search

pypa / pipenv

Python Development Workflow for Humans.
https://pipenv.pypa.io
MIT License
24.88k stars 1.87k forks source link

Pipenv violates the development dependency version #4665

Open enezhadian opened 3 years ago

enezhadian commented 3 years ago

Issue description

Pipenv does not respect the version specified in the dev-packages section of Pipfile when another dependency in packages section has a the same sub-dependency. Here is an example Pipfile which demonstrates the issue:

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
marshmallow-sqlalchemy = "== 0.24.2"

[dev-packages]
sqlalchemy = "==1.3.*"

[requires]
python_version = "3.9"

marshmallow-sqlalchemy has SQLAlchemy>=1.2.0 as a dependency constraint. And I would like to install a 1.3.* version of SQLAlchemy (i.e. a version with fixed major and minor parts).

Expected result

I'm expecting that a version of SQLAlchemy to be installed that is >=1.2.0 and <1.4.0. At the time of writing this issue it should be version 1.3.24.

Actual result

However running pipenv graph shows us that the installed version of SQLAlchemy is 1.4.5:

marshmallow-sqlalchemy==0.24.2
  - marshmallow [required: >=3.0.0, installed: 3.11.1]
  - SQLAlchemy [required: >=1.2.0, installed: 1.4.5]
    - greenlet [required: !=0.4.17, installed: 1.0.0]

This doesn't happen when both dependencies are specified in the packages section of the Pipfile.

Steps to replicate

To replicate the example, use the above Pipfile and run the following commands:

pipenv --python 3.9.1
pipenv install -d -v
pipenv graph

Here is the output of running pipenv install -d -v:

Pipfile.lock not found, creating...
Locking [dev-packages] dependencies...
Building requirements...
Resolving dependencies...
⠴ Locking...
                          ROUND 1
⠙ Locking...Current constraints:
  sqlalchemy==1.3.* (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenv6dvvs6lgrequirements/pipenv-plwoxrns-constraints.txt (line 2))

Finding the best candidates:
  found candidate sqlalchemy==1.3.24 (constraint was ==1.3.*)

Finding secondary dependencies:
  sqlalchemy==1.3.24 not in cache, need to check index
  sqlalchemy==1.3.24        requires -
------------------------------------------------------------
Result of round 1: stable, done

Generating hashes:
  sqlalchemy
ROUND 1
Current constraints:
  sqlalchemy==1.3.* (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenv6dvvs6lgrequirements/pipenv-plwoxrns-constraints.txt (line 2))

Finding the best candidates:
  found candidate sqlalchemy==1.3.24 (constraint was ==1.3.*)

Finding secondary dependencies:
  sqlalchemy==1.3.24 not in cache, need to check index
  sqlalchemy==1.3.24        requires -
------------------------------------------------------------
Result of round 1: stable, done

Generating hashes:
  sqlalchemy
✔ Success!
Warning: ROUND 1
Current constraints:
  sqlalchemy==1.3.* (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenv6dvvs6lgrequirements/pipenv-plwoxrns-constraints.txt (line 2))

Finding the best candidates:
  found candidate sqlalchemy==1.3.24 (constraint was ==1.3.*)

Finding secondary dependencies:
  sqlalchemy==1.3.24 not in cache, need to check index
  sqlalchemy==1.3.24        requires -
------------------------------------------------------------
Result of round 1: stable, done

Generating hashes:
  sqlalchemy
Locking [packages] dependencies...
Building requirements...
Resolving dependencies...
⠴ Locking...
⠇ Locking...                          ROUND 1
Current constraints:
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)

Finding secondary dependencies:
  marshmallow-sqlalchemy==0.24.2 not in cache, need to check index
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0

New dependencies found in this round:
  adding ['marshmallow', '>=3.0.0', '[]']
  adding ['sqlalchemy', '>=1.2.0', '[]']
Removed dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable

                          ROUND 2
Current constraints:
  marshmallow>=3.0.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  sqlalchemy>=1.2.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate marshmallow==3.11.1 (constraint was >=3.0.0)
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)
  found candidate sqlalchemy==1.4.5 (constraint was >=1.2.0)

Finding secondary dependencies:
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0
  marshmallow==3.11.1 not in cache, need to check index
  marshmallow==3.11.1       requires -
  sqlalchemy==1.4.5 not in cache, need to check index
  sqlalchemy==1.4.5         requires greenlet!=0.4.17

New dependencies found in this round:
  adding ['greenlet', '!=0.4.17', '[]']
Removed dependencies in this round:
------------------------------------------------------------
Result of round 2: not stable

                          ROUND 3
Current constraints:
  greenlet!=0.4.17 (from sqlalchemy==1.4.5->marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow>=3.0.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  sqlalchemy>=1.2.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate greenlet==1.0.0 (constraint was !=0.4.17)
  found candidate marshmallow==3.11.1 (constraint was >=3.0.0)
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)
  found candidate sqlalchemy==1.4.5 (constraint was >=1.2.0)

Finding secondary dependencies:
  sqlalchemy==1.4.5         requires greenlet!=0.4.17
  greenlet==1.0.0 not in cache, need to check index
  greenlet==1.0.0           requires -
  marshmallow==3.11.1       requires -
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0
------------------------------------------------------------
Result of round 3: stable, done

Generating hashes:
  marshmallow-sqlalchemy
  greenlet
  marshmallow
  sqlalchemy
ROUND 1
Current constraints:
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)

Finding secondary dependencies:
  marshmallow-sqlalchemy==0.24.2 not in cache, need to check index
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0

New dependencies found in this round:
  adding ['marshmallow', '>=3.0.0', '[]']
  adding ['sqlalchemy', '>=1.2.0', '[]']
Removed dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable

                          ROUND 2
Current constraints:
  marshmallow>=3.0.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  sqlalchemy>=1.2.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate marshmallow==3.11.1 (constraint was >=3.0.0)
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)
  found candidate sqlalchemy==1.4.5 (constraint was >=1.2.0)

Finding secondary dependencies:
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0
  marshmallow==3.11.1 not in cache, need to check index
  marshmallow==3.11.1       requires -
  sqlalchemy==1.4.5 not in cache, need to check index
  sqlalchemy==1.4.5         requires greenlet!=0.4.17

New dependencies found in this round:
  adding ['greenlet', '!=0.4.17', '[]']
Removed dependencies in this round:
------------------------------------------------------------
Result of round 2: not stable

                          ROUND 3
Current constraints:
  greenlet!=0.4.17 (from sqlalchemy==1.4.5->marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow>=3.0.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  sqlalchemy>=1.2.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate greenlet==1.0.0 (constraint was !=0.4.17)
  found candidate marshmallow==3.11.1 (constraint was >=3.0.0)
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)
  found candidate sqlalchemy==1.4.5 (constraint was >=1.2.0)

Finding secondary dependencies:
  sqlalchemy==1.4.5         requires greenlet!=0.4.17
  greenlet==1.0.0 not in cache, need to check index
  greenlet==1.0.0           requires -
  marshmallow==3.11.1       requires -
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0
------------------------------------------------------------
Result of round 3: stable, done

Generating hashes:
  marshmallow-sqlalchemy
  greenlet
  marshmallow
  sqlalchemy
✔ Success!
Warning: ROUND 1
Current constraints:
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)

Finding secondary dependencies:
  marshmallow-sqlalchemy==0.24.2 not in cache, need to check index
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0

New dependencies found in this round:
  adding ['marshmallow', '>=3.0.0', '[]']
  adding ['sqlalchemy', '>=1.2.0', '[]']
Removed dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable

                          ROUND 2
Current constraints:
  marshmallow>=3.0.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  sqlalchemy>=1.2.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate marshmallow==3.11.1 (constraint was >=3.0.0)
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)
  found candidate sqlalchemy==1.4.5 (constraint was >=1.2.0)

Finding secondary dependencies:
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0
  marshmallow==3.11.1 not in cache, need to check index
  marshmallow==3.11.1       requires -
  sqlalchemy==1.4.5 not in cache, need to check index
  sqlalchemy==1.4.5         requires greenlet!=0.4.17

New dependencies found in this round:
  adding ['greenlet', '!=0.4.17', '[]']
Removed dependencies in this round:
------------------------------------------------------------
Result of round 2: not stable

                          ROUND 3
Current constraints:
  greenlet!=0.4.17 (from sqlalchemy==1.4.5->marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow>=3.0.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  marshmallow-sqlalchemy==0.24.2 (from -r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))
  sqlalchemy>=1.2.0 (from marshmallow-sqlalchemy==0.24.2->-r /var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pipenvemb0sg5mrequirements/pipenv-uha6o21b-constraints.txt (line 2))

Finding the best candidates:
  found candidate greenlet==1.0.0 (constraint was !=0.4.17)
  found candidate marshmallow==3.11.1 (constraint was >=3.0.0)
  found candidate marshmallow-sqlalchemy==0.24.2 (constraint was ==0.24.2)
  found candidate sqlalchemy==1.4.5 (constraint was >=1.2.0)

Finding secondary dependencies:
  sqlalchemy==1.4.5         requires greenlet!=0.4.17
  greenlet==1.0.0 not in cache, need to check index
  greenlet==1.0.0           requires -
  marshmallow==3.11.1       requires -
  marshmallow-sqlalchemy==0.24.2 requires marshmallow>=3.0.0, sqlalchemy>=1.2.0
------------------------------------------------------------
Result of round 3: stable, done

Generating hashes:
  marshmallow-sqlalchemy
  greenlet
  marshmallow
  sqlalchemy
Updated Pipfile.lock (3272e5)!
Installing dependencies from Pipfile.lock (3272e5)...

... trimmed ...

