Dependency resolution error upgrading a package by a patch version with no changes to dependencies

[shaneikennedy]

Issue description

In my package A I depend on package B, package A has package B pinned at version 1.3.0, when I try to upgrade package B to version 1.3.1 i get CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot install <package B> because these package versions have conflicting dependencies.

But when i check the diff between package B 1.3.0 and 1.3.1 there are no changes to dependencies.

Package B is managed with poetry and has a Poetry.lock file, and package A is managed with pipenv with a Pipfile and Pipfile.lock

Expected result

I expect to be able to upgrade package B in my package A codebase without dependency resolution errors

Actual result

CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot install <package B> because these package versions have conflicting dependencies.

[matteius]

You'll need to run with --verbose to try and determine where the resolver specifiers are restricting your package group to not be upgradable. Also can you provide the command you ran to upgrade and the version of pipenv?

[shaneikennedy]

Two failure modes with trying to upgrade Package B

For context, the current pinned version of Package B in my Pipfile.lock is 1.3.0 and the difference between Package B v1.3.0 and v1.3.1 is a one line change in the source code, no updates to the dependency tree, identical poetry.lock file in the Package B code repo

❯ pipenv upgrade <Package B> -i <my-private-mirror> --verbose
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('Package B'), None)
The conflict is caused by:
    The user requested <Package B>
    The user requested (constraint) <Package B>
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict

❯ pipenv upgrade <Package B> -i <my-private-mirror> --verbose
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('Package B==1.3.1'), None)
The conflict is caused by:
    The user requested <Package B>==1.3.1
    The user requested (constraint) <Package B>==1.3.1
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict

It's possible I just don't understand the "The conflict is caused by" message and the fix suggestions don't make sense for the first failure case above where I just ask pipenv to upgrade Package B without any version spec/requirements

Sorry i can't give more details about Package B, it's private at my company and I'm not sure what I can disclose. If you aren't seeing this bug report elsewhere in the community feel free to close the issue or atleast not prio it

[shaneikennedy]

Another interesting thing to note is that simply uninstalling Package B and then installing Package B 1.3.1 works fine, which is eventually how I got around the issue, but still figured I would report the problem with upgrade