Skip to content

fix(update): re-lock all Pipfile entries when no packages are given (#6672)#6675

Merged
matteius merged 1 commit into
mainfrom
fix/6672-update-relock-when-no-packages
May 25, 2026
Merged

fix(update): re-lock all Pipfile entries when no packages are given (#6672)#6675
matteius merged 1 commit into
mainfrom
fix/6672-update-relock-when-no-packages

Conversation

@matteius

Copy link
Copy Markdown
Member

Summary

  • Fixes pipenv update does not lock anymore #6672. Since 2026.0.0, pipenv update (no args) silently became a no-op when relaxing a Pipfile pin — the lockfile stayed at the previously pinned version even when the spec allowed newer releases.
  • Root cause: Fix pipenv update incorrectly marking all packages as modified #6455 routed do_update through the partial upgrade() path, which only re-resolves Pipfile entries whose locked version no longer satisfies the spec. Relaxing urllib3 = "<2.7.0"urllib3 = "*" doesn't trigger that condition because 2.6.3 still satisfies *.
  • docs/commands.md:241 describes pipenv update (no args) as lock + sync. This PR restores that semantics by routing do_update through do_lock when no packages/editables are given, scoped to the same categories _prepare_categories would pick (default + develop on --dev, default otherwise). The targeted pipenv update <pkg> flow is unchanged.

Test plan

  • New unit tests in tests/unit/test_update.py covering: no-args routes through do_lock; <pkg> routes through upgrade; --dev locks default + develop; default locks default only; --outdated still bypasses both paths.
  • All existing tests/unit/test_update.py tests still pass (16/16).
  • Verified end-to-end against the issue's reproducer in a scratch project: urllib3 = "<2.7.0" locked at 2.6.3, then changed to urllib3 = "*" and ran pipenv update — lockfile re-resolved to urllib3==2.7.0.

🤖 Generated with Claude Code

…6672)

`docs/commands.md` describes `pipenv update` (no args) as `lock + sync`,
but since gh-6455 (released in 2026.0.0) it routed through `upgrade()`
which only re-resolves Pipfile entries whose locked version no longer
satisfies the Pipfile spec. Relaxing a pin (the bug reporter's case:
`urllib3 = "<2.7.0"` -> `urllib3 = "*"`) leaves the lockfile pinned to
the existing version because that version still satisfies the new spec,
so `pipenv update` becomes a no-op.

Route `do_update` through `do_lock` when no packages/editables are
given, scoped to the same categories `_prepare_categories` would have
selected for the upgrade path (default + develop when --dev, default
otherwise). The targeted `pipenv update <pkg>` flow keeps the existing
`upgrade()` path.

Verified end-to-end against the issue's reproducer: with the fix,
relaxing `urllib3 = "<2.7.0"` -> `urllib3 = "*"` re-locks 2.6.3 -> 2.7.0
as expected.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@matteius matteius merged commit de873e1 into main May 25, 2026
23 checks passed
@matteius matteius deleted the fix/6672-update-relock-when-no-packages branch May 25, 2026 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

pipenv update does not lock anymore

1 participant