Pipenv installs spurious dependencies
See original GitHub issueIssue description
When installing any version of Django < 3.0 as a dependency and django-debug-toolbar as a dev dependency, pipenv lock
determines that asgiref is a required package when it in fact is not.
Expected result
$ pipenv graph
django-debug-toolbar==2.2
- Django [required: >=1.11, installed: 2.2.13]
- pytz [required: Any, installed: 2020.1]
- sqlparse [required: Any, installed: 0.3.1]
- sqlparse [required: >=0.2.0, installed: 0.3.1]
Actual result
$ pipenv graph
asgiref==3.2.10
django-debug-toolbar==2.2
- Django [required: >=1.11, installed: 2.2.13]
- pytz [required: Any, installed: 2020.1]
- sqlparse [required: Any, installed: 0.3.1]
- sqlparse [required: >=0.2.0, installed: 0.3.1]
Steps to replicate
In a new project, run the following commands:
$ pipenv install 'Django<3.0'
$ pipenv install --dev django-debug-toolbar
$ pipenv --support
Pipenv version: '2020.6.2'
Pipenv location: '/usr/local/Cellar/pipenv/2020.6.2/libexec/lib/python3.8/site-packages/pipenv'
Python location: '/usr/local/Cellar/pipenv/2020.6.2/libexec/bin/python3.8'
Python installations found:
3.8.0
:/Users/jmorris/.pyenv/versions/3.8.0/bin/python3
3.7.7
:/usr/local/bin/python3
3.7.7
:/usr/local/bin/python3.7m
3.7.7
:/usr/local/bin/python3.7
3.6.8
:/Users/jmorris/.pyenv/versions/3.6.8/bin/python3
3.5.9
:/Users/jmorris/.pyenv/versions/3.5.9/bin/python3
3.5.1
:/Users/jmorris/.pyenv/versions/3.5.1/bin/python3
2.7.18
:/Users/jmorris/.pyenv/versions/2.7.18/bin/python2
2.7.17
:/usr/local/bin/python2
2.7.17
:/usr/local/bin/python2.7
2.7.16
:/usr/bin/python2.7
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.8.3',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '18.7.0',
'platform_system': 'Darwin',
'platform_version': 'Darwin Kernel Version 18.7.0: Mon Apr 27 20:09:39 PDT '
'2020; root:xnu-4903.278.35~1/RELEASE_X86_64',
'python_full_version': '3.8.3',
'python_version': '3.8',
'sys_platform': 'darwin'}
System environment variables:
PATH
TERM_PROGRAM
TERM
SHELL
TMPDIR
Apple_PubSub_Socket_Render
TERM_PROGRAM_VERSION
TERM_SESSION_ID
USER
SSH_AUTH_SOCK
__CF_USER_TEXT_ENCODING
PWD
EDITOR
LANG
ITERM_PROFILE
XPC_FLAGS
XPC_SERVICE_NAME
SHLVL
PYENV_SHELL
HOME
COLORFGBG
LC_TERMINAL_VERSION
ITERM_SESSION_ID
LOGNAME
LESS
LESSOPEN
LC_TERMINAL
COLORTERM
PIP_DISABLE_PIP_VERSION_CHECK
PYTHONDONTWRITEBYTECODE
PIP_SHIMS_BASE_MODULE
PIP_PYTHON_PATH
PYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH
:/usr/local/Cellar/pipenv/2020.6.2/libexec/tools:/Users/jmorris/.pyenv/shims:/Users/jmorris/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/usr/local/MacGPG2/bin:/Applications/Wireshark.app/Contents/MacOS
SHELL
:/usr/local/bin/fish
EDITOR
:vim
LANG
:en_US.UTF-8
PWD
:/tmp/lol
Contents of Pipfile
(‘/private/tmp/lol/Pipfile’):
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
django-debug-toolbar = "*"
[packages]
django = "<3.0"
[requires]
python_version = "3.8"
Contents of Pipfile.lock
(‘/private/tmp/lol/Pipfile.lock’):
{
"_meta": {
"hash": {
"sha256": "5e37dff5e53a743305538fdd5fb9da0dbe7eea0521b520e50a56ee191050c830"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.8"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"django": {
"hashes": [
"sha256:84f370f6acedbe1f3c41e1a02de44ac206efda3355e427139ecb785b5f596d80",
"sha256:e8fe3c2b2212dce6126becab7a693157f1a441a07b62ec994c046c76af5bb66d"
