pipenv icon indicating copy to clipboard operation
pipenv copied to clipboard

Published 20 hours ago verified publisher icon pypa

Incompatible Python version silently ignored rather than erroring, when using `--system`

Open edmorley opened this issue 7 months ago • 1 comments

Issue description

When using --system, if the system Python version isn't compatible with the python_version specified in Pipfile / Pipfile.lock, then Pipenv doesn't error (as I would have expected), but instead silently continues the install with the incompatible system Python version.

Expected result

For Pipenv never to silently install dependencies using an incompatible Python version, and instead emit an error if using --system and the system Python isn't the right version.

Actual result

Pipenv ignores the incompatible Python version (doesn't emit an error), and proceeds with the install.

Steps to replicate

Create this Dockerfile:

FROM python:3.13-slim
WORKDIR /testcase

COPY <<EOF Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
typing-extensions = "*"

[requires]
python_version = "3.12"
EOF

COPY <<EOF Pipfile.lock
{
    "_meta": {
        "hash": {
            "sha256": "9661ed313a79ccb68c7dc4e639068f86ddd91e307ec2ed60498858d002e9b547"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.12"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "typing-extensions": {
            "hashes": [
                "sha256:a439e7c04b49fec3e5d3e2beaa21755cadbbdc391694e28ccdd36ca4a1408f8c",
                "sha256:e6c81219bd689f51865d9e372991c540bda33a0379d5573cddb9a3a23f7caaef"
            ],
            "index": "pypi",
            "markers": "python_version >= '3.8'",
            "version": "==4.13.2"
        }
    },
    "develop": {}
}
EOF

RUN pip install pipenv==v2025.0.2
# This should abort with an error about incompatible system Python version, but doesn't.
RUN pipenv install --system --verbose

Then run it with: docker build . --progress plain --no-cache

It will succeed, when the pipenv sync command should have errored (since the base image uses Python 3.13, but yet python_version in Pipfile and Pipfile.lock specifies Python 3.12).

edmorley avatar May 10 '25 15:05 edmorley

I find this is an interesting case, as I learn pipenv.

edmorley describes 3.13 and 3.12 as "not compatible" and "not right".

Seeing no reaction after a month, I wanted to add my perspective as Python and pip user.

I expect Python 3.13 to be backwards compatible with 3.11 and 3.12. This is formalized in the active PEP 386, that states about incompatible changes "Wait for the warning to appear in at least two minor Python versions of the same major version..."

My point of view is:

pipenv on Python 3.13 should process a Pipfile that requires 3.12 but emit a warning.

pipenv on Python 3.15 should abort a Pipfile that requires 3.12 because the "deprecation gap" is larger than covered by PEP 386.

pipenv on Python 3.13 should abort a Pipfile that requires 3.14 because Python is not forward compatible.

marbx avatar Jun 19 '25 05:06 marbx

Sorry for the lack of comment, I wonder if this was possibly related to: https://github.com/pypa/pipenv/pull/6373

Probably I need more help digging into some of these issues.

EDIT: Sorry, I see now it involves --system flag, and is probably a long standing issue.

matteius avatar Jun 23 '25 10:06 matteius