pipenv lock --keep-outdated adds future dependencies

[bbolvig]

Issue description

Running pipenv lock --clear --keep-outdated updates Pipfile.lock by adding future dependencies of packages according to Pipfile.

Note that I specifying dependencies in Pipfile like pytest = "*". But I do not wish to update all packages whenever I am updating a single package which leads to this issue.

The effect also takes place when using commands like pipenv clean which has no --keep-outdated option so you can end up breaking dependencies because dependencies of the installed version may be removed as future version are used for calculating dependencies.

Expected result

No new packages should be added to Pipfile.lock when running pipenv lock --clear --keep-outdated.

Actual result

pytest 5.3.5 requires:
packaging, more-itertools, wcwidth, attrs, py, pluggy

pytest 6.0.1 requires:
pluggy, iniconfig, attrs, py, toml, more-itertools, packaging

With pytest 5.3.5 installed (and locked in Pipfile.lock) and pytest = "*" in Pipfile, I get following significant diffs from running pipenv lock --clear --keep-outdated

+        "iniconfig": {
+            "hashes": [
+                "sha256:80cf40c597eb564e86346103f609d74efce0f6b4d4f30ec8ce9e2c26411ba437",
+                "sha256:e5f92f89355a67de0595932a6c6c02ab4afddc6fcdc0bfc5becd0d60884d3f69"
+            ],
+            "version": "==1.0.1"
+        },

+        "toml": {
+            "hashes": [
+                "sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f",
+                "sha256:bda89d5935c2eac546d648028b9901107a595863cb36bae0c73ac804a9b4ce88"
+            ],
+            "version": "==0.10.1"
+        },

Steps to replicate

pipenv install pytest==5.3.5
sed -i 's/==5.3.5/*/' Pipfile
pipenv lock --clear --keep-outdated

alternatively, try pipenv clean before lock to see how it break pytest by removing wcwidth.

See https://github.com/bbolvig/pipenv-clean-bug/ for Pipfile.lock between steps.

---

$ pipenv --support

Pipenv version: '2020.8.13'

Pipenv location: '/home/boris/.local/lib/python3.8/site-packages/pipenv'

Python location: '/home/boris/.pyenv/versions/3.8.5/bin/python'

Python installations found:

• 3.8.5: /home/boris/.pyenv/versions/3.8.5/bin/python3.8
• 3.8.2: /usr/bin/python3.8
• 3.8.2: /usr/bin/python3
• 3.8.2: /bin/python3.8
• 3.8.2: /bin/python3
• 3.7.6: /home/boris/.pyenv/versions/3.7.6/bin/python3.7
• 2.7.18: /usr/bin/python2.7
• 2.7.18: /usr/bin/python2
• 2.7.18: /bin/python2.7
• 2.7.18: /bin/python2

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.8.5',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '5.4.0-42-generic',
 'platform_system': 'Linux',
 'platform_version': '#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020',
 'python_full_version': '3.8.5',
 'python_version': '3.8',
 'sys_platform': 'linux'}

System environment variables:

• SHELL
• SESSION_MANAGER
• QT_ACCESSIBILITY
• COLORTERM
• PYENV_SHELL
• CHAI_ENV
• XDG_CONFIG_DIRS
• XDG_MENU_PREFIX
• GNOME_DESKTOP_SESSION_ID
• GTK_IM_MODULE
• TMUX
• LANGUAGE
• QT4_IM_MODULE
• GNOME_SHELL_SESSION_MODE
• SSH_AUTH_SOCK
• XMODIFIERS
• DESKTOP_SESSION
• SSH_AGENT_PID
• EDITOR
• GTK_MODULES
• PWD
• XDG_SESSION_DESKTOP
• LOGNAME
• XDG_SESSION_TYPE
• GPG_AGENT_INFO
• XAUTHORITY
• GJS_DEBUG_TOPICS
• WINDOWPATH
• HOME
• USERNAME
• IM_CONFIG_PHASE
• LANG
• LS_COLORS
• XDG_CURRENT_DESKTOP
• VTE_VERSION
• GNOME_TERMINAL_SCREEN
• INVOCATION_ID
• MANAGERPID
• CLUTTER_IM_MODULE
• GJS_DEBUG_OUTPUT
• LESSCLOSE
• XDG_SESSION_CLASS
• PYTHONPATH
• TERM
• LESSOPEN
• USER
• TMUX_PANE
• GNOME_TERMINAL_SERVICE
• VISUAL
• DISPLAY
• SHLVL
• QT_IM_MODULE
• XDG_RUNTIME_DIR
• PYENV_ROOT
• JOURNAL_STREAM
• XDG_DATA_DIRS
• PATH
• GDMSESSION
• DBUS_SESSION_BUS_ADDRESS
• OLDPWD
• _
• PIP_DISABLE_PIP_VERSION_CHECK
• PYTHONDONTWRITEBYTECODE
• PIP_SHIMS_BASE_MODULE
• PIP_PYTHON_PATH
• PYTHONFINDER_IGNORE_UNSUPPORTED

Pipenv–specific environment variables:

Debug–specific environment variables:

• PATH: /home/boris/.local/bin:/home/boris/.pyenv/shims:/home/boris/.pyenv/bin:/home/boris/.pyenv/shims:/home/boris/.pyenv/bin:/home/boris/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
• SHELL: /bin/bash
• EDITOR: vim
• LANG: en_US.UTF-8
• PWD: /home/boris/work/pytestinstall

---

Contents of Pipfile ('/home/boris/work/pytestinstall/Pipfile'):

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]

[packages]
pytest = "*"

[requires]
python_version = "3.8"

Contents of Pipfile.lock ('/home/boris/work/pytestinstall/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "976a2ca0f737f325f408ba96dbdd2082722d52709e42df5c38f7096e58a834da"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.8"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "attrs": {
            "hashes": [
                "sha256:0ef97238856430dcf9228e07f316aefc17e8939fc8507e18c6501b761ef1a42a",
                "sha256:2867b7b9f8326499ab5b0e2d12801fa5c98842d2cbd22b35112ae04bf85b4dff"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==20.1.0"
        },
        "iniconfig": {
            "hashes": [
                "sha256:80cf40c597eb564e86346103f609d74efce0f6b4d4f30ec8ce9e2c26411ba437",
                "sha256:e5f92f89355a67de0595932a6c6c02ab4afddc6fcdc0bfc5becd0d60884d3f69"
            ],
            "version": "==1.0.1"
        },
        "more-itertools": {
            "hashes": [
                "sha256:6f83822ae94818eae2612063a5101a7311e68ae8002005b5e05f03fd74a86a20",
                "sha256:9b30f12df9393f0d28af9210ff8efe48d10c94f73e5daf886f10c4b0b0b4f03c"
            ],
            "markers": "python_version >= '3.5'",
            "version": "==8.5.0"
        },
        "packaging": {
            "hashes": [
                "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8",
                "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==20.4"
        },
        "pluggy": {
            "hashes": [
                "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0",
                "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==0.13.1"
        },
        "py": {
            "hashes": [
                "sha256:366389d1db726cd2fcfc79732e75410e5fe4d31db13692115529d34069a043c2",
                "sha256:9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==1.9.0"
        },
        "pyparsing": {
            "hashes": [
                "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1",
                "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"
            ],
            "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==2.4.7"
        },
        "pytest": {
            "hashes": [
                "sha256:0d5fe9189a148acc3c3eb2ac8e1ac0742cb7618c084f3d228baaec0c254b318d",
                "sha256:ff615c761e25eb25df19edddc0b970302d2a9091fbce0e7213298d85fb61fef6"
            ],
            "index": "pypi",
            "version": "==5.3.5"
        },
        "six": {
            "hashes": [
                "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
                "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
            "version": "==1.15.0"
        },
        "toml": {
            "hashes": [
                "sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f",
                "sha256:bda89d5935c2eac546d648028b9901107a595863cb36bae0c73ac804a9b4ce88"
            ],
            "version": "==0.10.1"
        },
        "wcwidth": {
            "hashes": [
                "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784",
                "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"
            ],
            "version": "==0.2.5"
        }
    },
    "develop": {}
}

[frostming]

This is exactly duplicate of #4371 , close it now