Skip to content

Automated Dependency Updates for Poetry

Categories: python

Renovate supports updating Poetry dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)pyproject\.toml$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: pypi, github-tags, github-releases, gitlab-tags, git-refs, git-tags.

Default config

{
  "fileMatch": [
    "(^|/)pyproject\\.toml$"
  ]
}

Additional Information

Both Poetry 0.x and 1.x versions are supported.

Whenever the pyproject.toml file is updated, the Poetry lock file will be checked for updates as well.

The following depTypes are supported by the Poetry manager:

Warning

Updating locked versions of Poetry dependencies is at times unreliable. We recommended that you pin dependency versions in your pyproject.toml instead.

Renovate cannot accurately update locked versions of Poetry dependency ranges due to limitations in Poetry. For example, if the pyproject.toml has a constraint like coverage = "^7.2", and the version in poetry.lock is 7.4.1, and we know that 7.4.3 is available, then Renovate can only run poetry update --lock --no-interaction coverage and hope the result is 7.4.3. Poetry does not support updating to a specific/exact version with the update command, and the above update command may not even update at all sometimes. For this reason it's much better to pin dependency versions in pyproject.toml, such as coverage = "7.4.1" because it then gives Renovate more control and the ability to accurate upgrade dependencies in increments like 7.4.1 to 7.4.3.

Open items

The below list of features and bugs were current when this page was generated on December 21, 2024.

Feature requests

  • Poetry: support multiple constraint dependencies #31406
  • Support different Python versions for mono repo when same dependency update in one pull request #20615

Bug reports

  • Branch reuse with update-lockfile can result in other lockfile downgrades #31042
  • Some PEP440 versions appear to not be supported #30929
  • poetry: ^1.2.3.0 (caret with four components) are not detected #26940
  • rollbackPr breaks updates for poetry project #17374