pipenv refuses to update a dependency in Pipfile.lock if it is not mentioned in Pipfile

[immerrr]

Be sure to check the existing issues (both open and closed!), and make sure you are running the latest version of Pipenv.

Check the diagnose documentation for common issues before posting! We may close your issue if it is very similar to one of them. Please be considerate, or be on your way.

Make sure to mention your debugging experience if the documented solution failed.

Issue description

While trying to come up with a PR to fix the problem with customized Python versions raising errors I've found a problem with pythonfinder's Pipfile.lock: it mentioned vistir==0.1.1 whereas it was using features from vistir==0.1.7:

~/src/pythonfinder/src/pythonfinder/utils.py in get_python_version(path)
     30     version_cmd = [path, "-c", "import sys; print(sys.version.split()[0])"]
     31     try:
---> 32         out, _ = vistir.misc.run(version_cmd, block=True, nospin=True)
     33     except OSError:
     34         raise InvalidPythonVersion("%s is not a valid python path" % path)

TypeError: run() got an unexpected keyword argument 'block'

Then I tried to update only vistir version to ensure pipenv doesn't touch anything else unless it has to and I did this:

$ pipenv update --keep-outdated vistir
Warning: vistir was not found in your Pipfile! Aborting.
Aborted!

But as you can see, pipenv refuses to lock a fresher version, because it turns out that vistir is fetched as a dependency of pythonfinder itself, which is mentioned in the Pipfile.

Expected result

In this particular case, I'll probably just add vistir to the list of default packages, but I think it should be possible for Pipenv to update a thirdparty dependency without mentioning it in Pipfile explicitly.

Actual result

pipenv complains that vistir is not in Pipfile and exits.

Steps to replicate

$ git clone [email protected]:sarugaku/pythonfinder
$ cd pythonfinder
$ git checkout f072cf19cfebff73229a19e24bfffd378716d742
$ pipenv update --keep-outdated vistir

---

$ pipenv --support

Pipenv version: '2018.10.10.dev0'

Pipenv location: '/home/immerrr/src/pipenv/pipenv'

Python location: '/usr/bin/python'

Python installations found:

• 3.6.4: /home/immerrr/src/pyenv/versions/3.6.4/bin/python3.6m
• 3.5.2: /usr/bin/python3.5
• 3.5.2: /usr/bin/python3.5m
• 3.6.4: /home/immerrr/src/pyenv/versions/3.6.4/bin/python3.6
• 2.7.12: /usr/bin/python2.7
• 3.6.6: /mnt/extraspace/virtualenvs/pythonfinder-o0EK7psS/bin/python3.6m
• 3.6.6: /home/immerrr/src/pyenv/versions/3.6.6/bin/python3.6m
• 3.7.0: /home/immerrr/src/pyenv/versions/3.7.0/bin/python3.7m
• 3.6.6: /home/immerrr/src/pyenv/versions/3.6.6/bin/python3.6
• 3.7.0: /home/immerrr/src/pyenv/versions/3.7.0/bin/python3.7

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '0',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.15.0-32-generic',
 'platform_system': 'Linux',
 'platform_version': '#35~16.04.1-Ubuntu SMP Fri Aug 10 21:54:34 UTC 2018',
 'python_full_version': '2.7.12',
 'python_version': '2.7',
 'sys_platform': 'linux2'}

System environment variables:

• HISTTIMEFORMAT
• UPSTART_EVENTS
• PYTHONDONTWRITEBYTECODE
• XDG_SESSION_TYPE
• LC_PAPER
• VIRTUAL_ENV
• SHELL
• XDG_DATA_DIRS
• MANDATORY_PATH
• TERMINATOR_UUID
• QT_ACCESSIBILITY
• UNITY_DEFAULT_PROFILE
• HISTSIZE
• UPSTART_INSTANCE
• JOB
• SESSION
• CLUTTER_IM_MODULE
• XMODIFIERS
• JAVA_HOME
• GTK2_MODULES
• WORKON_HOME
• XDG_RUNTIME_DIR
• COMPIZ_BIN_PATH
• J2SDKDIR
• XDG_SESSION_ID
• DBUS_SESSION_BUS_ADDRESS
• DEFAULTS_PATH
• DESKTOP_SESSION
• GTK_MODULES
• INSTANCE
• XDG_MENU_PREFIX
• LS_COLORS
• IRIVERCP
• GNOME_DESKTOP_SESSION_ID
• LESSOPEN
• USER
• XDG_VTNR
• PS1
• XAUTHORITY
• LANGUAGE
• LC_MEASUREMENT
• QT_QPA_PLATFORMTHEME
• COMPIZ_CONFIG_PROFILE
• EDITOR
• GPG_AGENT_INFO
• LANG
• GDMSESSION
• UPSTART_JOB
• TERMINATOR_DBUS_NAME
• XDG_SEAT_PATH
• PIP_PYTHON_PATH
• _
• GTK_IM_MODULE
• XDG_CONFIG_DIRS
• PYENV_ROOT
• PIP_SHIMS_BASE_MODULE
• LC_TIME
• HISTFILE
• XDG_GREETER_DATA_DIR
• QT4_IM_MODULE
• HOME
• DISPLAY
• XDG_SESSION_DESKTOP
• QT_LINUX_ACCESSIBILITY_ALWAYS_ON
• PIPENV_ACTIVE
• AIRFLOW_HOME
• VTE_VERSION
• TERMINATOR_DBUS_PATH
• XDG_CURRENT_DESKTOP
• LESSCLOSE
• GNOME_KEYRING_PID
• J2REDIR
• UNITY_HAS_3D_SUPPORT
• QT_IM_MODULE
• LOGNAME
• XDG_SEAT
• GNOME_KEYRING_CONTROL
• PATH
• TERM
• XDG_SESSION_PATH
• SESSIONTYPE
• IM_CONFIG_PHASE
• GIO_LAUNCHED_DESKTOP_FILE_PID
• HISTFILESIZE
• GIO_LAUNCHED_DESKTOP_FILE
• COLORTERM
• SSH_AUTH_SOCK
• TZ
• DERBY_HOME
• UPSTART_SESSION
• GPGKEY
• GDM_LANG
• HISTCONTROL
• SHLVL
• PWD

Pipenv–specific environment variables:

• PIPENV_ACTIVE: 1

Debug–specific environment variables:

• PATH: /mnt/extraspace/virtualenvs/pythonfinder-o0EK7psS/bin:/home/immerrr/.gem/ruby/2.3.0/bin:/home/immerrr/.cask/bin:/home/immerrr/platform-tools:/home/immerrr/bin:/home/immerrr/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/lib/jvm/java-8-oracle/bin:/usr/lib/jvm/java-8-oracle/db/bin:/usr/lib/jvm/java-8-oracle/jre/bin:/home/immerrr/.rvm/bin:/home/immerrr/src/pyenv/bin
• SHELL: /bin/bash
• EDITOR: emacs -nw -q -l ~/.emacs.d/lisp/mmr-minimal.el
• LANG: en_US.UTF-8
• PWD: /home/immerrr/src/pythonfinder
• VIRTUAL_ENV: /mnt/extraspace/virtualenvs/pythonfinder-o0EK7psS

---

Contents of Pipfile ('/home/immerrr/src/pythonfinder/Pipfile'):

[packages]

[dev-packages]
"flake8" = "*"
sphinx-click = "*"
pytest = "*"
mock = "*"
sphinx = "*"
twine = "*"
pytest-xdist = "*"
invoke = "*"
crayons = "*"
pythonfinder = {path = ".", editable = true}
sphinx-rtd-theme = "*"
rope = "*"
black = {version = "*", markers = "python_version>='3.6'"}
parver = "*"
towncrier = "*"

[scripts]
black = "python -m black src/pythonfinder"
draft = "inv release.generate-changelog --draft"
changelog = "inv release.generate-changelog --commit"
bump = "inv release.bump-version"
build = "inv release.build-dists"
upload = "inv release.upload-dists"
tag = "inv release.tag-version"
docs = "sphinx-apidoc --ext-autodoc --ext-viewcode --ext-intersphinx -o docs/ -A 'Dan Ryan <[email protected]>' -R 1.0.0 -V 1.0 -e -M -F src/pythonfinder"
mdchangelog = "pandoc CHANGELOG.rst -f rst -t markdown -o CHANGELOG.md"

