Pipenv installing even if not specified

[robertlagrant]

• Dependency Parser version: 0.50
• Python version: 3.8.1
• Operating System: MacOS

Description

Installing dparse without specifying anything extra installs pipenv as well. The docs (and setup.py) imply that this is an optional dependency.

What I Did

% python3 -m venv venv
% source venv/bin/activate
(venv) % pip install dparse
Looking in indexes: https://pypi.org/simple
Collecting dparse
  Using cached https://files.pythonhosted.org/packages/c7/c2/dcd7da3b65c45f82a518d413cc253c8fa7aaf8c3c5e6ed1c7900900f546f/dparse-0.5.0-py3-none-any.whl
Collecting pipenv (from dparse)
  Using cached https://files.pythonhosted.org/packages/13/b4/3ffa55f77161cff9a5220f162670f7c5eb00df52e00939e203f601b0f579/pipenv-2018.11.26-py3-none-any.whl
Collecting toml (from dparse)
  Using cached https://files.pythonhosted.org/packages/a2/12/ced7105d2de62fa7c8fb5fce92cc4ce66b57c95fb875e9318dba7f8c5db0/toml-0.10.0-py2.py3-none-any.whl
Collecting pyyaml (from dparse)
  Using cached https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz
Collecting packaging (from dparse)
  Using cached https://files.pythonhosted.org/packages/62/0a/34641d2bf5c917c96db0ded85ae4da25b6cd922d6b794648d4e7e07c88e5/packaging-20.3-py2.py3-none-any.whl
Collecting certifi (from pipenv->dparse)
  Using cached https://files.pythonhosted.org/packages/b9/63/df50cac98ea0d5b006c55a399c3bf1db9da7b5a24de7890bc9cfd5dd9e99/certifi-2019.11.28-py2.py3-none-any.whl
Requirement already satisfied: pip>=9.0.1 in ./venv/lib/python3.8/site-packages (from pipenv->dparse) (19.2.3)
Requirement already satisfied: setuptools>=36.2.1 in ./venv/lib/python3.8/site-packages (from pipenv->dparse) (41.2.0)
Collecting virtualenv-clone>=0.2.5 (from pipenv->dparse)
  Using cached https://files.pythonhosted.org/packages/83/b8/cd931487d250565392c39409117436d910232c8a3ac09ea2fb62a6c47bff/virtualenv_clone-0.5.4-py2.py3-none-any.whl
Collecting virtualenv (from pipenv->dparse)
  Using cached https://files.pythonhosted.org/packages/ed/8e/017ae1fa91c225c27235a73e45e1e82b6a5de1fc7c99ffde68914ac78048/virtualenv-20.0.15-py2.py3-none-any.whl
Collecting pyparsing>=2.0.2 (from packaging->dparse)
  Using cached https://files.pythonhosted.org/packages/5d/bc/1e58593167fade7b544bfe9502a26dc860940a79ab306e651e7f13be68c2/pyparsing-2.4.6-py2.py3-none-any.whl
Collecting six (from packaging->dparse)
  Using cached https://files.pythonhosted.org/packages/65/eb/1f97cb97bfc2390a276969c6fae16075da282f5058082d4cb10c6c5c1dba/six-1.14.0-py2.py3-none-any.whl
Collecting filelock<4,>=3.0.0 (from virtualenv->pipenv->dparse)
  Using cached https://files.pythonhosted.org/packages/93/83/71a2ee6158bb9f39a90c0dea1637f81d5eef866e188e1971a1b1ab01a35a/filelock-3.0.12-py3-none-any.whl
Collecting appdirs<2,>=1.4.3 (from virtualenv->pipenv->dparse)
  Using cached https://files.pythonhosted.org/packages/56/eb/810e700ed1349edde4cbdc1b2a21e28cdf115f9faf263f6bbf8447c1abf3/appdirs-1.4.3-py2.py3-none-any.whl
Collecting distlib<1,>=0.3.0 (from virtualenv->pipenv->dparse)
  Using cached https://files.pythonhosted.org/packages/7d/29/694a3a4d7c0e1aef76092e9167fbe372e0f7da055f5dcf4e1313ec21d96a/distlib-0.3.0.zip
Installing collected packages: certifi, virtualenv-clone, filelock, six, appdirs, distlib, virtualenv, pipenv, toml, pyyaml, pyparsing, packaging, dparse
  Running setup.py install for distlib ... done
  Running setup.py install for pyyaml ... done
Successfully installed appdirs-1.4.3 certifi-2019.11.28 distlib-0.3.0 dparse-0.5.0 filelock-3.0.12 packaging-20.3 pipenv-2018.11.26 pyparsing-2.4.6 pyyaml-5.3.1 six-1.14.0 toml-0.10.0 virtualenv-20.0.15 virtualenv-clone-0.5.4
WARNING: You are using pip version 19.2.3, however version 20.0.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(venv) % pip freeze
appdirs==1.4.3
certifi==2019.11.28
distlib==0.3.0
dparse==0.5.0
filelock==3.0.12
packaging==20.3
pipenv==2018.11.26
pyparsing==2.4.6
PyYAML==5.3.1
six==1.14.0
toml==0.10.0
virtualenv==20.0.15
virtualenv-clone==0.5.4
(venv) % 

[Azd325]

Same here when I was updating https://github.com/pyupio/safety it was installing as extra dependencies pipenv. I'm using pip-tools to compile my requirement files.

[joshuarli]

@rafaelpivato It looks like you probably forgot to remove a dirty dparse.egg-info/ (or some other files with stale state) while cutting the 0.5.0 release. The old stuff made it into both the source and wheel release (also there should ideally be a py2 wheel):

$ python2 -m pip --isolated --no-cache-dir download --no-deps --no-binary :all: dparse
$ tar xf dparse-0.5.0.tar.gz
$ cat dparse-0.5.0/dparse.egg-info/requires.txt
pipenv
packaging
pyyaml
toml

[pipenv]
pipenv

$ python3 -m pip --isolated --no-cache-dir download --no-deps --only-binary :all: dparse
$ pkginfo -f requires_dist dparse-0.5.0-py3-none-any.whl
requires_dist: ['pipenv', 'packaging', 'pyyaml', 'toml', "pipenv ; extra == 'pipenv'"]

If you build a new wheel from scratch, they don't have this problem.

$ python setup.py bdist_wheel
$ pkginfo -f requires_dist dist/dparse-0.5.0-py2-none-any.whl
requires_dist: ['packaging', 'pyyaml', 'toml', "pipenv ; extra == 'pipenv'"]

[joshuarli]

I'd recommend cutting py2 and py3 wheels as 0.5.1 and making sure pkginfo -f requires_dist looks good, then bumping dparse in safety (safety's why I noticed this in the first place).

[rafaelpivato]

Makes sense to me. Pull-requests are welcome. I'll keep an eye on this anyway and try to fix it ASAP.

[joshuarli]

@rafaelpivato, there aren't really any non-maintainer changes required.

setup.py
22:    version='0.5.0',

dparse/__init__.py
7:__version__ = '0.5.0'

You need to update those version strings, tag a 0.5.1, update HISTORY.rst, make sure pkginfo -f requires_dist looks good, then bump the dparse pin in safety.

[rafaelpivato]

Thanks, @joshuarli

So, as it looks like, this wasn't related to egg cache, but some bad bumps and deployments. Travis is the one publishing this to PyPi, just in case.

I bumped to 0.5.1a now (5c707969a479f4b28e70ceff2078afcda7c59db9) and building the package looks good now. I'll bring this to PyPi as soon as possible.