Add a command to "upgrade" dependency constraints in the pyproject.toml

[KotlinIsland]

this will update the version pins in the pyproject.toml file

prior art:

• poetry: https://github.com/MousaZeidBaker/poetry-plugin-up
• npm: https://docs.npmjs.com/cli/v10/commands/npm-update

> uv upgrade
upgraded 10 dependencies in 0.001 seconds 🚀

this will update the version pins in the pyproject.toml file

why? when i want to update all the dependencies in a project, it can be tedious to manually search for and update each and every dependency. additionally, for application projects (not libraries), i like to be able to squizz the pyproject file for an easy overview of which dependencies are actually installed, not just some possible range

[nathanscain]

Does uv sync cover this use case?

Also, I'm pretty sure dependencies will also be updated during every uv run call by default.

[bjorhn]

I don't think uv sync can bump the pinned versions of every dependency to the latest available version, which I believe is what the issue creator is asking about. uv sync just downloads modules that match the pin, it doesn't change the pin.

This topic always ends up being confusing, people have different definitions of what it means to update or upgrade a dependency. 😅

[nathanscain]

Ahh, yes uv sync updates the environments but not the install specs.

Would it be recommended to not pin exact dependencies in the pyproject.toml - instead to use the lock file for tracking that?

pyproject.toml should track compatibility and uv.lock should track exact versions for deployments/reproducibility.

[bjorhn]

I suspect a lot of teams have a similar workflow to my team, which most project tooling has poor support for.

In the pre-Dependabot days, once a month or so we'd open up the project file on one screen and pypi on the other, then manually bump all the versions to the latest we could find. Then we'd install everything, read release notes, check what broke, and perhaps go back a version or two for some of the dependencies (which is why unpinning all the deps wouldn't work). After that we'd generate a new lock file.

Having an upgrade command would remove the manual labor of having to look up all the versions and editing the file for each individual dependency.

[Mazyod]

Poetry has a nice workflow by using poetry show --outdated rather than opening PyPI.

[akx]

uv upgrade-interactive would also be great, like yarn (v1):

[pythonweb2]

Use uv sync -U to update packages

[pythonweb2]

Although I will note that it would be nice to be able to see which packages are outdated, similar to pip list --outdated or the poetry show --outdated command which does the same thing.

[akx]

Although I will note that it would be nice to be able to see which packages are outdated,

That's tracked in #2150.

[johnthagen]

Like @KotlinIsland said, especially for applications it's really nice to be able to browse narrow ranges of your top level dependencies within pyproject.toml and have a tool automatically bump them for you so you don't have to go to PyPI and look at each top level dependency to see what the latest version is.

It's also important to be able to skip dependencies that the user has pinned to a specific version in pyproject.toml so that if you know you can't upgrade past a version, you can pin it in pyproject.toml until the issue is resolved upstream.

The old poetryup plugin had a --skip-exact flag for this

• https://github.com/MousaZeidBaker/poetryup?tab=readme-ov-file#usage

For more prior art, see npm-check-updates

• https://www.npmjs.com/package/npm-check-updates

It has a nice output UI:

(Long) discussion from the same feature requested in Poetry

• Suggestion: new command to bump versions of dependencies in pyproject.toml python-poetry/poetry#461

[krishan-patel001]

I agree this would be a really helpful feature, especially useful in PRs for tracking version increments. Its a lot easier to see these in pyproject.toml than a lock file

[daeh]

I'm also a big fan of yarn's yarn upgrade-interactive for interactively updating dependency versions in package.json and would love to see similar uv functionality for updating dependency versions in pyproject.toml.