pipenv ignores version constraint without ==

[rittneje]

This is with the latest release (2022.1.8).

Issue description

If you try to pin to a version, but neglect to include ==, then pipenv ignores the constraint entirely. It is a common misunderstanding to assume they would be equivalent. (And in fact I think pipenv is wrong for not treating them so.)

For example, requests = "2.23.0" will install latest instead.

Expected result

Either requests = "2.23.0" should be treated as requests = "==2.23.0", or pipenv install should fail saying that the Pipfile is invalid.

Actual result

It silently installed requests 2.27.1 (current latest) instead.

Steps to replicate

Add requests = "2.23.0" to the packages section and run pipenv install.

[matteius]

I see what you mean, yeah that should be seen as invalid I think.

[dojutsu-user]

Hi @matteius,
Taking this up. I believe the fix will in sarugaku/requirementslib repository.. right?

[matteius]

@dojutsu-user that sounds accurate.

[dojutsu-user]

Hi @matteius,
Can you provide some guidance on where to look. I am not able to find the exact code in the repo for this.

[dojutsu-user]

Hi @matteius,
Can you guide me here a little bit.

[matteius]

@dojutsu-user I honestly haven't thought it through yet -- Perhaps look for where requirementslib is using Constraint but I may not have time to look at this more closely until probably next weekend.

[matteius]

Can this issue be rechecked with pipenv==2023.8.26?