-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pipenv selects wrong PyPi repository for private packages with non canonical names #6056
Labels
Type: Regression
This issue is a regression of a previous behavior.
Comments
achim-k
pushed a commit
to foxglove/ws-protocol
that referenced
this issue
Jan 22, 2024
Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.11.15 to 2023.11.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2023.11.17</h2> <h2>What's Changed</h2> <ul> <li>Vendor latest tomlkit by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li>Chore: Resolve CI deprecation warnings by <a href="https://github.com/stumpylog"><code>@stumpylog</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>): Add additional installation method in README by <a href="https://github.com/y-vectorfield"><code>@y-vectorfield</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li> <li>Make <code>project.get_default_index()</code> populate a default name by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li> <li>Drop markupsafe - way too late for that by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li> <li>Fix for the safety test failure in the CI by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li> <li>Add markers to Pipfile when parsing requirements.txt by <a href="https://github.com/geonik-code"><code>@geonik-code</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li>Fixed a bug with locking packages with non canonical names by <a href="https://github.com/mangin"><code>@mangin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li>Bump jinja2 from 3.1.2 to 3.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li> <li>Vendor bump pipdeptree by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li> <li>updated readme by <a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> <li>Update release script to enforce semver going forward in 2024 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li> <li>Vendoring in pip-23.3.2 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li><a href="https://github.com/stumpylog"><code>@stumpylog</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li><a href="https://github.com/geonik-code"><code>@geonik-code</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li><a href="https://github.com/mangin"><code>@mangin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li><a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2023.11.17 (2024-01-21)</h1> <h1>Pipenv 2023.11.17 (2024-01-21)</h1> <h2>Bug Fixes</h2> <ul> <li>Add markers to Pipfile when parsing requirements.txt <code>[#6008](pypa/pipenv#6008) <https://github.com/pypa/pipenv/issues/6008></code>_</li> <li>Fix KeyError when using a source without a name in Pipfile <code>[#6021](pypa/pipenv#6021) <https://github.com/pypa/pipenv/issues/6021></code>_</li> <li>Fix a bug with locking projects that contains packages with non canonical names from private indexes <code>[#6056](pypa/pipenv#6056) <https://github.com/pypa/pipenv/issues/6056></code>_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Update vendored tomlkit to <code>0.12.3</code> <code>[#6024](pypa/pipenv#6024) <https://github.com/pypa/pipenv/issues/6024></code>_</li> <li>Bump version of pipdeptree to 0.13.2 <code>[#6055](pypa/pipenv#6055) <https://github.com/pypa/pipenv/issues/6055></code>_</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a> Release v2023.11.17</li> <li><a href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a> Bumped version to 2023.11.17.</li> <li><a href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a> upgrade sphinx due to release script bug</li> <li><a href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a> Vendoring in pip-23.3.2 (<a href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/0379507abb315a3da7dcee05a274b8e535d6b060"><code>0379507</code></a> Update release script to enforce semver going forward in 2024 (<a href="https://redirect.github.com/pypa/pipenv/issues/6052">#6052</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/eaca109fb39a934d240abdce6c2330c75047ae91"><code>eaca109</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6049">#6049</a> from Suprithvarma1/pipit</li> <li><a href="https://github.com/pypa/pipenv/commit/9217384411824cdc1857532bd42c251f1a4060ba"><code>9217384</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6055">#6055</a> from pypa/vendor-bump-pipdeptree</li> <li><a href="https://github.com/pypa/pipenv/commit/cdaaa3084809ed48a7e7f684838d25f77978a1a0"><code>cdaaa30</code></a> Bump jinja2 from 3.1.2 to 3.1.3</li> <li><a href="https://github.com/pypa/pipenv/commit/463d9c8999caa75ec13d5187073d3cbf39345d97"><code>463d9c8</code></a> built index mapping using canonical package names instead of raw package names</li> <li><a href="https://github.com/pypa/pipenv/commit/dc261212c845d3f5e33b472ba11008b07cb8ea19"><code>dc26121</code></a> fixed a bug with locking packages with uncanonical names</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.11.15&new-version=2023.11.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
matteius
added
the
Type: Regression
This issue is a regression of a previous behavior.
