pipenv install --skip-lock downloads a different version of packages than specified in Pipfile #6288
Description
Issue description
In pipenv version 2024.2.0, the pipenv install command with the --skip-lock flag downloads a different version of a package than what is specified in the Pipfile. When I don't use the --skip-lock flag, the correct version of the package gets installed. This behavior is different than past versions of pipenv (e.g. 2024.1.0).
Expected result
This output is from pipenv version 2024.1.0. The expected result is that gunicorn==20.0.2 would be downloaded as specified in the Pipfile.
Note how it says Preparing Installation of 'gunicorn==20.0.2' in the output.
$ python3.12 -m pipenv install --skip-lock --python 3.12 --verbose
The flag --skip-lock has been reintroduced (but is not recommended). Without the lock resolver it is difficult to manage multiple package
indexes, and hash checking is not provided. However it can help manage installs with current deficiencies in locking across platforms.
Using python: 3.12
Path to python: /usr/bin/python3.12
Creating a virtualenv for this project
Pipfile: /var/app/current/Pipfile
Using /usr/bin/python3.123.12.7 to create virtualenv...
⠇ Creating virtual environment...created virtual environment CPython3.12.7.final.0-64 in 434ms
creator CPython3Posix(dest=/home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(download=False, pip=bundle, via=copy, app_data_dir=/home/ec2-user/.local/share/virtualenv)
added seed packages: pip==24.2
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe
Warning: Your Pipfile requires python_version 3.7, but you are using 3.12.7 (/home/e/.local/share/v/c/bin/python).
$ pipenv --rm and rebuilding the virtual environment may resolve the issue.
$ pipenv check will surely fail.
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
Installing dependencies from Pipfile...
Writing supplied requirement line to temporary file: 'gunicorn==20.0.2'
Install Phase: Editable Requirements
Preparing Installation of 'gunicorn==20.0.2'
$ /home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe/bin/python /opt/elasticbeanstalk/site-packages/pipenv/patched/pip/__pip-runner__.py
install -i https://pypi.org/simple --no-input --upgrade -r /tmp/pipenv-_jqk04c6-requirements/pipenv-kxvco_vi-reqs.txt
Using source directory: '/home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe/src'
Collecting gunicorn==20.0.2 (from -r /tmp/pipenv-_jqk04c6-requirements/pipenv-kxvco_vi-reqs.txt (line 1))
Downloading gunicorn-20.0.2-py2.py3-none-any.whl.metadata (3.5 kB)
Collecting setuptools>=3.0 (from gunicorn==20.0.2->-r /tmp/pipenv-_jqk04c6-requirements/pipenv-kxvco_vi-reqs.txt (line 1))
Downloading setuptools-75.3.0-py3-none-any.whl.metadata (6.9 kB)
Downloading gunicorn-20.0.2-py2.py3-none-any.whl (115 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 115.6/115.6 kB 4.5 MB/s eta 0:00:00
Downloading setuptools-75.3.0-py3-none-any.whl (1.3 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.3/1.3 MB 30.7 MB/s eta 0:00:00
Installing collected packages: setuptools, gunicorn
Successfully installed gunicorn-20.0.2 setuptools-75.3.0
Actual result
This output is from pipenv 2024.2.0. The latest gunicorn version gets downloaded even though I requested gunicorn==20.0.2 in the Pipfile.
Note how it says: Preparing Installation of 'gunicorn' without specifying the version. The expected output has the version here so I think there is an issue with parsing the version from the pipfile.
$ python3.12 -m pipenv install --skip-lock --verbose --python 3.12
The flag --skip-lock has been reintroduced (but is not recommended). Without the lock resolver it is difficult to manage multiple package
indexes, and hash checking is not provided. However it can help manage installs with current deficiencies in locking across platforms.
Using python: 3.12
Path to python: /usr/bin/python3.12
Creating a virtualenv for this project
Pipfile: /var/app/current/Pipfile
Using /usr/bin/python3.123.12.7 to create virtualenv...
⠙ Creating virtual environment...created virtual environment CPython3.12.7.final.0-64 in 87ms
creator CPython3Posix(dest=/home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(download=False, pip=bundle, via=copy, app_data_dir=/home/ec2-user/.local/share/virtualenv)
added seed packages: pip==24.2
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
Installing dependencies from Pipfile...
Writing supplied requirement line to temporary file: 'gunicorn'
Install Phase: Editable Requirements
Preparing Installation of 'gunicorn'
$ /home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe/bin/python /opt/elasticbeanstalk/site-packages/pipenv/patched/pip/__pip-runner__.py
install -i https://pypi.org/simple --no-input --upgrade -r /tmp/pipenv-cjv9xome-requirements/pipenv-jns991_3-reqs.txt
Using source directory: '/home/ec2-user/.local/share/virtualenvs/current-nIaIHBPe/src'
Collecting gunicorn (from -r /tmp/pipenv-cjv9xome-requirements/pipenv-jns991_3-reqs.txt (line 1))
Using cached gunicorn-23.0.0-py3-none-any.whl.metadata (4.4 kB)
Collecting packaging (from gunicorn->-r /tmp/pipenv-cjv9xome-requirements/pipenv-jns991_3-reqs.txt (line 1))
Using cached packaging-24.1-py3-none-any.whl.metadata (3.2 kB)
Using cached gunicorn-23.0.0-py3-none-any.whl (85 kB)
Using cached packaging-24.1-py3-none-any.whl (53 kB)
Installing collected packages: packaging, gunicorn
Successfully installed gunicorn-23.0.0 packaging-24.1
Steps to replicate
Pipfile:
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
gunicorn = "==20.0.2"
Command:
python3.12 -m pipenv install --skip-lock --verbose --python 3.12
$ pipenv --support
Pipenv version: '2024.2.0'
Pipenv location: '/opt/elasticbeanstalk/site-packages/pipenv'
Python location: '/usr/bin/python3.12'
OS Name: 'posix'
User pip version: '24.2'
user Python installations found:
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.12.7',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '6.1.112-122.189.amzn2023.x86_64',
'platform_system': 'Linux',
'platform_version': '#1 SMP PREEMPT_DYNAMIC Tue Oct 8 17:02:11 UTC 2024',
'python_full_version': '3.12.7',
'python_version': '3.12',
'sys_platform': 'linux'}
System environment variables:
SHELLHISTCONTROLSYSTEMD_COLORSHISTSIZEHOSTNAMEPWDLOGNAMEXDG_SESSION_TYPEMOTD_SHOWNHOMELANGLS_COLORSSSH_CONNECTIONXDG_SESSION_CLASSSELINUX_ROLE_REQUESTEDTERMLESSOPENUSERSELINUX_USE_CURRENT_RANGESHLVLXDG_SESSION_IDXDG_RUNTIME_DIRS_COLORSSSH_CLIENTwhich_declarePATHSELINUX_LEVEL_REQUESTEDDBUS_SESSION_BUS_ADDRESSMAILSSH_TTYOLDPWDBASH_FUNC_which%%_PIP_DISABLE_PIP_VERSION_CHECKPYTHONDONTWRITEBYTECODEPYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH:/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbinSHELL:/bin/bashLANG:en_US.UTF-8PWD:/var/app/current
Contents of Pipfile ('/var/app/current/Pipfile'):
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
gunicorn = "==20.0.2"