Convert off pkg resources #6139

matteius · 2024-04-24T02:57:27Z

The issue

https://github.com/pypa/pipenv/blob/master/peeps/PEEP-000.md

The fix

I worked between myself and with Claude 3 Opus to iterate on fixing these things related to pkg_resources. I was aware pipdeptree did the important work of converting off pkg_resources and I vendored it in as a starting point and began with the environment.py and worked from there.

Fixes #6097
Fixes #5475

Still TODO:

Fix the pipenv graph commands and re-submit the possible import patch there, but the whole integration changed and I am out of Opus 3 messages for the night.

The checklist

Associated issue
A news fragment in the news/ directory to describe this fix with the extension .bugfix.rst, .feature.rst, .behavior.rst, .doc.rst. .vendor.rst. or .trivial.rst (this will appear in the release changelog). Use semantic line breaks and name the file after the issue number or the PR #.

…sion errors.

…ribute-metadata/20947/10 I should remvoe this import.

… but can be forced with this env var.

…env where zipp got installed

…ipp got installed

…to patch importlib-metadata version that we vendor.

pipenv/vendor/vendor.txt

…anyway.

oz123 · 2024-04-25T11:21:23Z

The usual failure of :

FAILED tests/integration/test_cli.py::test_pipenv_graph_reverse

Interesting is that here it fails for all Python versions.

