`pipenv update --outdated` should alert users to newer excluded versions

[alexgmin]

Is your feature request related to a problem? Please describe.
I don't have a way to know which packages I'm using that have an update outside the version restriction in the Pipfile. I can do pip list --outdated, but that lists every package in the enviroment, instead of only the ones in the Pipfile.

Describe the solution you'd like
I think pipenv update --outdated should show every package in the Pipfile with an update. However it should be indicated which ones are in the version restrictions of the Pipfile.
For example, Composer color codes it depending on semver https://getcomposer.org/doc/03-cli.md#outdated

[uranusjr]

I’m not entirely sure I understand what you’re asking. Can you attach a Pipfile and illustrate what you want with its output?

[alexgmin]

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[dev-packages]

[packages]
six = "==1.10.*"
rules = "==1.2.*"
requests = "==2.18.*"

[requires]
python_version = "3.6"

If you run pip list --outdated you get this:

Package  Version Latest Type 
-------- ------- ------ -----
idna     2.6     2.7    wheel
requests 2.18.4  2.19.1 wheel
rules    1.2.1   1.3    sdist
six      1.10.0  1.11.0 wheel
urllib3  1.22    1.23   wheel

However if you run pipenv update --outdated you get nothing. If I change the version restrictions to this:

[packages]
six = "==1.10.*"
rules = "==1.3.*"
requests = "==2.19.*"

Then the result of pipenv update --outdated is

Package 'rules' out–of–date: '==1.2.1' installed, '==1.3' available.
Package 'urllib3' out–of–date: '==1.22' installed, '==1.23' available.
Package 'requests' out–of–date: '==2.18.4' installed, '==2.19.1' available.
Package 'idna' out–of–date: '==2.6' installed, '==2.7' available.

My point is, just like composer and pip, pipenv shouldn't take into account the version restrictions when showing if there's an update to a package. It should show all of them, like pip, but informing the user whether the update is allowed under the restrictions in the Pipfile.

[techalchemy]

I actually really like this idea, I liked it even when I couldn't read the properly formatted version when I was on mobile this morning. We will need to run it by Kenneth and @ncoghlan but I am fairly confident this will be thumbs up from them as well.

[ncoghlan]

I've reworded the issue title based on what I believe @alexgmin is actually proposing (i.e. respect the version restrictions when it comes to actually updating anything, but also note in the output when there are newer packages being ignored based on the Pipfile constraints).

Assuming I've understood the proposal correctly, it seems like a reasonable prompt to me - while there's some risk of notification fatigue, I agree that warning about this situation will be better default behaviour.