I've read an article on Pipenv
to understand some concepts like the purpose of a lock file and I think that I'm having some misconceptions.
It discusses that having a Pipfile.lock
insures us that we can reproduce the same exact working environment when deploying the application into the production environment without any surprises.
In other words:
it provides a deterministic builds for your Python project without gaining the responsibility of updating versions of sub-dependencies.
My conception is that with a Pipfile
, I can update all packages while being certain that I can always bring my working environment back using the Pipfile.lock
. And if after update everything was working fine I can lock the environment using pipenv lock
. However I can't seem to find a way to update the packages without re-generating the Pipfile.lock
and loosing the last working state of the project.
Am I missing something here? Is this workflow wrong?