Automated Dependency Updates for Poetry
Categories: python
Renovate supports updating Poetry dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: (^|/)pyproject\.toml$.
For details on how to extend a manager's fileMatch value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: pypi, github-tags, github-releases, gitlab-tags, git-refs, git-tags.
Default config¶
{
"fileMatch": [
"(^|/)pyproject\\.toml$"
]
}
Additional Information¶
Both Poetry 0.x and 1.x versions are supported.
Whenever the pyproject.toml file is updated, the Poetry lock file will be checked for updates as well.
The following depTypes are supported by the Poetry manager:
dependenciesdev-dependenciesextras<group-name>(dynamic, based on the group name, per dependency groups documentation)
Warning
Updating locked versions of Poetry dependencies is at times unreliable.
We recommended that you pin dependency versions in your pyproject.toml instead.
Renovate cannot accurately update locked versions of Poetry dependency ranges due to limitations in Poetry.
For example, if the pyproject.toml has a constraint like coverage = "^7.2", and the version ion poetry.lock is 7.4.1, and we know that 7.4.3 is available, then Renovate can only run poetry update --lock --no-interaction coverage and hope the result is 7.4.3.
Poetry does not support updating to a specific/exact version with the update command, and the above update command may not even update at all sometimes.
For this reason it's much better to pin dependency versions in pyproject.toml, such as coverage = "7.4.1" because it then gives Renovate more control and the ability to accurate upgrade dependencies in increments like 7.4.1 to 7.4.3.
Open items¶
The below list of features and bugs were current when this page was generated on April 24, 2024.
Feature requests¶
- Support different Python versions for mono repo when same dependency update in one pull request #20615