label
Jan 27, 2024
github-merge-queue bot
pushed a commit
to NomicFoundation/slang
that referenced
this issue
Feb 3, 2024
Bumps the non-major-dependencies group with 1 update: [pipenv](https://github.com/pypa/pipenv). Updates `pipenv` from 2023.2.18 to 2023.12.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2023.12.0</h2> <h2>What's Changed</h2> <ul> <li>NOTE: this is our second semver release with a plan to release major version 3000 later this winter/Spring.</li> <li>Convert from pydantic to vanilla dataclasses (includes pythonfinder 2.1.0) by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6065">pypa/pipenv#6065</a></li> <li>Remove forcing CI code path to use nt shell code path by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6072">pypa/pipenv#6072</a></li> <li>Only editable entry should trigger editable installs by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6069">pypa/pipenv#6069</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0">https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0</a></p> <h2>Release v2023.11.17</h2> <h2>What's Changed</h2> <ul> <li>Vendor latest tomlkit by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li>Chore: Resolve CI deprecation warnings by <a href="https://github.com/stumpylog"><code>@stumpylog</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>): Add additional installation method in README by <a href="https://github.com/y-vectorfield"><code>@y-vectorfield</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li> <li>Make <code>project.get_default_index()</code> populate a default name by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li> <li>Drop markupsafe - way too late for that by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li> <li>Fix for the safety test failure in the CI by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li> <li>Add markers to Pipfile when parsing requirements.txt by <a href="https://github.com/geonik-code"><code>@geonik-code</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li>Fixed a bug with locking packages with non canonical names by <a href="https://github.com/mangin"><code>@mangin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li>Bump jinja2 from 3.1.2 to 3.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li> <li>Vendor bump pipdeptree by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li> <li>updated readme by <a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> <li>Update release script to enforce semver going forward in 2024 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li> <li>Vendoring in pip-23.3.2 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li><a href="https://github.com/stumpylog"><code>@stumpylog</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li><a href="https://github.com/geonik-code"><code>@geonik-code</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li><a href="https://github.com/mangin"><code>@mangin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li><a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p> <h2>Release v2023.11.15</h2> <h2>What's Changed</h2> <ul> <li>Treat all return paths of this method as strings by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6017">pypa/pipenv#6017</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15">https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15</a></p> <h2>Release v2023.11.14</h2> <h2>What's Changed</h2> <ul> <li>Restore this code that should prevent the string has no attribute update bug. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6007">pypa/pipenv#6007</a></li> <li>Pass through pipfile index urls when creating https session so that keyring fully works by <a href="https://github.com/mungojam"><code>@mungojam</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/5994">pypa/pipenv#5994</a></li> <li>Fix issue-6011 direct file url path by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6012">pypa/pipenv#6012</a></li> <li>Ignore existing venv dir when PIPENV_VENV_IN_PROJECT is false by <a href="https://github.com/arnaud-dezandee"><code>@arnaud-dezandee</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6009">pypa/pipenv#6009</a></li> <li>Assume that vcs and direct URL installs need to be reinstalled by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/5936">pypa/pipenv#5936</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2023.12.0 (2024-02-01)</h1> <h1>Pipenv 2023.12.0 (2024-02-01)</h1> <h2>Bug Fixes</h2> <ul> <li>Removal of pydantic from pythonfinder and pipenv; reduced complexity of pythonfinder pathlib usage (avoid posix conversions). <code>[#6065](pypa/pipenv#6065) <https://github.com/pypa/pipenv/issues/6065></code>_</li> <li>Adjusted logic which assumed any file, path or VCS install should be considered editable. Instead relies on the user specified editable flag to mark requirement as editable install. <code>[#6069](pypa/pipenv#6069) <https://github.com/pypa/pipenv/issues/6069></code>_</li> <li>Remove logic that treats <code>CI</code> variable to use <code>do_run_nt</code> shell logic, as the original reasons for that patch were no longer valid. <code>[#6072](pypa/pipenv#6072) <https://github.com/pypa/pipenv/issues/6072></code>_ 2023.11.17 (2024-01-21) ======================= Pipenv 2023.11.17 (2024-01-21) ==============================</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Add markers to Pipfile when parsing requirements.txt <code>[#6008](pypa/pipenv#6008) <https://github.com/pypa/pipenv/issues/6008></code>_</li> <li>Fix KeyError when using a source without a name in Pipfile <code>[#6021](pypa/pipenv#6021) <https://github.com/pypa/pipenv/issues/6021></code>_</li> <li>Fix a bug with locking projects that contains packages with non canonical names from private indexes <code>[#6056](pypa/pipenv#6056) <https://github.com/pypa/pipenv/issues/6056></code>_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Update vendored tomlkit to <code>0.12.3</code> <code>[#6024](pypa/pipenv#6024) <https://github.com/pypa/pipenv/issues/6024></code>_</li> <li>Bump version of pipdeptree to 0.13.2 <code>[#6055](pypa/pipenv#6055) <https://github.com/pypa/pipenv/issues/6055></code>_ 2023.11.15 (2023-11-15) ======================= Pipenv 2023.11.15 (2023-11-15) ==============================</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix regression with path installs on most recent release <code>2023.11.14</code> <code>[#6017](pypa/pipenv#6017) <https://github.com/pypa/pipenv/issues/6017></code>_</li> </ul> <h1>2023.11.14 (2023-11-14)</h1> <h1>Pipenv 2023.11.14 (2023-11-14)</h1> <h2>Behavior Changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/d4483dd2a3cd55c45de2e3d5ca98094c67b64af3"><code>d4483dd</code></a> Release v2023.12.0</li> <li><a href="https://github.com/pypa/pipenv/commit/e26edd59a6f8486cf24038b248eeb65f9d9147f9"><code>e26edd5</code></a> Bumped version to 2023.12.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/23dbe27544ed159b9ab3b5b988439dd08483ef3c"><code>23dbe27</code></a> Only editable entry should trigger editable installs (<a href="https://redirect.github.com/pypa/pipenv/issues/6069">#6069</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/15149f0091c757689249aee04a6afc87895289a3"><code>15149f0</code></a> Remove forcing CI code path to use nt shell code path (<a href="https://redirect.github.com/pypa/pipenv/issues/6072">#6072</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/95df3fd6495544eed7835fbf677069d401d3ed9d"><code>95df3fd</code></a> Convert from pydantic to vanilla dataclasses (includes pythonfinder 2.1.0) (#...</li> <li><a href="https://github.com/pypa/pipenv/commit/2bd7eab65e3644ac44a1dda2809fa6e9e046b286"><code>2bd7eab</code></a> Fix release CI step for next release</li> <li><a href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a> Release v2023.11.17</li> <li><a href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a> Bumped version to 2023.11.17.</li> <li><a href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a> upgrade sphinx due to release script bug</li> <li><a href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a> Vendoring in pip-23.3.2 (<a href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.2.18...v2023.12.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.2.18&new-version=2023.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue description
Let's assume that we have a package 'some-cool-package-name'. Pip allows non-canonical names using underscores. In this particular case it would look like 'some_cool_package_name`
if the package is located in private PyPi index than pipenv would select default index during creating a lock. That would create problems with locking.
