Skip to content
Snippets Groups Projects
Unverified Commit 8c5cbe70 authored by Rhys Arkins's avatar Rhys Arkins
Browse files

docs(poetry): warn about lock file update problems

parent 924b9dad
Branches
No related tags found
No related merge requests found
...@@ -8,3 +8,13 @@ The following `depTypes` are supported by the Poetry manager: ...@@ -8,3 +8,13 @@ The following `depTypes` are supported by the Poetry manager:
- `dev-dependencies` - `dev-dependencies`
- `extras` - `extras`
- `<group-name>` (dynamic, based on the group name, per [dependency groups documentation](https://python-poetry.org/docs/managing-dependencies/#dependency-groups)) - `<group-name>` (dynamic, based on the group name, per [dependency groups documentation](https://python-poetry.org/docs/managing-dependencies/#dependency-groups))
<!-- prettier-ignore -->
!!! warning
Updating locked versions of Poetry dependencies is at times unreliable.
We recommended that you pin dependency versions in your `pyproject.toml` instead.
Renovate cannot accurately update locked versions of Poetry dependency ranges due to limitations in Poetry.
For example, if the `pyproject.toml` has a constraint like `coverage = "^7.2"`, and the version ion `poetry.lock` is `7.4.1`, and we know that `7.4.3` is available, then Renovate can only run `poetry update --lock --no-interaction coverage` and _hope_ the result is `7.4.3`.
Poetry does not support updating to a specific/exact version with the `update` command, and the above `update` command may not even update at all sometimes.
For this reason it's much better to pin dependency versions in `pyproject.toml`, such as `coverage = "7.4.1"` because it then gives Renovate more control and the ability to accurate upgrade dependencies in increments like `7.4.1` to `7.4.3`.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment