The django project announced some important security releases today. I have a few production applications running django, and while none of them were due for a release today, these updates seem like they could be necessary for me. And I had to look up how to update these when I'm not changing a version constraint, so I'm writing it down here in hopes that I'll make it more memorable.

My newer sites use uv to manage virtual environments. My older ones use either pip-tools or poetry. I’m in the process of converting the last poetry ones to uv, so I’m just going to finish and deploy that today. I haven’t started migrating the ones that use pip-tools yet, so I need to update those using pip-tools for now.

Here’s the drill for pip-tools:

pip-compile --upgrade-package django --upgrade-package wagtail requirements/requirements.in
pip-sync

then commit the lockfiles, build, and deploy as normal.

For uv:

uv sync --upgrade-package django

then commit the lockfiles, build and deploy as normal.

I’m looking forward to migrating the remaining projects to use uv and kamal instead of pip-tools and my bash scripts that wrap docker. uv and kamal are easier, more reliable, and faster.