Confusion: --keep-outdated --selective-upgrade

Apologies for not responding to this sooner, I’ve been super busy with work but more significantly there were a number of breaking changes related to PEP514 implementation which first pip rolled out and then setuptools rolled out and then there was a bit of a stalemate-fingerpointing situation and then some more breakages which has all been a bit of a nightmare

The result of this is that pipenv just does its own dependency resolution with requirementslib which needed a resolver to handle direct url dependencies as someone mentioned with regard to #3304

With regard to the specific question here, there is significant confusion about --keep-outdated (which should really do nothing under optimal circumstances unless things are no longer available or installable on PyPI when you re-lock, which can happen if you are on OSX for example), --selective-upgrade only works with install and can be used to install the minimum viable set of changes into the lockfile (that is, still using the highest available versions etc, but not upgrading packages unnecessarily)

The only real difference is that you can add something to your Pipfile and lock with --keep-outdated for the same behavior – and formally speaking, --keep-outdated should never remove something from the lockfile (I am not sure what --selective-upgrade does on this front).

Here is the important caveat: pipenv update always targets every package in your lockfile, without exception. It does not accept arguments. If you want to upgrade a specific package, you must do it with pipenv install --selective-upgrade <package> (which naturally will add it to your lockfile)

This needs to be reviewed at some point because it is super inconvenient and probably is a major gap in normal workflows

Apologies for not responding to this sooner, I’ve been super busy with work but more significantly there were a number of breaking changes related to PEP514 implementation which first pip rolled out and then setuptools rolled out and then there was a bit of a stalemate-fingerpointing situation and then some more breakages which has all been a bit of a nightmare

The result of this is that pipenv just does its own dependency resolution with requirementslib which needed a resolver to handle direct url dependencies as someone mentioned with regard to #3304

With regard to the specific question here, there is significant confusion about --keep-outdated (which should really do nothing under optimal circumstances unless things are no longer available or installable on PyPI when you re-lock, which can happen if you are on OSX for example), --selective-upgrade only works with install and can be used to install the minimum viable set of changes into the lockfile (that is, still using the highest available versions etc, but not upgrading packages unnecessarily)

The only real difference is that you can add something to your Pipfile and lock with --keep-outdated for the same behavior – and formally speaking, --keep-outdated should never remove something from the lockfile (I am not sure what --selective-upgrade does on this front).

Here is the important caveat: pipenv update always targets every package in your lockfile, without exception. It does not accept arguments. If you want to upgrade a specific package, you must do it with pipenv install --selective-upgrade <package> (which naturally will add it to your lockfile)

This needs to be reviewed at some point because it is super inconvenient and probably is a major gap in normal workflows

@techalchemy Thank you for explaining the difference and pointing out how to upgrade a selective package. It seems like pipenv install --selective-upgrade <package> does what you stated, but only misses out on updating the hash of the new version in the lockfile. 😞 Is this a already tracked issue?