-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pipenv ignores version constraint without == #4971
Comments
I see what you mean, yeah that should be seen as invalid I think. |
Hi @matteius, |
@dojutsu-user that sounds accurate. |
Hi @matteius, |
Hi @matteius, |
@dojutsu-user I honestly haven't thought it through yet -- Perhaps look for where requirementslib is using |
Can this issue be rechecked with |
This is with the latest release (2022.1.8).
Issue description
If you try to pin to a version, but neglect to include
==
, then pipenv ignores the constraint entirely. It is a common misunderstanding to assume they would be equivalent. (And in fact I think pipenv is wrong for not treating them so.)For example,
requests = "2.23.0"
will install latest instead.Expected result
Either
requests = "2.23.0"
should be treated asrequests = "==2.23.0"
, orpipenv install
should fail saying that the Pipfile is invalid.Actual result
It silently installed requests 2.27.1 (current latest) instead.
Steps to replicate
Add
requests = "2.23.0"
to the packages section and runpipenv install
.The text was updated successfully, but these errors were encountered: