Migrate dev dependencies to PEP 735 dependency groups (#19490)

This moves the dev dependencies to PEP 735 dependency groups, to help us
move to standard project metadata, which will help us moving to `uv`
(#19566)

This requires poetry 2.2.0

.github/workflows/fix_lint.yaml

@@ -31,7 +31,7 @@ jobs:
         uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           install-project: "false"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
 
       - name: Run ruff check
         continue-on-error: true

.github/workflows/latest_deps.yml

@@ -54,7 +54,7 @@ jobs:
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           python-version: "3.x"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           extras: "all"
       # Dump installed versions for debugging.
       - run: poetry run pip list > before.txt

.github/workflows/tests.yml

@@ -95,7 +95,7 @@ jobs:
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           python-version: "3.x"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           extras: "all"
       - run: poetry run scripts-dev/generate_sample_config.sh --check
       - run: poetry run scripts-dev/config-lint.sh
@@ -134,7 +134,7 @@ jobs:
       - name: Setup Poetry
         uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           install-project: "false"
 
       - name: Run ruff check
@@ -169,7 +169,7 @@ jobs:
           # https://github.com/matrix-org/synapse/pull/15376#issuecomment-1498983775
           # To make CI green, err towards caution and install the project.
           install-project: "true"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
 
       # Cribbed from
       # https://github.com/AustinScola/mypy-cache-github-action/blob/85ea4f2972abed39b33bd02c36e341b28ca59213/src/restore.ts#L10-L17
@@ -265,7 +265,7 @@ jobs:
           # Install like a normal project from source with all optional dependencies
           extras: all
           install-project: "true"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
 
       - name: Ensure `Cargo.lock` is up to date (no stray changes after install)
         # The `::error::` syntax is using GitHub Actions' error annotations, see
@@ -398,7 +398,7 @@ jobs:
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           python-version: ${{ matrix.job.python-version }}
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           extras: ${{ matrix.job.extras }}
       - name: Await PostgreSQL
         if: ${{ matrix.job.postgres-version }}
@@ -500,7 +500,7 @@ jobs:
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           python-version: ${{ matrix.python-version }}
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           extras: ${{ matrix.extras }}
       - run: poetry run trial --jobs=2 tests
       - name: Dump logs
@@ -595,7 +595,7 @@ jobs:
       - run: sudo apt-get -qq install xmlsec1 postgresql-client
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           extras: "postgres"
       - run: .ci/scripts/test_export_data_command.sh
         env:
@@ -648,7 +648,7 @@ jobs:
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           python-version: ${{ matrix.python-version }}
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           extras: "postgres"
       - run: .ci/scripts/test_synapse_port_db.sh
         id: run_tester_script
@@ -708,7 +708,7 @@ jobs:
       # We use `poetry` in `complement.sh`
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
           # Matches the `path` where we checkout Synapse above
           working-directory: "synapse"
 

.github/workflows/twisted_trunk.yml

@@ -54,7 +54,7 @@ jobs:
         with:
           python-version: "3.x"
           extras: "all"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
       - run: |
           poetry remove twisted
           poetry add --extras tls git+https://github.com/twisted/twisted.git#${{ inputs.twisted_ref || 'trunk' }}
@@ -82,7 +82,7 @@ jobs:
         with:
           python-version: "3.x"
           extras: "all test"
-          poetry-version: "2.1.1"
+          poetry-version: "2.2.1"
       - run: |
           poetry remove twisted
           poetry add --extras tls git+https://github.com/twisted/twisted.git#trunk

changelog.d/19490.misc

@@ -0,0 +1 @@
+Migrate `dev` dependencies to [PEP 735](https://peps.python.org/pep-0735/) dependency groups.

debian/build_virtualenv

@@ -35,7 +35,7 @@ TEMP_VENV="$(mktemp -d)"
 python3 -m venv "$TEMP_VENV"
 source "$TEMP_VENV/bin/activate"
 pip install -U pip
-pip install poetry==2.1.1 poetry-plugin-export==1.9.0
+pip install poetry==2.2.1 poetry-plugin-export==1.9.0
 poetry export \
     --extras all \
     --extras test \

debian/changelog

@@ -1,6 +1,7 @@
 matrix-synapse-py3 (1.149.1+nmu1) UNRELEASED; urgency=medium
 
   * Change how the systemd journald integration is installed.
+  * Update Poetry used at build time to 2.2.1.
 
  -- Quentin Gliech <packages@matrix.org>  Fri, 20 Feb 2026 19:19:51 +0100
 

docker/Dockerfile

@@ -22,7 +22,7 @@
 
 ARG DEBIAN_VERSION=trixie
 ARG PYTHON_VERSION=3.13
-ARG POETRY_VERSION=2.1.1
+ARG POETRY_VERSION=2.2.1
 
 ###
 ### Stage 0: generate requirements.txt

docs/development/dependencies.md

@@ -6,7 +6,7 @@ This is a quick cheat sheet for developers on how to use [`poetry`](https://pyth
 
 See the [contributing guide](contributing_guide.md#4-install-the-dependencies).
 
-Developers should use Poetry 1.3.2 or higher. If you encounter problems related
+Developers should use Poetry 2.2.0 or higher. If you encounter problems related
 to poetry, please [double-check your poetry version](#check-the-version-of-poetry-with-poetry---version).
 
 # Background

mypy.ini

@@ -69,7 +69,7 @@ warn_unused_ignores = False
 ;;     https://github.com/python/typeshed/tree/master/stubs
 ;; and for each package `foo` there's a corresponding `types-foo` package on PyPI,
 ;; which we can pull in as a dev dependency by adding to `pyproject.toml`'s
-;; `[tool.poetry.group.dev.dependencies]` list.
+;; `[dependency-groups]` `dev` list.
 
 # https://github.com/lepture/authlib/issues/460
 [mypy-authlib.*]

poetry.lock

@@ -3754,4 +3754,4 @@ url-preview = ["lxml"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10.0,<4.0.0"
-content-hash = "dd63614889e7e181fca33760741a490e65fe4ef4f42756cafd0f804ae7324916"
+content-hash = "ce9ac9da9e7ffaf24b3e1e7892342ba486e7af4ea25385f875d0f3a2d5c5d133"

pyproject.toml

@@ -224,6 +224,9 @@ update_synapse_database = "synapse._scripts.update_synapse_database:main"
 [tool.poetry]
 packages = [{ include = "synapse" }]
 
+# We're using PEP 735 dependency groups, which requires Poetry 2.2.0+
+requires-poetry = ">=2.2.0"
+
 [tool.poetry.build]
 # Compile our rust module when using `poetry install`. This is still required
 # while using `poetry` as the build frontend. Saves the developer from needing
@@ -251,55 +254,55 @@ generate-setup-file = true
 
 # Dependencies used for developing Synapse itself.
 #
-# Hold off on migrating these to `dev-dependencies` (PEP 735) for now until
-# Poetry 2.2.0+, pip 25.1+ are more widely available.
-[tool.poetry.group.dev.dependencies]
 # We pin development dependencies in poetry.lock so that our tests don't start
 # failing on new releases. Keeping lower bounds loose here means that dependabot
 # can bump versions without having to update the content-hash in the lockfile.
 # This helps prevents merge conflicts when running a batch of dependabot updates.
-ruff = "0.14.6"
+[dependency-groups]
+dev = [
+    "ruff==0.14.6",
 
-# Typechecking
-lxml-stubs = ">=0.4.0"
-mypy = "*"
-mypy-zope = "*"
-types-bleach = ">=4.1.0"
-types-jsonschema = ">=3.2.0"
-types-netaddr = ">=0.8.0.6"
-types-opentracing = ">=2.4.2"
-types-Pillow = ">=8.3.4"
-types-psycopg2 = ">=2.9.9"
-types-pyOpenSSL = ">=20.0.7"
-types-PyYAML = ">=5.4.10"
-types-requests = ">=2.26.0"
-types-setuptools = ">=57.4.0"
+    # Typechecking
+    "lxml-stubs>=0.4.0",
+    "mypy",
+    "mypy-zope",
+    "types-bleach>=4.1.0",
+    "types-jsonschema>=3.2.0",
+    "types-netaddr>=0.8.0.6",
+    "types-opentracing>=2.4.2",
+    "types-Pillow>=8.3.4",
+    "types-psycopg2>=2.9.9",
+    "types-pyOpenSSL>=20.0.7",
+    "types-PyYAML>=5.4.10",
+    "types-requests>=2.26.0",
+    "types-setuptools>=57.4.0",
 
-# Dependencies which are exclusively required by unit test code. This is
-# NOT a list of all modules that are necessary to run the unit tests.
-# Tests assume that all optional dependencies are installed.
-#
-# If this is updated, don't forget to update the equivalent lines in
-# project.optional-dependencies.test.
-parameterized = ">=0.9.0"
-idna = ">=3.3"
+    # Dependencies which are exclusively required by unit test code. This is
+    # NOT a list of all modules that are necessary to run the unit tests.
+    # Tests assume that all optional dependencies are installed.
+    #
+    # If this is updated, don't forget to update the equivalent lines in
+    # project.optional-dependencies.test.
+    "parameterized>=0.9.0",
+    "idna>=3.3",
 
-# The following are used by the release script
-click = ">=8.1.3"
-# GitPython was == 3.1.14; bumped to 3.1.20, the first release with type hints.
-GitPython = ">=3.1.20"
-markdown-it-py = ">=3.0.0"
-pygithub = ">=1.59"
-# The following are executed as commands by the release script.
-twine = "*"
-# Towncrier min version comes from https://github.com/matrix-org/synapse/pull/3425. Rationale unclear.
-towncrier = ">=18.6.0rc1"
+    # The following are used by the release script
+    "click>=8.1.3",
+    # GitPython was == 3.1.14; bumped to 3.1.20, the first release with type hints.
+    "GitPython>=3.1.20",
+    "markdown-it-py>=3.0.0",
+    "pygithub>=1.59",
+    # The following are executed as commands by the release script.
+    "twine",
+    # Towncrier min version comes from https://github.com/matrix-org/synapse/pull/3425. Rationale unclear.
+    "towncrier>=18.6.0rc1",
 
-# Used for checking the Poetry lockfile
-tomli = ">=1.2.3"
+    # Used for checking the Poetry lockfile
+    "tomli>=1.2.3",
 
-# Used for checking the schema delta files
-sqlglot = ">=28.0.0"
+    # Used for checking the schema delta files
+    "sqlglot>=28.0.0",
+]
 
 [tool.towncrier]
     package = "synapse"