Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not re-lock dependencies that are already locked when doing a pipenv install #1409

Closed
mmerickel opened this issue Feb 9, 2018 · 3 comments
Closed

do not re-lock dependencies that are already locked when doing a pipenv install #1409

mmerickel opened this issue Feb 9, 2018 · 3 comments

Comments

@mmerickel
Copy link

mmerickel commented Feb 9, 2018
edited
Loading

Do not re-lock dependencies that are already locked when doing a pipenv install <package>. If I have a lockfile and want to add a new package, there does not seem to be a sane way to add that package without triggering pipenv to upgrade the locked versions of all installed packages.

Describe your environment
  1. OS Type: macos 10.13.3
  2. Python version: Python 3.6.0
  3. Pipenv version: pipenv, version 9.0.3
Expected result

Run pipenv install pkgA and then later pipenv install pkgB and see that pkgA was untouched, still pinned where it was before.

Actual result

Run pipenv install pkgA and then later pipenv install pkgB and see that pkgA was upgraded to a newer version just because I installed unrelated pkgB.

In yarn this is very clearly separated by yarn install versus yarn upgrade where it will only re-lock the dependency if you change its pin range and run yarn install or if you run yarn upgrade. If you run yarn install without changing the pin on the dependency then it is never upgraded.
@mmerickel
Copy link
Author

Further testing shows that even simply running pipenv lock will adjust my pins away from what is currently installed to newer versions. Why does pipenv lock even talk to the network? It seems to me it should just update the lockfile to reflect what is currently installed, not unlike pip freeze.

I cannot figure out a way to use pipenv that does not update every package when I try to add a new one.

@k4nar
Copy link
Contributor

k4nar commented Feb 13, 2018

Related to #966

@uranusjr
Copy link
Member

@mmerickel

It seems to me it should just update the lockfile to reflect what is currently installed, not unlike pip freeze.

I wish things could be that simple. The #857 thread can provide some ideas why it is much more complicated than that. Regarding your original issue, it is a known problem, and has already been mentioned multiple times in the issue tracker. Please kindly search existing issues (including the two mentioned above) for explanations on its root cause, and why it seems staled without anyone working on it (spoiler: it is very difficult).

@seansfkelley seansfkelley mentioned this issue Mar 6, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kennethreitz @mmerickel @uranusjr @k4nar