Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pipenv install <package> upgrades unrelated packages #5992

Open
elliterate opened this issue Oct 23, 2023 · 4 comments · May be fixed by #6098
Open

pipenv install <package> upgrades unrelated packages #5992

elliterate opened this issue Oct 23, 2023 · 4 comments · May be fixed by #6098
Labels
Type: Enhancement 💡 This is a feature or enhancement request.

Comments

@elliterate
Copy link

Issue description

Installing a new package with pipenv install <package> upgrades unrelated packages.

Expected result

It does not modify unrelated packages and their dependencies.

Actual result

It modifies unrelated packages and their dependencies.

Steps to replicate

  1. Create a Pipfile with a dependency:

    1. whose version in the Pipfile is * and

      Example 
      cat > Pipfile <<EOF
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
idna = "*"

[dev-packages]

[requires]
python_version = "3.11"
EOF

    2. whose version in the Pipfile.lock is not the current version.

      Example 
      cat > Pipfile.lock <<EOF
{
    "_meta": {
        "hash": {
            "sha256": "3c314687ccfa77044481a5041894405bf4ff3149d42750829e3e04632cc6ecb9"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.11"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "idna": {
            "hashes": [
                "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6",
                "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"
            ],
            "index": "pypi",
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==2.10"
        }
    },
    "develop": {}
}
EOF

  2. Install the existing package(s).

    Example 
    $ python -m pipenv install --verbose
Using python: 3.11
Path to python: $HOME/.pyenv/versions/3.11.6/bin/python3
Creating a virtualenv for this project...
Pipfile: $HOME/tmp/pipenv-install-upgrade/Pipfile
Using $HOME/.pyenv/versions/3.11.6/bin/python3 (3.11.6) to create virtualenv...
⠙ Creating virtual environment...created virtual environment CPython3.11.6.final.0-64 in 153ms
  creator CPython3Posix(dest=$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq, clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=$HOME/Library/Application Support/virtualenv)
    added seed packages: pip==23.2.1, setuptools==68.2.2, wheel==0.41.2
  activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator

✔ Successfully created virtual environment!
Virtualenv location: $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq
Installing dependencies from Pipfile.lock (c6ecb9)...
Writing supplied requirement line to temporary file: "idna==2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
--hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"
Install Phase: Standard Requirements
Preparing Installation of "idna==2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
--hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"
$ $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/bin/python
$HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv/patched/pip/__pip-runner__.py install -i https://pypi.org/simple --no-input
--upgrade --no-deps -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-6_8mrk_n-requirements/pipenv-qdfcg2qe-hashed-reqs.txt
Using source directory: '$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/src'
Collecting idna==2.10 (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-6_8mrk_n-requirements/pipenv-qdfcg2qe-hashed-reqs.txt (line 1))

  Downloading idna-2.10-py2.py3-none-any.whl (58 kB)

     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 58.8/58.8 kB 2.7 MB/s eta 0:00:00

Installing collected packages: idna

Successfully installed idna-2.10


To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.

  3. Install a new package with pipenv install <package>.

    Example 
    $ python -m pipenv install leftpad --verbose
Installing leftpad...
Resolving leftpad...
Added leftpad to Pipfile's [packages] ...
✔ Installation Succeeded
Pipfile.lock (c6ecb9) out of date, updating to (fe4271)...
Locking [packages] dependencies...
Building requirements...
Resolving dependencies...
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting()
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('idna'), None)
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting idna (from -r
/var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-tyevi2hm-requirements/pipenv-qfc2bo33-constraints.txt (line 3))
INFO:pipenv.patched.pip._internal.network.download:Using cached idna-3.4-py3-none-any.whl (61 kB)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('leftpad'), None)
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting leftpad (from -r
/var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-tyevi2hm-requirements/pipenv-qfc2bo33-constraints.txt (line 2))
INFO:pipenv.patched.pip._internal.network.download:Using cached leftpad-0.1.2-py3-none-any.whl (1.8 kB)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(0)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://files.pythonhosted.org/packages/fc/34/3030de6f1370931
b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl (from https://pypi.org/simple/idna/) (requires-python:>=3.5)'))
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(0, state)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(1)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://files.pythonhosted.org/packages/c2/92/b15f48c2fb7c18f
f0a21d77c6c1e0f3ae743b8d5b0516841cd290ec5e283/leftpad-0.1.2-py3-none-any.whl (from https://pypi.org/simple/leftpad/)'))
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(1, state)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(2)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending(State(mapping=OrderedDict([('idna',
LinkCandidate('https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl (from
https://pypi.org/simple/idna/) (requires-python:>=3.5)')), ('leftpad',
LinkCandidate('https://files.pythonhosted.org/packages/c2/92/b15f48c2fb7c18ff0a21d77c6c1e0f3ae743b8d5b0516841cd290ec5e283/leftpad-0.1.2-py3-none-any.whl (from
https://pypi.org/simple/leftpad/)'))]), criteria={'idna': Criterion((SpecifierRequirement('idna'), via=None)), 'leftpad':
Criterion((SpecifierRequirement('leftpad'), via=None))}, backtrack_causes=[]))
⠴ Locking...
✔ Success!
Locking [dev-packages] dependencies...
Updated Pipfile.lock (e7ca18f416e18e6e31b172657ee3d5e41fb06ef4a01cabf2b66311cad5fe4271)!
Installing dependencies from Pipfile.lock (fe4271)...
Writing supplied requirement line to temporary file: "idna==3.4; python_version >= '3.5'
--hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
Writing supplied requirement line to temporary file: 'leftpad==0.1.2 --hash=sha256:8ff2df0f8dbe6537d7f5f7cfb579b628ee81d02556971f2bb5992f6dffacc60e
--hash=sha256:e38a2ebc18e0ce3adb4116708c9d8b0ec1d15414eafa4d236be7db893e8dc911'
Install Phase: Standard Requirements
Preparing Installation of "idna==3.4; python_version >= '3.5' --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4
--hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
Preparing Installation of 'leftpad==0.1.2 --hash=sha256:8ff2df0f8dbe6537d7f5f7cfb579b628ee81d02556971f2bb5992f6dffacc60e
--hash=sha256:e38a2ebc18e0ce3adb4116708c9d8b0ec1d15414eafa4d236be7db893e8dc911'
$ $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/bin/python
$HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv/patched/pip/__pip-runner__.py install -i https://pypi.org/simple --no-input
--upgrade --no-deps -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-0z3oitef-hashed-reqs.txt
Using source directory: '$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/src'
Collecting idna==3.4 (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-0z3oitef-hashed-reqs.txt (line 1))

