Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using VCS dependencies throws KeyError when writing Pipfile.lock #3404

Closed
al-the-x opened this issue Dec 21, 2018 · 14 comments · Fixed by #3298
Closed

Using VCS dependencies throws KeyError when writing Pipfile.lock #3404

al-the-x opened this issue Dec 21, 2018 · 14 comments · Fixed by #3298
Assignees
Labels
Category: VCS Type: Bug 🐛 Type: Vendored Dependencies

Comments

@al-the-x
Copy link

@al-the-x al-the-x commented Dec 21, 2018

When converting an existing project from requirements.txt to use pipenv, I performed a pipenv install, which created the following Pipfile:

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]

[packages]
boto = "==2.36.0"
boto3 = "==1.4.5"
braintree = "==3.37.2"
cachetools = "==1.1.6"
celery = "==4.2.1"
certifi = "*"
cffi = "==1.5.2"
cloudinary = "==1.5.0"
coverage = "==4.0.3"
customerio = "==0.1.10"
dj-static = "==0.0.6"
django-ace = "==1.0.2"
django-admin-sortable = "==2.0.20"
django-admin-tools = "==0.8.1"
django-admin-view-permission = "==1.8"
django-allauth = "==0.32.0"
django-annoying = "==0.8.7"
django-cors-headers = "==2.0.2"
django-dbsettings = {ref = "2eb24b58b50c3d47c185f09c17b99c36a4ec2d76",git = "git://github.com/Anton-Shutik/django-dbsettings.git",editable = true}
django-debug-toolbar = "==1.6"
django-filter = "==1.0.2"
django-mailgun = "==0.8.0"
django-nose = "==1.4.4"
django-oauth-toolkit = "==0.10.0"
django-pylibmc = "==0.6.1"
django-reversion = "==1.10.1"
django-seo-js = {ref = "9a0db3856c2647fe6a09dd0cf4103f9f8b1740f5",git = "git://github.com/groveco/django-seo-js.git",editable = true}
django-storages = "==1.6.5"
djangorestframework = "==3.8.2"
djangorestframework-csv = "==1.4.1"
djangorestframework-jsonapi = "==2.6.0"
django-watson = "==1.3.1"
drf-extensions = "==0.3.1"
freezegun = "==0.3.6"
elasticsearch = "<7.0.0,>=6.0.0"
elasticsearch-dsl = "==6.1.0"
gunicorn = "==19.4.5"
hasoffers = "==0.2.1"
jsmin = "==2.2.0"
kombu = "==4.2.0"
librato-metrics = "==0.8.6"
lxml = "==3.5.0"
mailchimp = "==2.0.9"
mock = "==1.3.0"
psycopg2 = "==2.7.3.2"
pylibmc = "==1.5.1"
pytz = "==2018.5"
raven = "==5.32.0"
redis = "==2.10.5"
requests-aws4auth = "==0.9"
requests = "==2.9.1"
selenium = "==3.3.1"
sauceclient = "==0.2.1"
slacker = "==0.9.9"
sqlparse = "==0.2.2"
stripe = "==1.56.0"
tinys3 = "==0.1.11"
user-agents = "==1.1.0"
wsgiref = "==0.1.2"
zenpy = "==2.0.7"
django-sprinklers = {editable = true,git = "https://github.com/chrisclark/django-sprinklers",ref = "e53053f53e0c5a3ff45a3c6c6b8c70af374854b1"}
django-segments = {ref = "00c9591ab72b099b567f855ca0c3b86367164910",git = "https://github.com/groveco/django-segments",editable = true}
sailthru-client = "==2.3.1"
nose-exclude = "==0.5.0"
ddtrace = "==0.12.0"
zeep = "==2.4.0"
flake8 = "==3.5.0"
urllib3 = "==1.22"
Avalara = "==18.5.2"
Django = "==1.11.6"
Beaker = "==1.9.0"
factory_boy = "==2.8.1"
django_celery_beat = "==1.3.0"
Pillow = "==3.3.1"
rest_condition = "==1.0.3"
XlsxWriter = "==0.8.5"
nose_ittr = "==0.0.4"
Explorer = {ref = "7373383598ce9bba2c6e43e3d32342fef11035ba",git = "https://github.com/groveco/django-sql-explorer",editable = true}

[requires]
python_version = "2.7"

Then pipenv attempts to generate the Pipenv.lock file and generates the following error:

Locking [dev-packages] dependencies…
Locking [packages] dependencies…
✔ Success!
Traceback (most recent call last):
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/bin/pipenv", line 11, in <module>
    load_entry_point('pipenv==2018.11.26', 'console_scripts', 'pipenv')()
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/decorators.py", line 64, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/vendor/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/cli/command.py", line 332, in lock
    pypi_mirror=state.pypi_mirror,
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/core.py", line 1068, in do_lock
    lockfile=lockfile
  File "/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv/utils.py", line 682, in venv_resolve_deps
    lockfile[lockfile_section][k].update(v)
KeyError: 'idna'

I have run pipenv lock --clear multiple times and have gotten different KeyError failures for chardet as well, but mostly for idna. The stack trace is the same, regardless of the key that fails the lookup. When I used pipenv install --skip-lock, all the dependencies installed except for one that needed native headers from libmemcached. The error message that pip reported from that failure was very different and Google-able, so I was able to resolve and get it installed. But I still have no Pipfile.lock and pipenv lock --clear any number of times just generates the same error as above. Help?


$ pipenv --support

Pipenv version: '2018.11.26'

Pipenv location: '/usr/local/Cellar/pipenv/2018.11.26/libexec/lib/python3.7/site-packages/pipenv'

Python location: '/usr/local/Cellar/pipenv/2018.11.26/libexec/bin/python3.7'

Python installations found:

  • 3.7.1: /usr/local/bin/python3
  • 3.7.1: /usr/local/bin/python3.7m
  • 2.7.15: /Users/al_the_x/.local/share/virtualenvs/grove.co-dcWwlTov/bin/python
  • 2.7.15: /usr/local/bin/python
  • 2.7.15: /usr/local/bin/pythonw
  • 2.7.10: /usr/bin/python
  • 2.7.10: /usr/bin/pythonw
  • 2.7.10: /usr/bin/python2.7

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.7.1',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '18.2.0',
 'platform_system': 'Darwin',
 'platform_version': 'Darwin Kernel Version 18.2.0: Mon Nov 12 20:24:46 PST '
                     '2018; root:xnu-4903.231.4~2/RELEASE_X86_64',
 'python_full_version': '3.7.1',
 'python_version': '3.7',
 'sys_platform': 'darwin'}

System environment variables:

  • PATH
  • GREP_COLOR
  • LESS_TERMCAP_mb
  • TERM_PROGRAM
  • LESS_TERMCAP_md
  • NVM_CD_FLAGS
  • LESS_TERMCAP_me
  • PIP_PYTHON_PATH
  • SHELL
  • TERM
  • TMPDIR
  • Apple_PubSub_Socket_Render
  • TERM_PROGRAM_VERSION
  • DIRENV_DIR
  • TERM_SESSION_ID
  • LESS_TERMCAP_ue
  • NVM_DIR
  • USER
  • LS_COLORS
  • GREP_COLORS
  • RPROMPT
  • SSH_AUTH_SOCK
  • __CF_USER_TEXT_ENCODING
  • VIRTUAL_ENV
  • VIRTUAL_ENV_DISABLE_PROMPT
  • PAGER
  • WORKON_HOME
  • TMUX
  • DIRENV_WATCHES
  • LESS_TERMCAP_us
  • VIRTUALENVWRAPPER_PYTHON
  • PIPENV_ACTIVE
  • _git_log_oneline_format
  • _
  • PWD
  • EDITOR
  • LANG
  • TMUX_PANE
  • XPC_FLAGS
  • PYTHONDONTWRITEBYTECODE
  • XPC_SERVICE_NAME
  • HOME
  • SHLVL
  • LESS
  • LOGNAME
  • PIP_DISABLE_PIP_VERSION_CHECK
  • VISUAL
  • LESS_TERMCAP_so
  • TMUX_PLUGIN_MANAGER_PATH
  • NVM_BIN
  • BROWSER
  • _git_log_medium_format
  • DIRENV_DIFF
  • SECURITYSESSIONID
  • LESS_TERMCAP_se
  • PIP_SHIMS_BASE_MODULE
  • PYTHONFINDER_IGNORE_UNSUPPORTED

Pipenv–specific environment variables:

  • PIPENV_ACTIVE: 1

Debug–specific environment variables:

  • PATH: /usr/local/Cellar/pipenv/2018.11.26/libexec/tools:/usr/local/opt/nvm/versions/node/v10.4.1/bin:/Users/al_the_x/.local/share/virtualenvs/grove.co-dcWwlTov/bin:/Users/al_the_x/bin:/usr/local/Cellar/pipenv/2018.11.26/libexec/tools:/Users/al_the_x/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin
  • SHELL: /usr/local/bin/zsh
  • EDITOR: /usr/local/bin/nvim
  • LANG: en_US.UTF-8
  • PWD: /Users/al_the_x/Projects/grove.co
  • VIRTUAL_ENV: /Users/al_the_x/.local/share/virtualenvs/grove.co-dcWwlTov

Contents of Pipfile ('/Users/al_the_x/Projects/grove.co/Pipfile'):

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]

[packages]
boto = "==2.36.0"
boto3 = "==1.4.5"
braintree = "==3.37.2"
cachetools = "==1.1.6"
celery = "==4.2.1"
certifi = "*"
cffi = "==1.5.2"
cloudinary = "==1.5.0"
coverage = "==4.0.3"
customerio = "==0.1.10"
dj-static = "==0.0.6"
django-ace = "==1.0.2"
django-admin-sortable = "==2.0.20"
django-admin-tools = "==0.8.1"
django-admin-view-permission = "==1.8"
django-allauth = "==0.32.0"
django-annoying = "==0.8.7"
django-cors-headers = "==2.0.2"
django-dbsettings = {ref = "2eb24b58b50c3d47c185f09c17b99c36a4ec2d76",git = "git://github.com/Anton-Shutik/django-dbsettings.git",editable = true}
django-debug-toolbar = "==1.6"
django-filter = "==1.0.2"
django-mailgun = "==0.8.0"
django-nose = "==1.4.4"
django-oauth-toolkit = "==0.10.0"
django-pylibmc = "==0.6.1"
django-reversion = "==1.10.1"
django-seo-js = {ref = "9a0db3856c2647fe6a09dd0cf4103f9f8b1740f5",git = "git://github.com/groveco/django-seo-js.git",editable = true}
django-storages = "==1.6.5"
djangorestframework = "==3.8.2"
djangorestframework-csv = "==1.4.1"
djangorestframework-jsonapi = "==2.6.0"
django-watson = "==1.3.1"
drf-extensions = "==0.3.1"
freezegun = "==0.3.6"
elasticsearch = "<7.0.0,>=6.0.0"
elasticsearch-dsl = "==6.1.0"
gunicorn = "==19.4.5"
hasoffers = "==0.2.1"
jsmin = "==2.2.0"
kombu = "==4.2.0"
librato-metrics = "==0.8.6"
lxml = "==3.5.0"
mailchimp = "==2.0.9"
mock = "==1.3.0"
psycopg2 = "==2.7.3.2"
pylibmc = "==1.5.1"
pytz = "==2018.5"
raven = "==5.32.0"
redis = "==2.10.5"
requests-aws4auth = "==0.9"
requests = "==2.9.1"
selenium = "==3.3.1"
sauceclient = "==0.2.1"
slacker = "==0.9.9"
sqlparse = "==0.2.2"
stripe = "==1.56.0"
tinys3 = "==0.1.11"
user-agents = "==1.1.0"
wsgiref = "==0.1.2"
zenpy = "==2.0.7"
django-sprinklers = {editable = true,git = "https://github.com/chrisclark/django-sprinklers",ref = "e53053f53e0c5a3ff45a3c6c6b8c70af374854b1"}
django-segments = {ref = "00c9591ab72b099b567f855ca0c3b86367164910",git = "https://github.com/groveco/django-segments",editable = true}
sailthru-client = "==2.3.1"
nose-exclude = "==0.5.0"
ddtrace = "==0.12.0"
zeep = "==2.4.0"
flake8 = "==3.5.0"
urllib3 = "==1.22"
Avalara = "==18.5.2"
Django = "==1.11.6"
Beaker = "==1.9.0"
factory_boy = "==2.8.1"
django_celery_beat = "==1.3.0"
Pillow = "==3.3.1"
rest_condition = "==1.0.3"
XlsxWriter = "==0.8.5"
nose_ittr = "==0.0.4"
Explorer = {ref = "7373383598ce9bba2c6e43e3d32342fef11035ba",git = "https://github.com/groveco/django-sql-explorer",editable = true}

[requires]
python_version = "2.7"
@teeberg
Copy link

@teeberg teeberg commented Dec 30, 2018

I'm also seeing this issue and trying to get more info to help with debugging here. The KeyError happens on line 693 here in on the current master branch:

pipenv/pipenv/utils.py

Lines 692 to 693 in 3b3ebb4

if k in getattr(project, vcs_section, {}) or k not in lockfile[lockfile_section]:
lockfile[lockfile_section][k].update(v)

The condition before even reads ... or k not in lockfile[lockfile_section], i.e. it seems that it's somewhat expected that k, which is the name of a dependency here, might not be in lockfile[lockfile_section] yet, but then the next line tries to read it anyway? Even though we just checked that it's not in there? 🤔

If I'm interpreting this code correctly, vcs_lockfile contains the dependencies of the latest versions of my vcs dependencies, so it seems to be stumbling over one of my git dependencies having added a dependency in a later version than I have installed.

@al-the-x
Copy link
Author

@al-the-x al-the-x commented Jan 2, 2019

I think you're right @teeberg. Here's the commit where that was intro'd:

17a9c3f#diff-4b9d1c4c6c693a89e0cd2e6d9ca27631R678

It seems like that predicate is wrong. I edited my locally installed pipenv/utils.py to invert the predicate, and pipenv install and pipenv lock --clear both produced a consumable Pipfile.lock with the VCS deps properly checked out as editable packages as confirmed by pipenv graph and pip freeze within the pipenv shell. I'll annotate the commit message and link it to this issue.

al-the-x referenced this issue Jan 2, 2019
@al-the-x
Copy link
Author

@al-the-x al-the-x commented Jan 2, 2019

Per the commit comment linked above:

-         if k in getattr(project, vcs_section, {}) or k not in lockfile[lockfile_section]:
+         if k in getattr(project, vcs_section, {}) and k in lockfile[lockfile_section]:

Does resolve the problem with pipenv lock for me. I'll look around for a corresponding test...

@teeberg
Copy link

@teeberg teeberg commented Jan 2, 2019

That fixed it for me too! :)

@al-the-x
Copy link
Author

@al-the-x al-the-x commented Jan 2, 2019

In the case of your change, the second predicate after the or would never be tested, I think. The vcs_lockfile is generated from project[vcs_section], if I'm reading that correctly, so each k in vcs_lockfile.items() must exist in project[vcs_section]... Maybe the update line isn't even necessary? Or maybe it should be a conditional update if the key exists and an assignment if it does not? Like:

    for k, v in vcs_lockfile.items():
        if k in getattr(project, vcs_section, {}):
            if k in lockfile[lockfile_section] lockfile[lockfile_section][k].update(v)
            else lockfile[lockfile_section][k] = v

Someone might be able to code-golf or Pythonify that for me. It would also be helpful to get @techalchemy's take on the above...

@al-the-x
Copy link
Author

@al-the-x al-the-x commented Jan 11, 2019

I wrote @techalchemy via the email address that he lists on GitHub. Hopefully he can weigh in.

@al-the-x al-the-x changed the title KeyError thrown when writing Pipfile.lock Using VCS dependencies throws KeyError when writing Pipfile.lock Jan 18, 2019
@techalchemy techalchemy added Type: Bug 🐛 Category: VCS Type: Vendored Dependencies labels Jan 21, 2019
@al-the-x
Copy link
Author

@al-the-x al-the-x commented Jan 21, 2019

Thanks for checking in on my line note @techalchemy. Happy to submit a PR for those changes, but they seem pretty small if your prefer to tackle them.

@techalchemy
Copy link
Member

@techalchemy techalchemy commented Jan 22, 2019

Most likely I’ll catch them in my current net of changes. I have two rounds of fixes to get working before I start crossing out the small wins and open PRs. I took a long break so my dream of handling it in a weekend wasn’t to be

@al-the-x
Copy link
Author

@al-the-x al-the-x commented Jan 22, 2019

No worries. Best of luck.

@manycoding
Copy link

@manycoding manycoding commented Feb 7, 2019

I have the same error, the only difference is that I simply install a private package with pipenv install -e git+git@github.com/
It fails in Finding secondary dependencies: after Result of round 8: stable, done

I patched utils.py as was suggested in 17a9c3f#r32012178

@al-the-x
Copy link
Author

@al-the-x al-the-x commented Mar 1, 2019

Ping @techalchemy?

@techalchemy
Copy link
Member

@techalchemy techalchemy commented Mar 5, 2019

All changes have been on hold pending #3298 which will be merged today assuming tests are passing

The release of pip 19.0 and implementation of PEP 518 and 517 have caused significant issues and required substantial rework of pipenv's resolver, specifically in https://github.com/sarugaku/requirementslib which is now functionally acting as a dependency resolver for any VCS or editable dependencies.

As a result of those changes, I've introduced additional logic to feed the dependency graph of any VCS/File/local requirements back into the resolver before we begin the resolution process so that we can actually perform an accurate resolution.

What this should mean for this specific issue is that it will be resolved by the merge of #3298 because it completely eliminates this section of the code.

@amureki
Copy link

@amureki amureki commented Apr 9, 2019

Hey fellows and @techalchemy,

thank you for solving this issue!
As far as I understand it was not released yet.

Do we have a temporary solution how to avoid it meanwhile? Dependencies in several of our systems are blocked because of it.

Thanks,
Rustem

@GautamGupta
Copy link

@GautamGupta GautamGupta commented Apr 11, 2019

@amureki Adding the dependency on which the KeyError happens on to our dependency list worked for us. (A temporary fix, of course.)

fwojciak pushed a commit to fwojciak/pipenv that referenced this issue May 29, 2020
2020.5.28 (2020-05-28)
======================

Features & Improvements
-----------------------

-   `pipenv install` and `pipenv sync` will no longer attempt to install satisfied dependencies during installation. pypa#3057, pypa#3506
-   Added support for resolution of direct-url dependencies in `setup.py` files to respect `PEP-508` style URL dependencies. pypa#3148
-   Added full support for resolution of all dependency types including direct URLs, zip archives, tarballs, etc.
    -   Improved error handling and formatting.
    -   Introduced improved cross platform stream wrappers for better `stdout` and `stderr` consistency. pypa#3298
-   For consistency with other commands and the `--dev` option description, `pipenv lock --requirements --dev` now emits both default and development dependencies. The new `--dev-only` option requests the previous behaviour (e.g. to generate a `dev-requirements.txt` file). pypa#3316
-   Pipenv will now successfully recursively lock VCS sub-dependencies. pypa#3328
-   Added support for `--verbose` output to `pipenv run`. pypa#3348
-   Pipenv will now discover and resolve the intrinsic dependencies of **all** VCS dependencies, whether they are editable or not, to prevent resolution conflicts. pypa#3368
-   Added a new environment variable, `PIPENV_RESOLVE_VCS`, to toggle dependency resolution off for non-editable VCS, file, and URL based dependencies. pypa#3577
-   Added the ability for Windows users to enable emojis by setting `PIPENV_HIDE_EMOJIS=0`. pypa#3595
-   Allow overriding `PIPENV_INSTALL_TIMEOUT` environment variable (in seconds). pypa#3652
-   Allow overriding `PIP_EXISTS_ACTION` evironment variable (value is passed to pip install). Possible values here: <https://pip.pypa.io/en/stable/reference/pip/#exists-action-option> Useful when you need to `PIP\_EXISTS\_ACTION=i` (ignore existing packages) - great for CI environments, where you need really fast setup. pypa#3738
-   Pipenv will no longer forcibly override `PIP_NO_DEPS` on all vcs and file dependencies as resolution happens on these in a pre-lock step. pypa#3763
-   Improved verbose logging output during `pipenv lock` will now stream output to the console while maintaining a spinner. pypa#3810
-   Added support for automatic python installs via `asdf` and associated `PIPENV_DONT_USE_ASDF` environment variable. pypa#4018
-   Pyenv/asdf can now be used whether or not they are available on PATH. Setting `PYENV_ROOT`/`ASDF_DIR` in a `.env` file allows Pipenv to install an interpreter without any shell customizations, so long as pyenv/asdf is installed. pypa#4245
-   Added `--key` command line parameter for including personal PyUp.io API tokens when running `pipenv check`. pypa#4257

Behavior Changes
----------------

-   Make conservative checks of known exceptions when subprocess returns output, so user won\'t see the whole traceback - just the error. pypa#2553
-   Do not touch Pipfile early and rely on it so that one can do `pipenv sync` without a Pipfile. pypa#3386
-   Re-enable `--help` option for `pipenv run` command. pypa#3844
-   Make sure `pipenv lock -r --pypi-mirror {MIRROR_URL}` will respect the pypi-mirror in requirements output. pypa#4199

Bug Fixes
---------

-   Raise `PipenvUsageError` when \[\[source\]\] does not contain url field. pypa#2373
-   Fixed a bug which caused editable package resolution to sometimes fail with an unhelpful setuptools-related error message. pypa#2722
-   Fixed an issue which caused errors due to reliance on the system utilities `which` and `where` which may not always exist on some
    systems.
-   Fixed a bug which caused periodic failures in python discovery when executables named `python` were not present on the target `$PATH`. pypa#2783
-   Dependency resolution now writes hashes for local and remote files to the lockfile. pypa#3053
-   Fixed a bug which prevented `pipenv graph` from correctly showing all dependencies when running from within `pipenv shell`. pypa#3071
-   Fixed resolution of direct-url dependencies in `setup.py` files to respect `PEP-508` style URL dependencies. pypa#3148
-   Fixed a bug which caused failures in warning reporting when running pipenv inside a virtualenv under some circumstances.
-   Fixed a bug with package discovery when running `pipenv clean`. pypa#3298
-   Quote command arguments with carets (`^`) on Windows to work around unintended shell escapes. pypa#3307
-   Handle alternate names for UTF-8 encoding. pypa#3313
-   Abort pipenv before adding the non-exist package to Pipfile. pypa#3318
-   Don\'t normalize the package name user passes in. pypa#3324
-   Fix a bug where custom virtualenv can not be activated with pipenv shell pypa#3339
-   Fix a bug that `--site-packages` flag is not recognized. pypa#3351
-   Fix a bug where `pipenv --clear` is not working pypa#3353
-   Fix unhashable type error during `$ pipenv install --selective-upgrade` pypa#3384
-   Dependencies with direct `PEP508` compliant VCS URLs specified in their `install_requires` will now be successfully locked during the resolution process. pypa#3396
-   Fixed a keyerror which could occur when locking VCS dependencies in
    some cases. pypa#3404
-   Fixed a bug that `ValidationError` is thrown when some fields are missing in source section. pypa#3427
-   Updated the index names in lock file when source name in Pipfile is changed. pypa#3449
-   Fixed an issue which caused `pipenv install --help` to show duplicate entries for `--pre`. pypa#3479
-   Fix bug causing `[SSL: CERTIFICATE_VERIFY_FAILED]` when Pipfile `[[source]]` has `verify_ssl=false` and url with custom port. pypa#3502
-   Fix `sync --sequential` ignoring `pip install` errors and logs. pypa#3537
-   Fix the issue that lock file can\'t be created when `PIPENV_PIPFILE` is not under working directory. pypa#3584
-   Pipenv will no longer inadvertently set `editable=True` on all vcs dependencies. pypa#3647
-   The `--keep-outdated` argument to `pipenv install` and `pipenv lock` will now drop specifier constraints when encountering editable dependencies.
    -   In addition, `--keep-outdated` will retain specifiers that would otherwise be dropped from any entries that have not been updated. pypa#3656
-   Fixed a bug which sometimes caused pipenv to fail to respect the `--site-packages` flag when passed with `pipenv install`. pypa#3718
-   Normalize the package names to lowercase when comparing used and in-Pipfile packages. pypa#3745
-   `pipenv update --outdated` will now correctly handle comparisons between pre/post-releases and normal releases. pypa#3766
-   Fixed a `KeyError` which could occur when pinning outdated VCS dependencies via `pipenv lock --keep-outdated`. pypa#3768
-   Resolved an issue which caused resolution to fail when encountering poorly formatted `python_version` markers in `setup.py` and `setup.cfg` files. pypa#3786
-   Fix a bug that installation errors are displayed as a list. pypa#3794
-   Update `pythonfinder` to fix a problem that `python.exe` will be mistakenly chosen for virtualenv creation under WSL. pypa#3807
-   Fixed several bugs which could prevent editable VCS dependencies from being installed into target environments, even when reporting
    successful installation. pypa#3809
-   `pipenv check --system` should find the correct Python interpreter when `python` does not exist on the system. pypa#3819
-   Resolve the symlinks when the path is absolute. pypa#3842
-   Pass `--pre` and `--clear` options to `pipenv update --outdated`. pypa#3879
-   Fixed a bug which prevented resolution of direct URL dependencies which have PEP508 style direct url VCS sub-dependencies with
    subdirectories. pypa#3976
-   Honor `PIPENV_SPINNER` environment variable pypa#4045
-   Fixed an issue with `pipenv check` failing due to an invalid API key from `pyup.io`. pypa#4188
-   Fixed a bug which caused versions from VCS dependencies to be included in `Pipfile.lock` inadvertently. pypa#4217
-   Fixed a bug which caused pipenv to search non-existent virtual environments for `pip` when installing using `--system`. pypa#4220
-   `Requires-Python` values specifying constraint versions of python starting from `1.x` will now be parsed successfully. pypa#4226
-   Fix a bug of `pipenv update --outdated` that can\'t print output correctly. pypa#4229
-   Fixed a bug which caused pipenv to prefer source distributions over wheels from `PyPI` during the dependency resolution phase. Fixed an issue which prevented proper build isolation using `pep517` based builders during dependency resolution. pypa#4231
-   Don\'t fallback to system Python when no matching Python version is found. pypa#4232

