Creating requirements.txt re-calculates the lock file

[jacobeatsspam]

This is a blatant duplicate of #3975 because @frostming doesn't seem to be responding there.

This is a critical issue that breaks a lot of common workflows. Can this please get some attention?

[frostming]

This is a behavioral change, but I think OP can be achieved by pipenv lock -r --skip-lock.

[jacobeatsspam]

@frostming Thanks for taking a look. I'll give that a try. For some reason I recall running into a bug with this, but can't recall the details right now.

[frostming]

My bad pipenv lock doesn't have that option, maybe simply add that flag is okay?

[jacobeatsspam]

@frostming Found the issue I was thinking of when making my last comment. You'll want to read the comments following mine which explain some of the issues.

My bad pipenv lock doesn't have that option, maybe simply add that flag is okay?

I think that would be great! Maybe also a ticket for another flag to include the associated package hash (--hash)?

[matteius]

@jacobisaliveandwell new versions of pipenv have a requirements command to generate the requirements.txt and this will likely eventually completely replace the pipenv lock -r behavior or at least that could lock and then run the requirements command, but the requirements command simply introspects the Pipfile.lock. Including hashes is one of the flags available for the new command.