pipenv uninstall transitive dependencies

[rittneje]

Is your feature request related to a problem? Please describe.

We want to be able to remove a package from our Pipfile, and have it and its transitive dependencies removed from Pipfile.lock, without other dependencies getting automatically upgraded.

1. pipenv uninstall will upgrade anything that isn't pinned, which is very surprising behavior
2. pipenv uninstall --keep-outdated does not modify the Pipfile.lock at all, so it is kind of useless, and it is unclear what behavior it is supposed to have anyway ("pipenv uninstall --keep-outdated <package>" does not remove the removed package information in Pipfile.lock #4390)

Describe the solution you'd like

Some way to remove a package and its dependencies (assume they are otherwise unused), without effectively recalculating the Pipfile.lock from scratch. Alternatively, a command like pipenv prune that just removes unused dependencies from the Pipfile.lock.

Describe alternatives you've considered

We can hand-edit the Pipfile.lock, but this is rather cumbersome.

[matteius]

This is a great proposal and description +you did link to the other discussion about it so that is good. We may ultimately want to close one or the other issue to help track as a single issue, but I will comment on some thoughts on implementation details:

The challenge I see here is with respect to the transitive dependencies because the Pipfile.lock file is a flat structure where all dependencies are at equal level--imagine the case where two different projects require some transitive dependency-b so pipenv could calculate because we are requesting to remove package-A1 which requires dependency-b to remove it, but in order to be correct, pipenv would also have to calculate and verify that dependency-b is not a required dependency for any other package remaining in the Pipfile say package-A2. To that end, this uninstall option would become as expensive as locking, I think.

Since the outcome is an expensive operation, to avoid having to repeat it I like the idea of pipenv uninstall --keep-outdated because the Pipfile should get updated to prevent a future pipenv lock from bringing back in the undesired dependency.

The case of a command like pipenv prune -- I think it is ultimately similar to my thoughts above, it would have to re-compute the new lock file in memory based on the current Pipfile and compare the set of package names with the existing lock file -- anything in the existing lock file not in the re-computed version would get pruned out of the lock file.

[ryerson]

Since --keep-outdated is no longer supported and issue #4390 has been closed, is there a chance of prioritizing this issue?