an existing project.