[BUG] sub-dependency issue

[MMollyy]

Currently I am trying to lock dependencies for prospector 1.3.1 without having changed any packages and I am getting the following error:

ERROR: Could not find a version that matches pycodestyle<2.7.0,<2.8.0,>=2.6.0,>=2.7.0 (from prospector==1.3.1->-r /tmp/pipenv0fymoebqrequirements/pipenv-4khb0szd-constraints.txt (line 10))
Tried: 2.0.0, 2.0.0, 2.1.0, 2.1.0, 2.2.0, 2.2.0, 2.3.0, 2.3.0, 2.3.1, 2.3.1, 2.4.0, 2.4.0, 2.5.0, 2.5.0, 2.6.0, 2.6.0, 2.7.0, 2.7.0
Skipped pre-versions: 1.8.0.dev0, 1.8.0.dev0, 2.0.0a1, 2.0.0a1, 2.6.0a1, 2.6.0a1
There are incompatible versions in the resolved dependencies:
  pycodestyle<2.7.0,>=2.6.0 (from prospector==1.3.1->-r /tmp/pipenv0fymoebqrequirements/pipenv-4khb0szd-constraints.txt (line 10))
  pycodestyle<2.8.0,>=2.7.0 (from flake8==3.9.0->flake8-polyfill==1.0.2->pep8-naming==0.10.0->prospector==1.3.1->-r /tmp/pipenv0fymoebqrequirements/pipenv-4khb0szd-constraints.txt (line 10))

I looked into our master branch pipfile.lock and noticed that the flake8 was set to 3.8.4 in the previous merge we did to our master branch:

"prospector": {
            "hashes": [
                "sha256:700d7918d93d73035a2a58fb18c6be0b609a0481fc6e0908843fa856b89e52c6"
            ],
            "index": "pypi",
            "version": "==1.3.1"
        },
"flake8": {
            "hashes": [
                "sha256:749dbbd6bfd0cf1318af27bf97a14e28e5ff548ef8e5b1566ccfb25a11e7c839",
                "sha256:aadae8761ec651813c24be05c6f7b4680857ef6afaae4651a4eccaef97ce6c3b"
            ],
            "version": "==3.8.4"
        },

However, when im trying to lock packages right now it's trying to use 3.9.0 and the incompatibility is that flake8 looking for pycodestyle >= 2.7.0, while prospector is simultaneously trying <2.7.0

My Pipfile currently looks like:

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[dev-packages]

# Documenting
sphinx = "~=2.1.2"
sphinx-rtd-theme = "~=0.4.3"
prospector = "==1.3.1"
coverage = "~=4.5.4"
nose = "~=1.3.7"
nose-htmloutput = "~=0.6.0"
tox = "~=3.13.2"
betamax = "~=0.8.1"
semver = "~=2.8.1"
gitwrapperlib = "~=0.9.1"
twine = "~=1.13.0"
coloredlogs = "~=10.0"
emoji = "~=0.5.4"
toml = "~=0.10.0"

[packages]

I would expect packages are pinned and prospector not failing on sub-dependencies.

Environment (please complete the following information):

• OS: Windows & Linux
  python --version
  Python 3.7.3

A similar issue had been reported before: #285

[MMollyy]

for now i've added flake8 3.8.4 into the dev-packages while pinning prospector to 1.3.1

[BeebBenjamin]

Getting the same problem, it's only just appeared in the last few weeks since the last time I updated my lockfile.

MMollyy's temporary work around worked for me too.