The reason of the problem
In this file we normalize the names of packages:
https://github.com/pypa/pipenv/blob/main/pipenv/patched/pip/_internal/resolution/resolvelib/factory.py#L250
And we pass normalized name to finder:
https://github.com/pypa/pipenv/blob/main/pipenv/patched/pip/_internal/resolution/resolvelib/factory.py#L284
Here we get the repository of packages by package name:
pipenv/pipenv/patched/pip/_internal/models/search_scope.py
Line 142 in 8e06085
Here you can see how we create mapping between package name and repository:
pipenv/pipenv/utils/resolver.py
Line 319 in 8e06085
But there we create mapping between package name and repository. (Pay attention that here we don't use normalized package name)
Expected result
Pipenv should be able to work with packages that have non-canonical names.
Actual result
Pipenv has a problem with locking non-canonical names
Steps to replicate
Stack trace:
$ pipenv --support
Pipenv version:
'2023.11.15'
Pipenv location:
'/.venv/lib/python3.10/site-packages/pipenv'
Python location:
'/.venv/bin/python3.10'
OS Name:
'posix'
User pip version:
'23.3.1'
user Python installations found:
PEP 508 Information:
System environment variables:
SHELL
SESSION_MANAGER
QT_ACCESSIBILITY
PIPENV_VENV_IN_PROJECT
COLORTERM
XDG_CONFIG_DIRS
NVM_INC
XDG_MENU_PREFIX
GNOME_DESKTOP_SESSION_ID
LC_ADDRESS
GNOME_SHELL_SESSION_MODE
LC_NAME
SSH_AUTH_SOCK
ADFS_USER
XMODIFIERS
DESKTOP_SESSION
LC_MONETARY
SSH_AGENT_PID
PTC_ARTIFACTORY_TOKEN
EDITOR
GTK_MODULES
SYS_DST_APPROVER_STASH_TOKEN
PWD
AD_USERNAME
LOGNAME
XDG_SESSION_DESKTOP
XDG_SESSION_TYPE
GPG_AGENT_INFO
SYSTEM_USER
XAUTHORITY
GJS_DEBUG_TOPICS
WINDOWPATH
SNYK_TOKEN
HOME
USERNAME
IM_CONFIG_PHASE
LC_PAPER
LANG
LS_COLORS
XDG_CURRENT_DESKTOP
VTE_VERSION
ARTIFACTORY_PASSWORD
GNOME_TERMINAL_SCREEN
MARVIN_JENKINS_PASSWORD
INVOCATION_ID
MANAGERPID
GOROOT
SYS_DST_ROBOT_STASH_TOKEN
GJS_DEBUG_OUTPUT
NVM_DIR
LESSCLOSE
XDG_SESSION_CLASS
MARVIN_JENKINS_USER
TERM
LC_IDENTIFICATION
DST_ARTIFACTORY_TOKEN
LESSOPEN
USER
GNOME_TERMINAL_SERVICE
VISUAL
DISPLAY
SHLVL
NVM_CD_FLAGS
LC_TELEPHONE
QT_IM_MODULE
LC_MEASUREMENT
ARTIFACTORY_USERNAME
XDG_RUNTIME_DIR
ARTIFACTORY_TOKEN
LC_TIME
PTC_STASH_TOKEN
RAPID7_TOKEN
JOURNAL_STREAM
XDG_DATA_DIRS
PATH
GDMSESSION
DBUS_SESSION_BUS_ADDRESS
NVM_BIN
LC_NUMERIC
OLDPWD
GOPATH
_
PIP_DISABLE_PIP_VERSION_CHECK
PYTHONDONTWRITEBYTECODE
PYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
PIPENV_VENV_IN_PROJECT
:True
Debug–specific environment variables:
PATH
:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin:/home/UNKNOWN/dev/bin:/home/UNKNOWN/.local/bin/:/opt/python/3.7.9/bin/
SHELL
:/bin/bash
EDITOR
:vim
LANG
:en_US.UTF-8
PWD
:/
Contents of
Pipfile
('/Pipfile'):The text was updated successfully, but these errors were encountered: