Extras in dev dependencies are not locked
See original GitHub issueWhen I add a regular dependency, but also add it with additional extras in --dev
, the extra required packages are not recorded in Pipfile.lock.
For example, requests[secutity]
requires cryptography
, but (for some reason) I only want the security
extra for development:
$ pipenv install requests
...
$ pipenv install --dev 'requests[security]'
...
$ grep cryptography Pipfile.lock
# (no output)
$ pipenv run python -c 'import cryptography as c; print(c)'
<module 'cryptography' from '...'>
$ pipenv clean
Uninstalling 'asn1crypto'…
Uninstalling 'cffi'…
Uninstalling 'cryptography'…
Uninstalling 'pycparser'…
Uninstalling 'pyopenssl'…
Uninstalling 'six'…
$ pipenv install --dev
...
$ pipenv run python -c 'import cryptography as c; print(c)'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'cryptography'
Expected result
The cryptography
package’s hash should be recorded in Pipfile.lock
, and if it gets uninstalled, pipenv install --dev
should re-install it.
Actual result
The extra’s requirements are not in Pipfile.lock
; pipenv install --dev
doesn’t re-install them.
Steps to replicate
See above.
Resulting Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
requests = "*"
[dev-packages]
requests = {extras = ["security"]}
[requires]
python_version = "3.6"
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Manage Dependencies - PDM
Manage Dependencies#. PDM provides a bunch of handful commands to help manage your project and dependencies. The following examples are run on Ubuntu...
Read more >Python poetry - how to install optional dependencies?
Installing dependencies from lock file [ValueError] Extra [redis] is not specified. python · python-poetry · Share.
Read more >Commands | Documentation
This will resolve all dependencies of the project and write the exact versions into poetry.lock .
Read more >Managing Python Dependencies with Poetry
Dependency management and packaging tools for your Python project using poetry. How to install, configure and use it.
Read more >Dependency Management With Python Poetry
Pin Dependencies in poetry.lock; Install Dependencies From ... After an update, a package might not work as it did before the update.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I would like to add that this issue is more subtle, and more likely to occur, than what I’ve read so far.
For instance, with the following
Pipfile
:You end up with the wrong version of the redis package:
As you can see, this is not just a matter of specifying the same dependency twice in your Pipfile. Maybe this should be a separate issue?
As a brief update on this point – you could consider trying out https://github.com/sarugaku/passa which will lock (but only in an activated virtualenv) and write to the lockfile in a pipenv compatible format. It should handle conflicts gracefully and merge dependency sections as well.