Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pipenv incorrectly resolves dev-dependencies

See original GitHub issue

When installing dev dependencies some packages receive wrong versions. These packages seem to ignore constraints defined in Pipfile.

Describe your environment
  1. OS Type: macos, 10.11.6
  2. Python version: $ python -V, 3.6.2
  3. Pipenv version: $ pipenv --version, 9.0.1
Expected result

I expect that django==1.11 will be installed.

Actual result

django==2.0 is installed.

Steps to replicate

Pipfile

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true


[requires]

python_version = '3.6'


[dev-packages]

django-debug-toolbar = "*"


[packages]

django = "<1.12"

Pipfile.lock

{
    "_meta": {
        "hash": {
            "sha256": "b802355565a0f9e930143694c9133a2693b413a900600db3683a82a2406fed7a"
        },
        "host-environment-markers": {
            "implementation_name": "cpython",
            "implementation_version": "3.6.2",
            "os_name": "posix",
            "platform_machine": "x86_64",
            "platform_python_implementation": "CPython",
            "platform_release": "15.6.0",
            "platform_system": "Darwin",
            "platform_version": "Darwin Kernel Version 15.6.0: Fri Feb 17 10:21:18 PST 2017; root:xnu-3248.60.11.4.1~1/RELEASE_X86_64",
            "python_full_version": "3.6.2",
            "python_version": "3.6",
            "sys_platform": "darwin"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "url": "https://pypi.python.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "django": {
            "hashes": [
                "sha256:fad46f44f6f4de66aacaa92e7753dbc4fe3ae834aa2daffaca0bf16c64798186",
                "sha256:fed3e79bb5a3a8d5eb054c7a1ec1de229ef3f43335a67821cc3e489e9582f711"
            ],
            "version": "==1.11.8"
        },
        "pytz": {
            "hashes": [
                "sha256:80af0f3008046b9975242012a985f04c5df1f01eed4ec1633d56cc47a75a6a48",
                "sha256:feb2365914948b8620347784b6b6da356f31c9d03560259070b2f30cff3d469d",
                "sha256:59707844a9825589878236ff2f4e0dc9958511b7ffaae94dc615da07d4a68d33",
                "sha256:d0ef5ef55ed3d37854320d4926b04a4cb42a2e88f71da9ddfdacfde8e364f027",
                "sha256:c41c62827ce9cafacd6f2f7018e4f83a6f1986e87bfd000b8cfbd4ab5da95f1a",
                "sha256:8cc90340159b5d7ced6f2ba77694d946fc975b09f1a51d93f3ce3bb399396f94",
                "sha256:dd2e4ca6ce3785c8dd342d1853dd9052b19290d5bf66060846e5dc6b8d6667f7",
                "sha256:699d18a2a56f19ee5698ab1123bbcc1d269d061996aeb1eda6d89248d3542b82",
                "sha256:fae4cffc040921b8a2d60c6cf0b5d662c1190fe54d718271db4eb17d44a185b7"
            ],
            "version": "==2017.3"
        }
    },
    "develop": {
        "django": {
            "hashes": [
                "sha256:af18618ce3291be5092893d8522fe3919661bf3a1fb60e3858ae74865a4f07c2",
                "sha256:9614851d4a7ff8cbd32b73c6076441f377c45a5bbff7e771798fb02c43c31f47"
            ],
            "version": "==2.0"
        },
        "django-debug-toolbar": {
            "hashes": [
                "sha256:4af2a4e1e932dadbda197b18585962d4fc20172b4e5a479490bc659fe998864d",
                "sha256:d9ea75659f76d8f1e3eb8f390b47fc5bad0908d949c34a8a3c4c87978eb40a0f"
            ],
            "version": "==1.9.1"
        },
        "pytz": {
            "hashes": [
                "sha256:80af0f3008046b9975242012a985f04c5df1f01eed4ec1633d56cc47a75a6a48",
                "sha256:feb2365914948b8620347784b6b6da356f31c9d03560259070b2f30cff3d469d",
                "sha256:59707844a9825589878236ff2f4e0dc9958511b7ffaae94dc615da07d4a68d33",
                "sha256:d0ef5ef55ed3d37854320d4926b04a4cb42a2e88f71da9ddfdacfde8e364f027",
                "sha256:c41c62827ce9cafacd6f2f7018e4f83a6f1986e87bfd000b8cfbd4ab5da95f1a",
                "sha256:8cc90340159b5d7ced6f2ba77694d946fc975b09f1a51d93f3ce3bb399396f94",
                "sha256:dd2e4ca6ce3785c8dd342d1853dd9052b19290d5bf66060846e5dc6b8d6667f7",
                "sha256:699d18a2a56f19ee5698ab1123bbcc1d269d061996aeb1eda6d89248d3542b82",
                "sha256:fae4cffc040921b8a2d60c6cf0b5d662c1190fe54d718271db4eb17d44a185b7"
            ],
            "version": "==2017.3"
        },
        "sqlparse": {
            "hashes": [
                "sha256:d9cf190f51cbb26da0412247dfe4fb5f4098edb73db84e02f9fc21fdca31fed4",
                "sha256:ce028444cfab83be538752a2ffdb56bc417b7784ff35bb9a3062413717807dec"
            ],
            "version": "==0.2.4"
        }
    }
}

Now, run pipenv install --dev. And pip freeze just to be sure:

» pipenv run pip freeze
Django==2.0
django-debug-toolbar==1.9.1
pytz==2017.3
sqlparse==0.2.4

As you can see django==2.0 violates my constraint django<1.12.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:7
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

4reactions
kennethreitzcommented, Feb 24, 2018

fixed

3reactions
joshfriendcommented, Jan 24, 2018

Another side effect of this that I noticed in #1342 is that pipenv install --dev will install a different version of the dependency (Django in this issue, Flask in mine) depending on how many times the command is run. Also, running pipenv graph with a Pipfile as described in these two issues will not show Django/Flask as top-level dependencies, even though they are listed specifically, and are only shown if they are a sub-dependency of another package.

In my mind, the dev packages section is meant to be complimentary/additive to the dependencies in the main section, not alternative set of dependencies. Therefore, I think that @techalchemy’s suggestion of a flat Pipfile.lock makes the most sense.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to resolve Python package dependencies with pipenv?
You likely have a mismatch in your sub-dependencies. First try clearing your dependency cache with $ pipenv lock --clear, then try the original...
Read more >
Dependency Management With Python Poetry
A dependency manager like Python Poetry helps you specify, install, and resolve external packages in your projects.
Read more >
A Review: Pipenv vs. Poetry vs. PDM | Frost's Blog
Only gevent is resolved with the marker in the lock file and Pipenv stops trying to find its children dependencies when the marker...
Read more >
Pipenv: promises a lot, delivers very little - Hacker News
When recreating the same env on a different platform, it will resolve the dependencies for that platform, so there are no cross-platform issues ......
Read more >
Managing Dependencies in Python. pip, virtualenv, pipenv ...
The python ecosystem has a lot of them, virtualenv, pipenv and poetry are the one's used ... flask = "^1.1.2"[tool.poetry.dev-dependencies]
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to set the full name of the virtualenv created

Next page

pipenv install updates locked packages I would not have expected