Pipenv: Pipenv lock doesn't take Pipfile into account when processing package sub-dependencies
Issue description
After the release of pylint 2, I discovered this issue trying to install plugins such as pylint-quotes and pytest-pylint:
Pipenv seems to ignore dependency versions in Pipfile when looking through sub-dependencies (dependencies of packages specified in Pipfile).
Expected result
Pipenv should account for Pipfile when resolving sub-depencendies to avoid reporting erroneous conflicts
Actual result
Pipenv incorrectly reports dependency conflicts when none actually exist.
Steps to replicate
Example Pipfile:
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
pylint = "==1.9"
pylint-quotes = "==0.1.9"
$ pipenv lock -v
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
using sources: [{'url': 'https://pypi.org/simple', 'verify_ssl': True, 'name': 'pypi'}]
Using pip: -i https://pypi.org/simple
ROUND 1
Current constraints:
pylint==1.9 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-2cbbt1ga-constraints.txt (line 2))
pylint-quotes==0.1.9 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-2cbbt1ga-constraints.txt (line 3))
Finding the best candidates:
found candidate pylint==1.9 (constraint was ==1.9)
found candidate pylint-quotes==0.1.9 (constraint was ==0.1.9)
Finding secondary dependencies:
pylint-quotes==0.1.9 requires astroid>=2.0.1, isort>=4.2.5, lazy-object-proxy, mccabe, pylint-quotes==0.1.9, pylint>=1.7.6, six, wrapt
pylint==1.9 requires astroid<2.0,>=1.6, isort>=4.2.5, lazy-object-proxy, mccabe, pylint==1.9, six, wrapt
New dependencies found in this round:
adding ['astroid', '<2.0,>=1.6,>=2.0.1', '[]']
adding ['isort', '>=4.2.5', '[]']
adding ['lazy-object-proxy', '', '[]']
adding ['mccabe', '', '[]']
adding ['pylint', '==1.9,>=1.7.6', '[]']
adding ['pylint-quotes', '==0.1.9', '[]']
adding ['six', '', '[]']
adding ['wrapt', '', '[]']
Removed dependencies in this round:
Unsafe dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable
ROUND 2
Current constraints:
astroid<2.0,>=1.6,>=2.0.1
isort>=4.2.5
lazy-object-proxy
mccabe
pylint==1.9,>=1.7.6 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-2cbbt1ga-constraints.txt (line 2))
pylint-quotes==0.1.9 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-2cbbt1ga-constraints.txt (line 3))
six
wrapt
Finding the best candidates:
Using pip: -i https://pypi.org/simple
ROUND 1
Current constraints:
pylint==1.9 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-eulvhsyk-constraints.txt (line 2))
pylint-quotes==0.1.9 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-eulvhsyk-constraints.txt (line 3))
Finding the best candidates:
found candidate pylint==1.9 (constraint was ==1.9)
found candidate pylint-quotes==0.1.9 (constraint was ==0.1.9)
Finding secondary dependencies:
pylint-quotes==0.1.9 requires astroid>=2.0.1, isort>=4.2.5, lazy-object-proxy, mccabe, pylint-quotes==0.1.9, pylint>=1.7.6, six, wrapt
pylint==1.9 requires astroid<2.0,>=1.6, isort>=4.2.5, lazy-object-proxy, mccabe, pylint==1.9, six, wrapt
New dependencies found in this round:
adding ['astroid', '<2.0,>=1.6,>=2.0.1', '[]']
adding ['isort', '>=4.2.5', '[]']
adding ['lazy-object-proxy', '', '[]']
adding ['mccabe', '', '[]']
adding ['pylint', '==1.9,>=1.7.6', '[]']
adding ['pylint-quotes', '==0.1.9', '[]']
adding ['six', '', '[]']
adding ['wrapt', '', '[]']
Removed dependencies in this round:
Unsafe dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable
ROUND 2
Current constraints:
astroid<2.0,>=1.6,>=2.0.1
isort>=4.2.5
lazy-object-proxy
mccabe
pylint==1.9,>=1.7.6 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-eulvhsyk-constraints.txt (line 2))
pylint-quotes==0.1.9 (from -r /var/folders/rj/210lgzrd4q5ccsyby0rdxg0924842d/T/pipenv-vkxnjh1h-requirements/pipenv-eulvhsyk-constraints.txt (line 3))
six
wrapt
Finding the best candidates:
Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
You can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
Could not find a version that matches astroid<2.0,>=1.6,>=2.0.1
Tried: 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.0, 1.3.1, 1.3.1, 1.3.2, 1.3.2, 1.3.3, 1.3.3, 1.3.4, 1.3.4, 1.3.5, 1.3.5, 1.3.6, 1.3.6, 1.3.7, 1.3.7, 1.3.8, 1.3.8, 1.4.0, 1.4.0, 1.4.1, 1.4.1, 1.4.2, 1.4.2, 1.4.3, 1.4.3, 1.4.4, 1.4.4, 1.4.5, 1.4.5, 1.4.6, 1.4.6, 1.4.7, 1.4.7, 1.4.8, 1.4.8, 1.4.9, 1.4.9, 1.5.0, 1.5.0, 1.5.1, 1.5.1, 1.5.2, 1.5.2, 1.5.3, 1.5.3, 1.6.0, 1.6.0, 1.6.1, 1.6.1, 1.6.2, 1.6.2, 1.6.3, 1.6.3, 1.6.4, 1.6.4, 1.6.5, 1.6.5, 2.0, 2.0, 2.0.1, 2.0.1
Skipped pre-versions: 2.0.0.dev0, 2.0.0.dev0, 2.0.0.dev1, 2.0.0.dev1, 2.0.0.dev2, 2.0.0.dev2, 2.0.0.dev3, 2.0.0.dev3, 2.0.0.dev4, 2.0.0.dev4
There are incompatible versions in the resolved dependencies.
Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
You can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
Could not find a version that matches astroid<2.0,>=1.6,>=2.0.1
Tried: 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.0, 1.3.1, 1.3.1, 1.3.2, 1.3.2, 1.3.3, 1.3.3, 1.3.4, 1.3.4, 1.3.5, 1.3.5, 1.3.6, 1.3.6, 1.3.7, 1.3.7, 1.3.8, 1.3.8, 1.4.0, 1.4.0, 1.4.1, 1.4.1, 1.4.2, 1.4.2, 1.4.3, 1.4.3, 1.4.4, 1.4.4, 1.4.5, 1.4.5, 1.4.6, 1.4.6, 1.4.7, 1.4.7, 1.4.8, 1.4.8, 1.4.9, 1.4.9, 1.5.0, 1.5.0, 1.5.1, 1.5.1, 1.5.2, 1.5.2, 1.5.3, 1.5.3, 1.6.0, 1.6.0, 1.6.1, 1.6.1, 1.6.2, 1.6.2, 1.6.3, 1.6.3, 1.6.4, 1.6.4, 1.6.5, 1.6.5, 2.0, 2.0, 2.0.1, 2.0.1
Skipped pre-versions: 2.0.0.dev0, 2.0.0.dev0, 2.0.0.dev1, 2.0.0.dev1, 2.0.0.dev2, 2.0.0.dev2, 2.0.0.dev3, 2.0.0.dev3, 2.0.0.dev4, 2.0.0.dev4
There are incompatible versions in the resolved dependencies.
pylint 1.9 requires astroid<2.0,>=1.6
pylint-quotes 0.1.9's only dependency is pylint>=1.7.6 which can be seen in its setup.cfg (or by running pip show after installing it):
...
install_requires=[
'pylint>=1.7.6',
],
...
However, Pipenv incorrectly reports that pylint-quotes requires astroid>=2.0.1.
Further investigation revealed that there is one related package that does require astroid>=2.0.1, pylint==2.0.1 which we are not installing. It looks to me like Pipenv is seeing the pylint requirement of pylint-quotes and then checking the dependencies of the latest version of pylint rather than the one actually specified in the pipfile.