Removed build tracker: '/private/var/folders/dc/sg2m2v_90sj0pd8n4_23jdbr0000gn/T/pip-req-tracker-l0rkwkt_'
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 4/4 — 00:00:09
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
$ pipenv --support Pipenv version: `'2020.11.15'` Pipenv location: `'/usr/local/Cellar/pipenv/2020.11.15/libexec/lib/python3.9/site-packages/pipenv'` Python location: `'/usr/local/Cellar/pipenv/2020.11.15/libexec/bin/python'` Python installations found: - `3.9.2`: `/usr/local/bin/python3` - `3.9.2`: `/usr/local/bin/python3.9` - `3.9.1`: `/Users/{username}/.pyenv/versions/3.9.1/bin/python3` - `3.8.2`: `/usr/bin/python3` - `2.7.16`: `/usr/bin/python2` - `2.7.16`: `/usr/bin/python2.7` PEP 508 Information: ``` {'implementation_name': 'cpython', 'implementation_version': '3.9.2', 'os_name': 'posix', 'platform_machine': 'x86_64', 'platform_python_implementation': 'CPython', 'platform_release': '20.3.0', 'platform_system': 'Darwin', 'platform_version': 'Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST ' '2021; root:xnu-7195.81.3~1/RELEASE_X86_64', 'python_full_version': '3.9.2', 'python_version': '3.9', 'sys_platform': 'darwin'} ``` System environment variables: - `PATH` - `TERM_PROGRAM` - `TERM` - `SHELL` - `TMPDIR` - `TERM_PROGRAM_VERSION` - `TERM_SESSION_ID` - `USER` - `COMMAND_MODE` - `SSH_AUTH_SOCK` - `__CF_USER_TEXT_ENCODING` - `_` - `__CFBundleIdentifier` - `PWD` - `ITERM_PROFILE` - `XPC_FLAGS` - `XPC_SERVICE_NAME` - `PYENV_SHELL` - `SHLVL` - `HOME` - `COLORFGBG` - `LC_TERMINAL_VERSION` - `ITERM_SESSION_ID` - `LOGNAME` - `LC_CTYPE` - `LC_TERMINAL` - `COLORTERM` - `PIP_DISABLE_PIP_VERSION_CHECK` - `PYTHONDONTWRITEBYTECODE` - `PIP_SHIMS_BASE_MODULE` - `PIP_PYTHON_PATH` - `PYTHONFINDER_IGNORE_UNSUPPORTED` Pipenv–specific environment variables: Debug–specific environment variables: - `PATH`: `/usr/local/Cellar/pipenv/2020.11.15/libexec/tools:/Users/{username}/.pyenv/shims:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Library/Apple/usr/bin` - `SHELL`: `/bin/zsh` - `PWD`: `/Users/{username}/Developer/PipenvBug` --------------------------- Contents of `Pipfile` ('/Users/{username}/Developer/PipenvBug/Pipfile'): ```toml [[source]] url = "https://pypi.org/simple" verify_ssl = true name = "pypi" [packages] marshmallow-sqlalchemy = "== 0.24.2" [dev-packages] sqlalchemy = "==1.3.*" [requires] python_version = "3.9" ``` Contents of `Pipfile.lock` ('/Users/{username}/Developer/PipenvBug/Pipfile.lock'): ```json { "_meta": { "hash": { "sha256": "b18d6035aab88b6c478d1ec25152258dd59914ce3d6dd329863adebd2c3272e5" }, "pipfile-spec": 6, "requires": { "python_version": "3.9" }, "sources": [ { "name": "pypi", "url": "https://pypi.org/simple", "verify_ssl": true } ] }, "default": { "greenlet": { "hashes": [ "sha256:0a77691f0080c9da8dfc81e23f4e3cffa5accf0f5b56478951016d7cfead9196", "sha256:0ddd77586553e3daf439aa88b6642c5f252f7ef79a39271c25b1d4bf1b7cbb85", "sha256:111cfd92d78f2af0bc7317452bd93a477128af6327332ebf3c2be7df99566683", "sha256:122c63ba795fdba4fc19c744df6277d9cfd913ed53d1a286f12189a0265316dd", "sha256:181300f826625b7fd1182205b830642926f52bd8cdb08b34574c9d5b2b1813f7", "sha256:1a1ada42a1fd2607d232ae11a7b3195735edaa49ea787a6d9e6a53afaf6f3476", "sha256:1bb80c71de788b36cefb0c3bb6bfab306ba75073dbde2829c858dc3ad70f867c", "sha256:1d1d4473ecb1c1d31ce8fd8d91e4da1b1f64d425c1dc965edc4ed2a63cfa67b2", "sha256:292e801fcb3a0b3a12d8c603c7cf340659ea27fd73c98683e75800d9fd8f704c", "sha256:2c65320774a8cd5fdb6e117c13afa91c4707548282464a18cf80243cf976b3e6", "sha256:4365eccd68e72564c776418c53ce3c5af402bc526fe0653722bc89efd85bf12d", "sha256:5352c15c1d91d22902582e891f27728d8dac3bd5e0ee565b6a9f575355e6d92f", "sha256:58ca0f078d1c135ecf1879d50711f925ee238fe773dfe44e206d7d126f5bc664", "sha256:5d4030b04061fdf4cbc446008e238e44936d77a04b2b32f804688ad64197953c", "sha256:5d69bbd9547d3bc49f8a545db7a0bd69f407badd2ff0f6e1a163680b5841d2b0", "sha256:5f297cb343114b33a13755032ecf7109b07b9a0020e841d1c3cedff6602cc139", "sha256:62afad6e5fd70f34d773ffcbb7c22657e1d46d7fd7c95a43361de979f0a45aef", "sha256:647ba1df86d025f5a34043451d7c4a9f05f240bee06277a524daad11f997d1e7", "sha256:719e169c79255816cdcf6dccd9ed2d089a72a9f6c42273aae12d55e8d35bdcf8", "sha256:7cd5a237f241f2764324396e06298b5dee0df580cf06ef4ada0ff9bff851286c", "sha256:875d4c60a6299f55df1c3bb870ebe6dcb7db28c165ab9ea6cdc5d5af36bb33ce", "sha256:90b6a25841488cf2cb1c8623a53e6879573010a669455046df5f029d93db51b7", "sha256:94620ed996a7632723a424bccb84b07e7b861ab7bb06a5aeb041c111dd723d36", "sha256:b5f1b333015d53d4b381745f5de842f19fe59728b65f0fbb662dafbe2018c3a5", "sha256:c5b22b31c947ad8b6964d4ed66776bcae986f73669ba50620162ba7c832a6b6a", "sha256:c93d1a71c3fe222308939b2e516c07f35a849c5047f0197442a4d6fbcb4128ee", "sha256:cdb90267650c1edb54459cdb51dab865f6c6594c3a47ebd441bc493360c7af70", "sha256:cfd06e0f0cc8db2a854137bd79154b61ecd940dce96fad0cba23fe31de0b793c", "sha256:d3789c1c394944084b5e57c192889985a9f23bd985f6d15728c745d380318128", "sha256:da7d09ad0f24270b20f77d56934e196e982af0d0a2446120cb772be4e060e1a2", "sha256:df3e83323268594fa9755480a442cabfe8d82b21aba815a71acf1bb6c1776218", "sha256:df8053867c831b2643b2c489fe1d62049a98566b1646b194cc815f13e27b90df", "sha256:e1128e022d8dce375362e063754e129750323b67454cac5600008aad9f54139e", "sha256:e6e9fdaf6c90d02b95e6b0709aeb1aba5affbbb9ccaea5502f8638e4323206be", "sha256:eac8803c9ad1817ce3d8d15d1bb82c2da3feda6bee1153eec5c58fa6e5d3f770", "sha256:eb333b90036358a0e2c57373f72e7648d7207b76ef0bd00a4f7daad1f79f5203", "sha256:ed1d1351f05e795a527abc04a0d82e9aecd3bdf9f46662c36ff47b0b00ecaf06", "sha256:f3dc68272990849132d6698f7dc6df2ab62a88b0d36e54702a8fd16c0490e44f", "sha256:f59eded163d9752fd49978e0bab7a1ff21b1b8d25c05f0995d140cc08ac83379", "sha256:f5e2d36c86c7b03c94b8459c3bd2c9fe2c7dab4b258b8885617d44a22e453fb7", "sha256:f6f65bf54215e4ebf6b01e4bb94c49180a589573df643735107056f7a910275b", "sha256:f8450d5ef759dbe59f84f2c9f77491bb3d3c44bc1a573746daf086e70b14c243", "sha256:f97d83049715fd9dec7911860ecf0e17b48d8725de01e45de07d8ac0bd5bc378" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.0.0" }, "marshmallow": { "hashes": [ "sha256:0dd42891a5ef288217ed6410917f3c6048f585f8692075a0052c24f9bfff9dfd", "sha256:16e99cb7f630c0ef4d7d364ed0109ac194268dde123966076ab3dafb9ae3906b" ], "markers": "python_version >= '3.5'", "version": "==3.11.1" }, "marshmallow-sqlalchemy": { "hashes": [ "sha256:b217c6327bcf291e843dc1c2c20f0915061d4ecc303f0c5be40f23206607f702", "sha256:ee3ead3b83de6608c6850ff60515691b0dc556ca226680f8a82b9f785cdb71b1" ], "index": "pypi", "version": "== 0.24.2" }, "sqlalchemy": { "hashes": [ "sha256:02b039e0e7e6de2f15ea2d2de3995e31a170e700ec0b37b4eded662171711d19", "sha256:08943201a1e3c6238e48f4d5d56c27ea1e1b39d3d9f36a9d81fc3cfb0e1b83bd", "sha256:0ee0054d4a598d2920cae14bcbd33e200e02c5e3b47b902627f8cf5d4c9a2a4b", "sha256:11e7a86209f69273e75d2dd64b06c0c2660e39cd942fce2170515c404ed7358a", "sha256:1294f05916c044631fd626a4866326bbfbd17f62bd37510d000afaef4b35bd74", "sha256:2f11b5783933bff55291ca06496124347627d211ff2e509e846af1c35de0a3fb", "sha256:301d0cd6ef1dc73b607748183da857e712d6f743de8d92b1e1f8facfb0ba2aa2", "sha256:344b58b4b4193b72e8b768a51ef6eb5a4c948ce313a0f23e2ea081e71ce8ac0e", "sha256:44e11a06168782b6d485daef197783366ce7ab0d5eea0066c899ae06cef47bbc", "sha256:45b091ccbf94374ed14abde17e9a04522b0493a17282eaaf4383efdd413f5243", "sha256:48540072f43b3c080159ec1f24a4b014c0ee83d3b73795399974aa358a8cf71b", "sha256:4df07161897191ed8d4a0cfc92425c81296160e5c5f76c9256716d3085172883", "sha256:4f7ce3bfdab6520554af4a5b1df4513d45388624d015ba4d921daf48ce1d6503", "sha256:5361e25181b9872d6906c8c9be7dc05cb0a0951d71ee59ee5a71c1deb301b8a8", "sha256:6f8fdad2f335d2f3ca2f3ee3b01404f7abcf519b03de2c510f1f42d16e39ffb4", "sha256:70a1387396ea5b3022539b560c287daf79403d8b4b365f89b56d660e625a4457", "sha256:7481f9c2c832a3bf37c80bee44d91ac9938b815cc06f7e795b976e300914aab9", "sha256:7c0c7bb49167ac738ca6ee6e7f94a9988a7e4e261d8da335341e8c8c8f3b2e9b", "sha256:7de84feb31af3d8fdf819cac2042928d0b60d3cb16f49c4b2f48d88db46e79f6", "sha256:7f5087104c3c5af11ea59e49ae66c33ca98b14a47d3796ae97498fca53f84aef", "sha256:81badd7d3e0e6aba70a5d1b50fabe8112e9835a6fdb0684054c3fe5378ce0d01", "sha256:82f11b679df91275788be6734dd4a9dfa29bac67b85326992609f62b05bdab37", "sha256:8301ecf3e819eb5dbc171e84654ff60872807775301a55fe35b0ab2ba3742031", "sha256:8d6a9feb5efd2fdab25c6d5a0a5589fed9d789f5ec57ec12263fd0e60ce1dea6", "sha256:915d4fa08776c0252dc5a34fa15c6490f66f411ea1ac9492022f98875d6baf20", "sha256:94040a92b6676f9ffdab6c6b479b3554b927a635c90698c761960b266b04fc88", "sha256:a08027ae84efc563f0f2f341dda572eadebeca38c0ae028a009988f27e9e6230", "sha256:a103294583383660d9e06dbd82037dc8e94c184bdcb27b2be44ae4457dafc6b4", "sha256:c22bfac8d3b955cdb13f0fcd6343156bf56d925196cf7d9ab9ce9f61d3f1e11c", "sha256:c3810ebcf1d42c532c8f5c3f442c705d94442a27a32f2df5344f0857306ab321", "sha256:ee4ddc904fb6414b5118af5b8d45e428aac2ccda01326b2ba2fe4354b0d8d1ae", "sha256:f16801795f1ffe9472360589a04301018c79e4582a85e68067275bb4f765e4e2", "sha256:f62c57ceadedeb8e7b98b48ac4d684bf2b0f73b9d882fed3ca260d9aedf6403f", "sha256:fbb0fda1c574975807aceb0e2332e0ecfe9e5656c191ed482c1a5eafe7a33823" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.4.5" } }, "develop": { "sqlalchemy": { "hashes": [ "sha256:02b039e0e7e6de2f15ea2d2de3995e31a170e700ec0b37b4eded662171711d19", "sha256:08943201a1e3c6238e48f4d5d56c27ea1e1b39d3d9f36a9d81fc3cfb0e1b83bd", "sha256:0ee0054d4a598d2920cae14bcbd33e200e02c5e3b47b902627f8cf5d4c9a2a4b", "sha256:11e7a86209f69273e75d2dd64b06c0c2660e39cd942fce2170515c404ed7358a", "sha256:1294f05916c044631fd626a4866326bbfbd17f62bd37510d000afaef4b35bd74", "sha256:2f11b5783933bff55291ca06496124347627d211ff2e509e846af1c35de0a3fb", "sha256:301d0cd6ef1dc73b607748183da857e712d6f743de8d92b1e1f8facfb0ba2aa2", "sha256:344b58b4b4193b72e8b768a51ef6eb5a4c948ce313a0f23e2ea081e71ce8ac0e", "sha256:44e11a06168782b6d485daef197783366ce7ab0d5eea0066c899ae06cef47bbc", "sha256:45b091ccbf94374ed14abde17e9a04522b0493a17282eaaf4383efdd413f5243", "sha256:48540072f43b3c080159ec1f24a4b014c0ee83d3b73795399974aa358a8cf71b", "sha256:4df07161897191ed8d4a0cfc92425c81296160e5c5f76c9256716d3085172883", "sha256:4f7ce3bfdab6520554af4a5b1df4513d45388624d015ba4d921daf48ce1d6503", "sha256:5361e25181b9872d6906c8c9be7dc05cb0a0951d71ee59ee5a71c1deb301b8a8", "sha256:6f8fdad2f335d2f3ca2f3ee3b01404f7abcf519b03de2c510f1f42d16e39ffb4", "sha256:70a1387396ea5b3022539b560c287daf79403d8b4b365f89b56d660e625a4457", "sha256:7481f9c2c832a3bf37c80bee44d91ac9938b815cc06f7e795b976e300914aab9", "sha256:7c0c7bb49167ac738ca6ee6e7f94a9988a7e4e261d8da335341e8c8c8f3b2e9b", "sha256:7de84feb31af3d8fdf819cac2042928d0b60d3cb16f49c4b2f48d88db46e79f6", "sha256:7f5087104c3c5af11ea59e49ae66c33ca98b14a47d3796ae97498fca53f84aef", "sha256:81badd7d3e0e6aba70a5d1b50fabe8112e9835a6fdb0684054c3fe5378ce0d01", "sha256:82f11b679df91275788be6734dd4a9dfa29bac67b85326992609f62b05bdab37", "sha256:8301ecf3e819eb5dbc171e84654ff60872807775301a55fe35b0ab2ba3742031", "sha256:8d6a9feb5efd2fdab25c6d5a0a5589fed9d789f5ec57ec12263fd0e60ce1dea6", "sha256:915d4fa08776c0252dc5a34fa15c6490f66f411ea1ac9492022f98875d6baf20", "sha256:94040a92b6676f9ffdab6c6b479b3554b927a635c90698c761960b266b04fc88", "sha256:a08027ae84efc563f0f2f341dda572eadebeca38c0ae028a009988f27e9e6230", "sha256:a103294583383660d9e06dbd82037dc8e94c184bdcb27b2be44ae4457dafc6b4", "sha256:c22bfac8d3b955cdb13f0fcd6343156bf56d925196cf7d9ab9ce9f61d3f1e11c", "sha256:c3810ebcf1d42c532c8f5c3f442c705d94442a27a32f2df5344f0857306ab321", "sha256:ee4ddc904fb6414b5118af5b8d45e428aac2ccda01326b2ba2fe4354b0d8d1ae", "sha256:f16801795f1ffe9472360589a04301018c79e4582a85e68067275bb4f765e4e2", "sha256:f62c57ceadedeb8e7b98b48ac4d684bf2b0f73b9d882fed3ca260d9aedf6403f", "sha256:fbb0fda1c574975807aceb0e2332e0ecfe9e5656c191ed482c1a5eafe7a33823" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.4.5" } } } ```
hockeygeek commented 3 years ago

