Pipenv: Confusion: --keep-outdated --selective-upgrade

bump

The selective-upgrade is pip's --upgrade-strategy=only-if-needed option. The keep-outdated is like only adding new stuffs to Pipfile.lock but no removing packages which is invalid in the new dependency resolution. This is very useful when you lock multiple times in different python versions.

For the record, I might be wrong. @techalchemy is the best one to answer this. There is a full implementation of keep-outdated https://github.com/pypa/pipenv/pull/3304 waiting to be merged.

Sorry for making a mistake in my previous comment. In fact, the package name passed as argument is not used at all. It might be supported after #3304 is merged.

@techalchemy help us out here...

I ran in an actual problem with this :

The Package Djoser had it's Version 1.4.0 removed and i want to update to the new 1.5.1 without updating the other locked versions.

Haveing read all comandline options i thought

pipenv update --keep-outdated --pre --selective djoser

would ONLY update djoser and keep all other package versions even though the y might be outdated.

Please clarify what's going on with those flags and add an example for updating only one packages.

Apologies for not responding to this sooner, I've been super busy with work but more significantly there were a number of breaking changes related to PEP514 implementation which first pip rolled out and then setuptools rolled out and then there was a bit of a stalemate-fingerpointing situation and then some more breakages which has all been a bit of a nightmare

The result of this is that pipenv just does its own dependency resolution with requirementslib which needed a resolver to handle direct url dependencies as someone mentioned with regard to #3304

With regard to the specific question here, there is significant confusion about --keep-outdated (which should really do nothing under optimal circumstances unless things are no longer available or installable on PyPI when you re-lock, which can happen if you are on OSX for example), --selective-upgrade only works with install and can be used to install the minimum viable set of changes into the lockfile (that is, still using the highest available versions etc, but not upgrading packages unnecessarily)

The only real difference is that you can add something to your Pipfile and lock with --keep-outdated for the same behavior -- and formally speaking, --keep-outdated should never remove something from the lockfile (I am not sure what --selective-upgrade does on this front).

Here is the important caveat: pipenv update _always_ targets every package in your lockfile, without exception. It does not accept arguments. If you want to upgrade a specific package, you must do it with pipenv install --selective-upgrade <package> (which naturally will add it to your lockfile)

This needs to be reviewed at some point because it is super inconvenient and probably is a major gap in normal workflows

Apologies for not responding to this sooner, I've been super busy with work but more significantly there were a number of breaking changes related to PEP514 implementation which first pip rolled out and then setuptools rolled out and then there was a bit of a stalemate-fingerpointing situation and then some more breakages which has all been a bit of a nightmare

The result of this is that pipenv just does its own dependency resolution with requirementslib which needed a resolver to handle direct url dependencies as someone mentioned with regard to #3304

With regard to the specific question here, there is significant confusion about --keep-outdated (which should really do nothing under optimal circumstances unless things are no longer available or installable on PyPI when you re-lock, which can happen if you are on OSX for example), --selective-upgrade only works with install and can be used to install the minimum viable set of changes into the lockfile (that is, still using the highest available versions etc, but not upgrading packages unnecessarily)

The only real difference is that you can add something to your Pipfile and lock with --keep-outdated for the same behavior -- and formally speaking, --keep-outdated should never remove something from the lockfile (I am not sure what --selective-upgrade does on this front).

Here is the important caveat: pipenv update _always_ targets every package in your lockfile, without exception. It does not accept arguments. If you want to upgrade a specific package, you must do it with pipenv install --selective-upgrade <package> (which naturally will add it to your lockfile)

This needs to be reviewed at some point because it is super inconvenient and probably is a major gap in normal workflows

@techalchemy Thank you for explaining the difference and pointing out how to upgrade a selective package. It seems like pipenv install --selective-upgrade <package> does what you stated, but only misses out on updating the hash of the new version in the lockfile. :disappointed: Is this a already tracked issue?