Single package update?

[Grommash9]

On using ‘pipenv update’ it will update all packages what is available, but some of them can include breaking changes, so you will need to find the broken one, pin it in Pipfile and run pipenv update after that.

but why not to add ‘pipenv upadate package_name’ command?

if there is a possibility to have that i am happy to write the code for it and publish my PR

Let me know if you want to have it and if not what is the reasoning behind that

Thanks! You are doing great job I am really appreciate your work what was done on that package, i am using it a lot and enjoy

[Grommash9]

I don’t want use ‘pipevn install’ because i don’t want to add sub-dependencies into Pipfile

[Kroppeb]

Doesn't pipenv upadate package_name exist and do what you want?

Also, I personally recommend using the ~=major.minor operator to specify package dependencies to avoid breaking changes.

[Grommash9]

I had never know pipenv upadate package_name is existing :D Thanks for that, but it is adding it into Pipfile

We have a sub-dep package the example is cryptography here

I don't want to add cryptography into my Pipfile because if we will get new version of simple-salesforce at any point of time they can stop using that library cryptography and we will still install it because we have it in Pipfile

So adding sub-dep packages sound like bad practice for me, but we should update it some times, but it can be very good if where was a way to update only one package without adding it into Pipfile

I hope it's make more sense now and big thanks for you answer!

[Grommash9]

So my target is to update one package without adding it into Pipfile

[Grommash9]

I checked source code of pipenv lib and now I understand what docs are pourly written or it's hard to read it for me

We can use pipenv update black for update single package, but it will add it into Pipfile, so it's working the same way as pipenv install black and because we don't want to add something into Pipfile (sub-deps as example) we don't want to use that logic

But we have --lock-only falg for update what will update it in Pipfile.lock but not in Pipfile, so it's what we are really need to update the things like cryptography for example

So if you have a problem with cryptography you can run pipenv update cryptography --lock-only and it will update only cryptography and only in the lock file

But it's impotrant to use --dev flag! If you want to update something from dev section (you can just CTRL + F lock file to find it) you should run pipenv update cryptography --dev --lock-only because if you will not add that you will have 2 cryptography packages one for default section and one for dev, so please double check is that dev dependency or not

[Kroppeb]

If you don't want the package to be in the pipfile, you can also use pipenv run pip install package-name --upgrade, but this will mean it's not in the lock file so other people using pipenv sync wont get the update.

Im surprised that if you feel the need to update a package, you don't want to add it to your pipfile. It's possible that the next time someone runs pipenv install the package might get downgraded if there is nothing preventing that from happening.