Git dependency with sepcified branch gets overriden by dependency of other package.

[Devligue]

This issue is simillar to #1779, but the solution stated there is not working for me.

I need to install specific version of a PyInstaller package, but PyInstaller is also a dependency of PyUpdater which is also required in my project and overrides other my specific PyInstaller version.

`$ python -m pipenv.help` output:

python -m pipenv.help

C:\Program Files (x86)\Python36-32\python.exe: No module named pipenv.help

I am aware this is not how this output should look like, but I can not make it work. Any help here? I'm on pipenv version 11.0.2.

---

Expected result

I need latest develop branch of PyInstaller installed and I don't want PyUpdater to override this with the PyInstaller-3.3.1 version. As suggested in #1779 I placed PyUpdater above the PyInstaller in [packages] in Pipfile.

Actual result

Regardless whether the important part of Pipfile looks like this:

PyUpdater = "*"
PyInstaller = {git = "https://github.com/pyinstaller/pyinstaller", ref = "develop"}

or like this:

PyInstaller = {git = "https://github.com/pyinstaller/pyinstaller", ref = "develop"}
PyUpdater = "*"

the PyInstaller version in Pipfile.lock will be 3.3.1 and I end up with this version installed.

What is interesting is that if I uninstall PyInstaller with pipenv uninstall pyinstaller and then install it again with pipenv install https://github.com/pyinstaller/pyinstaller/archive/develop.zip I get the Successfully installed PyInstaller-3.4.dev0+b31794cf1 but in fact the 3.3.1 version in installed instead.

Steps to replicate

# Pipfile
[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[packages]
PyUpdater = "*"
PyInstaller = {git = "https://github.com/pyinstaller/pyinstaller", ref = "develop"}

pipenv install
Check version: pipenv run pyinstaller --version

or

Create new clean environment
pipenv install pyupdater
pipenv uninstall pyinstaller
pipenv install https://github.com/pyinstaller/pyinstaller/archive/develop.zip
Check version: pipenv run pyinstaller --version

[uranusjr]

Confirmed, the resolution is wrong here.

[techalchemy]

Ok so: order only matters when locking or using --sequential, and zipfiles will never be resolved properly I think... you can try using -e but I’m not sure this works. Installation is concurrent so pipfile order won’t do much.

[uranusjr]

Top-level dependency should always win, however, IMO. PyInstaller is specified in the Pipfile (i.e. top-level), so its version information shouldn’t be overridden by PyUpdater’s dependency specification. It could be sensible to raise an exception if it cannot reasonably resolve, but not silently override.

[techalchemy]

What does it do on master

[uranusjr]

It resolves PyInstaller to the version on PyPI, as required by PyUpdater. Here’s what I got on Windows:

