pipenv: Upgrading a dependency with --selective-upgrade doesn't seem to work with 2018.6.25

Running using the latest release (2018.6.25), selective upgrades don’t appear to work as expected. (If I’m doing something wrong, please let me know 😃 )

This was originally filed as #2410 but was closed out because it was thought to have been fixed in the latest release.

/home/madams/.local/venvs/pipenv/bin/python -m ‘pipenv.help’

$ python -m pipenv.help output

Pipenv version: '2018.6.25'

Pipenv location: '/home/madams/.local/venvs/pipenv/local/lib/python2.7/site-packages/pipenv'

Python location: '/home/madams/.local/venvs/pipenv/bin/python'

Other Python installations in PATH:

2.7: /usr/bin/python2.7
2.7: /usr/bin/python2.7
3.6: /usr/bin/python3.6m
3.6: /usr/bin/python3.6
2.7.15: /usr/bin/python
2.7.15: /usr/bin/python2
3.6.5: /usr/bin/python3

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '0',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.15.0-23-generic',
 'platform_system': 'Linux',
 'platform_version': '#25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018',
 'python_full_version': '2.7.14',
 'python_version': '2.7',
 'sys_platform': 'linux2'}

System environment variables:

GOPATH
PYPI_PASSWORD
IM_CONFIG_PHASE
LESS
QT4_IM_MODULE
GJS_DEBUG_OUTPUT
PROJECT_HOME
LC_CTYPE
WINDOWPATH
XDG_CURRENT_DESKTOP
XDG_SESSION_TYPE
TERM_PROGRAM_VERSION
QT_IM_MODULE
LOGNAME
USER
PATH
XDG_VTNR
HOME
VSCODE_IPC_HOOK
VIRTUALENVWRAPPER_SCRIPT
ZSH
DISPLAY
XDG_SESSION_DESKTOP
LANG
TERM
VIRTUALENVWRAPPER_WORKON_CD
XAUTHORITY
SESSION_MANAGER
XDG_DATA_DIRS
DEBFULLNAME
MANDATORY_PATH
QT_ACCESSIBILITY
GNOME_DESKTOP_SESSION_ID
CLUTTER_IM_MODULE
TEXTDOMAIN
GNOME_TERMINAL_SERVICE
EDITOR
XMODIFIERS
GPG_AGENT_INFO
VSCODE_NLS_CONFIG
USERNAME
WORKON_HOME
GTK_IM_MODULE
VSCODE_CLI
XDG_RUNTIME_DIR
VIRTUALENVWRAPPER_PROJECT_FILENAME
ELECTRON_NO_ATTACH_CONSOLE
SSH_AUTH_SOCK
VTE_VERSION
GDMSESSION
KRB5CCNAME
TEXTDOMAINDIR
GNOME_SHELL_SESSION_MODE
SHELL
PIP_PYTHON_PATH
PYTHONDONTWRITEBYTECODE
TERM_PROGRAM
XDG_SESSION_ID
DBUS_SESSION_BUS_ADDRESS
_
DEFAULTS_PATH
ATOM_REPOS_HOME
DESKTOP_SESSION
LSCOLORS
XDG_CONFIG_DIRS
VIRTUALENVWRAPPER_HOOK_DIR
VSCODE_NODE_CACHED_DATA_DIR_5546
XDG_SEAT
VSCODE_NODE_CACHED_DATA_DIR_29546
OLDPWD
DEBEMAIL
GTK_MODULES
SHLVL
PWD
PYPI_USERNAME
COLORTERM
CHROME_DESKTOP
GSM_SKIP_SSH_AGENT_WORKAROUND
XDG_MENU_PREFIX
LS_COLORS
PAGER
GJS_DEBUG_TOPICS
GNOME_TERMINAL_SCREEN

Pipenv–specific environment variables:

Debug–specific environment variables:

PATH: ./node_modules/.bin:/home/madams/.cargo/bin:/usr/local/go/bin:./node_modules/.bin:/home/madams/.cargo/bin:/usr/local/go/bin:./node_modules/.bin:/home/madams/.cargo/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/home/madams/dev/go/bin:/usr/lib/scala/bin:/home/madams/.rvm/bin:/opt/node/bin:/home/madams/.local/bin:/home/madams/dev/go/bin:/usr/lib/scala/bin:/home/madams/.rvm/bin:/opt/node/bin:/home/madams/.local/bin:/home/madams/dev/go/bin:/usr/lib/scala/bin:/home/madams/.rvm/bin:/opt/node/bin:/home/madams/.local/bin
SHELL: /usr/bin/zsh
EDITOR: vim
LANG: en_US.UTF-8
PWD: /home/madams/dev/pipenv-selective-upgrade-test

