-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vendor latest tomlkit #6024
Vendor latest tomlkit #6024
Conversation
Oops, bad autoclose. Just taking the chance to note that Dependabot is now running this patch. If we find any issues with this upgrade, we'll report them here 👍. |
How was the vendored? The reason I asks is I don't see an update to the vendor.txt so next time we re-vendor something these changes would get overwritten. |
Hei! Thanks for your comment. I explained the process I follow to update the vendored dependency in the PR body:
Happy to get guidance on the correct way to do it, or just close this PR altogether and let you handle it, just let me know. By the way, we've been running the upgrade for a few days now. No related user reports so far and the error rates have dropped considerably, so the new version of tomlkit seems good 👍. |
I generated this patch with: ``` $ pip install -t . tomlkit==0.12.3 --upgrade $ rm -rf tomlkit-0.12.3.dist-info ``` from pipenv/vendor folder. Then seearch and replace "from tomlkit" with "from pipenv.vendor.tomlkit", and restore the LICENSE file that got removed for some reason.
e5aa64f
to
054df4d
Compare
I pushed an update to |
@deivid-rodriguez to be sure it has the right imports and everything, can you run Example:
|
If I run that on top of my patch, the command fails and generates an empty diff:
If I run that against the main branch, it also fails and generates a diff almost the same as my patch (except that it duplicates the entry in
I think that means my patch is correct! |
yeah, you would have to run |
Right, I did that and the |
Right! It seems to be complaining about a vulnerable pip 23.2.1, but pipenv vendors 23.3.1 so that should be fine? Maybe it's referring to the globally installed pip, in which case upgrading pip in the CI env would do the trick? |
Oh good point -- when I saw this late last night I assumed something related broke in the toml upgrade and not a new test failure. OK, we can address that separately. |
CI already has |
Thanks for merging! |
Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.11.15 to 2023.11.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2023.11.17</h2> <h2>What's Changed</h2> <ul> <li>Vendor latest tomlkit by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li>Chore: Resolve CI deprecation warnings by <a href="https://github.com/stumpylog"><code>@stumpylog</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>): Add additional installation method in README by <a href="https://github.com/y-vectorfield"><code>@y-vectorfield</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li> <li>Make <code>project.get_default_index()</code> populate a default name by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li> <li>Drop markupsafe - way too late for that by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li> <li>Fix for the safety test failure in the CI by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li> <li>Add markers to Pipfile when parsing requirements.txt by <a href="https://github.com/geonik-code"><code>@geonik-code</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li>Fixed a bug with locking packages with non canonical names by <a href="https://github.com/mangin"><code>@mangin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li>Bump jinja2 from 3.1.2 to 3.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li> <li>Vendor bump pipdeptree by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li> <li>updated readme by <a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> <li>Update release script to enforce semver going forward in 2024 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li> <li>Vendoring in pip-23.3.2 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li><a href="https://github.com/stumpylog"><code>@stumpylog</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li><a href="https://github.com/geonik-code"><code>@geonik-code</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li><a href="https://github.com/mangin"><code>@mangin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li><a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2023.11.17 (2024-01-21)</h1> <h1>Pipenv 2023.11.17 (2024-01-21)</h1> <h2>Bug Fixes</h2> <ul> <li>Add markers to Pipfile when parsing requirements.txt <code>[#6008](pypa/pipenv#6008) <https://github.com/pypa/pipenv/issues/6008></code>_</li> <li>Fix KeyError when using a source without a name in Pipfile <code>[#6021](pypa/pipenv#6021) <https://github.com/pypa/pipenv/issues/6021></code>_</li> <li>Fix a bug with locking projects that contains packages with non canonical names from private indexes <code>[#6056](pypa/pipenv#6056) <https://github.com/pypa/pipenv/issues/6056></code>_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Update vendored tomlkit to <code>0.12.3</code> <code>[#6024](pypa/pipenv#6024) <https://github.com/pypa/pipenv/issues/6024></code>_</li> <li>Bump version of pipdeptree to 0.13.2 <code>[#6055](pypa/pipenv#6055) <https://github.com/pypa/pipenv/issues/6055></code>_</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a> Release v2023.11.17</li> <li><a href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a> Bumped version to 2023.11.17.</li> <li><a href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a> upgrade sphinx due to release script bug</li> <li><a href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a> Vendoring in pip-23.3.2 (<a href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/0379507abb315a3da7dcee05a274b8e535d6b060"><code>0379507</code></a> Update release script to enforce semver going forward in 2024 (<a href="https://redirect.github.com/pypa/pipenv/issues/6052">#6052</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/eaca109fb39a934d240abdce6c2330c75047ae91"><code>eaca109</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6049">#6049</a> from Suprithvarma1/pipit</li> <li><a href="https://github.com/pypa/pipenv/commit/9217384411824cdc1857532bd42c251f1a4060ba"><code>9217384</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pipenv/issues/6055">#6055</a> from pypa/vendor-bump-pipdeptree</li> <li><a href="https://github.com/pypa/pipenv/commit/cdaaa3084809ed48a7e7f684838d25f77978a1a0"><code>cdaaa30</code></a> Bump jinja2 from 3.1.2 to 3.1.3</li> <li><a href="https://github.com/pypa/pipenv/commit/463d9c8999caa75ec13d5187073d3cbf39345d97"><code>463d9c8</code></a> built index mapping using canonical package names instead of raw package names</li> <li><a href="https://github.com/pypa/pipenv/commit/dc261212c845d3f5e33b472ba11008b07cb8ea19"><code>dc26121</code></a> fixed a bug with locking packages with uncanonical names</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.11.15&new-version=2023.11.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the non-major-dependencies group with 1 update: [pipenv](https://github.com/pypa/pipenv). Updates `pipenv` from 2023.2.18 to 2023.12.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/releases">pipenv's releases</a>.</em></p> <blockquote> <h2>Release v2023.12.0</h2> <h2>What's Changed</h2> <ul> <li>NOTE: this is our second semver release with a plan to release major version 3000 later this winter/Spring.</li> <li>Convert from pydantic to vanilla dataclasses (includes pythonfinder 2.1.0) by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6065">pypa/pipenv#6065</a></li> <li>Remove forcing CI code path to use nt shell code path by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6072">pypa/pipenv#6072</a></li> <li>Only editable entry should trigger editable installs by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6069">pypa/pipenv#6069</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0">https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0</a></p> <h2>Release v2023.11.17</h2> <h2>What's Changed</h2> <ul> <li>Vendor latest tomlkit by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li>Chore: Resolve CI deprecation warnings by <a href="https://github.com/stumpylog"><code>@stumpylog</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li>Fix the issue(<a href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>): Add additional installation method in README by <a href="https://github.com/y-vectorfield"><code>@y-vectorfield</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li> <li>Make <code>project.get_default_index()</code> populate a default name by <a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li> <li>Drop markupsafe - way too late for that by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li> <li>Fix for the safety test failure in the CI by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li> <li>Add markers to Pipfile when parsing requirements.txt by <a href="https://github.com/geonik-code"><code>@geonik-code</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li>Fixed a bug with locking packages with non canonical names by <a href="https://github.com/mangin"><code>@mangin</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li>Bump jinja2 from 3.1.2 to 3.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li> <li>Vendor bump pipdeptree by <a href="https://github.com/oz123"><code>@oz123</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li> <li>updated readme by <a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> <li>Update release script to enforce semver going forward in 2024 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li> <li>Vendoring in pip-23.3.2 by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li> <li><a href="https://github.com/stumpylog"><code>@stumpylog</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li> <li><a href="https://github.com/geonik-code"><code>@geonik-code</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li> <li><a href="https://github.com/mangin"><code>@mangin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li> <li><a href="https://github.com/Suprithvarma1"><code>@Suprithvarma1</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p> <h2>Release v2023.11.15</h2> <h2>What's Changed</h2> <ul> <li>Treat all return paths of this method as strings by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6017">pypa/pipenv#6017</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15">https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15</a></p> <h2>Release v2023.11.14</h2> <h2>What's Changed</h2> <ul> <li>Restore this code that should prevent the string has no attribute update bug. by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6007">pypa/pipenv#6007</a></li> <li>Pass through pipfile index urls when creating https session so that keyring fully works by <a href="https://github.com/mungojam"><code>@mungojam</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/5994">pypa/pipenv#5994</a></li> <li>Fix issue-6011 direct file url path by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6012">pypa/pipenv#6012</a></li> <li>Ignore existing venv dir when PIPENV_VENV_IN_PROJECT is false by <a href="https://github.com/arnaud-dezandee"><code>@arnaud-dezandee</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/6009">pypa/pipenv#6009</a></li> <li>Assume that vcs and direct URL installs need to be reinstalled by <a href="https://github.com/matteius"><code>@matteius</code></a> in <a href="https://redirect.github.com/pypa/pipenv/pull/5936">pypa/pipenv#5936</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's changelog</a>.</em></p> <blockquote> <h1>2023.12.0 (2024-02-01)</h1> <h1>Pipenv 2023.12.0 (2024-02-01)</h1> <h2>Bug Fixes</h2> <ul> <li>Removal of pydantic from pythonfinder and pipenv; reduced complexity of pythonfinder pathlib usage (avoid posix conversions). <code>[#6065](pypa/pipenv#6065) <https://github.com/pypa/pipenv/issues/6065></code>_</li> <li>Adjusted logic which assumed any file, path or VCS install should be considered editable. Instead relies on the user specified editable flag to mark requirement as editable install. <code>[#6069](pypa/pipenv#6069) <https://github.com/pypa/pipenv/issues/6069></code>_</li> <li>Remove logic that treats <code>CI</code> variable to use <code>do_run_nt</code> shell logic, as the original reasons for that patch were no longer valid. <code>[#6072](pypa/pipenv#6072) <https://github.com/pypa/pipenv/issues/6072></code>_ 2023.11.17 (2024-01-21) ======================= Pipenv 2023.11.17 (2024-01-21) ==============================</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Add markers to Pipfile when parsing requirements.txt <code>[#6008](pypa/pipenv#6008) <https://github.com/pypa/pipenv/issues/6008></code>_</li> <li>Fix KeyError when using a source without a name in Pipfile <code>[#6021](pypa/pipenv#6021) <https://github.com/pypa/pipenv/issues/6021></code>_</li> <li>Fix a bug with locking projects that contains packages with non canonical names from private indexes <code>[#6056](pypa/pipenv#6056) <https://github.com/pypa/pipenv/issues/6056></code>_</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Update vendored tomlkit to <code>0.12.3</code> <code>[#6024](pypa/pipenv#6024) <https://github.com/pypa/pipenv/issues/6024></code>_</li> <li>Bump version of pipdeptree to 0.13.2 <code>[#6055](pypa/pipenv#6055) <https://github.com/pypa/pipenv/issues/6055></code>_ 2023.11.15 (2023-11-15) ======================= Pipenv 2023.11.15 (2023-11-15) ==============================</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix regression with path installs on most recent release <code>2023.11.14</code> <code>[#6017](pypa/pipenv#6017) <https://github.com/pypa/pipenv/issues/6017></code>_</li> </ul> <h1>2023.11.14 (2023-11-14)</h1> <h1>Pipenv 2023.11.14 (2023-11-14)</h1> <h2>Behavior Changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pipenv/commit/d4483dd2a3cd55c45de2e3d5ca98094c67b64af3"><code>d4483dd</code></a> Release v2023.12.0</li> <li><a href="https://github.com/pypa/pipenv/commit/e26edd59a6f8486cf24038b248eeb65f9d9147f9"><code>e26edd5</code></a> Bumped version to 2023.12.0.</li> <li><a href="https://github.com/pypa/pipenv/commit/23dbe27544ed159b9ab3b5b988439dd08483ef3c"><code>23dbe27</code></a> Only editable entry should trigger editable installs (<a href="https://redirect.github.com/pypa/pipenv/issues/6069">#6069</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/15149f0091c757689249aee04a6afc87895289a3"><code>15149f0</code></a> Remove forcing CI code path to use nt shell code path (<a href="https://redirect.github.com/pypa/pipenv/issues/6072">#6072</a>)</li> <li><a href="https://github.com/pypa/pipenv/commit/95df3fd6495544eed7835fbf677069d401d3ed9d"><code>95df3fd</code></a> Convert from pydantic to vanilla dataclasses (includes pythonfinder 2.1.0) (#...</li> <li><a href="https://github.com/pypa/pipenv/commit/2bd7eab65e3644ac44a1dda2809fa6e9e046b286"><code>2bd7eab</code></a> Fix release CI step for next release</li> <li><a href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a> Release v2023.11.17</li> <li><a href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a> Bumped version to 2023.11.17.</li> <li><a href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a> upgrade sphinx due to release script bug</li> <li><a href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a> Vendoring in pip-23.3.2 (<a href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pipenv/compare/v2023.2.18...v2023.12.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.2.18&new-version=2023.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The issue
We've been getting reports in Dependabot about Dependabot failing to run pipenv with the following error:
That sounds like the following issue in tomlkit: python-poetry/tomlkit#313.
The fix for that got released as tomlkit 0.12.3.
This is why we'd like an update of the vendored tomlkit version.
The fix
The fix is to bump vendored tomlkit to 0.12.3.
I generated this patch with:
from pipenv/vendor folder.
Then seearch and replace
from tomlkit
withfrom pipenv.vendor.tomlkit
, and restore the LICENSE file that got removed for some reason.The checklist
news/
directory to describe this fix with the extension.bugfix.rst
,.feature.rst
,.behavior.rst
,.doc.rst
..vendor.rst
. or.trivial.rst
(this will appear in the release changelog). Use semantic line breaks and name the file after the issue number or the PR #.NOTE: I'm sorry for submitting a patch to update a vendor directory, I only read the note about patches to
vendor
directory after I had written the PR and the PR body.I'm going to still create the PR because:
I don't think this applies to the first note about raising issues to the upstream project instead, because this is already fixed and released upstream
I'm going to tentatively tag "preventing pipenv from crashing" as a good reason. We're getting quite a lot of internal errors that I believe are linked to this problem.
If this is still not a good idea, I apologize and I'll refrain from future similar patches.