oz123 · 2024-04-25T11:22:00Z

Please do not merge this before #6134

Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.12.1 to 2024.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2024.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update CONTRIBUTING.md by <a href="https://github.com/PzaThief"><code>@PzaThief</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li>Check for name attribute in source parameter. by <a href="https://github.com/jralls"><code>@jralls</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li>Smarter uninstall by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6029">pypa/pipenv#6029</a></li> <li>Use fancy mode for pwsh on *nix (draft) by <a href="https://github.com/samcarswell"><code>@samcarswell</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li>Vendor in Pip 24.0 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6117">pypa/pipenv#6117</a></li> <li>Update index.md by <a href="https://github.com/mierzejk"><code>@mierzejk</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li>Spring 2024 vendoring by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6118">pypa/pipenv#6118</a></li> <li>Add nested vcs dependency subdirectory when locking to Pipfile.lock (Fix <a href="https://redirect.github.com/pypa/pipenv/issues/6120">#6120</a>) by <a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li>pipenv upgrade invoke -d by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6138">pypa/pipenv#6138</a></li> <li>Bump plette take 2 by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6134">pypa/pipenv#6134</a></li> <li>Convert off pkg resources by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6139">pypa/pipenv#6139</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6126">#6126</a>): add lockfile_path presence in pipenv check command by <a href="https://github.com/nitintecg"><code>@nitintecg</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li>debugging weird CI failures by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6143">pypa/pipenv#6143</a></li> <li>apply ruff fixes by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6145">pypa/pipenv#6145</a></li> <li>docs update for <code>scripts</code> section and other small changes by <a href="https://github.com/sss-ng"><code>@sss-ng</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li>Add --from-pipfile subcommand to <code>pipenv requirements</code> by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li>Bump jinja2 from 3.1.3 to 3.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6150">pypa/pipenv#6150</a></li> <li>Bump requests from 2.31.0 to 2.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6157">pypa/pipenv#6157</a></li> <li>Fix windows CI for 3.8 and the outdated command that was refactored to remove pkg_resources. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6146">pypa/pipenv#6146</a></li> <li>pipenv 2024 install (behavioral refactor) by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6098">pypa/pipenv#6098</a></li> <li>Supply the extra pip args in the resolver. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6006">pypa/pipenv#6006</a></li> <li>Handle unsupported python versioning on Pipfile by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6164">pypa/pipenv#6164</a></li> <li>Remove secho from pipenv.utils.shell by <a href="https://github.com/aidencullo"><code>@aidencullo</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/PzaThief"><code>@PzaThief</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li><a href="https://github.com/jralls"><code>@jralls</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li><a href="https://github.com/samcarswell"><code>@samcarswell</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li><a href="https://github.com/mierzejk"><code>@mierzejk</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li><a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li><a href="https://github.com/nitintecg"><code>@nitintecg</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li><a href="https://github.com/sss-ng"><code>@sss-ng</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li><a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li><a href="https://github.com/aidencullo"><code>@aidencullo</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0">https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2024.0.0 (2024-06-06)</h1> <h1>Pipenv 2024.0.0 (2024-06-06)</h1> <h2>Features & Improvements</h2> <ul> <li>Supply any <code>--extra-pip-args</code> also in the resolver steps. <code>[#6006](pypa/pipenv#6006) <https://github.com/pypa/pipenv/issues/6006></code>_</li> <li>The <code>uninstall</code> command now does the inverse of <code>upgrade</code> which means it no longer invokes a full <code>lock</code> cycle which was problematic for projects with many dependencies. <code>[#6029](pypa/pipenv#6029) <https://github.com/pypa/pipenv/issues/6029></code>_</li> <li>The <code>pipenv requirements</code> subcommand now supports the <code>--from-pipfile</code> flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages. <code>[#6156](pypa/pipenv#6156) <https://github.com/pypa/pipenv/issues/6156></code>_</li> </ul> <h2>Behavior Changes</h2> <ul> <li><code>pipenv==3000.0.0</code> denotes the first major release of our semver strategy. As much requested, the <code>install</code> no longer does a complete lock operation. Instead <code>install</code> follows the same code path as pipenv update (which is upgrade + sync). This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable. Remember that complete lock resolution can be invoked with <code>pipenv lock</code> just as before. <code>[#6098](pypa/pipenv#6098) <https://github.com/pypa/pipenv/issues/6098></code>_</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix a bug that passes pipenv check command if Pipfile.lock not exist <code>[#6126](pypa/pipenv#6126) <https://github.com/pypa/pipenv/issues/6126></code>_</li> <li>Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one <code>[#6136](pypa/pipenv#6136) <https://github.com/pypa/pipenv/issues/6136></code>_</li> <li><code>pipenv</code> converts off <code>pkg_resources</code> API usages. This necessitated also vendoring in: <ul> <li>latest <code>pipdeptree==2.18.1</code> which also converted off <code>pkg_resources</code></li> <li><code>importlib-metadata==7.1.0</code> to continue supporting python 3.8 and 3.9</li> <li><code>packaging==24.0</code> since the packaging we were utilizing in pip's <em>vendor was insufficient for this conversion. <code>[#6139](pypa/pipenv#6139) <https://github.com/pypa/pipenv/issues/6139></code></em></li> </ul> </li> <li>Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, `_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Vendor in <code>pip==24.0</code> <code>[#6117](pypa/pipenv#6117) <https://github.com/pypa/pipenv/issues/6117></code>_</li> <li>Spring 2024 Vendoring includes: <ul> <li><code>click-didyoumean==0.3.1</code></li> <li><code>expect==4.9.0</code></li> <li><code>pipdeptree==2.16.2</code></li> <li><code>python-dotenv==1.0.1</code></li> <li><code>ruamel.yaml==0.18.6</code></li> <li><code>shellingham==1.5.4</code></li> <li><code>tomlkit==0.12.4</code> <code>[#6118](pypa/pipenv#6118) <https://github.com/pypa/pipenv/issues/6118></code>_</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/0618fab5f40a599335f0c363abaaa882bf33dd29"><code>0618fab</code></a> Prepare actually for 2024.0.0 release after peer feedback.</li> <li><a href="https://github.com/pypa/pipenv/commit/fd763515d09ae4d0e19b50477f0ffd8d8506e74d"><code>fd76351</code></a> Release v2024.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/878d7c45dba0a9ec6a2653a2c55d6cd908868981"><code>878d7c4</code></a> Bumped version to 2024.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/a84ecd351d1bd558ffdd4c023bcf79e5f4d4d348"><code>a84ecd3</code></a> Release v3000.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/0cee88e9633d80f9d9c8b6d1a3174d24010d305f"><code>0cee88e</code></a> Bumped version to 3000.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/2c04a632ad08f85cdf8224af782235423fe60d4e"><code>2c04a63</code></a> Remove secho from pipenv.utils.shell</li> <li><a href="https://github.com/pypa/pipenv/commit/6abb08cd9a6702912c25a374338b25469517a931"><code>6abb08c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6164">#6164</a> from sanspareilsmyn/handle-unspecified-python-version</li> <li><a href="https://github.com/pypa/pipenv/commit/66eef03cccc0901e830561ea45e97307adac95fa"><code>66eef03</code></a> Supply the extra pip args in the resolver. (<a href="https://redirect.github.com/pypa/pipenv/issues/6006">#6006</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/09799120a0fd201976653ec92d5798f21fadac10"><code>0979912</code></a> pipenv 3000 install (behavioral refactor) (<a href="https://redirect.github.com/pypa/pipenv/issues/6098">#6098</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/a1fe8d7c40eb3decb667ecb14f7ef584d7bffe55"><code>a1fe8d7</code></a> Apply feedbacks</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.12.1&new-version=2024.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.12.1 to 2024.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2024.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update plette to version 2.1.0 by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6174">pypa/pipenv#6174</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2024.0.0...v2024.0.1">https://github.com/pypa/pipenv/compare/v2024.0.0...v2024.0.1</a></p> <h2>Release v2024.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update CONTRIBUTING.md by <a href="https://github.com/PzaThief"><code>@PzaThief</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li>Check for name attribute in source parameter. by <a href="https://github.com/jralls"><code>@jralls</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li>Smarter uninstall by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6029">pypa/pipenv#6029</a></li> <li>Use fancy mode for pwsh on *nix (draft) by <a href="https://github.com/samcarswell"><code>@samcarswell</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li>Vendor in Pip 24.0 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6117">pypa/pipenv#6117</a></li> <li>Update index.md by <a href="https://github.com/mierzejk"><code>@mierzejk</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li>Spring 2024 vendoring by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6118">pypa/pipenv#6118</a></li> <li>Add nested vcs dependency subdirectory when locking to Pipfile.lock (Fix <a href="https://redirect.github.com/pypa/pipenv/issues/6120">#6120</a>) by <a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li>pipenv upgrade invoke -d by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6138">pypa/pipenv#6138</a></li> <li>Bump plette take 2 by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6134">pypa/pipenv#6134</a></li> <li>Convert off pkg resources by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6139">pypa/pipenv#6139</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6126">#6126</a>): add lockfile_path presence in pipenv check command by <a href="https://github.com/nitintecg"><code>@nitintecg</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li>debugging weird CI failures by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6143">pypa/pipenv#6143</a></li> <li>apply ruff fixes by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6145">pypa/pipenv#6145</a></li> <li>docs update for <code>scripts</code> section and other small changes by <a href="https://github.com/sss-ng"><code>@sss-ng</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li>Add --from-pipfile subcommand to <code>pipenv requirements</code> by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li>Bump jinja2 from 3.1.3 to 3.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6150">pypa/pipenv#6150</a></li> <li>Bump requests from 2.31.0 to 2.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6157">pypa/pipenv#6157</a></li> <li>Fix windows CI for 3.8 and the outdated command that was refactored to remove pkg_resources. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6146">pypa/pipenv#6146</a></li> <li>pipenv 2024 install (behavioral refactor) by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6098">pypa/pipenv#6098</a></li> <li>Supply the extra pip args in the resolver. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6006">pypa/pipenv#6006</a></li> <li>Handle unsupported python versioning on Pipfile by <a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6164">pypa/pipenv#6164</a></li> <li>Remove secho from pipenv.utils.shell by <a href="https://github.com/aidencullo"><code>@aidencullo</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/PzaThief"><code>@PzaThief</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6084">pypa/pipenv#6084</a></li> <li><a href="https://github.com/jralls"><code>@jralls</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6114">pypa/pipenv#6114</a></li> <li><a href="https://github.com/samcarswell"><code>@samcarswell</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6108">pypa/pipenv#6108</a></li> <li><a href="https://github.com/mierzejk"><code>@mierzejk</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6129">pypa/pipenv#6129</a></li> <li><a href="https://github.com/AlexandreArpin"><code>@AlexandreArpin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6136">pypa/pipenv#6136</a></li> <li><a href="https://github.com/nitintecg"><code>@nitintecg</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6135">pypa/pipenv#6135</a></li> <li><a href="https://github.com/sss-ng"><code>@sss-ng</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6152">pypa/pipenv#6152</a></li> <li><a href="https://github.com/sanspareilsmyn"><code>@sanspareilsmyn</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6156">pypa/pipenv#6156</a></li> <li><a href="https://github.com/aidencullo"><code>@aidencullo</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6170">pypa/pipenv#6170</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0">https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2024.0.1 (2024-06-11)</h1> <h1>Pipenv 2024.0.1 (2024-06-11)</h1> <p>No significant changes.</p> <h1>2024.0.0 (2024-06-06)</h1> <h1>Pipenv 2024.0.0 (2024-06-06)</h1> <h2>Features & Improvements</h2> <ul> <li>Supply any <code>--extra-pip-args</code> also in the resolver steps. <code>[#6006](pypa/pipenv#6006) <https://github.com/pypa/pipenv/issues/6006></code>_</li> <li>The <code>uninstall</code> command now does the inverse of <code>upgrade</code> which means it no longer invokes a full <code>lock</code> cycle which was problematic for projects with many dependencies. <code>[#6029](pypa/pipenv#6029) <https://github.com/pypa/pipenv/issues/6029></code>_</li> <li>The <code>pipenv requirements</code> subcommand now supports the <code>--from-pipfile</code> flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages. <code>[#6156](pypa/pipenv#6156) <https://github.com/pypa/pipenv/issues/6156></code>_</li> </ul> <h2>Behavior Changes</h2> <ul> <li><code>pipenv==3000.0.0</code> denotes the first major release of our semver strategy. As much requested, the <code>install</code> no longer does a complete lock operation. Instead <code>install</code> follows the same code path as pipenv update (which is upgrade + sync). This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable. Remember that complete lock resolution can be invoked with <code>pipenv lock</code> just as before. <code>[#6098](pypa/pipenv#6098) <https://github.com/pypa/pipenv/issues/6098></code>_</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix a bug that passes pipenv check command if Pipfile.lock not exist <code>[#6126](pypa/pipenv#6126) <https://github.com/pypa/pipenv/issues/6126></code>_</li> <li>Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one <code>[#6136](pypa/pipenv#6136) <https://github.com/pypa/pipenv/issues/6136></code>_</li> <li><code>pipenv</code> converts off <code>pkg_resources</code> API usages. This necessitated also vendoring in: <ul> <li>latest <code>pipdeptree==2.18.1</code> which also converted off <code>pkg_resources</code></li> <li><code>importlib-metadata==7.1.0</code> to continue supporting python 3.8 and 3.9</li> <li><code>packaging==24.0</code> since the packaging we were utilizing in pip's <em>vendor was insufficient for this conversion. <code>[#6139](pypa/pipenv#6139) <https://github.com/pypa/pipenv/issues/6139></code></em></li> </ul> </li> <li>Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, `_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Vendor in <code>pip==24.0</code> <code>[#6117](pypa/pipenv#6117) <https://github.com/pypa/pipenv/issues/6117></code>_</li> <li>Spring 2024 Vendoring includes: <ul> <li><code>click-didyoumean==0.3.1</code></li> <li><code>expect==4.9.0</code></li> <li><code>pipdeptree==2.16.2</code></li> <li><code>python-dotenv==1.0.1</code></li> <li><code>ruamel.yaml==0.18.6</code></li> </ul> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/7493d181b2ede1bf5820189c128020d156cb51f2"><code>7493d18</code></a> Release v2024.0.1</li> <li><a href="https://github.com/pypa/pipenv/commit/cf9a336e685ba9d9483e6d9990fc15f0b827e404"><code>cf9a336</code></a> Bumped version to 2024.0.1.</li> <li><a href="https://github.com/pypa/pipenv/commit/52f7b09ad1dd923566b37b9b5777228ce135f653"><code>52f7b09</code></a> Update plette to version 2.1.0</li> <li><a href="https://github.com/pypa/pipenv/commit/0618fab5f40a599335f0c363abaaa882bf33dd29"><code>0618fab</code></a> Prepare actually for 2024.0.0 release after peer feedback.</li> <li><a href="https://github.com/pypa/pipenv/commit/fd763515d09ae4d0e19b50477f0ffd8d8506e74d"><code>fd76351</code></a> Release v2024.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/878d7c45dba0a9ec6a2653a2c55d6cd908868981"><code>878d7c4</code></a> Bumped version to 2024.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/a84ecd351d1bd558ffdd4c023bcf79e5f4d4d348"><code>a84ecd3</code></a> Release v3000.0.0</li> <li><a href="https://github.com/pypa/pipenv/commit/0cee88e9633d80f9d9c8b6d1a3174d24010d305f"><code>0cee88e</code></a> Bumped version to 3000.0.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/2c04a632ad08f85cdf8224af782235423fe60d4e"><code>2c04a63</code></a> Remove secho from pipenv.utils.shell</li> <li><a href="https://github.com/pypa/pipenv/commit/6abb08cd9a6702912c25a374338b25469517a931"><code>6abb08c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6164">#6164</a> from sanspareilsmyn/handle-unspecified-python-version</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.12.1...v2024.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.12.1&new-version=2024.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

matteius added 4 commits April 23, 2024 22:07

Begin conversion off pkg_resources

ec495ad

prepapre to vendor in latest pipdeptree

57dfac4

Vendor in latest pipdeptree to solve some of the pkg_resources conver…

201bbb8

…sion errors.

Convert outdated off pkg_resource to importlib.metadata.

184683c

matteius force-pushed the convert-off-pkg_resources branch from 5de1df4 to 184683c Compare April 24, 2024 03:19

matteius added 3 commits April 23, 2024 23:39

According to https://discuss.python.org/t/module-importlib-has-no-att…

e2be6e0

…ribute-metadata/20947/10 I should remvoe this import.

According to pip docstring it will use pkg_resources on < python 3.11…

8197b24

… but can be forced with this env var.

According to pip docstring it will use pkg_resources on < python 3.11…

82f6d3a

… but can be forced with this env var.

matteius force-pushed the convert-off-pkg_resources branch from 9c92bd1 to 82f6d3a Compare April 24, 2024 04:17

matteius added 9 commits April 24, 2024 00:20

Try upgrading the setup-python actions

fbfe3b2

Prepare to vendor in importlib-metadata

5b7fd46

vendor in importlib-metadata

bd0d3ec

Use the vendored importlib-metadata

9a4d0bd

Require zipp for the importlib_metadata vendoring

6000157

Require zipp for the importlib_metadata vendoring

fafc88c

prepare to vendor in zipp since the CI isolates this from the actual …

5642198

…env where zipp got installed

vendor in zipp since the CI isolates this from the actual env where z…

6d49721

…ipp got installed

Go with the version of importlib-metadata that targets the 3.11 sdlib

db438fa

matteius force-pushed the convert-off-pkg_resources branch from cabcd9b to 1b13cd7 Compare April 24, 2024 05:27

4.x had the same issue with python 3.8; until we drop it we may have …

b3ad3b2

…to patch importlib-metadata version that we vendor.

matteius force-pushed the convert-off-pkg_resources branch from 172d281 to b3ad3b2 Compare April 24, 2024 05:42

matteius added 9 commits April 24, 2024 01:48

attempt to account for is_relative_to not available in py3.8

cbd6eaf

attempt to account for is_relative_to not available in py3.8

33261cc

pip's packaging version is behind what we need to work with pipdeptree

c744826

pip's packaging version is behind what we need to work with pipdeptree

69d2a84

Add back patch I removed (unmodified)

fdbef70

modify patch for new version of pipdeptree

d4fd81c

modify patch for new version of pipdeptree

f420a3d

modify patch for new version of pipdeptree

6347651

Verify patch works now with revendoring

95d8ca9

matteius added 7 commits April 24, 2024 02:25

add branch for 3.8 until we can drop support for it

febcec9

Adjust conditional and add news fragment

96c579c

Correction

aacf718

Deduplicate code

381f4d7

and safety is dependent on the pip's packaging version (for now).

f180600

Correction

acc8d16

Handle inconsistency in graph output in this test for time being

c11548d

matteius requested a review from oz123 April 24, 2024 07:00

oz123 reviewed Apr 24, 2024

View reviewed changes

pipenv/vendor/vendor.txt Show resolved Hide resolved

pipenv/vendor/vendor.txt Outdated Show resolved Hide resolved

matteius added 4 commits April 24, 2024 09:39

PR Feedback

65cf571

Fix our remaining usages (yes I found more)

207d596

Skip this test on windows 3.8 -- 3.8 will be dropped end of the year …

9c9a965

…anyway.

Try to narrow down this test failure

c4475fb

matteius force-pushed the convert-off-pkg_resources branch from ee54164 to c4475fb Compare April 25, 2024 01:14

Try check-latest

5781464

Merge branch 'main' into convert-off-pkg_resources

4fcb2c3

matteius merged commit b1c14a2 into main Apr 27, 2024
3 of 19 checks passed

matteius deleted the convert-off-pkg_resources branch April 27, 2024 00:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Convert off pkg resources #6139

Convert off pkg resources #6139

matteius commented Apr 24, 2024 •

edited

Loading

oz123 commented Apr 25, 2024

oz123 commented Apr 25, 2024

Convert off pkg resources #6139

Convert off pkg resources #6139

Conversation

matteius commented Apr 24, 2024 • edited Loading

The issue

The fix

The checklist

oz123 commented Apr 25, 2024

oz123 commented Apr 25, 2024

matteius commented Apr 24, 2024 •

edited

Loading