Contents of Pipfile (‘/home/madams/dev/pipenv-selective-upgrade-test/Pipfile’):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[dev-packages]

[packages]
arrow = "*"
requests = "*"

[requires]
python_version = "3.6"

Contents of Pipfile.lock (‘/home/madams/dev/pipenv-selective-upgrade-test/Pipfile.lock’):

{
    "_meta": {
        "hash": {
            "sha256": "0315ef9be6d34b575d5d8214db33cd0167cdd98c08b5a7b1fea08ed32ffe220f"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "arrow": {
            "hashes": [
                "sha256:c266f0db8f7aeb79764ce3c0aca6cb88978cfd27bfb9fb7588405b5ed331fd3e"
            ],
            "index": "pypi",
            "version": "==0.9.0"
        },
        "certifi": {
            "hashes": [
                "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
                "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
            ],
            "version": "==2018.4.16"
        },
        "chardet": {
            "hashes": [
                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
            ],
            "version": "==3.0.4"
        },
        "idna": {
            "hashes": [
                "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e",
                "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16"
            ],
            "version": "==2.7"
        },
        "python-dateutil": {
            "hashes": [
                "sha256:1adb80e7a782c12e52ef9a8182bebeb73f1d7e24e374397af06fb4956c8dc5c0",
                "sha256:e27001de32f627c22380a688bcc43ce83504a7bc5da472209b4c70f02829f0b8"
            ],
            "version": "==2.7.3"
        },
        "requests": {
            "hashes": [
                "sha256:421cfc8d9dde7d6aff68196420afd86b88c65d77d8da9cf83f4ecad785d7b9d6",
                "sha256:cc408268d0e21589bcc2b2c248e42932b8c4d112f499c12c92e99e2178a6134c"
            ],
            "index": "pypi",
            "version": "==2.19.0"
        },
        "six": {
            "hashes": [
                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
            ],
            "version": "==1.11.0"
        },
        "urllib3": {
            "hashes": [
                "sha256:a68ac5e15e76e7e5dd2b8f94007233e01effe3e50e8daddf69acfd81cb686baf",
                "sha256:b5725a0bd4ba422ab0e66e89e030c806576753ea3ee08554382c14e685d117b5"
            ],
            "version": "==1.23"
        }
    },
    "develop": {}
}

Expected result

If I run pipenv install --selective-upgrade requests, I expect the lockfile to be updated to requests==2.19.1 and the new version to be installed in the virtualenv.

Actual result

The lockfile is not updated and the new version of requests is not installed.

Steps to replicate

Clone https://github.com/mark-adams/pipenv-selective-upgrade-test
Run pipenv install
Run pipenv install --selective-upgrade requests

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 26
Comments: 38 (7 by maintainers)

Commits related to this issue

Switch to a pip-tools workflow This is motivated by the issues around pipenv always upgrading every dependency whenever you touch any dependency. (See https://github.com/pypa/pipenv/issues/2665 and h... — committed to PeterJCLaw/srobo-runbook by PeterJCLaw 5 years ago
Switch to a pip-tools workflow This is motivated by the issues around pipenv always upgrading every dependency whenever you touch any dependency. (See https://github.com/pypa/pipenv/issues/2665 and h... — committed to PeterJCLaw/srobo-runbook by PeterJCLaw 5 years ago
Update dev dependencies to appease security warnings. Urllib3 had a security vulnerability, which was flagged by GitHub's security alerts. As this was a dependency of twine, a dev dependency, this di... — committed to hardlyknowem/declare_config by hardlyknowem 5 years ago
Replace Pipenv with Poetry I used to use and like Pipenv but no longer think it’s viable - the project is in maintenance mode and has some serious unfixed issues ([link](https://github.com/pypa/pipen... — committed to TrashMonks/hagadias by syntaxaire 2 years ago

Most upvoted comments

I’m having the same issue with v2018.7.1.

Actually I don’t get so far what is the recommended command to update a single package. Either pipenv install --selective-upgrade requests, or pipenv update requests, as proposed here: example-pipenv-upgrade-workflow

Both ways do not work currently; they seem to update everything.

+12

tobias-hd on Jul 13, 2018

Hi @techalchemy, is there a fix for this available yet? Any way I can help?

+10

mark-adams on Jul 13, 2018

You can use this workaround:

Specify an exact version of the package in the Pipfile.
Specify the current version of the rest of the packages in the Pipfile.
Run pipenv install, in which case the Pipfile.lock file will be updated to include this new version.
Remove the exact versions specified in the Pipfile.

revolter on Jun 7, 2020

I dug some in the core.py file. The --selective-upgrade option is only actually doing something when executing pipenv install. What happens here is that the do_install function actually upgrades the package at hand. But then pipenv runs the do_lock function without dealing with the fact that the package was just upgraded. So effectively, do_lock downgrades the package back to its original version.

The docs are just simply wrong right now on that you are supposed to be able to run pipenv update <package>.

fredrikaverpil on Jun 3, 2019

@revolter pinning a version will not prevent other packages to be updated to the Pipfile.lock unless you pin them all, which is exactly what pipenv is supposed to fix in the first place 😛

This really really really need to be fixed.

jonapich on Dec 3, 2019

One thing I’m unclear of regarding this bug report:

Is pipenv install EXISTING_INSTALLED PACKAGE even supposed to upgrade a package, rather than install its Pipenv.lock-specified version? The official docs at Example Pipenv Upgrade Workflow suggest you’re supposed to use the update command for that, and not install.

I’m trying to debug the related issue mentioned above where installing a new package with install --selective-upgrade PKGNAME, or upgrading an existing package with update --selective-upgrade PKGNAME insists on updating all packages.

It’s hard to understand what’s the intended behavior is – there’s the --selective-upgrade flag, which only modifies the pip command with --upgrade-strategy=only-if-needed (but doesn’t stop pipenv from trying to upgrade all packages), and the different --keep-outdated which does other unclear things. The behavior of both flags are not clearly documented.

As they are currently documented, it makes sense that if I run pipenv install to install the packages as listed in the Pipfile, then running pipenv update --selective-upgrade --keep-outdated should do nothing (or even error). But it updates all the packages.

salty-horse on Mar 18, 2019

This still does not work in pipenv 2020.11.15

rooom13 on Dec 9, 2020

Soooo… Any progress on this? I updated Pipenv to 2018.11.26 (latest at the time of writing) and the workflow still doesn’t work…

mikicz on Feb 1, 2019

I don’t expect this to ever work as expected, given how tangled up this code is. I moved on to poetry ages ago, primarily because of this.

fredrikaverpil on Dec 8, 2021

Still an issue in pipenv 2020.11.15 for me as well.

After losing a bunch of time to pipenv today, here’s my workaround:

Figure out the version you want to install, in my case the latest requests, 25.2.1
pipenv install --keep-outdated 'requests==25.2.1' will just update to that version
verify Pipfile.lock shows new version, then git checkout -- Pipfile to revert to what you had before, in my case requests = "*"
verify correct version is installed

$ pipenv graph | ack requests # or grep
  - requests [required: >=2.7.9, installed: 2.25.1]
[...]

yesthesoup on Jan 26, 2021

This is the last major blocker for using Pipfile for us, and for many others I guess. Hence the high number of comments and level of energy here.

I know that the volunteer (thank you) maintainers are very busy, but just posting either about upstream requirements that are blocking this (maybe this needs a new feature in pip?), or giving a sketch of a solution (to allow people who are not experts to potentially help) would to a lot to alleviate things during the time while this issue stays open. At least if there was a sketch of a solution, I would look to see if there is a piece I could pick up.

chrish42 on Jul 19, 2019

Has anyone found any way to upgrade a single package? According to the docs, you are supposed to run pipenv update <pkg>, however this updates all packages in my Pipfile.lock. I’m on Windows 10, Python 3.7.1 and pipenv 2018.11.26 in a venv.

fredrikaverpil on May 31, 2019

For those who are adding new library but do not want to change the existing dependencies that are already in Pipfile.lock then just need to run the following command:

pipenv install --keep-outdated <YOUR_LIBRAY>

testchange on May 18, 2021

@techalchemy I tried removing the cache as you suggested but am still experiencing the issue. Do you get the same behavior when you clone my example repository?

mark-adams on Jun 25, 2018