Vendored Libraries
------------------

- Updated `pip_shims` to support `--outdated` with new pip versions. pypa#3766
- Update vendored dependencies and invocations
  - Update vendored and patched dependencies
  - Update patches on `piptools`, `pip`, `pip-shims`, `tomlkit`
  - Fix invocations of dependencies
  - Fix custom `InstallCommand` instantiation
  - Update `PackageFinder` usage
  - Fix `Bool` stringify attempts from `tomlkit`
  - Updated vendored dependencies:
    -   **attrs**: `18.2.0 => `19.1.0`
    -   **certifi**: `2018.10.15 => `2019.3.9`
    -   **cached\_property**: `1.4.3 => `1.5.1`
    -   **cerberus**: `1.2.0 => `1.3.1`
    -   **click**: `7.0.0 => `7.1.1`
    -   **click-completion**: `0.5.0 => `0.5.1`
    -   **colorama**: `0.3.9 => `0.4.3`
    -   **contextlib2**: `(new) => `0.6.0.post1`
    -   **distlib**: `0.2.8 => `0.2.9`
    -   **funcsigs**: `(new) => `1.0.2`
    -   **importlib\_metadata** `1.3.0 => `1.5.1`
    -   **importlib-resources**: `(new) => `1.4.0`
    -   **idna**: `2.7 => `2.9`
    -   **jinja2**: `2.10.0 => `2.11.1`
    -   **markupsafe**: `1.0 => `1.1.1`
    -   **more-itertools**: `(new) => `5.0.0`
    -   **orderedmultidict**: `(new) => `1.0`
    -   **packaging**: `18.0 => `19.0`
    -   **parse**: `1.9.0 => `1.15.0`
    -   **pathlib2**: `2.3.2 => `2.3.3`
    -   **pep517**: `(new) => `0.5.0`
    -   **pexpect**: `4.6.0 => `4.8.0`
    -   **pip-shims**: `0.2.0 => `0.5.1`
    -   **pipdeptree**: `0.13.0 => `0.13.2`
    -   **pyparsing**: `2.2.2 => `2.4.6`
    -   **python-dotenv**: `0.9.1 => `0.10.2`
    -   **pythonfinder**: `1.1.10 => `1.2.2`
    -   **pytoml**: `(new) => `0.1.20`
    -   **requests**: `2.20.1 => `2.23.0`
    -   **requirementslib**: `1.3.3 => `1.5.4`
    -   **scandir**: `1.9.0 => `1.10.0`
    -   **shellingham**: `1.2.7 => `1.3.2`
    -   **six**: `1.11.0 => `1.14.0`
    -   **tomlkit**: `0.5.2 => `0.5.11`
    -   **urllib3**: `1.24 => `1.25.8`
    -   **vistir**: `0.3.0 => `0.5.0`
    -   **yaspin**: `0.14.0 => `0.14.3`
    -   **zipp**: `0.6.0`
    - Removed vendored dependency **cursor**. pypa#4169

-   Add and update vendored dependencies to accommodate `safety` vendoring:
    -   **safety** `(none)` => `1.8.7`
    -   **dparse** `(none)` => `0.5.0`
    -   **pyyaml** `(none)` => `5.3.1`
    -   **urllib3** `1.25.8` => `1.25.9`
    -   **certifi** `2019.11.28` => `2020.4.5.1`
    -   **pyparsing** `2.4.6` => `2.4.7`
    -   **resolvelib** `0.2.2` => `0.3.0`
    -   **importlib-metadata** `1.5.1` => `1.6.0`
    -   **pip-shims** `0.5.1` => `0.5.2`
    -   **requirementslib** `1.5.5` => `1.5.6` pypa#4188

-   Updated vendored `pip` => `20.0.2` and `pip-tools` => `5.0.0`. pypa#4215
-   Updated vendored dependencies to latest versions for security and bug fixes:
    -   **requirementslib** `1.5.8` => `1.5.9`
    -   **vistir** `0.5.0` => `0.5.1`
    -   **jinja2** `2.11.1` => `2.11.2`
    -   **click** `7.1.1` => `7.1.2`
    -   **dateutil** `(none)` => `2.8.1`
    -   **backports.functools\_lru\_cache** `1.5.0` => `1.6.1`
    -   **enum34** `1.1.6` => `1.1.10`
    -   **toml** `0.10.0` => `0.10.1`
    -   **importlib\_resources** `1.4.0` => `1.5.0` pypa#4226
-   Changed attrs import path in vendored dependencies to always import from `pipenv.vendor`. pypa#4267

Improved Documentation
----------------------

-   Added documenation about variable expansion in `Pipfile` entries. pypa#2317
-   Consolidate all contributing docs in the rst file pypa#3120
-   Update the out-dated manual page. pypa#3246
-   Move CLI docs to its own page. pypa#3346
-   Replace (non-existant) video on docs index.rst with equivalent gif. pypa#3499
-   Clarify wording in Basic Usage example on using double quotes to escape shell redirection pypa#3522
-   Ensure docs show navigation on small-screen devices pypa#3527
-   Added a link to the TOML Spec under General Recommendations & Version Control to clarify how Pipfiles should be written. pypa#3629
-   Updated the documentation with the new `pytest` entrypoint. pypa#3759
-   Fix link to GIF in README.md demonstrating Pipenv\'s usage, and add descriptive alt text. pypa#3911
-   Added a line describing potential issues in fancy extension. pypa#3912
-   Documental description of how Pipfile works and association with Pipenv. pypa#3913
-   Clarify the proper value of `python_version` and `python_full_version`. pypa#3914
-   Write description for `--deploy` extension and few extensions differences. pypa#3915
-   More documentation for `.env` files pypa#4100
-   Updated documentation to point to working links. pypa#4137
-   Replace docs.pipenv.org with pipenv.pypa.io pypa#4167
-   Added functionality to check spelling in documentation and cleaned up existing typographical issues. pypa#4209
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Category: VCS Type: Bug 🐛 Type: Vendored Dependencies
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants