Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pipenv is ignoring requested version #1342

Closed
joshfriend opened this issue Jan 23, 2018 · 2 comments
Closed

Pipenv is ignoring requested version #1342

joshfriend opened this issue Jan 23, 2018 · 2 comments

Comments

@joshfriend
Copy link
Contributor

Setup

  • Pipenv 9.0.3
  • macOS 10.12.6
  • Python 2.7.14

Pipfile:

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[dev-packages]
pytest = "*"
pytest-flask = "*"

[packages]
Flask = "==0.10.1"

[requires]

python_full_version = "2.7.14"

Expected

After running pipenv install --dev, Flask 0.10.1 should be installed because 0.10.1 is requested specifically by the main dependencies section, and while the pytest-flask dependency in the dev-packages section also depends on Flask, it does not require any specific version.

Actual

Flask 0.12.2 is installed instead (sometimes, see below)

More Funkyness:

  1. Run pipenv install --dev
  2. The version of Flask that will be installed should be 0.10.1
  3. Re-run pipenv install --dev
  4. The version of Flask that will be installed should still be 0.10.1
  5. Re-run pipenv install --dev
  6. The version of Flask that will be installed will now be 0.12.2
    • This is true even though the Pipfile specifically requests 0.10.1 in the default section
    • The Pipfile.lock will show Flask being pinned to 0.10.1 in the default section, but 0.12.2 in the develop section (since pytest-flask depends on no specific flask version and the newest flask release is 0.12.2)
  7. Re-run pipenv install --dev
  8. The version of Flask that will be installed should now be 0.10.1
  9. Repeat steps 5-8 any number of times and the installed version of flask will keep toggling between the requested version (0.10.1) and the latest version (0.12.2)

The Pipfile.lock ends up looking like this after step 3 and remains unchanged through the rest of the steps:

Pipfile.lock 
{
    "_meta": {
        "hash": {
            "sha256": "829598fe47fd5d9278becad9ad03d33bf3e796b48a3e045f36cccedcb0f74ea0"
        },
        "host-environment-markers": {
            "implementation_name": "cpython",
            "implementation_version": "0",
            "os_name": "posix",
            "platform_machine": "x86_64",
            "platform_python_implementation": "CPython",
            "platform_release": "16.7.0",
            "platform_system": "Darwin",
            "platform_version": "Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64",
            "python_full_version": "2.7.14",
            "python_version": "2.7",
            "sys_platform": "darwin"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_full_version": "2.7.14"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.python.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "flask": {
            "hashes": [
                "sha256:4c83829ff83d408b5e1d4995472265411d2c414112298f2eb4b359d9e4563373"
            ],
            "version": "==0.10.1"
        },
        "itsdangerous": {
            "hashes": [
                "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
            ],
            "version": "==0.24"
        },
        "jinja2": {
            "hashes": [
                "sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd",
                "sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4"
            ],
            "version": "==2.10"
        },
        "markupsafe": {
            "hashes": [
                "sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
            ],
            "version": "==1.0"
        },
        "werkzeug": {
            "hashes": [
                "sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b",
                "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c"
            ],
            "version": "==0.14.1"
        }
    },
    "develop": {
        "attrs": {
            "hashes": [
                "sha256:a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450",
                "sha256:1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9"
            ],
            "version": "==17.4.0"
        },
        "click": {
            "hashes": [
                "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d",
                "sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b"
            ],
            "version": "==6.7"
        },
        "flask": {
            "hashes": [
                "sha256:0749df235e3ff61ac108f69ac178c9770caeaccad2509cb762ce1f65570a8856",
                "sha256:49f44461237b69ecd901cc7ce66feea0319b9158743dd27a2899962ab214dac1"
            ],
            "version": "==0.12.2"
        },
        "funcsigs": {
            "hashes": [
                "sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca",
                "sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50"
            ],
            "markers": "python_version < '3.0'",
            "version": "==1.0.2"
        },
        "itsdangerous": {
            "hashes": [
                "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
            ],
            "version": "==0.24"
        },
        "jinja2": {
            "hashes": [
                "sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd",
                "sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4"
            ],
            "version": "==2.10"
        },
        "markupsafe": {
            "hashes": [
                "sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
            ],
            "version": "==1.0"
        },
        "pluggy": {
            "hashes": [
                "sha256:7f8ae7f5bdf75671a718d2daf0a64b7885f74510bcd98b1a0bb420eb9a9d0cff"
            ],
            "version": "==0.6.0"
        },
        "py": {
            "hashes": [
                "sha256:8cca5c229d225f8c1e3085be4fcf306090b00850fefad892f9d96c7b6e2f310f",
                "sha256:ca18943e28235417756316bfada6cd96b23ce60dd532642690dcfdaba988a76d"
            ],
            "version": "==1.5.2"
        },
        "pytest": {
            "hashes": [
                "sha256:b84878865558194630c6147f44bdaef27222a9f153bbd4a08908b16bf285e0b1",
                "sha256:53548280ede7818f4dc2ad96608b9f08ae2cc2ca3874f2ceb6f97e3583f25bc4"
            ],
            "version": "==3.3.2"
        },
        "pytest-flask": {
            "hashes": [
                "sha256:657c7de386215ab0230bee4d76ace0339ae82fcbb34e134e17a29f65032eef03",
                "sha256:2c5a36f9033ef8b6f85ddbefaebdd4f89197fc283f94b20dfe1a1beba4b77f03"
            ],
            "version": "==0.10.0"
        },
        "six": {
            "hashes": [
                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb",
                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9"
            ],
            "version": "==1.11.0"
        },
        "werkzeug": {
            "hashes": [
                "sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b",
                "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c"
            ],
            "version": "==0.14.1"
        }
    }
}

Workaround:

Add Flask = "==0.10.1" to the dev-packages section as well.

To summarize, I'm seeing two problems here:

  1. Pipenv seems to be non-deterministic when installing packages
  2. Pipenv does not obey the requested package version when the same package is depended upon by a package in a different section ('develop'), even if the sub-dependency is not pinned to a specific or conflicting version (e.g. "*")
@techalchemy
Copy link
Member

Hey @joshfriend this is one we are definitely aware of (your solution is already suggested in #1182 and we have a primary issue tracking it in #1220 (in one of those places the same workaround is recommended). There is also a broader discussion about how to handle this being led in #1255 which you may want to participate in.

I am going to close this out for now, but if you would like to add your documentation to #1220 it might make it easier for whoever tackles this (me, maybe)

Thanks for the report as always!

@joshfriend joshfriend mentioned this issue Jan 24, 2018
Closed
@joshfriend
Copy link
Contributor Author

Thanks! I've chimed in on #1220 with some more info. I don't have anything to add to #1255 at this time, but I'm subscribing to it and all the related issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshfriend @techalchemy