  Using cached idna-3.4-py3-none-any.whl (61 kB)

Collecting leftpad==0.1.2 (from -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-0z3oitef-hashed-reqs.txt (line 2))

  Using cached leftpad-0.1.2-py3-none-any.whl (1.8 kB)

Installing collected packages: leftpad, idna

  Attempting uninstall: idna

    Found existing installation: idna 2.10

    Uninstalling idna-2.10:

      Successfully uninstalled idna-2.10

Successfully installed idna-3.4 leftpad-0.1.2

Install Phase: Editable Requirements
Preparing Installation of "idna==3.4; python_version >= '3.5' --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4
--hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
Preparing Installation of 'leftpad==0.1.2 --hash=sha256:8ff2df0f8dbe6537d7f5f7cfb579b628ee81d02556971f2bb5992f6dffacc60e
--hash=sha256:e38a2ebc18e0ce3adb4116708c9d8b0ec1d15414eafa4d236be7db893e8dc911'
$ $HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/bin/python
$HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv/patched/pip/__pip-runner__.py install -i https://pypi.org/simple --no-input
--upgrade --no-deps -r /var/folders/g6/2hbvhk753g96h2yd11y5x6280000gp/T/pipenv-i0ab865p-requirements/pipenv-ix2tblys-reqs.txt
Using source directory: '$HOME/.local/share/virtualenvs/pipenv-install-upgrade-ar47k8rq/src'


To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
$ python -m pipenv --support

Pipenv version: '2023.10.20'

Pipenv location: '$HOME/.pyenv/versions/3.11.6/lib/python3.11/site-packages/pipenv'

Python location: '$HOME/.pyenv/versions/3.11.6/bin/python'

OS Name: 'posix'

User pip version: '23.3'

user Python installations found:

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.11.6',
 'os_name': 'posix',
 'platform_machine': 'arm64',
 'platform_python_implementation': 'CPython',
 'platform_release': '23.0.0',
 'platform_system': 'Darwin',
 'platform_version': 'Darwin Kernel Version 23.0.0: Fri Sep 15 14:41:43 PDT '
                     '2023; root:xnu-10002.1.13~1/RELEASE_ARM64_T6000',
 'python_full_version': '3.11.6',
 'python_version': '3.11',
 'sys_platform': 'darwin'}
@matteius
Copy link
Member

This is expected -- you want pipenv upgrade <package>

@elliterate
Copy link
Author

Given that (1) pipenv install doesn't upgrade anything and (2) there is another command called upgrade, it seems deeply counterintuitive that pipenv install <package> upgrades everything. I would instead expect a command such as pipenv upgrade (or maybe pipenv upgrade --all) to do that.

@matteius
Copy link
Member

I have gotten this feedback a-lot, but I didn't design the original implementation that basically re-locks everything during install. I did add the upgrade command. We can consider in a future release making install packages use the upgrade rails but having install without packages invoke lock -- but this is a behavior change and it would be important to communicate it in advance of making the change.

@matteius matteius added the Type: Enhancement 💡 This is a feature or enhancement request. label Oct 24, 2023
@elliterate
Copy link
Author

Thanks for the context. I totally understand and appreciate that you're dealing with decisions made by previous maintainers.

Consider this an enthusiastic endorsement for such a change!

@vlagorsse vlagorsse mentioned this issue Jan 29, 2024
Open
@matteius matteius linked a pull request Apr 2, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement 💡 This is a feature or enhancement request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pipenv 3000 install (behavioral refactor) pypa/pipenv
2 participants
@elliterate @matteius