Well, it’s almost the end of February, so I thought I’d say hi. There really hasn’t been much that has piqued my interest in the coding realm recently to want to jump in and write about it. However, the other day I came across something where I had to dig into python versioning with poetry. I thought you all would love to hear my thoughts on it. Because why else would you be here? Anyhoo, poetry.
So you know how a project has packages you’re going to use for it and those are your dependencies. And those packages have dependencies and keeping it all straight manually is a thing. So you use poetry to keep track of it all. You have a pyproject.toml file you can define your packages and the versions you need them to be. And then you’ve got your poetry.lock file that keeps track of all the packages and versions and tasty nuggets you have in your project.
My questions were:
- Can my
poetry.lockfile update itself by runningpoetry updatewithout me having updated my package versions inpyproject.toml? - When do i use
poetry installversuspoetry update?
What I discovered:
So if you update poetry without updating your pyproject.toml file, it is possible for poetry.lock to update itself. Here is why. It depends on what versions you have defined. So say you have version ^1.2.3 defined for a package and the package version you’re running is 1.2.3. If that package comes out with another patched version, say 1.2.5, your pipfile.lock would update because it falls into the requirements you defined (versions >=1.2.3 and <2.0.0)
The next question is answered in their documentation (shocker, I know. Who would have thought reading the documentation would yield results?) Anyhoo, poetry install installs the versions you have defined in your poetry.lock file and doesn’t do any resolving. Whereas, poetry update resolves the latest dependencies and updates the poetry.lock file. So it’s like running poetry lock (locks your dependencies from pyproject.toml) and then poetry install but doing it with one command.
Overall an interesting topic. Do you use poetry for package dependencies?
More next time!
Rachel
Rachel Geist 