pipenv
pipenv copied to clipboard
Published
20 hours ago •
pypa
pypa
`pipenv install <package>` upgrades unrelated packages
Issue description
Installing a new package with pipenv install <package> upgrades unrelated packages.
Expected result
It does not modify unrelated packages and their dependencies.
Actual result
It modifies unrelated packages and their dependencies.
Steps to replicate
-
Create a
Pipfilewith a dependency:-
whose version in the
Pipfileis*andExample
cat > Pipfile <<EOF [[source]] url = "https://pypi.org/simple" verify_ssl = true name = "pypi" [packages] idna = "*" [dev-packages] [requires] python_version = "3.11" EOF -
whose version in the
Pipfile.lockis not the current version.Example
cat > Pipfile.lock <<EOF { "_meta": { "hash": { "sha256": "3c314687ccfa77044481a5041894405bf4ff3149d42750829e3e04632cc6ecb9" }, "pipfile-spec": 6, "requires": { "python_version": "3.11" }, "sources": [ { "name": "pypi", "url": "https://pypi.org/simple", "verify_ssl": true } ] }, "default": { "idna": { "hashes": [ "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6", "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" ], "index": "pypi", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.10" } }, "develop": {} } EOF
-
-
Install the existing package(s).
Example
$ python -m pipenv install --verbose Using python: 3.11 Path to python: $HOME/.pyenv/versions/3.11.6/bin/python3 Creating a virtualenv for this project... Pipfile: $HOME/tmp/pipenv-install-upgrade/Pipfile Using $HOME/.pyenv/versions/3.11.6/bin/python3 (3.11.6) to create virtualenv... ⠙ Creating virtual environment...created virtual environment CPython3.11.6.final.0-64 in 153ms creator CPython3Posix(dest=$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq, clear=False, no_vcs_ignore=False, global=False) seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=$HOME/Library/Application Support/virtualenv) added seed packages: pip==23.2.1, setuptools==68.2.2, wheel==0.41.2 activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator ✔ Successfully created virtual environment! Virtualenv location: $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq Installing dependencies from Pipfile.lock (c6ecb9)... Writing supplied requirement line to temporary file: "idna==2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" Install Phase: Standard Requirements Preparing Installation of "idna==2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" $ $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/bin/python $HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv/patched/pip/__pip-runner__.py install -i https://pypi.org/simple --no-input --upgrade --no-deps -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-6_8mrk_n-requirements/pipenv-qdfcg2qe-hashed-reqs.txt Using source directory: '$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/src' Collecting idna==2.10 (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-6_8mrk_n-requirements/pipenv-qdfcg2qe-hashed-reqs.txt (line 1)) Downloading idna-2.10-py2.py3-none-any.whl (58 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 58.8/58.8 kB 2.7 MB/s eta 0:00:00 Installing collected packages: idna Successfully installed idna-2.10 To activate this project's virtualenv, run pipenv shell. Alternatively, run a command inside the virtualenv with pipenv run. -
Install a new package with
pipenv install <package>.Example
$ python -m pipenv install leftpad --verbose Installing leftpad... Resolving leftpad... Added leftpad to Pipfile's [packages] ... ✔ Installation Succeeded Pipfile.lock (c6ecb9) out of date, updating to (fe4271)... Locking [packages] dependencies... Building requirements... Resolving dependencies... INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting() INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('idna'), None) INFO:pipenv.patched.pip._internal.operations.prepare:Collecting idna (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-tyevi2hm-requirements/pipenv-qfc2bo33-constraints.txt (line 3)) INFO:pipenv.patched.pip._internal.network.download:Using cached idna-3.4-py3-none-any.whl (61 kB) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('leftpad'), None) INFO:pipenv.patched.pip._internal.operations.prepare:Collecting leftpad (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-tyevi2hm-requirements/pipenv-qfc2bo33-constraints.txt (line 2)) INFO:pipenv.patched.pip._internal.network.download:Using cached leftpad-0.1.2-py3-none-any.whl (1.8 kB) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(0) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://files.pythonhosted.org/packages/fc/34/3030de6f1370931 b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl (from https://pypi.org/simple/idna/) (requires-python:>=3.5)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(0, state) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(1) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://files.pythonhosted.org/packages/c2/92/b15f48c2fb7c18f f0a21d77c6c1e0f3ae743b8d5b0516841cd290ec5e283/leftpad-0.1.2-py3-none-any.whl (from https://pypi.org/simple/leftpad/)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(1, state) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(2) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending(State(mapping=OrderedDict([('idna', LinkCandidate('https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl (from https://pypi.org/simple/idna/) (requires-python:>=3.5)')), ('leftpad', LinkCandidate('https://files.pythonhosted.org/packages/c2/92/b15f48c2fb7c18ff0a21d77c6c1e0f3ae743b8d5b0516841cd290ec5e283/leftpad-0.1.2-py3-none-any.whl (from https://pypi.org/simple/leftpad/)'))]), criteria={'idna': Criterion((SpecifierRequirement('idna'), via=None)), 'leftpad': Criterion((SpecifierRequirement('leftpad'), via=None))}, backtrack_causes=[])) ⠴ Locking... ✔ Success! Locking [dev-packages] dependencies... Updated Pipfile.lock (e7ca18f416e18e6e31b172657ee3d5e41fb06ef4a01cabf2b66311cad5fe4271)! Installing dependencies from Pipfile.lock (fe4271)... Writing supplied requirement line to temporary file: "idna==3.4; python_version >= '3.5' --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" Writing supplied requirement line to temporary file: 'leftpad==0.1.2 --hash=sha256:8ff2df0f8dbe6537d7f5f7cfb579b628ee81d02556971f2bb5992f6dffacc60e --hash=sha256:e38a2ebc18e0ce3adb4116708c9d8b0ec1d15414eafa4d236be7db893e8dc911' Install Phase: Standard Requirements Preparing Installation of "idna==3.4; python_version >= '3.5' --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" Preparing Installation of 'leftpad==0.1.2 --hash=sha256:8ff2df0f8dbe6537d7f5f7cfb579b628ee81d02556971f2bb5992f6dffacc60e --hash=sha256:e38a2ebc18e0ce3adb4116708c9d8b0ec1d15414eafa4d236be7db893e8dc911' $ $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/bin/python $HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv/patched/pip/__pip-runner__.py install -i https://pypi.org/simple --no-input --upgrade --no-deps -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-0z3oitef-hashed-reqs.txt Using source directory: '$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/src' Collecting idna==3.4 (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-0z3oitef-hashed-reqs.txt (line 1)) Using cached idna-3.4-py3-none-any.whl (61 kB) Collecting leftpad==0.1.2 (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-0z3oitef-hashed-reqs.txt (line 2)) Using cached leftpad-0.1.2-py3-none-any.whl (1.8 kB) Installing collected packages: leftpad, idna Attempting uninstall: idna Found existing installation: idna 2.10 Uninstalling idna-2.10: Successfully uninstalled idna-2.10 Successfully installed idna-3.4 leftpad-0.1.2 Install Phase: Editable Requirements Preparing Installation of "idna==3.4; python_version >= '3.5' --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" Preparing Installation of 'leftpad==0.1.2 --hash=sha256:8ff2df0f8dbe6537d7f5f7cfb579b628ee81d02556971f2bb5992f6dffacc60e --hash=sha256:e38a2ebc18e0ce3adb4116708c9d8b0ec1d15414eafa4d236be7db893e8dc911' $ $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/bin/python $HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv/patched/pip/__pip-runner__.py install -i https://pypi.org/simple --no-input --upgrade --no-deps -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-ix2tblys-reqs.txt Using source directory: '$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/src' To activate this project's virtualenv, run pipenv shell. Alternatively, run a command inside the virtualenv with pipenv run.
$ python -m pipenv --support
Pipenv version: '2023.10.20'
Pipenv location: '$HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv'
Python location: '$HOME/.pyenv/versions/3.11.6/bin/python'
OS Name: 'posix'
User pip version: '23.3'
user Python installations found:
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.11.6',
'os_name': 'posix',
'platform_machine': 'arm64',
'platform_python_implementation': 'CPython',
'platform_release': '23.0.0',
'platform_system': 'Darwin',
'platform_version': 'Darwin Kernel Version 23.0.0: Fri Sep 15 14:41:43 PDT '
'2023; root:xnu-10002.1.13~1/RELEASE_ARM64_T6000',
'python_full_version': '3.11.6',
'python_version': '3.11',
'sys_platform': 'darwin'}
Given that (1) pipenv install doesn't upgrade anything and (2) there is another command called upgrade, it seems deeply counterintuitive that pipenv install <package> upgrades everything. I would instead expect a command such as pipenv upgrade (or maybe pipenv upgrade --all) to do that.
I have gotten this feedback a-lot, but I didn't design the original implementation that basically re-locks everything during install. I did add the upgrade command. We can consider in a future release making install packages use the upgrade rails but having install without packages invoke lock -- but this is a behavior change and it would be important to communicate it in advance of making the change.
Thanks for the context. I totally understand and appreciate that you're dealing with decisions made by previous maintainers.
Consider this an enthusiastic endorsement for such a change!