],
"index": "pypi",
"version": "==2.2.13"
},
"pytz": {
"hashes": [
"sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed",
"sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048"
],
"version": "==2020.1"
},
"sqlparse": {
"hashes": [
"sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e",
"sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==0.3.1"
}
},
"develop": {
"asgiref": {
"hashes": [
"sha256:7e51911ee147dd685c3c8b805c0ad0cb58d360987b56953878f8c06d2d1c6f1a",
"sha256:9fc6fb5d39b8af147ba40765234fa822b39818b12cc80b35ad9b0cef3a476aed"
],
"markers": "python_version >= '3.5'",
"version": "==3.2.10"
},
"django": {
"hashes": [
"sha256:84f370f6acedbe1f3c41e1a02de44ac206efda3355e427139ecb785b5f596d80",
"sha256:e8fe3c2b2212dce6126becab7a693157f1a441a07b62ec994c046c76af5bb66d"
],
"index": "pypi",
"version": "==2.2.13"
},
"django-debug-toolbar": {
"hashes": [
"sha256:eabbefe89881bbe4ca7c980ff102e3c35c8e8ad6eb725041f538988f2f39a943",
"sha256:ff94725e7aae74b133d0599b9bf89bd4eb8f5d2c964106e61d11750228c8774c"
],
"index": "pypi",
"version": "==2.2"
},
"pytz": {
"hashes": [
"sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed",
"sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048"
],
"version": "==2020.1"
},
"sqlparse": {
"hashes": [
"sha256:022fb9c87b524d1f7862b3037e541f68597a730a8843245c349fc93e1643dc4e",
"sha256:e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==0.3.1"
}
}
}
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:6 (1 by maintainers)
Top Results From Across the Web
How to resolve Python package dependencies with pipenv?
First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again. Alternatively, you can use $ pipenv...
Read more >Basic Usage of Pipenv - Python Packaging Authority
Pipfiles contain information for the dependencies of the project, and supersedes the requirements.txt file used in most Python projects. You should add a ......
Read more >Advanced Usage of Pipenv - Read the Docs
pipenv install --ignore-pipfile is nearly equivalent to pipenv sync , but pipenv sync will never attempt to re-lock your dependencies as it is...
Read more >pipenv · PyPI
Install all dev dependencies: ... $ pipenv install --dev Pipfile found at /Users/kennethreitz/repos/kr/pip2/test/Pipfile. Considering this to be the project home.
Read more >Common Pipenv Errors and How to Solve Them: Why Won't it ...
Pipenv combines package management and virtual environment control into one tool for installing, removing, tracking, and documenting your dependencies; and to ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@GPHemsley-RELX Can you check if it is still a problem in my branch that upgrades to latest pip? Branch is
vendor-pip-22.0.3-followup-changes
and the new pip resolver solves some other infinity lock issues so I am wondering if the resolver fixes that as well.EDIT: Nevermind, I just checked the steps it appears to still be a problem even on my branch:
Just noting this is specifically an issue of installing a new dependency as
--dev
because if I repeat the steps but installpipenv install django-debug-toolbar
regularly it produces the expected graph.Yes, Django started requiring asgiref in Django 3. If you look at the requirements for Django 2.2.x, asgiref is absent:
https://github.com/django/django/blob/stable/2.2.x/setup.py#L86