What are best practices for update dependencies in Python with Poetry?

Question

What is the best practice to automatically update python dependencies when working with poetry on github?

I would simply set up an action that runs poetry update (https://python-poetry.org/docs/cli/#update) in a new branch and opens a PR.

This method makes dependabot and renovate unnecessary, and since I'm used to working with those with other programming languages, I want to check whether my intuition about this as a best practice is a good one.

Side note: poetry + dependabot do not seem to be a good option because of this issue for which I haven't found a good solution.

Answer 1

poetry update updates your dependencies within the version range given in your pyproject.toml. So effectively it updates your poetry.lock file and also installs the updated packages.

Within your Update-CI you probably don't want to install anything. So run poetry lock instead.

At the moment, there is no poetrycommand that will also ugrade the version ranges given in your pyproject.toml. If you have something like ^1.0.0 as a version range for a dependency, a poetry update or poetry lock will never give you a 2.0.0 version of this dependency.

I have very good experience with renovate [docs] [repo] [home] for doing all that update stuff.