Skip to content

Last default dependency being marked as local and editable #4480

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#4512
Closed
Last default dependency being marked as local and editable#4480
#4512
Labels
Type: Bug 🐛This issue is a bug.Type: Vendored DependenciesThis issue affects vendored dependencies within pipenv.
@gregflynn

Description

@gregflynn
gregflynn
opened on Oct 1, 2020

Checked out diagnose documentation for common issues. I outlined my (possibly flawed) workflow in the steps to reproduce below. I've been fussing around with this for a couple weeks blaming myself, and would love for this to be a me-bug.

Issue description

Last external package listed in the default section of Pipfile.lock is incorrectly being marked as local and editable

Expected result

Last external package listed is still provided from pypi

Actual result

My Pipfile.lock get this diff included in it, which breaks CI and other users for obvious reasons:

             "version": "==1.25.10"
         },
         "wrapt": {
-            "hashes": [
-                "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7"
-            ],
-            "version": "==1.12.1"
+            "editable": true,
+            "path": "."
         }
     },
     "develop": {

Steps to replicate

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]
flake8 = "3.8.3"
pytest = "5.4.3"
pytest-cov = "2.10.0"
termcolor = "1.1.0"

[packages]
mycli = {editable = true, path = "."}

[requires]
python_version = "3.7"

(mycli has a setup.py to facilitate creating an entrypoint for python click and defines non-dev dependencies)

The project is a CLI utility and we clone the repository and install via:
PIPENV_IGNORE_VIRTUALENVS=1 PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy

As a developer adding a new dependency, I edit the setup.py and run:
pipenv lock

This generates a Pipfile.lock file that does include my new dependency, but also a malformed last default dependency (I've had the issue with multiple packages that are near the end of the alphabet in that position, specifically wrapt and zipp)

I am able to workaround the issue and generate a correct Pipfile.lock by:
rm -rf Pipfile.lock .venv
and
pipenv lock

I am purposefully omitting the pipenv --support output because the application I'm working on is proprietary and I worry about leaking details of our environment (or our security team yelling at me 😆). If there are specific snippets i can scrub and provide I would be glad to, just didn't want to scrub the whole thing up front.

Thank you for reading and again, hope I'm just being dumb.
Thanks!

Metadata

Assignees

No one assigned

    Labels

    Type: Bug 🐛This issue is a bug.Type: Vendored DependenciesThis issue affects vendored dependencies within pipenv.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions