Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard version dependency pins wildcard instead of specific version #4278

Closed
GPHemsley opened this issue May 28, 2020 · 2 comments · Fixed by #4283
Closed

Wildcard version dependency pins wildcard instead of specific version #4278

GPHemsley opened this issue May 28, 2020 · 2 comments · Fixed by #4283
Labels
Type: Bug 🐛 This issue is a bug.
Milestone
2020.6.x bugfix r...

Comments

@GPHemsley
Copy link
Contributor

GPHemsley commented May 28, 2020
edited

Spun off from #4263. This is a regression from 2018.11.26.

Issue description

Dependencies with wildcards get locked with a wildcard version instead of a specific version.

Steps to replicate

  • Run pipenv install 'example-test-package==1.0.*'

Expected result

Pipfile.lock contains:

        "example-test-package": {
            "hashes": [
                "sha256:0b164142f6adbef9d719de6885db0ead7b8af66bed3b0a2145dad75420e18a25",
                "sha256:54fec966dab3f3d4f2f5aa6d237bcd30af09a3dc7a0602da0306f39d8c625ec7"
            ],
            "index": "pypi",
            "version": "==1.0.0"
        }

Actual result

Pipfile.lock contains:

        "example-test-package": {
            "hashes": [
                "sha256:0b164142f6adbef9d719de6885db0ead7b8af66bed3b0a2145dad75420e18a25",
                "sha256:54fec966dab3f3d4f2f5aa6d237bcd30af09a3dc7a0602da0306f39d8c625ec7"
            ],
            "index": "pypi",
            "version": "==1.0.*"
        }
@GPHemsley GPHemsley mentioned this issue May 28, 2020
Closed
@GPHemsley
Copy link
Contributor Author

Updated with minimal steps to reproduce.

@GPHemsley
Copy link
Contributor Author

The problem is in pipenv.utils.get_locked_dep here:

pipenv/pipenv/utils.py

Lines 1186 to 1197 in b5becd8

lockfile_entry = clean_resolved_dep(dep, **cleaner_kwargs)
if entry and isinstance(entry, Mapping):
version = entry.get("version", "") if entry else ""
else:
version = entry if entry else ""
lockfile_name, lockfile_dict = lockfile_entry.copy().popitem()
lockfile_version = lockfile_dict.get("version", "")
# Keep pins from the lockfile
if prefer_pipfile and lockfile_version != version and version.startswith("=="):
lockfile_dict["version"] = version
lockfile_entry[lockfile_name] = lockfile_dict
return lockfile_entry

Looks like this was introduced by 552d127, which activated the (unused) changes made much earlier in a08a2da.

@frostming frostming mentioned this issue May 29, 2020
Closed
2 tasks
GPHemsley added a commit to GPHemsley/pipenv that referenced this issue May 29, 2020
@GPHemsley
pypa#4278: Don't pin wildcard versions in lockfile
873beae 
Fixes bug introduced by 552d127,
which activated the (unused) changes made much earlier in
a08a2da.
@GPHemsley GPHemsley mentioned this issue May 29, 2020
Merged
2 tasks
frostming added a commit that referenced this issue May 29, 2020
@frostming
Merge pull request #4283 from GPHemsley/issue-4278
800155f 
#4278: Don't pin wildcard versions in lockfile
@techalchemy techalchemy added the Type: Bug 🐛 This issue is a bug. label May 29, 2020
@frostming frostming mentioned this issue May 29, 2020
Closed
@frostming frostming added this to the 2020.6.x bugfix release milestone Jun 1, 2020
@dependabot dependabot bot mentioned this issue Mar 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug 🐛 This issue is a bug.
Projects
None yet
Milestone
2020.6.x bugfix release
3 participants
@GPHemsley @techalchemy @frostming