Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pipenv selects wrong PyPi repository for private packages with non canonical names #6056

Closed
mangin opened this issue Jan 5, 2024 · 1 comment
Labels
Type: Regression This issue is a regression of a previous behavior.

Comments

@mangin
Copy link
Contributor

mangin commented Jan 5, 2024

Issue description

Let's assume that we have a package 'some-cool-package-name'. Pip allows non-canonical names using underscores. In this particular case it would look like 'some_cool_package_name`

if the package is located in private PyPi index than pipenv would select default index during creating a lock. That would create problems with locking.

The reason of the problem

In this file we normalize the names of packages:
https://github.com/pypa/pipenv/blob/main/pipenv/patched/pip/_internal/resolution/resolvelib/factory.py#L250

And we pass normalized name to finder:
https://github.com/pypa/pipenv/blob/main/pipenv/patched/pip/_internal/resolution/resolvelib/factory.py#L284

Here we get the repository of packages by package name:

index_urls = [self.index_lookup[project_name]]

Here you can see how we create mapping between package name and repository:

index_mapping[source["name"]] = source["url"]

But there we create mapping between package name and repository. (Pay attention that here we don't use normalized package name)

Expected result

Pipenv should be able to work with packages that have non-canonical names.

Actual result

Pipenv has a problem with locking non-canonical names

Steps to replicate

pipenv install -d 
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[[source]]
url = "https://test.pypi.org/simple"
verify_ssl = true
name = "testpypi"

[packages]
pipenv_test_private_package = {version = "*", index = "testpypi"}

Stack trace:

Pipfile.lock not found, creating...
Locking [packages] dependencies...
Building requirements...
Resolving dependencies...
✘ Locking Failed!
⠸ Locking...False
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Could not find a version that satisfies the requirement pipenv_test_private_package (from versions: none)
[ResolutionFailure]:   File "~/.venv/lib/python3.10/site-packages/pipenv/resolver.py", line 645, in _main
[ResolutionFailure]:       resolve_packages(
[ResolutionFailure]:   File "~/.venv/lib/python3.10/site-packages/pipenv/resolver.py", line 612, in resolve_packages
[ResolutionFailure]:       results, resolver = resolve(
[ResolutionFailure]:   File "~/.venv/lib/python3.10/site-packages/pipenv/resolver.py", line 592, in resolve
[ResolutionFailure]:       return resolve_deps(
[ResolutionFailure]:   File "~/.venv/lib/python3.10/site-packages/pipenv/utils/resolver.py", line 908, in resolve_deps
[ResolutionFailure]:       results, hashes, internal_resolver = actually_resolve_deps(
[ResolutionFailure]:   File "~/.venv/lib/python3.10/site-packages/pipenv/utils/resolver.py", line 681, in actually_resolve_deps
[ResolutionFailure]:       resolver.resolve()
[ResolutionFailure]:   File "~/.venv/lib/python3.10/site-packages/pipenv/utils/resolver.py", line 442, in resolve
[ResolutionFailure]:       raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv.
  Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: No matching distribution found for pipenv_test_private_package

Traceback (most recent call last):
  File "~/.venv/bin/pipenv", line 8, in <module>
    sys.exit(cli())
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "~/.venv/lib/python3.10/site-packages/pipenv/cli/options.py", line 58, in main
    return super().main(*args, **kwargs, windows_expand_args=False)
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/decorators.py", line 92, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "~/.venv/lib/python3.10/site-packages/pipenv/vendor/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "~/.venv/lib/python3.10/site-packages/pipenv/cli/command.py", line 209, in install
    do_install(
  File "~/.venv/lib/python3.10/site-packages/pipenv/routines/install.py", line 164, in do_install
    do_init(
  File "~/.venv/lib/python3.10/site-packages/pipenv/routines/install.py", line 672, in do_init
    do_lock(
  File "~/.venv/lib/python3.10/site-packages/pipenv/routines/lock.py", line 65, in do_lock
    venv_resolve_deps(
  File "~/.venv/lib/python3.10/site-packages/pipenv/utils/resolver.py", line 849, in venv_resolve_deps
    c = resolve(cmd, st, project=project)
  File "~/.venv/lib/python3.10/site-packages/pipenv/utils/resolver.py", line 718, in resolve
    raise RuntimeError("Failed to lock Pipfile.lock!")
RuntimeError: Failed to lock Pipfile.lock!

$ pipenv --support

Pipenv version: '2023.11.15'

Pipenv location: '/.venv/lib/python3.10/site-packages/pipenv'

Python location: '/.venv/bin/python3.10'

OS Name: 'posix'

User pip version: '23.3.1'

user Python installations found:

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.10.4',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '5.15.0-91-generic',
 'platform_system': 'Linux',
 'platform_version': '#101~20.04.1-Ubuntu SMP Thu Nov 16 14:22:28 UTC 2023',
 'python_full_version': '3.10.4',
 'python_version': '3.10',
 'sys_platform': 'linux'}

System environment variables:

  • SHELL
  • SESSION_MANAGER
  • QT_ACCESSIBILITY
  • PIPENV_VENV_IN_PROJECT
  • COLORTERM
  • XDG_CONFIG_DIRS
  • NVM_INC
  • XDG_MENU_PREFIX
  • GNOME_DESKTOP_SESSION_ID
  • LC_ADDRESS
  • GNOME_SHELL_SESSION_MODE
  • LC_NAME
  • SSH_AUTH_SOCK
  • ADFS_USER
  • XMODIFIERS
  • DESKTOP_SESSION
  • LC_MONETARY
  • SSH_AGENT_PID
  • PTC_ARTIFACTORY_TOKEN
  • EDITOR
  • GTK_MODULES
  • SYS_DST_APPROVER_STASH_TOKEN
  • PWD
  • AD_USERNAME
  • LOGNAME
  • XDG_SESSION_DESKTOP
  • XDG_SESSION_TYPE
  • GPG_AGENT_INFO
  • SYSTEM_USER
  • XAUTHORITY
  • GJS_DEBUG_TOPICS
  • WINDOWPATH
  • SNYK_TOKEN
  • HOME
  • USERNAME
  • IM_CONFIG_PHASE
  • LC_PAPER
  • LANG
  • LS_COLORS
  • XDG_CURRENT_DESKTOP
  • VTE_VERSION
  • ARTIFACTORY_PASSWORD
  • GNOME_TERMINAL_SCREEN
  • MARVIN_JENKINS_PASSWORD
  • INVOCATION_ID
  • MANAGERPID
  • GOROOT
  • SYS_DST_ROBOT_STASH_TOKEN
  • GJS_DEBUG_OUTPUT
  • NVM_DIR
  • LESSCLOSE
  • XDG_SESSION_CLASS
  • MARVIN_JENKINS_USER
  • TERM
  • LC_IDENTIFICATION
  • DST_ARTIFACTORY_TOKEN
  • LESSOPEN
  • USER
  • GNOME_TERMINAL_SERVICE
  • VISUAL
  • DISPLAY
  • SHLVL
  • NVM_CD_FLAGS
  • LC_TELEPHONE
  • QT_IM_MODULE
  • LC_MEASUREMENT
  • ARTIFACTORY_USERNAME
  • XDG_RUNTIME_DIR
  • ARTIFACTORY_TOKEN
  • LC_TIME
  • PTC_STASH_TOKEN
  • RAPID7_TOKEN
  • JOURNAL_STREAM
  • XDG_DATA_DIRS
  • PATH
  • GDMSESSION
  • DBUS_SESSION_BUS_ADDRESS
  • NVM_BIN
  • LC_NUMERIC
  • OLDPWD
  • GOPATH
  • _
  • PIP_DISABLE_PIP_VERSION_CHECK
  • PYTHONDONTWRITEBYTECODE
  • PYTHONFINDER_IGNORE_UNSUPPORTED

Pipenv–specific environment variables:

  • PIPENV_VENV_IN_PROJECT: True

Debug–specific environment variables:

  • PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin:/home/UNKNOWN/dev/bin:/home/UNKNOWN/.local/bin/:/opt/python/3.7.9/bin/
  • SHELL: /bin/bash
  • EDITOR: vim
  • LANG: en_US.UTF-8
  • PWD: /

Contents of Pipfile ('/Pipfile'):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[[source]]
url = "https://test.pypi.org/simple"
verify_ssl = true
name = "testpypi"

[packages]
pipenv_test_private_package = {version = "*", index = "testpypi"}
achim-k pushed a commit to foxglove/ws-protocol that referenced this issue Jan 22, 2024
Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.11.15 to
2023.11.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/releases">pipenv's
releases</a>.</em></p>
<blockquote>
<h2>Release v2023.11.17</h2>
<h2>What's Changed</h2>
<ul>
<li>Vendor latest tomlkit by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li>Chore: Resolve CI deprecation warnings by <a
href="https://github.com/stumpylog"><code>@​stumpylog</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li>Fix the issue(<a
href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>):
Add additional installation method in README by <a
href="https://github.com/y-vectorfield"><code>@​y-vectorfield</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li>
<li>Make <code>project.get_default_index()</code> populate a default
name by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li>
<li>Drop markupsafe - way too late for that by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li>
<li>Fix for the safety test failure in the CI by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li>
<li>Add markers to Pipfile when parsing requirements.txt by <a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a> in
<a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li>Fixed a bug with locking packages with non canonical names by <a
href="https://github.com/mangin"><code>@​mangin</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li>Bump jinja2 from 3.1.2 to 3.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li>
<li>Vendor bump pipdeptree by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li>
<li>updated readme by <a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
<li>Update release script to enforce semver going forward in 2024 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li>
<li>Vendoring in pip-23.3.2 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li><a href="https://github.com/stumpylog"><code>@​stumpylog</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li><a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li><a href="https://github.com/mangin"><code>@​mangin</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li><a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's
changelog</a>.</em></p>
<blockquote>
<h1>2023.11.17 (2024-01-21)</h1>
<h1>Pipenv 2023.11.17 (2024-01-21)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Add markers to Pipfile when parsing requirements.txt
<code>[#6008](pypa/pipenv#6008)
&lt;https://github.com/pypa/pipenv/issues/6008&gt;</code>_</li>
<li>Fix KeyError when using a source without a name in Pipfile
<code>[#6021](pypa/pipenv#6021)
&lt;https://github.com/pypa/pipenv/issues/6021&gt;</code>_</li>
<li>Fix a bug with locking projects that contains packages with non
canonical names from private indexes
<code>[#6056](pypa/pipenv#6056)
&lt;https://github.com/pypa/pipenv/issues/6056&gt;</code>_</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Update vendored tomlkit to <code>0.12.3</code>
<code>[#6024](pypa/pipenv#6024)
&lt;https://github.com/pypa/pipenv/issues/6024&gt;</code>_</li>
<li>Bump version of pipdeptree to 0.13.2
<code>[#6055](pypa/pipenv#6055)
&lt;https://github.com/pypa/pipenv/issues/6055&gt;</code>_</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a>
Release v2023.11.17</li>
<li><a
href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a>
Bumped version to 2023.11.17.</li>
<li><a
href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a>
upgrade sphinx due to release script bug</li>
<li><a
href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a>
Vendoring in pip-23.3.2 (<a
href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/0379507abb315a3da7dcee05a274b8e535d6b060"><code>0379507</code></a>
Update release script to enforce semver going forward in 2024 (<a
href="https://redirect.github.com/pypa/pipenv/issues/6052">#6052</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/eaca109fb39a934d240abdce6c2330c75047ae91"><code>eaca109</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pipenv/issues/6049">#6049</a>
from Suprithvarma1/pipit</li>
<li><a
href="https://github.com/pypa/pipenv/commit/9217384411824cdc1857532bd42c251f1a4060ba"><code>9217384</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pipenv/issues/6055">#6055</a>
from pypa/vendor-bump-pipdeptree</li>
<li><a
href="https://github.com/pypa/pipenv/commit/cdaaa3084809ed48a7e7f684838d25f77978a1a0"><code>cdaaa30</code></a>
Bump jinja2 from 3.1.2 to 3.1.3</li>
<li><a
href="https://github.com/pypa/pipenv/commit/463d9c8999caa75ec13d5187073d3cbf39345d97"><code>463d9c8</code></a>
built index mapping using canonical package names instead of raw package
names</li>
<li><a
href="https://github.com/pypa/pipenv/commit/dc261212c845d3f5e33b472ba11008b07cb8ea19"><code>dc26121</code></a>
fixed a bug with locking packages with uncanonical names</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.11.15&new-version=2023.11.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@matteius matteius added the Type: Regression This issue is a regression of a previous behavior. label Jan 27, 2024
github-merge-queue bot pushed a commit to NomicFoundation/slang that referenced this issue Feb 3, 2024
Bumps the non-major-dependencies group with 1 update:
[pipenv](https://github.com/pypa/pipenv).

