Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python - add support for Poetry and PipEnv #4995

Closed
agmond opened this issue Oct 27, 2022 · 4 comments · Fixed by #5409
Closed

Python - add support for Poetry and PipEnv #4995

agmond opened this issue Oct 27, 2022 · 4 comments · Fixed by #5409
Labels
enhancement

Comments

@agmond
Copy link

agmond commented Oct 27, 2022
edited

Hi,

As more and more modern Python applications start using Poetry or PipEnv for managing their dependencies, please support those packaging tools, in addition to the existing (experimental) support in requirements.txt.

Poetry
Poetry uses a pyproject.toml file to declare on dependencies, and a lock file named poetry.lock.
The dependency specification can be found here.

Examples (taken from Poetry repo):

PipEnv
PipEnv uses Pipfile & Pipfile.lock.

Examples (taken from PipEnv repo):
nerdinand added a commit to nerdinand/DependencyCheck that referenced this issue Nov 5, 2022
@nerdinand
Add experimental Python Poetry support. Part of jeremylong#4995
62a052c
@nerdinand nerdinand mentioned this issue Nov 5, 2022
Merged
jeremylong pushed a commit that referenced this issue Nov 19, 2022
@nerdinand
feat: Add experimental Python Poetry support (#5025)
35fb02f 
* Add experimental Python Poetry support. Part of #4995

* Fix some copy paste errors in comments

Co-authored-by: Ferdinand Niedermann <nerdinand@users.noreply.github.com>
@jeremylong
Copy link
Owner

The poetry.lock is supported - however, the pyproject.toml is still not supported. This may cause a gap for users of pip>10 (see https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/).

@jeremylong jeremylong mentioned this issue Jan 30, 2023
Closed
jeremylong added a commit that referenced this issue Jan 31, 2023
@jeremylong
feat: support PipEnv - Pipefile.lock
f1e0035 
Adds support for Pipefile.lock per #4995
@jeremylong jeremylong mentioned this issue Jan 31, 2023
Merged
@jeremylong
Copy link
Owner

With #5404 I think we are about as close as we can get to fulfilling this enhancement request. We still do not support pyproject.toml - however, there is insufficient version information to make an analysis meaningful. Should we just add a warning if no lock file is present but we found a pyproject.toml file?

@jeremylong
Copy link
Owner

It looks like pip may also support pyproject.toml: https://pip.pypa.io/en/stable/reference/build-system/pyproject-toml/

jeremylong added a commit that referenced this issue Feb 1, 2023
@jeremylong
fix: throw exception if pyproject.toml is found
36996b2 
resolves #4995
@jeremylong jeremylong mentioned this issue Feb 1, 2023
Merged
@jeremylong
Copy link
Owner

again - sorry how long this one took me to get to. I think we have covered this entirely with the 8.1.0 release (or at least the best we can).

@mprins mprins mentioned this issue Feb 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: ensure pyproject.toml has lock jeremylong/DependencyCheck
2 participants
@jeremylong @agmond