Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Updating only one locked dependency

See original GitHub issue

Sometimes I’m doing a PR and I want to update a specific dependency but I don’t want to deal with updates of all my dependencies (aiohttp, flake8, etc…). If any breaking change was introduced in those dependencies, I want to deal with it in another PR.

As far as I know, the only way to do that would be to pin all the dependencies that I don’t want to update in the Pipfile. But I find it to defeat the purpose of Pipenv in the first place 😃 .

So my feature request would be to be able to do something like:

$ pipenv lock --only my-awesome-dep

That would generate a Pipfile.lock with updates for only my-awesome-dep and its dependencies.

I can probably make a PR for that, but I would like to get some feedback first.

Issue Analytics

State:
Created 6 years ago
Reactions:30
Comments:83 (41 by maintainers)

Top GitHub Comments

43reactions

brettdhcommented, Oct 24, 2017

Agree 100% - and I’ll go a bit farther: this should be the default.

That is, pipenv install foo should never touch anything besides foo and its dependencies. And pipenv lock should certainly never upgrade anything - it should just lock what’s already installed.

AFAICT, this is how npm, yarn, gem, etc. work; it makes no sense to have a lockfile that doesn’t actually lock packages, but trusts package authors to not break things in patch releases, and therefore upgrades them without being asked. I can see the use of allowing upgrades, but that should be opt-in, since it’s more surprising than not upgrading them.

I apologize if I’m hijacking this issue for something else, but since this is so closely related to an issue I was about to create, I thought I’d start the conversation here. Feel free to tell me I should make a new one.

25reactions

kennethreitzcommented, Nov 22, 2017

I have no idea.

Top Results From Across the Web

Locking dependency versions - Gradle User Manual

Run gradle dependencies --write-locks . This will effectively lock all resolvable configurations that have locking enabled. Note that in a multi project setup, ......

Dependency Locking - API Manual

In order to update only specific modules of a configuration, you can use the --update-locks command line flag. It takes a comma (...

How do I update a single dependency in package-lock.json ...

Run npm update <package> . This will update it to the latest version that satisfies the requirements specified in your package.json and ...

Yarn.lock: How to Update it - DEV Community ‍ ‍

Introduction. Knowing how to read a yarn.lock file is important: it lists the packages that your application will end up using.

Updating Dependencies - donejs

When using the package-lock.json file, dependencies versions are locked on each of your dependencies. If you update one dependency, but not another, ...