I am having a very similar, if not the same, issue, with pipenv apparently overriding determinations of appropriate package versions discovered during 'dev-packages' rounds, when subsequently performing determination of versions for normal 'packages', when using pipenv install -d.

A distilled example of the problem I encountered:

Pipfile:

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[dev-packages]
cfn-lint = "*"

[packages]
decorator = "*"

[requires]
python_version = "3.8"

After running pipenv install -d -v --clear, a portion of the output of pipenv graph --reverse shows that the version of 'decorator' needed by 'networkx' (a dependency for 'cfn-lint') should have been <5, but that 5.0.6 (the latest) was installed instead:

decorator==5.0.6
  - networkx==2.5.1 [requires: decorator>=4.3,<5]
    - cfn-lint==0.48.2 [requires: networkx~=2.4]

Reading back through the verbose output from the 'install' command, the correct version of decorator (4.4.2) was found in the final (stable) round of dev-packages determination, but then the rounds of iteration for non-dev 'packages' ignore that info altogether, and the latest (5.0.6) version of decorator is used to match the "*" target version in [packages].

This occurs on the latest version of pipenv:

$ pipenv --version
pipenv, version 2020.11.15

I can provide additional output from pipenv graph, pipenv --support, or the output from the verbose install if desired, but I didn't want to pollute the original poster's thread too much, other than to say "me, too", and include another (hopefully) reproducible example.

marcustedesco commented 3 years ago

Also having this same issue. Determined that this issue was introduced in version pipenv==2020.11.4 and pipenv==2020.8.13 is the last version where the Pipfile.lock dependency versions were correctly calculated.

To downgrade pipenv and recreate Pipfile.lock: 

pip install 'pipenv==2020.8.13'
pipenv --rm
pipenv lock --clear
gabcar commented 3 years ago

Same or similar issues here:

Pipfile:

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[packages]
tensorflow="==2.3.4"

[dev-packages]
pylint = "*"

[requires]
python_version = "3.8"

[pipenv]
allow_prereleases = false

output from pipenv graph:

pipenv==2021.5.29
  - certifi [required: Any, installed: 2021.5.30]
  - pip [required: >=18.0, installed: 20.2.3]
  - setuptools [required: >=36.2.1, installed: 49.2.1]
  - virtualenv [required: Any, installed: 20.8.1]
    - backports.entry-points-selectable [required: >=1.0.4, installed: 1.1.0]
    - distlib [required: >=0.3.1,<1, installed: 0.3.3]
    - filelock [required: >=3.0.0,<4, installed: 3.3.0]
    - platformdirs [required: >=2,<3, installed: 2.4.0]
    - six [required: >=1.9.0,<2, installed: 1.16.0]
  - virtualenv-clone [required: >=0.2.5, installed: 0.5.7]
pylint==2.11.1
  - astroid [required: >=2.8.0,<2.9, installed: 2.8.0]
    - lazy-object-proxy [required: >=1.4.0, installed: 1.6.0]
    - setuptools [required: >=20.0, installed: 49.2.1]
    - typing-extensions [required: >=3.10, installed: 3.10.0.2]
    - wrapt [required: >=1.11,<1.13, installed: 1.13.1]  <------ 
tensorflow==2.3.4
  [...]
  - wrapt [required: >=1.11.1, installed: 1.13.1] <------

Pipenv picks wrapt 1.12.1 if I move pylint to packages.