build(deps): bump pipenv from 2018.11.26 to 2021.5.29 in /python/helpers #3817
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
python
jurre
force-pushed
the
dependabot/pip/python/helpers/pipenv-2021.5.29
branch
from
f6eef94 to
cf969c2
Compare
Bumps [pipenv](https://github.com/pypa/pipenv) from 2018.11.26 to 2021.5.29. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/master/CHANGELOG.rst) - [Commits](pypa/pipenv@v2018.11.26...v2021.5.29) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
jurre
force-pushed
the
dependabot/pip/python/helpers/pipenv-2021.5.29
branch
4 times, most recently
from
69e7c22 to
34246a0
Compare
| rescue SharedHelpers::HelperSubprocessFailed => e | ||
| original_error ||= e | ||
| msg = e.message | ||
|
|
||
| relevant_error = | ||
| if error_suggests_bad_python_version?(msg) then original_error | ||
| else e | ||
| end | ||
|
|
||
| raise relevant_error unless error_suggests_bad_python_version?(msg) | ||
| raise relevant_error if user_specified_python_version | ||
| raise relevant_error if python_version == "2.7.18" | ||
|
|
||
| @python_version = "2.7.18" | ||
| retry | ||
| ensure | ||
| @python_version = nil | ||
| FileUtils.remove_entry(".python-version", true) |
There was a problem hiding this comment.
This retry is ran when an update failed on python 3 and retries with python 2, this is now no longer required
There was a problem hiding this comment.
So nice getting rid of this!
| rescue SharedHelpers::HelperSubprocessFailed => e | ||
| original_error ||= e | ||
| msg = e.message | ||
|
|
||
| relevant_error = | ||
| if error_suggests_bad_python_version?(msg) then original_error | ||
| else e | ||
| end | ||
|
|
||
| raise relevant_error unless error_suggests_bad_python_version?(msg) | ||
| raise relevant_error if python_version.start_with?("2") | ||
|
|
||
| # Clear the existing virtualenv, so that we use the new Python version | ||
| run_command("pyenv local #{python_version}") | ||
| run_command("pyenv exec pipenv --rm") | ||
|
|
||
| @python_version = "2.7.18" | ||
| retry | ||
| ensure | ||
| @python_version = nil | ||
| FileUtils.remove_entry(".python-version", true) | ||
| end | ||
|
|
||
| def error_suggests_bad_python_version?(message) | ||
| return true if message.include?("UnsupportedPythonVersion") | ||
|
|
||
| message.include?('Command "python setup.py egg_info" failed') || | ||
| message.include?("exit status 1: python setup.py egg_info") |
There was a problem hiding this comment.
Same, this retry is ran when an update failed on python 3 and retries with python 2, this is now no longer required
| rescue SharedHelpers::HelperSubprocessFailed => e | ||
| original_err ||= e | ||
| msg = e.message | ||
|
|
||
| relevant_error = choose_relevant_error(original_err, e) | ||
| raise relevant_error unless error_suggests_bad_python_version?(msg) | ||
| raise relevant_error if user_specified_python_version | ||
| raise relevant_error if python_version == "2.7.18" | ||
|
|
||
| @python_version = "2.7.18" | ||
| retry | ||
| ensure | ||
| @python_version = nil | ||
| FileUtils.remove_entry(".python-version", true) | ||
| end | ||
|
|
||
| def choose_relevant_error(previous_error, new_error) | ||
| return previous_error if previous_error == new_error | ||
|
|
||
| # If the previous error was definitely due to using the wrong Python | ||
| # version, return the new error (which can't be worse) | ||
| return new_error if error_certainly_bad_python_version?(previous_error.message) | ||
|
|
||
| # Otherwise, if the new error may be due to using the wrong Python | ||
| # version, return the old error (which can't be worse) | ||
| return previous_error if error_suggests_bad_python_version?(new_error.message) | ||
|
|
||
| # Otherwise, default to the new error | ||
| new_error |
There was a problem hiding this comment.
Same here, retry is ran when an update failed on python 3 and retries with python 2, this is now no longer required
| UNSUPPORTED_DEPS = %w(pyobjc).freeze | ||
| UNSUPPORTED_DEP_REGEX = | ||
| /"python setup\.py egg_info".*(?:#{UNSUPPORTED_DEPS.join("|")})/. | ||
| freeze | ||
| PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal."\ | ||
| "exceptions.InstallationError: "\ | ||
| "Command \"python setup.py egg_info\" "\ | ||
| "failed with error code 1 in" | ||
| PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out"\ | ||
| " with exit status 1: python setup.py egg_info" | ||
| TRACEBACK = "Traceback (most recent call last):" | ||
| PIPENV_INSTALLATION_ERROR_REGEX = | ||
| %r{#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}.+/(?<name>.+)/$}.freeze | ||
| /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?<name>.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/. | ||
| freeze | ||
| UNSUPPORTED_DEP_REGEX = /(?:pyobjc)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/.freeze | ||
| PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/.freeze |
There was a problem hiding this comment.
These are some error messages that have changed in the latest pipenv
| @@ -88,7 +85,7 @@ def fetch_latest_resolvable_version_string(requirement:) | |||
| # Whilst calling `lock` avoids doing an install as part of the | |||
| # pipenv flow, an install is still done by pip-tools in order | |||
| # to resolve the dependencies. That means this is slow. | |||
| run_pipenv_command("pyenv exec pipenv lock") | |||
| run_pipenv_command("pyenv exec pipenv lock --dev") | |||
There was a problem hiding this comment.
Also include dev dependencies: https://pipenv-fork.readthedocs.io/en/latest/advanced.html#generating-a-requirements-txt
As with other commands, passing
--devwill include both the default and development dependencies
There was a problem hiding this comment.
Did this behaviour change in the new pipenv version? Does this also apply to the Pipfile.lock? Docks only referenced generating requirements.txt files with the -r option (pipenv lock -r --dev)
There was a problem hiding this comment.
Aye, yes this may not be needed in that case!
| if error.message.include?("Could not find a version") || | ||
| error.message.include?("is not a python version") | ||
| check_original_requirements_resolvable | ||
| if error.message.match?(PIPENV_RANGE_WARNING) |
There was a problem hiding this comment.
When using a python range, we already know updates are not possible so we don't need to retry the update
| rescue SharedHelpers::HelperSubprocessFailed => e | ||
| original_error ||= e | ||
| msg = e.message | ||
|
|
||
| relevant_error = | ||
| if may_be_using_wrong_python_version?(msg) then original_error | ||
| else e | ||
| end | ||
|
|
||
| raise relevant_error unless may_be_using_wrong_python_version?(msg) | ||
| raise relevant_error if python_version.start_with?("2") | ||
|
|
||
| # Clear the existing virtualenv, so that we use the new Python version | ||
| run_command("pyenv local #{python_version}") | ||
| run_command("pyenv exec pipenv --rm") | ||
|
|
||
| @python_version = "2.7.18" | ||
| retry | ||
| ensure | ||
| @python_version = nil | ||
| FileUtils.remove_entry(".python-version", true) | ||
| end | ||
|
|
||
| def may_be_using_wrong_python_version?(error_message) | ||
| return false if user_specified_python_requirement | ||
| return true if error_message.include?("UnsupportedPythonVersion") | ||
| return true if error_message.include?("at matches #{dependency.name}") | ||
|
|
||
| error_message.include?('Command "python setup.py egg_info" failed') || | ||
| error_message.include?("exit status 1: python setup.py egg_info") |
There was a problem hiding this comment.
Retry for python 2, this has been removed
| context "with a met marker that forces a difference Python version" do | ||
| let(:manifest_fixture_name) { "met_marker.in" } | ||
| let(:generated_fixture_name) { "pip_compile_met_marker.txt" } | ||
|
|
||
| it "updates the requirements.txt, keeping the unmet dep in it" do | ||
| expect(updated_files.count).to eq(1) | ||
| expect(updated_files.first.content).to include("attrs==18.1.0") | ||
| expect(updated_files.first.content).to include("flaky") | ||
| end | ||
| end |
There was a problem hiding this comment.
This seems to have mostly been used to distinguish between python 2 and 3 support, so I've yanked the test
| @@ -498,91 +487,5 @@ | |||
| end | |||
| end | |||
| end | |||
|
|
|||
| context "when the upgrade requires Python 2.7" do | |||
There was a problem hiding this comment.
We no longer do python 2.7, so this block is no longer relevant
| ) | ||
| end | ||
|
|
||
| it "updates both files correctly" do | ||
| expect(updated_files.map(&:name)).to eq(%w(Pipfile Pipfile.lock)) | ||
| end | ||
| end | ||
|
|
||
| context "when the Python requirement is implicit" do |
There was a problem hiding this comment.
This "implicit" python version means the update fails on py3 and we retry on py2, we don't do this anymore so test is yanked out
| @@ -141,19 +141,19 @@ | |||
| let(:dependency_name) { "django" } | |||
| let(:dependency_version) { "1.2.4" } | |||
|
|
|||
| it { is_expected.to eq(Gem::Version.new("2.2.2")) } | |||
| it { is_expected.to eq(Gem::Version.new("3.2.4")) } | |||
There was a problem hiding this comment.
These changes to the django version are because of an updated fixture
| @@ -375,86 +375,6 @@ | |||
| end | |||
| end | |||
|
|
|||
| context "with a Python 2.7 library" do | |||
There was a problem hiding this comment.
Python 2.7 is no more, so test is yanked
| "pipenv.patched.notpip._internal.exceptions."\ | ||
| "UnsupportedPythonVersion: futures requires Python '>=2.6, <3' "\ | ||
| "but the running Python is 3." | ||
| "ERROR: No matching distribution found for pytest==10.4.0" |
There was a problem hiding this comment.
Looks like this test is failing with a different error message https://github.com/dependabot/dependabot-core/pull/3817/checks?check_run_id=2782969485
There was a problem hiding this comment.
Yeah I'm looking into that now, the test is passing on my machine so I'm not quite sure what's going on yet
| end | ||
| end | ||
|
|
||
| context "when the Python version conflicts with another dependency" do |
There was a problem hiding this comment.
This is a python 2 vs 3 mismatch, so test is yanked
| @@ -337,21 +272,6 @@ | |||
| end | |||
| end | |||
|
|
|||
| context "with an unfetchable requirement" do | |||
| let(:dependency_files) { [pipfile] } | |||
| let(:pipfile_fixture_name) { "bad_requirement" } | |||
There was a problem hiding this comment.
This was requesting a python 2 only package, no longer seemed relevant
| it "resolves version" do | ||
| is_expected.to eq(Gem::Version.new("2.18.4")) | ||
| it "raises an error" do | ||
| expect { subject }.to raise_error(Dependabot::DependencyFileNotResolvable) |
There was a problem hiding this comment.
Making sure trying to grab a python 2 dependency raises a resolvability error
| let(:python_version_content) { "2.7.13\n" } | ||
| it { is_expected.to eq(Gem::Version.new("1.11.21")) } | ||
| let(:python_version_content) { "3.5.3\n" } | ||
| it { is_expected.to eq(Gem::Version.new("2.2.24")) } |
There was a problem hiding this comment.
Versions changed to grab a django version for a python 3 dependabot supports but django does not
| @@ -88,7 +85,7 @@ def fetch_latest_resolvable_version_string(requirement:) | |||
| # Whilst calling `lock` avoids doing an install as part of the | |||
| # pipenv flow, an install is still done by pip-tools in order | |||
| # to resolve the dependencies. That means this is slow. | |||
| run_pipenv_command("pyenv exec pipenv lock") | |||
| run_pipenv_command("pyenv exec pipenv lock --dev") | |||
There was a problem hiding this comment.
FWIW if we wanted to make this work for python 2, we'd need to pass in --two as an option to all the pipenv commands when python_version.start_with?("2")
There was a problem hiding this comment.
pipenv will probably follow suite and drop v2 support soon pypa/pipenv#4261 (comment)
| @@ -84,7 +84,6 @@ RUN mkdir -p "$PYENV_ROOT" && chown dependabot:dependabot "$PYENV_ROOT" | |||
| USER dependabot | |||
| RUN git clone https://github.com/pyenv/pyenv.git --branch 1.2.26 --single-branch --depth=1 /usr/local/.pyenv \ | |||
| && pyenv install 3.9.4 \ | |||
| && pyenv install 2.7.18 \ | |||
There was a problem hiding this comment.
python-2-is-gone-imgflip-com-python-2-67516964.mp4
python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
Outdated
Show resolved
Hide resolved
jurre
force-pushed
the
dependabot/pip/python/helpers/pipenv-2021.5.29
branch
from
ebb5292 to
c9725b6
Compare
| @@ -88,7 +85,7 @@ def fetch_latest_resolvable_version_string(requirement:) | |||
| # Whilst calling `lock` avoids doing an install as part of the | |||
| # pipenv flow, an install is still done by pip-tools in order | |||
| # to resolve the dependencies. That means this is slow. | |||
| run_pipenv_command("pyenv exec pipenv lock") | |||
| run_pipenv_command("pyenv exec pipenv lock --dev") | |||
There was a problem hiding this comment.
Could we drop this?
| run_pipenv_command("pyenv exec pipenv lock --dev") | |
| run_pipenv_command("pyenv exec pipenv lock") |
There was a problem hiding this comment.
I thought I'd removed it, doing so now!
| @@ -122,33 +122,6 @@ | |||
| end | |||
| end | |||
There was a problem hiding this comment.
Looks like the above error message is CRITICAL:pipenv.patched.notpip._internal.index.package_finder:Could not find a version that satisfies the requirement pytest==10.4.0
Python 2 has been unsupported for a year and a half now, pip 21 no longer supports it and we see pretty small usage numbers at GitHub. Maintaining support for it has become increasingly harder, and this pipenv upgrade made it even more cumbersome. It's been a good ride, python 2. See ya!
jurre
force-pushed
the
dependabot/pip/python/helpers/pipenv-2021.5.29
branch
from
c9725b6 to
b6ae9d3
Compare
Let me double-check with @asciimike |
Yes! https://github.blog/changelog/2021-06-10-dependabot-updated-pip-pip-tools-and-pipenv-support/ |
Bumps pipenv from 2018.11.26 to 2021.5.29.
Release notes
Sourced from pipenv's releases.
... (truncated)
Changelog
Sourced from pipenv's changelog.
... (truncated)
Commits
72835f1Fix release workflow139b820Release v2021.5.29e7fb099Merge pull request #4688 from NaelsonDouglas/master66ca25fMerge pull request #4692 from mikepsinn/mastereaa45c6Merge pull request #4694 from davidjb/patch-3a989001Add #egg fragment to URL in VCS docsba97e4fWindows install commandccc18a6Small refactoration removing two avoidable indexer iterator6cdfa21Update pypi artifactsc81b165Merge pull request #4652 from nid5/4642-fixDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)