How to update all except group x (but keep that group in lock)

[commentator8]

Is it possible to have a toml like so

[tool.poetry.dependencies] # external - pinning to patch version
python = "^3.9"
click = { version = "^8.1.3", source = "nexus" }

[tool.poetry.group.internal.dependencies] # pinning to major version
internal_package = { version = "^1", source = "nexus" }

[tool.poetry.group.dev.dependencies]
dev_package = { version = "^1.0.0", source = "nexus" }

and perform a poetry update --lock that updates the external/dev but leaves the internal pinned to their current version? Or must i explicitly pin then to do so? This is for a weekly auto patch version update, but in general when a user runs update i want to be able to take the latest internal package.

My attempt at using --without=internal resulted in losing those packages from the lock file.

[neersighted]

There is not a way to do so. The lock file is not intended to maintain a strict locking of dependencies -- instead it is meant to provide reproducibility. The idea is that your project is checked in CI, and the lock file is bumped often as devs go about their work. CI and your test suite verifies that the latest versions are good and that lock ensures that your production deploy matches CI. If you want to conservatively update versions, you should constrain things properly in your pyproject.toml.

TL;DR: no, the lock file is not a substitute for proper constraints.

[commentator8]

Was hoping... but figured. Thanks for the confirmation!