Updates `pipenv` from 2023.2.18 to 2023.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/releases">pipenv's
releases</a>.</em></p>
<blockquote>
<h2>Release v2023.12.0</h2>
<h2>What's Changed</h2>
<ul>
<li>NOTE: this is our second semver release with a plan to release major
version 3000 later this winter/Spring.</li>
<li>Convert from pydantic to vanilla dataclasses (includes pythonfinder
2.1.0) by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6065">pypa/pipenv#6065</a></li>
<li>Remove forcing CI code path to use nt shell code path by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6072">pypa/pipenv#6072</a></li>
<li>Only editable entry should trigger editable installs by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6069">pypa/pipenv#6069</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0">https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0</a></p>
<h2>Release v2023.11.17</h2>
<h2>What's Changed</h2>
<ul>
<li>Vendor latest tomlkit by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li>Chore: Resolve CI deprecation warnings by <a
href="https://github.com/stumpylog"><code>@​stumpylog</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li>Fix the issue(<a
href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>):
Add additional installation method in README by <a
href="https://github.com/y-vectorfield"><code>@​y-vectorfield</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li>
<li>Make <code>project.get_default_index()</code> populate a default
name by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li>
<li>Drop markupsafe - way too late for that by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li>
<li>Fix for the safety test failure in the CI by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li>
<li>Add markers to Pipfile when parsing requirements.txt by <a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a> in
<a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li>Fixed a bug with locking packages with non canonical names by <a
href="https://github.com/mangin"><code>@​mangin</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li>Bump jinja2 from 3.1.2 to 3.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li>
<li>Vendor bump pipdeptree by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li>
<li>updated readme by <a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
<li>Update release script to enforce semver going forward in 2024 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li>
<li>Vendoring in pip-23.3.2 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li><a href="https://github.com/stumpylog"><code>@​stumpylog</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li><a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li><a href="https://github.com/mangin"><code>@​mangin</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li><a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p>
<h2>Release v2023.11.15</h2>
<h2>What's Changed</h2>
<ul>
<li>Treat all return paths of this method as strings by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6017">pypa/pipenv#6017</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15">https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15</a></p>
<h2>Release v2023.11.14</h2>
<h2>What's Changed</h2>
<ul>
<li>Restore this code that should prevent the string has no attribute
update bug. by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6007">pypa/pipenv#6007</a></li>
<li>Pass through pipfile index urls when creating https session so that
keyring fully works by <a
href="https://github.com/mungojam"><code>@​mungojam</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/5994">pypa/pipenv#5994</a></li>
<li>Fix issue-6011 direct file url path by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6012">pypa/pipenv#6012</a></li>
<li>Ignore existing venv dir when PIPENV_VENV_IN_PROJECT is false by <a
href="https://github.com/arnaud-dezandee"><code>@​arnaud-dezandee</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6009">pypa/pipenv#6009</a></li>
<li>Assume that vcs and direct URL installs need to be reinstalled by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/5936">pypa/pipenv#5936</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's
changelog</a>.</em></p>
<blockquote>
<h1>2023.12.0 (2024-02-01)</h1>
<h1>Pipenv 2023.12.0 (2024-02-01)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Removal of pydantic from pythonfinder and pipenv; reduced complexity
of pythonfinder pathlib usage (avoid posix conversions).
<code>[#6065](pypa/pipenv#6065)
&lt;https://github.com/pypa/pipenv/issues/6065&gt;</code>_</li>
<li>Adjusted logic which assumed any file, path or VCS install should be
considered editable. Instead relies on the user specified editable flag
to mark requirement as editable install.
<code>[#6069](pypa/pipenv#6069)
&lt;https://github.com/pypa/pipenv/issues/6069&gt;</code>_</li>
<li>Remove logic that treats <code>CI</code> variable to use
<code>do_run_nt</code> shell logic, as the original reasons for that
patch were no longer valid.
<code>[#6072](pypa/pipenv#6072)
&lt;https://github.com/pypa/pipenv/issues/6072&gt;</code>_
2023.11.17 (2024-01-21)
=======================
Pipenv 2023.11.17 (2024-01-21)
==============================</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Add markers to Pipfile when parsing requirements.txt
<code>[#6008](pypa/pipenv#6008)
&lt;https://github.com/pypa/pipenv/issues/6008&gt;</code>_</li>
<li>Fix KeyError when using a source without a name in Pipfile
<code>[#6021](pypa/pipenv#6021)
&lt;https://github.com/pypa/pipenv/issues/6021&gt;</code>_</li>
<li>Fix a bug with locking projects that contains packages with non
canonical names from private indexes
<code>[#6056](pypa/pipenv#6056)
&lt;https://github.com/pypa/pipenv/issues/6056&gt;</code>_</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Update vendored tomlkit to <code>0.12.3</code>
<code>[#6024](pypa/pipenv#6024)
&lt;https://github.com/pypa/pipenv/issues/6024&gt;</code>_</li>
<li>Bump version of pipdeptree to 0.13.2
<code>[#6055](pypa/pipenv#6055)
&lt;https://github.com/pypa/pipenv/issues/6055&gt;</code>_
2023.11.15 (2023-11-15)
=======================
Pipenv 2023.11.15 (2023-11-15)
==============================</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix regression with path installs on most recent release
<code>2023.11.14</code>
<code>[#6017](pypa/pipenv#6017)
&lt;https://github.com/pypa/pipenv/issues/6017&gt;</code>_</li>
</ul>
<h1>2023.11.14 (2023-11-14)</h1>
<h1>Pipenv 2023.11.14 (2023-11-14)</h1>
<h2>Behavior Changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pipenv/commit/d4483dd2a3cd55c45de2e3d5ca98094c67b64af3"><code>d4483dd</code></a>
Release v2023.12.0</li>
<li><a
href="https://github.com/pypa/pipenv/commit/e26edd59a6f8486cf24038b248eeb65f9d9147f9"><code>e26edd5</code></a>
Bumped version to 2023.12.0.</li>
<li><a
href="https://github.com/pypa/pipenv/commit/23dbe27544ed159b9ab3b5b988439dd08483ef3c"><code>23dbe27</code></a>
Only editable entry should trigger editable installs (<a
href="https://redirect.github.com/pypa/pipenv/issues/6069">#6069</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/15149f0091c757689249aee04a6afc87895289a3"><code>15149f0</code></a>
Remove forcing CI code path to use nt shell code path (<a
href="https://redirect.github.com/pypa/pipenv/issues/6072">#6072</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/95df3fd6495544eed7835fbf677069d401d3ed9d"><code>95df3fd</code></a>
Convert from pydantic to vanilla dataclasses (includes pythonfinder
2.1.0) (#...</li>
<li><a
href="https://github.com/pypa/pipenv/commit/2bd7eab65e3644ac44a1dda2809fa6e9e046b286"><code>2bd7eab</code></a>
Fix release CI step for next release</li>
<li><a
href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a>
Release v2023.11.17</li>
<li><a
href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a>
Bumped version to 2023.11.17.</li>
<li><a
href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a>
upgrade sphinx due to release script bug</li>
<li><a
href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a>
Vendoring in pip-23.3.2 (<a
href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pipenv/compare/v2023.2.18...v2023.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.2.18&new-version=2023.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Sintayew4
Copy link

#6056

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Regression This issue is a regression of a previous behavior.
Projects
None yet
Development

No branches or pull requests

3 participants