{
    "_meta": {
        "hash": {
            "sha256": "c0d9cbadaa9e85bb1b87408b1e0b428414754623d472d64deb2a5bd69ff9bf2c"
        },
        "pipfile-spec": 6,
        "requires": {},
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "altgraph": {
            "hashes": [
                "sha256:49dc134049903cc73fb76ca3cc9bef5b2b8c01c28732dd29594f99af2b449fc5",
                "sha256:fc28b986a68fde8d3ff0e6d6ba3fbdd2cd562d11d45ef7c7735fbd826c9eec2e"
            ],
            "version": "==0.15"
        },
        "appdirs": {
            "hashes": [
                "sha256:9e5896d1372858f8dd3344faf4e5014d21849c756c8d5701f78f8a103b372d92",
                "sha256:d8b24664561d0d34ddfaec54636d502d7cea6e29c3eaf68f3df6180863e2166e"
            ],
            "version": "==1.4.3"
        },
        "bsdiff4": {
            "hashes": [
                "sha256:5a022ff4c1d1de87232b1c70bde50afbb98212fd246be4a867d8737173cf1f8f"
            ],
            "version": "==1.1.4"
        },
        "certifi": {
            "hashes": [
                "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
                "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
            ],
            "version": "==2018.4.16"
        },
        "chardet": {
            "hashes": [
                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
            ],
            "version": "==3.0.4"
        },
        "dsdev-utils": {
            "hashes": [
                "sha256:cbe18eb0104b56e19087d60b765d7875b114acce01b1aceca9120f0556ab109d"
            ],
            "version": "==0.9.6"
        },
        "ed25519": {
            "hashes": [
                "sha256:2991b94e1883d1313c956a1e3ced27b8a2fdae23ac40c0d9d0b103d5a70d1d2a"
            ],
            "version": "==1.4"
        },
        "future": {
            "hashes": [
                "sha256:e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb"
            ],
            "version": "==0.16.0"
        },
        "macholib": {
            "hashes": [
                "sha256:7f76a7ef4f58f85889dec25fb532bad5acfd461c444738dfeb2e7bf855d5906b",
                "sha256:9aeec52d7da59912b15445d08b08d95cee48414f01dd035be06f04a825973c08"
            ],
            "version": "==1.9"
        },
        "pbr": {
            "hashes": [
                "sha256:3747c6f017f2dc099986c325239661948f9f5176f6880d9fdef164cb664cd665",
                "sha256:a9c27eb8f0e24e786e544b2dbaedb729c9d8546342b5a6818d8eda098ad4340d"
            ],
            "version": "==4.0.4"
        },
        "pefile": {
            "hashes": [
                "sha256:675c35ee0e1677db9e80d2f48d8a7ff2cf38e6207e8cd5e2a2c6d126db025854"
            ],
            "version": "==2017.11.5"
        },
        "pyinstaller": {
            "hashes": [
                "sha256:715f81f24b1ef0e5fe3b3c71e7540551838e46e9de30882aa7c0a521147fd1ce"
            ],
            "version": "==3.3.1"
        },
        "pypiwin32": {
            "hashes": [
                "sha256:67adf399debc1d5d14dffc1ab5acacb800da569754fafdc576b2a039485aa775",
                "sha256:71be40c1fbd28594214ecaecb58e7aa8b708eabfa0125c8a109ebd51edbd776a"
            ],
            "version": "==223"
        },
        "pyupdater": {
            "hashes": [
                "sha256:61e796063131bcde4e2467580c0add3a2e77cd0b0533a1b559f066e4c127570e"
            ],
            "index": "pypi",
            "version": "==2.5.3"
        },
        "pywin32": {
            "hashes": [
                "sha256:0df9b008caef10af0d674c483316c28dcf78391332d9d5d380fab667ebf2d7d1",
                "sha256:249391eb924b8376826e6f84d143d1dcc0e400b238b511d5fbd3811f6ed9ad50",
                "sha256:42f48567e36b787901ff3da20de5a134cd9880cc90832e2aad60951f058699f0",
                "sha256:9eff897796c9d76a213134257a01b6f8a122c55e0772847fba313a8091f3ec44",
                "sha256:c7ea0deabcc324e5b74084b5452003109c592d1aedbe9e9289ed55b26d9b0c7f",
                "sha256:da422d4067d98b49fbb19d851900a5fc38c61eab0ee803574c27c42309173ebe",
                "sha256:f0f0e7c82ee334dd6e888b9b5beb05fd8947355fa7a15644c810bb4ea0079ca6",
                "sha256:fb3c85907918fd01a72ee146d323d220771dee151c0cfa5630c2f35797ffb116"
            ],
            "version": "==223"
        },
        "six": {
            "hashes": [
                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
            ],
            "version": "==1.11.0"
        },
        "stevedore": {
            "hashes": [
                "sha256:e3d96b2c4e882ec0c1ff95eaebf7b575a779fd0ccb4c741b9832bed410d58b3d",
                "sha256:f1c7518e7b160336040fee272174f1f7b29a46febb3632502a8f2055f973d60b"
            ],
            "version": "==1.28.0"
        },
        "urllib3": {
            "hashes": [
                "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
                "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
            ],
            "version": "==1.22"
        }
    },
    "develop": {}
}

[techalchemy]

@uranusjr try it against the branch with the updated requirementslib

[uranusjr]

The same with bugfix/2260 :/ (pipenv lock --clear)

[techalchemy]

I'm only just noticing this is not being installed in editable mode -- we don't support dependency resolution for things that aren't in editable mode because we don't have visibility into the dependency graph

[techalchemy]

Ah, I think I know why this is happening!

[ovv]

Hello. I mentioned this on slack yesterday. I believe that's the bug I encountered.

The Pipfile packages look like this:

[packages]
foo = "*"
bar = {git = "https://github.com/bar/bar", ref = "bar"}

At first everything was locking as expected with the bar packages coming from github. After running a pipenv update bar got updated and added foo as a dependency. Afterwards when locking, foo was resolve to the PyPI version.

Adding editable= True seems to have resolve the issue