Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

False positive mismatch in dependencies

See original GitHub issue

I’m fairly sure the installed version of requests should go through no problem:

Adding docker-compose to Pipfile's [dev-packages]…
Locking [dev-packages] dependencies…
Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  You can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Could not find a version that matches requests!=2.11.0,<2.12,==2.18.4,>=2.6.1
Tried: 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.6, 0.10.7, 0.10.8, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.13.5, 0.13.6, 0.13.7, 0.13.8, 0.13.9, 0.14.0, 0.14.1, 0.14.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 2.0.0, 2.0.0, 2.0.1, 2.0.1, 2.1.0, 2.1.0, 2.2.0, 2.2.0, 2.2.1, 2.2.1, 2.3.0, 2.3.0, 2.4.0, 2.4.0, 2.4.1, 2.4.1, 2.4.2, 2.4.2, 2.4.3, 2.4.3, 2.5.0, 2.5.0, 2.5.1, 2.5.1, 2.5.2, 2.5.2, 2.5.3, 2.5.3, 2.6.0, 2.6.0, 2.6.1, 2.6.1, 2.6.2, 2.6.2, 2.7.0, 2.7.0, 2.8.0, 2.8.0, 2.8.1, 2.8.1, 2.9.0, 2.9.0, 2.9.1, 2.9.1, 2.9.2, 2.9.2, 2.10.0, 2.10.0, 2.11.0, 2.11.0, 2.11.1, 2.11.1, 2.12.0, 2.12.0, 2.12.1, 2.12.1, 2.12.2, 2.12.2, 2.12.3, 2.12.3, 2.12.4, 2.12.4, 2.12.5, 2.12.5, 2.13.0, 2.13.0, 2.14.0, 2.14.0, 2.14.1, 2.14.1, 2.14.2, 2.14.2, 2.15.1, 2.15.1, 2.16.0, 2.16.0, 2.16.1, 2.16.1, 2.16.2, 2.16.2, 2.16.3, 2.16.3, 2.16.4, 2.16.4, 2.16.5, 2.16.5, 2.17.0, 2.17.0, 2.17.1, 2.17.1, 2.17.2, 2.17.2, 2.17.3, 2.17.3, 2.18.0, 2.18.0, 2.18.1, 2.18.1, 2.18.2, 2.18.2, 2.18.3, 2.18.3, 2.18.4, 2.18.4

 > pipenv graph
docker-compose==1.16.0
  - cached-property [required: >=1.2.0,<2, installed: 1.3.1]
  - docker [required: <3.0,>=2.5.1, installed: 2.6.1]
    - docker-pycreds [required: >=0.2.1, installed: 0.2.1]
      - six [required: >=1.4.0, installed: 1.11.0]
    - requests [required: !=2.11.0,!=2.12.2,!=2.18.0,>=2.5.2, installed: 2.11.1]
    - six [required: >=1.4.0, installed: 1.11.0]
    - websocket-client [required: >=0.32.0, installed: 0.44.0]
      - six [required: Any, installed: 1.11.0]
  - dockerpty [required: <0.5,>=0.4.1, installed: 0.4.1]
    - six [required: >=1.3.0, installed: 1.11.0]
  - docopt [required: <0.7,>=0.6.1, installed: 0.6.2]
  - jsonschema [required: >=2.5.1,<3, installed: 2.6.0]
  - PyYAML [required: <4,>=3.10, installed: 3.12]
  - requests [required: !=2.11.0,<2.12,>=2.6.1, installed: 2.11.1]
  - six [required: >=1.3.0,<2, installed: 1.11.0]
  - texttable [required: >=0.9.0,<0.10, installed: 0.9.1]
  - websocket-client [required: <1.0,>=0.32.0, installed: 0.44.0]
    - six [required: Any, installed: 1.11.0]
setproctitle==1.1.10

Describe your environment

Ubuntu 17.04, python 3.5.3 inside of pipenv, pipenv 8.3.1

Expected result

I’d expect the lock to suceed with requests 2.11.1

Actual result

Dependencies are unresolved

Steps to replicate

> pipenv install --three
> pipenv install docker-compose requests

doesn’t happen with docker-compose alone

Pipfile under packages:

requests = "*"
docker-compose = "*"

Issue Analytics

State:
Created 6 years ago
Comments:11 (10 by maintainers)

Top GitHub Comments

1reaction

vphilipponcommented, Dec 4, 2017

@iScrE4m This is now fixed in master and will be part of the next release, hopefully in the next few days (cutting out a major version). Once it’s out (or using the version on master), be sure to run pipenv lock --clear.

Thank you for your report, patience, and using Pipenv! 👍

0reactions

kennethreitzcommented, Nov 22, 2017

gotcha

On Tue, Nov 21, 2017 at 8:02 PM, Vincent Philippon <notifications@github.com

wrote:

What Nate said

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/kennethreitz/pipenv/issues/1060#issuecomment-346210554, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHUVQXgYXPzdBL1Xgg2hgjnH513SCJ2ks5s43KVgaJpZM4QcEGu .

Top Results From Across the Web

MPP, IDE: False positive type mismatch with CoroutineContext ...

MPP, IDE: False positive type mismatch with CoroutineContext/CoroutineDispatcher and `kotlinx-coroutines-core` dependency in Maven project.

Lifestyle Mismatches - Diagnostic Warning - Simple Injector

Even though false positives might occur, best practice is to prevent iterating the injected stream inside the constructor, as prescribed here.

Changelog | Addressables | 1.20.5 - Unity - Manual

Added sample for resolving duplicate dependencies to multiple groups. ... a bug where IResourceLocations were returning a false positive on comparison.

Black Duck Knowledgebase matching issues help guide

Case 4: Wrong component detected (wrong single component match) – False positive; Case 5: Wrong component detected (extra component discovered) – False positive...

Findings - Semgrep

False positive: A false positive is a mismatch between the intended purpose of the rule and the code it matched. A finding is...