No documented way to unpin after converting requirements.txt
See original GitHub issueDescribe you environment
- MacOS 10.13
- Python version: Python 3.6.3
- Pipenv version: Pipenv 8.2.7
Expected result
Converting an existing project that uses requirements.txt, Pipenv creates a Pipfile with pinned versions and a Pipfile.lock with the versions from my requirements.txt. It then tells me I might want to unpin my Pipfile. I expected there to be a process for unpinning my Pipfile while maintaining my Pipfile.lock, but pipenv wants to recreate my Pipfile.lock whenever I change my Pipfile.
Actual result
I can’t find any documented way to remove the version pins from Pipfile without the next invocation of pipenv install
upgrading all my packages. The only way I have found is to let pipenv regenerate Pipfile.lock, then discard all the changes except the meta hash.
Issue Analytics
- State:
- Created 6 years ago
- Comments:21 (11 by maintainers)
Top Results From Across the Web
Why should version numbers not be pinned in a Pipfile?
The docs are quite opinionated on the likely reason you have pinned versions on your requirements file: it probably came from pip freeze ......
Read more >Ask HN: Why Poetry did not become a mainstream package ...
I have recently been introduced to Poetry. I am a pretty experienced Python dev with both back-end and ML in my project basket....
Read more >How to Update Requirements Files - PyNWB - Read the Docs
requirements.txt of the project can be created or updated and then captured using the following script: mkvirtualenv pynwb-requirements cd pynwb pip install ...
Read more >About responsive search ads - Google Ads Help
After you enter headlines and descriptions, Google Ads assembles the text into multiple ad combinations in a way that avoids redundancy.
Read more >Should You Use Upper Bound Version Constraints?
This enables Poetry to roll back a dependency on a subsequent solve, while pip does not know what the original requirements were and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
The point isn’t that we know we need to keep a specific version pinned, nor that we don’t want to update sometime soon. We just don’t want to be forced to update at the same time we switch to pipenv, because pipenv is supposed to be better at helping us to keep packages up to date while retaining the ability to manage the upgrades with care! In fact, even if literally the next commit I make is to upgrade all the packages, I’d like to do that upgrade separately, so I know, when inevitably something breaks, whether it was setting things up incorrectly when switching to pipenv or updating the packages. (And, depending how careful I’m being, I may want to do that separately for each package.)
Perhaps the better way to do that is to simply leave each the version pin in the Pipfile until we’re ready to update that package? But then we lose the ability to use e.g.
pipenv update --dry-run
to see what we’re going to update – and it seems like this is not the best way for a Pipfile+Pipfile.lock to express what we want, and is different from what we would have if we had used pipenv from the start.Perhaps this will all be clearer if I propose some alternate verbiage in context – I’ll make a pull request.
Wanted to add one comment here: it seems to me like (once
--keep-oudated
is working per #966) it might be helpful to mention this strategy explicitly in documentation or in the “you may want to unpin your dependencies message”. That is to say, if you want to migrate fromrequirements.txt
toPipfile
, leaving your dependencies unpinned but without upgrading them today, you want to:pipenv install -r requirements.txt
*
inPipfile
pipenv lock --keep-outdated
The last one is not at all obvious, and if you don’t do it, you’ll think you kept the pinned dependencies inPipfile.lock
, but actually as soon as youpipenv install
they will get clobbered by the latest ones.