Add nested vcs dependency subdirectory when locking to Pipfile.lock (Fix #6120) #6136
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AlexandreArpin
force-pushed
the
hotfix/nested-vcs-dependency-lock
branch
from
60a7c83
to
0bdb85d
Compare
|
From: #6120 (comment)
There was some discussion in #6095 about how the egg fragment syntax was deprecated? I opted not to parse it and add it in the patch with that context. I'd be happy to look into fixing the issue you mentioned in your comment if you'd like :) |
achim-k
pushed a commit
to foxglove/ws-protocol
that referenced
this pull request
Jun 10, 2024
Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.12.1 to 2024.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2024.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update CONTRIBUTING.md by <a href="https://github.com/PzaThief"><code>@PzaThief</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li>Check for name attribute in source parameter. by <a href="https://github.com/jralls"><code>@jralls</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li>Smarter uninstall by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6029">pypa/pipenv#6029</a></li> <li>Use fancy mode for pwsh on *nix (draft) by <a href="https://github.com/samcarswell"><code>@samcarswell</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li>Vendor in Pip 24.0 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6117">pypa/pipenv#6117</a></li> <li>Update index.md by <a href="https://github.com/mierzejk"><code>@mierzejk</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li>Spring 2024 vendoring by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6118">pypa/pipenv#6118</a></li> <li>Add nested vcs dependency subdirectory when locking to Pipfile.lock (Fix <a href="https://redirect.github.com/pypa/pipenv/issues/6120">#6120</a>) by <a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li>pipenv upgrade invoke -d by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6138">pypa/pipenv#6138</a></li> <li>Bump plette take 2 by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6134">pypa/pipenv#6134</a></li> <li>Convert off pkg resources by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6139">pypa/pipenv#6139</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6126">#6126</a>): add lockfile_path presence in pipenv check command by <a href="https://github.com/nitintecg"><code>@nitintecg</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li>debugging weird CI failures by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6143">pypa/pipenv#6143</a></li> <li>apply ruff fixes by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6145">pypa/pipenv#6145</a></li> <li>docs update for <code>scripts</code> section and other small changes by <a href="https://github.com/sss-ng"><code>@sss-ng</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li>Add --from-pipfile subcommand to <code>pipenv requirements</code> by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li>Bump jinja2 from 3.1.3 to 3.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6150">pypa/pipenv#6150</a></li> <li>Bump requests from 2.31.0 to 2.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6157">pypa/pipenv#6157</a></li> <li>Fix windows CI for 3.8 and the outdated command that was refactored to remove pkg_resources. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6146">pypa/pipenv#6146</a></li> <li>pipenv 2024 install (behavioral refactor) by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6098">pypa/pipenv#6098</a></li> <li>Supply the extra pip args in the resolver. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6006">pypa/pipenv#6006</a></li> <li>Handle unsupported python versioning on Pipfile by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6164">pypa/pipenv#6164</a></li> <li>Remove secho from pipenv.utils.shell by <a href="https://github.com/aidencullo"><code>@aidencullo</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/PzaThief"><code>@PzaThief</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li><a href="https://github.com/jralls"><code>@jralls</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li><a href="https://github.com/samcarswell"><code>@samcarswell</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li><a href="https://github.com/mierzejk"><code>@mierzejk</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li><a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li><a href="https://github.com/nitintecg"><code>@nitintecg</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li><a href="https://github.com/sss-ng"><code>@sss-ng</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li><a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li><a href="https://github.com/aidencullo"><code>@aidencullo</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0">https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2024.0.0 (2024-06-06)</h1> <h1>Pipenv 2024.0.0 (2024-06-06)</h1> <h2>Features & Improvements</h2> <ul> <li>Supply any <code>--extra-pip-args</code> also in the resolver steps. <code>[#6006](pypa/pipenv#6006) <https://github.com/pypa/pipenv/issues/6006></code>_</li> <li>The <code>uninstall</code> command now does the inverse of <code>upgrade</code> which means it no longer invokes a full <code>lock</code> cycle which was problematic for projects with many dependencies. <code>[#6029](pypa/pipenv#6029) <https://github.com/pypa/pipenv/issues/6029></code>_</li> <li>The <code>pipenv requirements</code> subcommand now supports the <code>--from-pipfile</code> flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages. <code>[#6156](pypa/pipenv#6156) <https://github.com/pypa/pipenv/issues/6156></code>_</li> </ul> <h2>Behavior Changes</h2> <ul> <li><code>pipenv==3000.0.0</code> denotes the first major release of our semver strategy. As much requested, the <code>install</code> no longer does a complete lock operation. Instead <code>install</code> follows the same code path as pipenv update (which is upgrade + sync). This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable. Remember that complete lock resolution can be invoked with <code>pipenv lock</code> just as before. <code>[#6098](pypa/pipenv#6098) <https://github.com/pypa/pipenv/issues/6098></code>_</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix a bug that passes pipenv check command if Pipfile.lock not exist <code>[#6126](pypa/pipenv#6126) <https://github.com/pypa/pipenv/issues/6126></code>_</li> <li>Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one <code>[#6136](pypa/pipenv#6136) <https://github.com/pypa/pipenv/issues/6136></code>_</li> <li><code>pipenv</code> converts off <code>pkg_resources</code> API usages. This necessitated also vendoring in: <ul> <li>latest <code>pipdeptree==2.18.1</code> which also converted off <code>pkg_resources</code></li> <li><code>importlib-metadata==7.1.0</code> to continue supporting python 3.8 and 3.9</li> <li><code>packaging==24.0</code> since the packaging we were utilizing in pip's <em>vendor was insufficient for this conversion. <code>[#6139](pypa/pipenv#6139) <https://github.com/pypa/pipenv/issues/6139></code></em></li> </ul> </li> <li>Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, <!-- raw HTML omitted -->`_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Vendor in <code>pip==24.0</code> <code>[#6117](pypa/pipenv#6117) <https://github.com/pypa/pipenv/issues/6117></code>_</li> <li>Spring 2024 Vendoring includes: <ul> <li><code>click-didyoumean==0.3.1</code></li> <li><code>expect==4.9.0</code></li> <li><code>pipdeptree==2.16.2</code></li> <li><code>python-dotenv==1.0.1</code></li> <li><code>ruamel.yaml==0.18.6</code></li> <li><code>shellingham==1.5.4</code></li> <li><code>tomlkit==0.12.4</code> <code>[#6118](pypa/pipenv#6118) <https://github.com/pypa/pipenv/issues/6118></code>_</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/0618fab5f40a599335f0c363abaaa882bf33dd29"><code>0618fab</code></a> Prepare actually for 2024.0.0 release after peer feedback.</li> <li><a href="https://github.com/pypa/pipenv/commit/fd763515d09ae4d0e19b50477f0ffd8d8506e74d"><code>fd76351</code></a> Release v2024.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/878d7c45dba0a9ec6a2653a2c55d6cd908868981"><code>878d7c4</code></a> Bumped version to 2024.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/a84ecd351d1bd558ffdd4c023bcf79e5f4d4d348"><code>a84ecd3</code></a> Release v3000.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/0cee88e9633d80f9d9c8b6d1a3174d24010d305f"><code>0cee88e</code></a> Bumped version to 3000.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/2c04a632ad08f85cdf8224af782235423fe60d4e"><code>2c04a63</code></a> Remove secho from pipenv.utils.shell</li> <li><a href="https://github.com/pypa/pipenv/commit/6abb08cd9a6702912c25a374338b25469517a931"><code>6abb08c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6164">#6164</a> from sanspareilsmyn/handle-unspecified-python-version</li> <li><a href="https://github.com/pypa/pipenv/commit/66eef03cccc0901e830561ea45e97307adac95fa"><code>66eef03</code></a> Supply the extra pip args in the resolver. (<a href="https://redirect.github.com/pypa/pipenv/issues/6006">#6006</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/09799120a0fd201976653ec92d5798f21fadac10"><code>0979912</code></a> pipenv 3000 install (behavioral refactor) (<a href="https://redirect.github.com/pypa/pipenv/issues/6098">#6098</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/a1fe8d7c40eb3decb667ecb14f7ef584d7bffe55"><code>a1fe8d7</code></a> Apply feedbacks</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to NomicFoundation/slang
that referenced
this pull request
Jul 1, 2024
Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.12.1 to 2024.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2024.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update plette to version 2.1.0 by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6174">pypa/pipenv#6174</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2024.0.0...v2024.0.1">https://github.com/pypa/pipenv/compare/v2024.0.0...v2024.0.1</a></p> <h2>Release v2024.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update CONTRIBUTING.md by <a href="https://github.com/PzaThief"><code>@PzaThief</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li>Check for name attribute in source parameter. by <a href="https://github.com/jralls"><code>@jralls</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li>Smarter uninstall by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6029">pypa/pipenv#6029</a></li> <li>Use fancy mode for pwsh on *nix (draft) by <a href="https://github.com/samcarswell"><code>@samcarswell</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li>Vendor in Pip 24.0 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6117">pypa/pipenv#6117</a></li> <li>Update index.md by <a href="https://github.com/mierzejk"><code>@mierzejk</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li>Spring 2024 vendoring by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6118">pypa/pipenv#6118</a></li> <li>Add nested vcs dependency subdirectory when locking to Pipfile.lock (Fix <a href="https://redirect.github.com/pypa/pipenv/issues/6120">#6120</a>) by <a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li>pipenv upgrade invoke -d by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6138">pypa/pipenv#6138</a></li> <li>Bump plette take 2 by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6134">pypa/pipenv#6134</a></li> <li>Convert off pkg resources by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6139">pypa/pipenv#6139</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6126">#6126</a>): add lockfile_path presence in pipenv check command by <a href="https://github.com/nitintecg"><code>@nitintecg</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li>debugging weird CI failures by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6143">pypa/pipenv#6143</a></li> <li>apply ruff fixes by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6145">pypa/pipenv#6145</a></li> <li>docs update for <code>scripts</code> section and other small changes by <a href="https://github.com/sss-ng"><code>@sss-ng</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li>Add --from-pipfile subcommand to <code>pipenv requirements</code> by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li>Bump jinja2 from 3.1.3 to 3.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6150">pypa/pipenv#6150</a></li> <li>Bump requests from 2.31.0 to 2.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6157">pypa/pipenv#6157</a></li> <li>Fix windows CI for 3.8 and the outdated command that was refactored to remove pkg_resources. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6146">pypa/pipenv#6146</a></li> <li>pipenv 2024 install (behavioral refactor) by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6098">pypa/pipenv#6098</a></li> <li>Supply the extra pip args in the resolver. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6006">pypa/pipenv#6006</a></li> <li>Handle unsupported python versioning on Pipfile by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6164">pypa/pipenv#6164</a></li> <li>Remove secho from pipenv.utils.shell by <a href="https://github.com/aidencullo"><code>@aidencullo</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/PzaThief"><code>@PzaThief</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li><a href="https://github.com/jralls"><code>@jralls</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li><a href="https://github.com/samcarswell"><code>@samcarswell</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li><a href="https://github.com/mierzejk"><code>@mierzejk</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li><a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li><a href="https://github.com/nitintecg"><code>@nitintecg</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li><a href="https://github.com/sss-ng"><code>@sss-ng</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li><a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li><a href="https://github.com/aidencullo"><code>@aidencullo</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0">https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2024.0.1 (2024-06-11)</h1> <h1>Pipenv 2024.0.1 (2024-06-11)</h1> <p>No significant changes.</p> <h1>2024.0.0 (2024-06-06)</h1> <h1>Pipenv 2024.0.0 (2024-06-06)</h1> <h2>Features & Improvements</h2> <ul> <li>Supply any <code>--extra-pip-args</code> also in the resolver steps. <code>[#6006](pypa/pipenv#6006) <https://github.com/pypa/pipenv/issues/6006></code>_</li> <li>The <code>uninstall</code> command now does the inverse of <code>upgrade</code> which means it no longer invokes a full <code>lock</code> cycle which was problematic for projects with many dependencies. <code>[#6029](pypa/pipenv#6029) <https://github.com/pypa/pipenv/issues/6029></code>_</li> <li>The <code>pipenv requirements</code> subcommand now supports the <code>--from-pipfile</code> flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages. <code>[#6156](pypa/pipenv#6156) <https://github.com/pypa/pipenv/issues/6156></code>_</li> </ul> <h2>Behavior Changes</h2> <ul> <li><code>pipenv==3000.0.0</code> denotes the first major release of our semver strategy. As much requested, the <code>install</code> no longer does a complete lock operation. Instead <code>install</code> follows the same code path as pipenv update (which is upgrade + sync). This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable. Remember that complete lock resolution can be invoked with <code>pipenv lock</code> just as before. <code>[#6098](pypa/pipenv#6098) <https://github.com/pypa/pipenv/issues/6098></code>_</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix a bug that passes pipenv check command if Pipfile.lock not exist <code>[#6126](pypa/pipenv#6126) <https://github.com/pypa/pipenv/issues/6126></code>_</li> <li>Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one <code>[#6136](pypa/pipenv#6136) <https://github.com/pypa/pipenv/issues/6136></code>_</li> <li><code>pipenv</code> converts off <code>pkg_resources</code> API usages. This necessitated also vendoring in: <ul> <li>latest <code>pipdeptree==2.18.1</code> which also converted off <code>pkg_resources</code></li> <li><code>importlib-metadata==7.1.0</code> to continue supporting python 3.8 and 3.9</li> <li><code>packaging==24.0</code> since the packaging we were utilizing in pip's <em>vendor was insufficient for this conversion. <code>[#6139](pypa/pipenv#6139) <https://github.com/pypa/pipenv/issues/6139></code></em></li> </ul> </li> <li>Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, <!-- raw HTML omitted -->`_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Vendor in <code>pip==24.0</code> <code>[#6117](pypa/pipenv#6117) <https://github.com/pypa/pipenv/issues/6117></code>_</li> <li>Spring 2024 Vendoring includes: <ul> <li><code>click-didyoumean==0.3.1</code></li> <li><code>expect==4.9.0</code></li> <li><code>pipdeptree==2.16.2</code></li> <li><code>python-dotenv==1.0.1</code></li> <li><code>ruamel.yaml==0.18.6</code></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/7493d181b2ede1bf5820189c128020d156cb51f2"><code>7493d18</code></a> Release v2024.0.1</li> <li><a href="https://github.com/pypa/pipenv/commit/cf9a336e685ba9d9483e6d9990fc15f0b827e404"><code>cf9a336</code></a> Bumped version to 2024.0.1.</li> <li><a href="https://github.com/pypa/pipenv/commit/52f7b09ad1dd923566b37b9b5777228ce135f653"><code>52f7b09</code></a> Update plette to version 2.1.0</li> <li><a href="https://github.com/pypa/pipenv/commit/0618fab5f40a599335f0c363abaaa882bf33dd29"><code>0618fab</code></a> Prepare actually for 2024.0.0 release after peer feedback.</li> <li><a href="https://github.com/pypa/pipenv/commit/fd763515d09ae4d0e19b50477f0ffd8d8506e74d"><code>fd76351</code></a> Release v2024.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/878d7c45dba0a9ec6a2653a2c55d6cd908868981"><code>878d7c4</code></a> Bumped version to 2024.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/a84ecd351d1bd558ffdd4c023bcf79e5f4d4d348"><code>a84ecd3</code></a> Release v3000.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/0cee88e9633d80f9d9c8b6d1a3174d24010d305f"><code>0cee88e</code></a> Bumped version to 3000.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/2c04a632ad08f85cdf8224af782235423fe60d4e"><code>2c04a63</code></a> Remove secho from pipenv.utils.shell</li> <li><a href="https://github.com/pypa/pipenv/commit/6abb08cd9a6702912c25a374338b25469517a931"><code>6abb08c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6164">#6164</a> from sanspareilsmyn/handle-unspecified-python-version</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The issue
When installing a package that has a vcs dependency with a subdirectory, the subdirectory isn't added to the Pipfile.lock.
This is a tentative fix for #6120
The fix
When formatting the vcs requirement for lockfile in
format_requirement_for_lockfilenormalize_vcs_urlto clean the vcs's url as is done ininstall_req_from_pipfile- this removes the fragments from the urlreq.link.subdirectory_fragmentto the lockfile if parsed by theLinkobjectAs discussed in #6120, alternatives could have been to honor #4259 and work on the install portion to be able to resolve correctly the Pipfile entry with the
subdirectoryas a vcs url fragment.The checklist
news/directory to describe this fix with the extension.bugfix.rst,.feature.rst,.behavior.rst,.doc.rst..vendor.rst. or.trivial.rst(this will appear in the release changelog). Use semantic line breaks and name the file after the issue number or the PR #.