[pipenv]
allow_prereleases = true

Contents of Pipfile.lock ('/home/immerrr/src/pythonfinder/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "aeaf2535ff986f019c127ef5358204487c14ed953421a3775cf7b45f574a0733"
        },
        "pipfile-spec": 6,
        "requires": {},
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {},
    "develop": {
        "alabaster": {
            "hashes": [
                "sha256:446438bdcca0e05bd45ea2de1668c1d9b032e1a9154c2c259092d77031ddd359",
                "sha256:a661d72d58e6ea8a57f7a86e37d86716863ee5e92788398526d58b26a4e4dc02"
            ],
            "version": "==0.7.12"
        },
        "apipkg": {
            "hashes": [
                "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6",
                "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c"
            ],
            "version": "==1.5"
        },
        "appdirs": {
            "hashes": [
                "sha256:9e5896d1372858f8dd3344faf4e5014d21849c756c8d5701f78f8a103b372d92",
                "sha256:d8b24664561d0d34ddfaec54636d502d7cea6e29c3eaf68f3df6180863e2166e"
            ],
            "version": "==1.4.3"
        },
        "arpeggio": {
            "hashes": [
                "sha256:a5258b84f76661d558492fa87e42db634df143685a0e51802d59cae7daad8732",
                "sha256:dc5c0541e7cc2c6033dc0338133436abfac53655624784736e9bc8bd35e56583"
            ],
            "version": "==1.9.0"
        },
        "atomicwrites": {
            "hashes": [
                "sha256:0312ad34fcad8fac3704d441f7b317e50af620823353ec657a53e981f92920c0",
                "sha256:ec9ae8adaae229e4f8446952d204a3e4b5fdd2d099f9be3aaf556120135fb3ee"
            ],
            "version": "==1.2.1"
        },
        "attrs": {
            "hashes": [
                "sha256:10cbf6e27dbce8c30807caf056c8eb50917e0eaafe86347671b57254006c3e69",
                "sha256:ca4be454458f9dec299268d472aaa5a11f67a4ff70093396e1ceae9c76cf4bbb"
            ],
            "version": "==18.2.0"
        },
        "babel": {
            "hashes": [
                "sha256:6778d85147d5d85345c14a26aada5e478ab04e39b078b0745ee6870c2b5cf669",
                "sha256:8cba50f48c529ca3fa18cf81fa9403be176d374ac4d60738b839122dfaaa3d23"
            ],
            "version": "==2.6.0"
        },
        "black": {
            "hashes": [
                "sha256:22158b89c1a6b4eb333a1e65e791a3f8b998cf3b11ae094adb2570f31f769a44",
                "sha256:4b475bbd528acce094c503a3d2dbc2d05a4075f6d0ef7d9e7514518e14cc5191"
            ],
            "index": "pypi",
            "markers": "python_version>='3.6'",
            "version": "==18.6b4"
        },
        "bleach": {
            "hashes": [
                "sha256:48d39675b80a75f6d1c3bdbffec791cf0bbbab665cf01e20da701c77de278718",
                "sha256:73d26f018af5d5adcdabf5c1c974add4361a9c76af215fe32fdec8a6fc5fb9b9"
            ],
            "version": "==3.0.2"
        },
        "cached-property": {
            "hashes": [
                "sha256:3a026f1a54135677e7da5ce819b0c690f156f37976f3e30c5430740725203d7f",
                "sha256:9217a59f14a5682da7c4b8829deadbfc194ac22e9908ccf7c8820234e80a1504"
            ],
            "version": "==1.5.1"
        },
        "certifi": {
            "hashes": [
                "sha256:376690d6f16d32f9d1fe8932551d80b23e9d393a8578c5633a2ed39a64861638",
                "sha256:456048c7e371c089d0a77a5212fb37a2c2dce1e24146e3b7e0261736aaeaa22a"
            ],
            "version": "==2018.8.24"
        },
        "cffi": {
            "hashes": [
                "sha256:151b7eefd035c56b2b2e1eb9963c90c6302dc15fbd8c1c0a83a163ff2c7d7743",
                "sha256:1553d1e99f035ace1c0544050622b7bc963374a00c467edafac50ad7bd276aef",
                "sha256:1b0493c091a1898f1136e3f4f991a784437fac3673780ff9de3bcf46c80b6b50",
                "sha256:2ba8a45822b7aee805ab49abfe7eec16b90587f7f26df20c71dd89e45a97076f",
                "sha256:3bb6bd7266598f318063e584378b8e27c67de998a43362e8fce664c54ee52d30",
