pipenv install not respecting lock file since 2024.3.1 release. #6306
Description
Issue description
When running pipenv install using pipenv 2024.3.0, my lockfile appears to be respected and the correct dependency versions from it are installed. When doing the same with 2024.3.1, far newer versions of the dependencies are installed.
Expected result
The versions specified in the lock file should be used.
Actual result
The latest version of dependencies are installed instead.
Steps to replicate
To reproduce I've made this Dockerfile.
FROM python:3.9
WORKDIR /tmp/
RUN pip install pipenv==2024.3.1
RUN cat <<EOF > Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
sh = "*"
EOF
RUN cat <<EOF > Pipfile.lock
{
"_meta": {
"hash": {
"sha256": "f9adf532d46f4787b6afe331abe415d5698ef7523cd6225605328b61f361d427"
},
"pipfile-spec": 6,
"requires": {},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"sh": {
"hashes": [
"sha256:39aa9af22f6558a0c5d132881cf43e34828ca03e4ae11114852ca6a55c7c1d8e",
"sha256:75e86a836f47de095d4531718fe8489e6f7446c75ddfa5596f632727b919ffae"
],
"index": "pypi",
"version": "==1.14.1"
}
},
"develop": {}
}
EOF
RUN pipenv install
RUN (pipenv graph | grep 1.14.1) || (pipenv graph && false)
When building this Dockerfile the build fails on the last stage as pipenv has not installed sh 1.14.1 and instead used sh 2.1.0.
The problem does not reproduce if the pipenv version is changed to 2024.3.0, or the --deploy flag is added to the install command.
$ pipenv --support
Pipenv version: '2024.3.1'
Pipenv location: '/usr/local/lib/python3.9/site-packages/pipenv'
Python location: '/usr/local/bin/python3.9'
OS Name: 'posix'
User pip version: '24.2'
user Python installations found:
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.9.20',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '6.8.0-47-generic',
'platform_system': 'Linux',
'platform_version': '#47~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Oct 2 '
'16:16:55 UTC 2',
'python_full_version': '3.9.20',
'python_version': '3.9',
'sys_platform': 'linux'}
System environment variables:
PATHHOSTNAMETERMLANGGPG_KEYPYTHON_VERSIONPYTHON_SHA256HOMEPIP_DISABLE_PIP_VERSION_CHECKPYTHONDONTWRITEBYTECODEPYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binLANG:C.UTF-8
Contents of Pipfile ('/tmp/Pipfile'):
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
sh = "*"
Contents of Pipfile.lock ('/tmp/Pipfile.lock'):
{
"_meta": {
"hash": {
"sha256": "f9adf532d46f4787b6afe331abe415d5698ef7523cd6225605328b61f361d427"
},
"pipfile-spec": 6,
"requires": {},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"sh": {
"hashes": [
"sha256:7e27301c574bec8ca5bf6f211851357526455ee97cd27a7c4c6cc5e2375399cb",
"sha256:bf5e44178dd96a542126c2774e9b7ab1d89bfe0e2ef84d92e6d0ed7358d63d01"
],
"index": "pypi",
"markers": "python_full_version >= '3.8.1' and python_version < '4.0'",
"version": "==2.1.0"
}
},
"develop": {}
}