$ pipenv --support
Pipenv version: '2018.7.1'
Pipenv location: '/usr/local/Cellar/pipenv/2018.7.1/libexec/lib/python3.7/site-packages/pipenv'
Python location: '/usr/local/Cellar/pipenv/2018.7.1/libexec/bin/python3.7'
Other Python installations in PATH:
2.7:/usr/local/bin/python2.72.7:/usr/local/bin/python2.72.7:/Users/<user>/.pyenv/shims/python2.72.7:/usr/local/bin/python2.72.7:/usr/bin/python2.73.6:/Users/<user>/.pyenv/shims/python3.6m3.6:/Users/<user>/.pyenv/shims/python3.63.7:/Users/<user>/.pyenv/shims/python3.72.7.15:/usr/local/bin/python3.6.5:/Users/<user>/.pyenv/shims/python2.7.15:/usr/local/bin/python2.7.10:/usr/bin/python2.7.15:/usr/local/bin/python22.7.15:/Users/<user>/.pyenv/shims/python22.7.15:/usr/local/bin/python23.6.5:/Users/<user>/.pyenv/shims/python3
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.7.0',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '17.7.0',
'platform_system': 'Darwin',
'platform_version': 'Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT '
'2018; root:xnu-4570.71.2~1/RELEASE_X86_64',
'python_full_version': '3.7.0',
'python_version': '3.7',
'sys_platform': 'darwin'}
System environment variables:
PATHLDFLAGSMANPATH_fzf_orig_completion_teeTERM_PROGRAM_fzf_orig_completion_find_fzf_orig_completion_diff_fzf_orig_completion_javacPYENV_ROOTTERMSHELL_fzf_orig_completion_curlCPPFLAGS_fzf_orig_completion_mvTMPDIR_fzf_orig_completion_patchApple_PubSub_Socket_Render_fzf_orig_completion_perlTERM_PROGRAM_VERSION_fzf_orig_completion_python_fzf_orig_completion_du_fzf_orig_completion_bunzip2TERM_SESSION_ID_fzf_orig_completion_less_fzf_orig_completion_rmdir_fzf_orig_completion_tail_fzf_orig_completion_headPYENV_VERSION_fzf_orig_completion_jar_fzf_orig_completion_svn_fzf_orig_completion_telnetUSER_fzf_orig_completion_g___fzf_orig_completion_wc_fzf_orig_completion_ftp_fzf_orig_completion_gzipPYENV_DIRSSH_AUTH_SOCK_fzf_orig_completion_view_fzf_orig_completion_export__CF_USER_TEXT_ENCODINGPYENV_VIRTUALENV_INIT_fzf_orig_completion_grep_fzf_orig_completion_gvim_fzf_orig_completion_java_fzf_orig_completion_unzip_fzf_orig_completion_sftpPWD_fzf_orig_completion_rm_fzf_orig_completion_ls_fzf_orig_completion_uniqEDITOR_fzf_orig_completion_cat_fzf_orig_completion_chown_fzf_orig_completion_bzip2LANGITERM_PROFILEPYENV_HOOK_PATHXPC_FLAGS_fzf_orig_completion_cd_fzf_orig_completion_vi_fzf_orig_completion_tarXPC_SERVICE_NAME_fzf_orig_completion_killPYENV_SHELLSHLVLCOLORFGBGHOMEITERM_SESSION_IDLOGNAME_fzf_orig_completion_vimVISUAL_fzf_orig_completion_awk_fzf_orig_completion_ld_fzf_orig_completion_sort_fzf_orig_completion_ssh_fzf_orig_completion_gunzipPKG_CONFIG_PATHGOPATH_fzf_orig_completion_rsync_fzf_orig_completion_gcc_fzf_orig_completion_emacsDISPLAY_fzf_orig_completion_cp_fzf_orig_completion_scp_fzf_orig_completion_ln_fzf_orig_completion_sed_fzf_orig_completion_gitCOLORTERMPYTHONDONTWRITEBYTECODEPIP_PYTHON_PATH
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH:/usr/local/Cellar/pipenv/2018.7.1/libexec/tools:/usr/local/bin:/Users/<user>/.pyenv/libexec:/Users/<user>/.pyenv/plugins/python-build/bin:/Users/<user>/.pyenv/plugins/pyenv-virtualenv/bin:/Users/<user>/.pyenv/plugins/pyenv-update/bin:/Users/<user>/.pyenv/plugins/pyenv-installer/bin:/Users/<user>/.pyenv/plugins/pyenv-doctor/bin:/Users/<user>/.local/bin:/usr/local/opt/coreutils/libexec/gnubin:/usr/local/opt/libarchive/bin:/usr/local/sbin:/usr/local/opt/go/libexec/bin:/Users/<user>/go/bin:/Users/<user>/.pyenv/plugins/pyenv-virtualenv/shims:/Users/<user>/.pyenv/shims:/Users/<user>/.pyenv/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/usr/local/MacGPG2/bin:/opt/X11/bin:/Users/<user>/.vim/plugged/fzf/binSHELL:/usr/local/bin/bashEDITOR:vimLANG:en_US.UTF-8PWD:/Users/<user>/Documents/Source/pipenvdeps
Contents of Pipfile ('/Users/
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
pylint = "==1.9"
pylint-quotes = "==0.1.9"
[dev-packages]
[requires]
python_version = "3.7"
Contents of Pipfile.lock ('/Users/
{
"_meta": {
"hash": {
"sha256": "8401a941de091e385a3679312b16f3d165c68c9f8d79c6963b1d3e3a741dbe53"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.7"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"astroid": {
"hashes": [
"sha256:0ef2bf9f07c3150929b25e8e61b5198c27b0dca195e156f0e4d5bdd89185ca1a",
"sha256:fc9b582dba0366e63540982c3944a9230cbc6f303641c51483fa547dcc22393a"
],
"version": "==1.6.5"
},
"isort": {
"hashes": [
"sha256:1153601da39a25b14ddc54955dbbacbb6b2d19135386699e2ad58517953b34af",
"sha256:b9c40e9750f3d77e6e4d441d8b0266cf555e7cdabdcff33c4fd06366ca761ef8",
"sha256:ec9ef8f4a9bc6f71eec99e1806bfa2de401650d996c59330782b89a5555c1497"
],
"markers": "python_version != '3.3.*' and python_version >= '2.7' and python_version != '3.1.*' and python_version != '3.0.*' and python_version != '3.2.*'",
"version": "==4.3.4"
},
"lazy-object-proxy": {
"hashes": [
"sha256:0ce34342b419bd8f018e6666bfef729aec3edf62345a53b537a4dcc115746a33",
"sha256:1b668120716eb7ee21d8a38815e5eb3bb8211117d9a90b0f8e21722c0758cc39",
"sha256:209615b0fe4624d79e50220ce3310ca1a9445fd8e6d3572a896e7f9146bbf019",
"sha256:27bf62cb2b1a2068d443ff7097ee33393f8483b570b475db8ebf7e1cba64f088",
"sha256:27ea6fd1c02dcc78172a82fc37fcc0992a94e4cecf53cb6d73f11749825bd98b",
"sha256:2c1b21b44ac9beb0fc848d3993924147ba45c4ebc24be19825e57aabbe74a99e",
"sha256:2df72ab12046a3496a92476020a1a0abf78b2a7db9ff4dc2036b8dd980203ae6",
"sha256:320ffd3de9699d3892048baee45ebfbbf9388a7d65d832d7e580243ade426d2b",
"sha256:50e3b9a464d5d08cc5227413db0d1c4707b6172e4d4d915c1c70e4de0bbff1f5",
"sha256:5276db7ff62bb7b52f77f1f51ed58850e315154249aceb42e7f4c611f0f847ff",
"sha256:61a6cf00dcb1a7f0c773ed4acc509cb636af2d6337a08f362413c76b2b47a8dd",
"sha256:6ae6c4cb59f199d8827c5a07546b2ab7e85d262acaccaacd49b62f53f7c456f7",
"sha256:7661d401d60d8bf15bb5da39e4dd72f5d764c5aff5a86ef52a042506e3e970ff",
"sha256:7bd527f36a605c914efca5d3d014170b2cb184723e423d26b1fb2fd9108e264d",
"sha256:7cb54db3535c8686ea12e9535eb087d32421184eacc6939ef15ef50f83a5e7e2",
"sha256:7f3a2d740291f7f2c111d86a1c4851b70fb000a6c8883a59660d95ad57b9df35",
"sha256:81304b7d8e9c824d058087dcb89144842c8e0dea6d281c031f59f0acf66963d4",
"sha256:933947e8b4fbe617a51528b09851685138b49d511af0b6c0da2539115d6d4514",
"sha256:94223d7f060301b3a8c09c9b3bc3294b56b2188e7d8179c762a1cda72c979252",
"sha256:ab3ca49afcb47058393b0122428358d2fbe0408cf99f1b58b295cfeb4ed39109",
"sha256:bd6292f565ca46dee4e737ebcc20742e3b5be2b01556dafe169f6c65d088875f",
"sha256:cb924aa3e4a3fb644d0c463cad5bc2572649a6a3f68a7f8e4fbe44aaa6d77e4c",
"sha256:d0fc7a286feac9077ec52a927fc9fe8fe2fabab95426722be4c953c9a8bede92",
"sha256:ddc34786490a6e4ec0a855d401034cbd1242ef186c20d79d2166d6a4bd449577",
"sha256:e34b155e36fa9da7e1b7c738ed7767fc9491a62ec6af70fe9da4a057759edc2d",
"sha256:e5b9e8f6bda48460b7b143c3821b21b452cb3a835e6bbd5dd33aa0c8d3f5137d",
"sha256:e81ebf6c5ee9684be8f2c87563880f93eedd56dd2b6146d8a725b50b7e5adb0f",
"sha256:eb91be369f945f10d3a49f5f9be8b3d0b93a4c2be8f8a5b83b0571b8123e0a7a",
"sha256:f460d1ceb0e4a5dcb2a652db0904224f367c9b3c1470d5a7683c0480e582468b"
],
"version": "==1.3.1"
},
"mccabe": {
"hashes": [
"sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42",
"sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"
],
"version": "==0.6.1"
},
"pylint": {
"hashes": [
"sha256:b719c86a7395ea0c0ec8030c2a7a2b4fad573ee50460f9948fabb1811d72094f",
"sha256:cf1be367296e9e534a5cb420186ce99f63f17c2b855fcb4321a3e20ce51502cd"
],
"index": "pypi",
"version": "==1.9"
},
"six": {
"hashes": [
"sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
"sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
],
"version": "==1.11.0"
},
"wrapt": {
"hashes": [
"sha256:d4d560d479f2c21e1b5443bbd15fe7ec4b37fe7e53d335d3b9b0a7b1226fe3c6"
],
"version": "==1.10.11"
}
},
"develop": {}
}
rainyday
All 12 comments
I have precisely the same issue with a different combination of packages. I am trying to install flower==0.8.3 together with celery==3.1.25. I can pin all version dependencies (kombu==3.0.37) but still I get:
This is (as @rainyday describes) because the newest versions are investigated while solving dependencies, ignoring pinned versions in the Pipfile
Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
You can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
Could not find a version that matches amqp<2.0,<3.0,>=1.4.9,>=2.1.4
Tried: 0.9.1, 0.9.2, 0.9.3, 0.9.4, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.3, 1.4.4, 1.4.4, 1.4.5, 1.4.5, 1.4.6, 1.4.6, 1.4.7, 1.4.8, 1.4.8, 1.4.9, 1.4.9, 2.0.0, 2.0.0, 2.0.1, 2.0.2, 2.0.2, 2.0.3, 2.0.3, 2.1.0, 2.1.0, 2.1.1, 2.1.1, 2.1.2, 2.1.2, 2.1.3, 2.1.3, 2.1.4, 2.1.4, 2.2.0, 2.2.0, 2.2.1, 2.2.1, 2.2.2, 2.2.2, 2.3.0, 2.3.0, 2.3.1, 2.3.1, 2.3.2, 2.3.2
There are incompatible versions in the resolved dependencies.
$ pipenv --support
Pipenv version: '2018.7.1'
Contents of Pipfile:
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[dev-packages]
[packages]
flower = "==0.8.3"
celery = "==3.1.25"
kombu = "==3.0.37"
amqp = "==1.4.9"
[requires]
python_version = "3.5"
caspervdw
on 31 Jul 2018
I digged in some more and this seems to be the same issue as https://github.com/pypa/pipenv/issues/2596 . Downgrading to 2018.5.18 solves it for me.
caspervdw
on 31 Jul 2018
I'm _guessing_ you can fix this by running pipenv lock --clear
We are aware of these types of issues and have a working implementation of a new, much better resolver but we are still testing it. It's much faster and I'm pretty sure it won't have any of these types of problems.
In the meantime just bear with us, this type of problem is resolved by making sure you only include top level dependencies in your Pipfile. You can make sure you are doing this by running pipenv install --skip-lock and then pipenv graph and removing anything that is not a root on the graph as it will be resolved and installed anway.
If you include only pylint-quotes in your Pipfile, does it resolve properly?
techalchemy
on 2 Aug 2018
I think I'm having the same issue. When I do pipenv lock it reports (fragment):
Could not find a version that matches xoutil!=2.0.0,!=2.0.1,!=2.0.2,!=2.0.3,<2.0,==2.0.6,>=1.9.4 (from -r /tmp/pipenv-bhey2pt4-requirements/pipenv-_l3n2ia7-constraints.txt (line 11))
Tried: ...., 1.9.0, 1.9.0, 1.9.1, 1.9.1, 1.9.2, 1.9.2, 1.9.3, 1.9.3, 1.9.4, 1.9.4, 1.9.5, 1.9.5, 1.9.6, 1.9.6, 2.0.4.1, 2.0.4.1, 2.0.5, 2.0.5, 2.0.6, 2.0.6
There are incompatible versions in the resolved dependencies.
The requirement ==2.0.6 is NOT anywhere in the dependency graph (I've manually checked). Moreover, Pipfile has the requirement xoutil = ">=1.9.4", and if I change that to xoutil = "==1.9.6", the pipenv lock works without error.
mvaled
on 2 Aug 2018
Changing my Pipfile to require xoutil = ">=1.9.4,<2.0" also works for me.
mvaled
on 2 Aug 2018
@techalchemy that's super exciting to hear that you're working on a new resolver. Is it already possible for me to try it? I just checked out master and it doesn't seem to be in there yet - maybe a PR or a feature branch?
Hope I'm not coming across as being impatient, I'm just very, very excited about the progress :-).
tcwalther
on 5 Aug 2018
The implementation still has a lot of things going on right now, and there isn’t a very convenient way to make it work with Pipenv yet, unfortunately. If you’re interested, however, I would very much like people to throw real-world examples at it and see what happens. But be aware: this is definitely not ready for production.
Here’s the implementation: https://github.com/sarugaku/resolvelib
Setup would be something like:
mkdir resolver-try
cd resolver-try
git clone https://github.com/sarugaku/resolvelib.git
git clone -b feature/lockfile-dependencygrabber https://github.com/sarugaku/requirementslib.git
pipenv --three
pipenv install -e ./resolvelib
pipenv install -e ./requirementslib
Use this command to test the resolver out:
pipenv run python resolvelib/play/resolve.py --project </path/to-your/project>
This will emit a ton of output to show what happens in the resolver, and a final STABLE PINS section that includes what is actually resolved.
There are some known issues about dependencies that use file, path, git etc. to specify the package. This is already being worked on.
uranusjr
on 6 Aug 2018
Amazing. I just tried it on one of our projects (which doesn't have a path directive in its Pipfile) and it works very quickly and very well. Looking forward to trying it out further once you fixed the issues around git and path.
tcwalther
on 6 Aug 2018
@techalchemy What is the status of the dependency resolver?
I am now pinning Pipenv in all of our projects to pipenv==2018.5.18. The here reported bug (for me at least...) must have been introduced after that release. (NB: I am using lock --clear to avoid any caching issues)
caspervdw
on 4 Sep 2018
I also have this issue. This is making life really difficult since Pipenv cannot resolve some of the dependencies on its own. For example, doing pipenv install moto is currently impossible. To install it, you need to use pippenv==2018.5.18 and pin botocore and boto3 dependencies:
botocore = "==1.10.84" # Pipenv needs help solving dependencies
"boto3" = "==1.7.84" # Pipenv needs help solving dependencies
moto = "*"
Teemu
on 10 Sep 2018
Same here. Pinning pippenv==2018.5.18 doesn't even help. As soon as I try and add zappa="46.2" (released back in July I think) it suddenly thinks that I need botocore>=1.12.9, which is the latest release. And that conflicts with my other requirements.
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
connexion = "*"
stripe = "*"
requests = "*"
boto3 = "==1.7.84"
botocore = "==1.10.84"
Flask = "*"
Pillow = "*"
zipcodes = "*"
us = "*"
[dev-packages]
remote-pdb = "*"
zappa = "==0.46.2"
awscli = "==1.15.85"
[requires]
python_version = "3.6"
I'm unclear on how to workaround.
sprynmr
on 22 Sep 2018
You might have luck if you don't have seperate dev dependencies
On Sat, Sep 22, 2018, 23:52 Bob Spryn notifications@github.com wrote:
Same here. Pinning pippenv==2018.5.18 doesn't even help. As soon as I try
and add zappa="46.2" (released back in July I think) it suddenly thinks
that I need botocore>=1.12.9, which is the latest release. And that
conflicts with my other requirements.[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"[packages]
connexion = ""
stripe = ""
requests = ""
boto3 = "==1.7.84"
botocore = "==1.10.84"
Flask = ""
Pillow = ""
zipcodes = ""
us = "*"[dev-packages]
remote-pdb = "*"
zappa = "==0.46.2"
awscli = "==1.15.85"[requires]
python_version = "3.6"I'm unclear on how to workaround.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/pypa/pipenv/issues/2666#issuecomment-423772580, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AADQMuoZZA10Teq6rBezptQwYEDT0MG5ks5udqMKgaJpZM4Vkya5
.
Teemu
on 22 Sep 2018
Related issues
leileigong
·
3Comments
FooBarQuaxx
·
3Comments
Californian
·
3Comments
ansrivas
·
3Comments
johnjiang
·
3Comments