                "sha256:3c85641778460581c42924384f5e68076d724ceac0f267d66c757f7535069c93",
                "sha256:3eb6434197633b7748cea30bf0ba9f66727cdce45117a712b29a443943733257",
                "sha256:495c5c2d43bf6cebe0178eb3e88f9c4aa48d8934aa6e3cddb865c058da76756b",
                "sha256:4c91af6e967c2015729d3e69c2e51d92f9898c330d6a851bf8f121236f3defd3",
                "sha256:57b2533356cb2d8fac1555815929f7f5f14d68ac77b085d2326b571310f34f6e",
                "sha256:770f3782b31f50b68627e22f91cb182c48c47c02eb405fd689472aa7b7aa16dc",
                "sha256:79f9b6f7c46ae1f8ded75f68cf8ad50e5729ed4d590c74840471fc2823457d04",
                "sha256:7a33145e04d44ce95bcd71e522b478d282ad0eafaf34fe1ec5bbd73e662f22b6",
                "sha256:857959354ae3a6fa3da6651b966d13b0a8bed6bbc87a0de7b38a549db1d2a359",
                "sha256:87f37fe5130574ff76c17cab61e7d2538a16f843bb7bca8ebbc4b12de3078596",
                "sha256:95d5251e4b5ca00061f9d9f3d6fe537247e145a8524ae9fd30a2f8fbce993b5b",
                "sha256:9d1d3e63a4afdc29bd76ce6aa9d58c771cd1599fbba8cf5057e7860b203710dd",
                "sha256:a36c5c154f9d42ec176e6e620cb0dd275744aa1d804786a71ac37dc3661a5e95",
                "sha256:a6a5cb8809091ec9ac03edde9304b3ad82ad4466333432b16d78ef40e0cce0d5",
                "sha256:ae5e35a2c189d397b91034642cb0eab0e346f776ec2eb44a49a459e6615d6e2e",
                "sha256:b0f7d4a3df8f06cf49f9f121bead236e328074de6449866515cea4907bbc63d6",
                "sha256:b75110fb114fa366b29a027d0c9be3709579602ae111ff61674d28c93606acca",
                "sha256:ba5e697569f84b13640c9e193170e89c13c6244c24400fc57e88724ef610cd31",
                "sha256:be2a9b390f77fd7676d80bc3cdc4f8edb940d8c198ed2d8c0be1319018c778e1",
                "sha256:ca1bd81f40adc59011f58159e4aa6445fc585a32bb8ac9badf7a2c1aa23822f2",
                "sha256:d5d8555d9bfc3f02385c1c37e9f998e2011f0db4f90e250e5bc0c0a85a813085",
                "sha256:e55e22ac0a30023426564b1059b035973ec82186ddddbac867078435801c7801",
                "sha256:e90f17980e6ab0f3c2f3730e56d1fe9bcba1891eeea58966e89d352492cc74f4",
                "sha256:ecbb7b01409e9b782df5ded849c178a0aa7c906cf8c5a67368047daab282b184",
                "sha256:ed01918d545a38998bfa5902c7c00e0fee90e957ce036a4000a88e3fe2264917",
                "sha256:edabd457cd23a02965166026fd9bfd196f4324fe6032e866d0f3bd0301cd486f",
                "sha256:fdf1c1dc5bafc32bc5d08b054f94d659422b05aba244d6be4ddc1c72d9aa70fb"
            ],
            "version": "==1.11.5"
        },
        "chardet": {
            "hashes": [
                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
            ],
            "version": "==3.0.4"
        },
        "click": {
            "hashes": [
                "sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
                "sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
            ],
            "version": "==7.0"
        },
        "cmarkgfm": {
            "hashes": [
                "sha256:0186dccca79483e3405217993b83b914ba4559fe9a8396efc4eea56561b74061",
                "sha256:1a625afc6f62da428df96ec325dc30866cc5781520cbd904ff4ec44cf018171c",
                "sha256:207b7673ff4e177374c572feeae0e4ef33be620ec9171c08fd22e2b796e03e3d",
                "sha256:275905bb371a99285c74931700db3f0c078e7603bed383e8cf1a09f3ee05a3de",
                "sha256:50098f1c4950722521f0671e54139e0edc1837d63c990cf0f3d2c49607bb51a2",
                "sha256:50ed116d0b60a07df0dc7b180c28569064b9d37d1578d4c9021cff04d725cb63",
                "sha256:61a72def110eed903cd1848245897bcb80d295cd9d13944d4f9f30cba5b76655",
                "sha256:64186fb75d973a06df0e6ea12879533b71f6e7ba1ab01ffee7fc3e7534758889",
                "sha256:665303d34d7f14f10d7b0651082f25ebf7107f29ef3d699490cac16cdc0fc8ce",
                "sha256:70b18f843aec58e4e64aadce48a897fe7c50426718b7753aaee399e72df64190",
                "sha256:761ee7b04d1caee2931344ac6bfebf37102ffb203b136b676b0a71a3f0ea3c87",
                "sha256:811527e9b7280b136734ed6cb6845e5fbccaeaa132ddf45f0246cbe544016957",
                "sha256:987b0e157f70c72a84f3c2f9ef2d7ab0f26c08f2bf326c12c087ff9eebcb3ff5",
                "sha256:9fc6a2183d0a9b0974ec7cdcdad42bd78a3be674cc3e65f87dd694419b3b0ab7",
                "sha256:a3d17ee4ae739fe16f7501a52255c2e287ac817cfd88565b9859f70520afffea",
                "sha256:ba5b5488719c0f2ced0aa1986376f7baff1a1653a8eb5fdfcf3f84c7ce46ef8d",
                "sha256:c573ea89dd95d41b6d8cf36799c34b6d5b1eac4aed0212dee0f0a11fb7b01e8f",
                "sha256:c5f1b9e8592d2c448c44e6bc0d91224b16ea5f8293908b1561de1f6d2d0658b1",
                "sha256:cbe581456357d8f0674d6a590b1aaf46c11d01dd0a23af147a51a798c3818034",
                "sha256:cf219bec69e601fe27e3974b7307d2f06082ab385d42752738ad2eb630a47d65",
                "sha256:cf5014eb214d814a83a7a47407272d5db10b719dbeaf4d3cfe5969309d0fcf4b",
                "sha256:d08bad67fa18f7e8ff738c090628ee0cbf0505d74a991c848d6d04abfe67b697",
                "sha256:d6f716d7b1182bf35862b5065112f933f43dd1aa4f8097c9bcfb246f71528a34",
                "sha256:e08e479102627641c7cb4ece421c6ed4124820b1758765db32201136762282d9",
                "sha256:e20ac21418af0298437d29599f7851915497ce9f2866bc8e86b084d8911ee061",
                "sha256:e25f53c37e319241b9a412382140dffac98ca756ba8f360ac7ab5e30cad9670a",
                "sha256:e8932bddf159064f04e946fbb64693753488de21586f20e840b3be51745c8c09",
                "sha256:f20900f16377f2109783ae9348d34bc80530808439591c3d3df73d5c7ef1a00c"
            ],
            "version": "==0.4.2"
        },
        "colorama": {
            "hashes": [
                "sha256:a3d89af5db9e9806a779a50296b5fdb466e281147c2c235e8225ecc6dbf7bbf3",
                "sha256:c9b54bebe91a6a803e0772c8561d53f2926bfeb17cd141fbabcb08424086595c"
            ],
            "version": "==0.4.0"
        },
        "crayons": {
            "hashes": [
                "sha256:5e17691605e564d63482067eb6327d01a584bbaf870beffd4456a3391bd8809d",
                "sha256:6f51241d0c4faec1c04c1c0ac6a68f1d66a4655476ce1570b3f37e5166a599cc"
            ],
            "index": "pypi",
            "version": "==0.1.2"
        },
        "docutils": {
            "hashes": [
                "sha256:02aec4bd92ab067f6ff27a38a38a41173bf01bed8f89157768c1573f53e474a6",
                "sha256:51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274",
                "sha256:7a4bd47eaf6596e1295ecb11361139febe29b084a87bf005bf899f9a42edc3c6"
            ],
            "version": "==0.14"
        },
        "execnet": {
            "hashes": [
                "sha256:a7a84d5fa07a089186a329528f127c9d73b9de57f1a1131b82bb5320ee651f6a",
                "sha256:fc155a6b553c66c838d1a22dba1dc9f5f505c43285a878c6f74a79c024750b83"
            ],
            "version": "==1.5.0"
        },
        "flake8": {
            "hashes": [
                "sha256:7253265f7abd8b313e3892944044a365e3f4ac3fcdcfb4298f55ee9ddf188ba0",
                "sha256:c7841163e2b576d435799169b78703ad6ac1bbb0f199994fc05f700b2a90ea37"
            ],
            "index": "pypi",
            "version": "==3.5.0"
        },
        "future": {
            "hashes": [
                "sha256:e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb"
            ],
            "version": "==0.16.0"
        },
        "idna": {
            "hashes": [
                "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e",
                "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16"
            ],
            "version": "==2.7"
        },
        "imagesize": {
            "hashes": [
                "sha256:3f349de3eb99145973fefb7dbe38554414e5c30abd0c8e4b970a7c9d09f3a1d8",
                "sha256:f3832918bc3c66617f92e35f5d70729187676313caa60c187eb0f28b8fe5e3b5"
            ],
            "version": "==1.1.0"
        },
        "incremental": {
            "hashes": [
                "sha256:717e12246dddf231a349175f48d74d93e2897244939173b01974ab6661406b9f",
                "sha256:7b751696aaf36eebfab537e458929e194460051ccad279c72b755a167eebd4b3"
            ],
            "version": "==17.5.0"
        },
        "invoke": {
            "hashes": [
                "sha256:1c2cf54c9b9af973ad9704d8ba81b225117cab612568cacbfb3fc42958cc20a9",
                "sha256:334495ea16e73948894e9535019f87a88a44b73e7977492b12c2d1b5085f8197",
                "sha256:54bdd3fd0245abd1185e05359fd2e4f26be0657cfe7d7bb1bed735e054fa53ab"
            ],
            "index": "pypi",
            "version": "==1.1.1"
        },
        "jinja2": {
            "hashes": [
                "sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd",
                "sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4"
            ],
            "version": "==2.10"
        },
        "markupsafe": {
            "hashes": [
                "sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
            ],
            "version": "==1.0"
        },
        "mccabe": {
            "hashes": [
                "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42",
                "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"
            ],
            "version": "==0.6.1"
        },
        "mock": {
            "hashes": [
                "sha256:5ce3c71c5545b472da17b72268978914d0252980348636840bd34a00b5cc96c1",
                "sha256:b158b6df76edd239b8208d481dc46b6afd45a846b7812ff0ce58971cf5bc8bba"
            ],
            "index": "pypi",
            "version": "==2.0.0"
        },
        "more-itertools": {
            "hashes": [
                "sha256:c187a73da93e7a8acc0001572aebc7e3c69daf7bf6881a2cea10650bd4420092",
                "sha256:c476b5d3a34e12d40130bc2f935028b5f636df8f372dc2c1c01dc19681b2039e",
                "sha256:fcbfeaea0be121980e15bc97b3817b5202ca73d0eae185b4550cbfce2a3ebb3d"
            ],
            "version": "==4.3.0"
        },
        "packaging": {
            "hashes": [
                "sha256:0886227f54515e592aaa2e5a553332c73962917f2831f1b0f9b9f4380a4b9807",
                "sha256:f95a1e147590f204328170981833854229bb2912ac3d5f89e2a8ccd2834800c9"
            ],
            "version": "==18.0"
        },
        "parver": {
            "hashes": [
                "sha256:ac4afff688d19d5e1876bb68d4bccc1a1b6a5cc8bd6a646939a14d366695ba15",
                "sha256:f025fba8f88a9c776971df6d62b6cf7f37d1108f84c163bda91e157d7d527075"
            ],
            "index": "pypi",
            "version": "==0.1.1"
        },
        "pbr": {
            "hashes": [
                "sha256:1be135151a0da949af8c5d0ee9013d9eafada71237eb80b3ba8896b4f12ec5dc",
                "sha256:cf36765bf2218654ae824ec8e14257259ba44e43b117fd573c8d07a9895adbdd"
            ],
            "version": "==4.3.0"
        },
        "pkginfo": {
            "hashes": [
                "sha256:5878d542a4b3f237e359926384f1dde4e099c9f5525d236b1840cf704fa8d474",
                "sha256:a39076cb3eb34c333a0dd390b568e9e1e881c7bf2cc0aee12120636816f55aee"
            ],
            "version": "==1.4.2"
        },
        "pluggy": {
            "hashes": [
                "sha256:6e3836e39f4d36ae72840833db137f7b7d35105079aee6ec4a62d9f80d594dd1",
                "sha256:95eb8364a4708392bae89035f45341871286a333f749c3141c20573d2b3876e1"
            ],
            "version": "==0.7.1"
        },
        "py": {
            "hashes": [
                "sha256:06a30435d058473046be836d3fc4f27167fd84c45b99704f2fb5509ef61f9af1",
                "sha256:50402e9d1c9005d759426988a492e0edaadb7f4e68bcddfea586bc7432d009c6"
            ],
            "version": "==1.6.0"
        },
        "pycodestyle": {
            "hashes": [
                "sha256:682256a5b318149ca0d2a9185d365d8864a768a28db66a84a2ea946bcc426766",
                "sha256:6c4245ade1edfad79c3446fadfc96b0de2759662dc29d07d80a6f27ad1ca6ba9"
            ],
            "version": "==2.3.1"
        },
        "pycparser": {
            "hashes": [
                "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3"
            ],
            "version": "==2.19"
        },
        "pyflakes": {
            "hashes": [
                "sha256:08bd6a50edf8cffa9fa09a463063c425ecaaf10d1eb0335a7e8b1401aef89e6f",
                "sha256:8d616a382f243dbf19b54743f280b80198be0bca3a5396f1d2e1fca6223e8805"
            ],
            "version": "==1.6.0"
        },
        "pygments": {
            "hashes": [
                "sha256:78f3f434bcc5d6ee09020f92ba487f95ba50f1e3ef83ae96b9d5ffa1bab25c5d",
                "sha256:dbae1046def0efb574852fab9e90209b23f556367b5a320c0bcb871c77c3e8cc"
            ],
            "version": "==2.2.0"
        },
        "pyparsing": {
            "hashes": [
                "sha256:bc6c7146b91af3f567cf6daeaec360bc07d45ffec4cf5353f4d7a208ce7ca30a",
                "sha256:d29593d8ebe7b57d6967b62494f8c72b03ac0262b1eed63826c6f788b3606401"
            ],
            "version": "==2.2.2"
        },
        "pytest": {
            "hashes": [
                "sha256:86a8dbf407e437351cef4dba46736e9c5a6e3c3ac71b2e942209748e76ff2086",
                "sha256:e74466e97ac14582a8188ff4c53e6cc3810315f342f6096899332ae864c1d432"
            ],
            "index": "pypi",
            "version": "==3.7.1"
        },
        "pytest-forked": {
            "hashes": [
                "sha256:e4500cd0509ec4a26535f7d4112a8cc0f17d3a41c29ffd4eab479d2a55b30805",
                "sha256:f275cb48a73fc61a6710726348e1da6d68a978f0ec0c54ece5a5fae5977e5a08"
            ],
            "version": "==0.2"
        },
        "pytest-xdist": {
            "hashes": [
                "sha256:3308c4f6221670432d01e0b393b333d77c1fd805532e1d64450e8140855eb51b",
                "sha256:cce08b4b7f56d34d43b365e2b3667ebb8edcf91d01c2a8fccf45c56d37e71bc1"
            ],
            "index": "pypi",
            "version": "==1.22.5"
        },
        "pythonfinder": {
            "editable": true,
            "path": "."
        },
        "pytz": {
            "hashes": [
                "sha256:a061aa0a9e06881eb8b3b2b43f05b9439d6583c206d0a6c340ff72a7b6669053",
                "sha256:ffb9ef1de172603304d9d2819af6f5ece76f2e85ec10692a524dd876e72bf277"
            ],
            "version": "==2018.5"
        },
        "readme-renderer": {
            "hashes": [
                "sha256:237ca8705ffea849870de41101dba41543561da05c0ae45b2f1c547efa9843d2",
                "sha256:f75049a3a7afa57165551e030dd8f9882ebf688b9600535a3f7e23596651875d"
            ],
            "version": "==22.0"
        },
        "requests": {
            "hashes": [
                "sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1",
                "sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a"
            ],
            "version": "==2.19.1"
        },
        "requests-toolbelt": {
            "hashes": [
                "sha256:42c9c170abc2cacb78b8ab23ac957945c7716249206f90874651971a4acff237",
                "sha256:f6a531936c6fa4c6cfce1b9c10d5c4f498d16528d2a54a22ca00011205a187b5"
            ],
            "version": "==0.8.0"
        },
        "rope": {
            "hashes": [
                "sha256:a108c445e1cd897fe19272ab7877d172e7faf3d4148c80e7d20faba42ea8f7b2"
            ],
            "index": "pypi",
            "version": "==0.11.0"
        },
        "six": {
            "hashes": [
                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
            ],
            "version": "==1.11.0"
        },
        "snowballstemmer": {
            "hashes": [
                "sha256:919f26a68b2c17a7634da993d91339e288964f93c274f1343e3bbbe2096e1128",
                "sha256:9f3bcd3c401c3e862ec0ebe6d2c069ebc012ce142cce209c098ccb5b09136e89"
            ],
            "version": "==1.2.1"
        },
        "sphinx": {
            "hashes": [
                "sha256:217ad9ece2156ed9f8af12b5d2c82a499ddf2c70a33c5f81864a08d8c67b9efc",
                "sha256:a765c6db1e5b62aae857697cd4402a5c1a315a7b0854bbcd0fc8cdc524da5896"
            ],
            "index": "pypi",
            "version": "==1.7.6"
        },
        "sphinx-click": {
            "hashes": [
                "sha256:0550d3e5dcd6244847bd0861ebe64101a2ef302913866e0ccd9095b2aa230051",
                "sha256:404784f724504e3da2cb056767ba64955c4bfb9bfca8cfedd7142a962bafd70f"
            ],
            "index": "pypi",
            "version": "==1.3.0"
        },
        "sphinx-rtd-theme": {
            "hashes": [
                "sha256:3b49758a64f8a1ebd8a33cb6cc9093c3935a908b716edfaa5772fd86aac27ef6",
                "sha256:80e01ec0eb711abacb1fa507f3eae8b805ae8fa3e8b057abfdf497e3f644c82c"
            ],
            "index": "pypi",
            "version": "==0.4.1"
        },
        "sphinxcontrib-websupport": {
            "hashes": [
                "sha256:68ca7ff70785cbe1e7bccc71a48b5b6d965d79ca50629606c7861a21b206d9dd",
                "sha256:9de47f375baf1ea07cdb3436ff39d7a9c76042c10a769c52353ec46e4e8fc3b9"
            ],
            "version": "==1.1.0"
        },
        "toml": {
            "hashes": [
                "sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c",
                "sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e"
            ],
            "version": "==0.10.0"
        },
        "towncrier": {
            "hashes": [
                "sha256:3c0da1de042861df9030c0608d346d55cabe14cfa7cf04045f22b0af63eb8aa7",
                "sha256:cfde66ada782db9269407eaefb38562d3d2a4bc4d7647c0b2197ed184b869aae"
            ],
            "index": "pypi",
            "version": "==18.6.0"
        },
        "tqdm": {
            "hashes": [
                "sha256:18f1818ce951aeb9ea162ae1098b43f583f7d057b34d706f66939353d1208889",
                "sha256:df02c0650160986bac0218bb07952245fc6960d23654648b5d5526ad5a4128c9"
            ],
            "version": "==4.26.0"
        },
        "twine": {
            "hashes": [
                "sha256:08eb132bbaec40c6d25b358f546ec1dc96ebd2638a86eea68769d9e67fe2b129",
                "sha256:2fd9a4d9ff0bcacf41fdc40c8cb0cfaef1f1859457c9653fd1b92237cc4e9f25"
            ],
            "index": "pypi",
            "version": "==1.11.0"
        },
        "urllib3": {
            "hashes": [
                "sha256:a68ac5e15e76e7e5dd2b8f94007233e01effe3e50e8daddf69acfd81cb686baf",
                "sha256:b5725a0bd4ba422ab0e66e89e030c806576753ea3ee08554382c14e685d117b5"
            ],
            "version": "==1.23"
        },
        "vistir": {
            "hashes": [
                "sha256:06e9d8b26d757e6a5d3a168463023067b3ef2be2793d6a5887f6c4496c82b2b9",
                "sha256:0c62181f430164764714b7cad4fd5b98f9f34afca36a278b942b99502c2dfb0b"
            ],
            "version": "==0.1.7"
        },
        "webencodings": {
            "hashes": [
                "sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78",
                "sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923"
            ],
            "version": "==0.5.1"
        }
    }
}

[immerrr]

Oh, right, --keep-outdated is also broken (#966 and #1554).

[uranusjr]

This is not really viable with how update is designed currently. We are experimenting a new locking mechanism, and if that works, maybe it will be able to do this. For this particular case though, the recommended approach is to re-generate the whole lock file.

I’m closing this since there is not a way forward at the current time. Feel free to suggest this in the future if/when we switch to the new mechanism (you’ll know when that happens).

[JeanFred]

@uranusjr Thanks for the explanation, I understand this is not how update is supposed to work. However, this is currently how the Example Pipenv Upgrade Workflow implicitly suggests it works:

• Find out what’s changed upstream: $ pipenv update --outdated.
• Upgrade packages, two options:
  • Want to upgrade everything? Just do $ pipenv update.
  • Want to upgrade packages one-at-a-time? $ pipenv update <pkg> for each outdated package.

Would a PR adding a note be welcome? Something along the lines of

Note this only works if <pkg> is explicitly specified in the Pipfile. If it a transitive dependency, then there is at the moment no way to only update it, but to run pipenv lock

[uranusjr]

@JeanFred Yes, please!