Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vendor latest tomlkit #6024

Merged
merged 1 commit into from
Dec 1, 2023
Merged

Conversation

deivid-rodriguez
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez commented Nov 22, 2023

The issue

We've been getting reports in Dependabot about Dependabot failing to run pipenv with the following error:

AttributeError: 'Null' object has no attribute '_trivia'. Did you mean: 'trivia'?

That sounds like the following issue in tomlkit: python-poetry/tomlkit#313.

The fix for that got released as tomlkit 0.12.3.

This is why we'd like an update of the vendored tomlkit version.

The fix

The fix is to bump vendored tomlkit to 0.12.3.

I generated this patch with:

$ pip install -t . tomlkit==0.12.3 --upgrade
$ rm -rf tomlkit-0.12.3.dist-info

from pipenv/vendor folder.

Then seearch and replace from tomlkit with from pipenv.vendor.tomlkit, and restore the LICENSE file that got removed for some reason.

The checklist

  • Associated issue
  • A news fragment in the news/ directory to describe this fix with the extension .bugfix.rst, .feature.rst, .behavior.rst, .doc.rst. .vendor.rst. or .trivial.rst (this will appear in the release changelog). Use semantic line breaks and name the file after the issue number or the PR #.

NOTE: I'm sorry for submitting a patch to update a vendor directory, I only read the note about patches to vendor directory after I had written the PR and the PR body.

I'm going to still create the PR because:

  • I don't think this applies to the first note about raising issues to the upstream project instead, because this is already fixed and released upstream

  • I'm going to tentatively tag "preventing pipenv from crashing" as a good reason. We're getting quite a lot of internal errors that I believe are linked to this problem.

If this is still not a good idea, I apologize and I'll refrain from future similar patches.

@deivid-rodriguez
Copy link
Contributor Author

Oops, bad autoclose.

Just taking the chance to note that Dependabot is now running this patch. If we find any issues with this upgrade, we'll report them here 👍.

@matteius
Copy link
Member

matteius commented Dec 1, 2023

How was the vendored? The reason I asks is I don't see an update to the vendor.txt so next time we re-vendor something these changes would get overwritten.

@deivid-rodriguez
Copy link
Contributor Author

Hei! Thanks for your comment. I explained the process I follow to update the vendored dependency in the PR body:

I generated this patch with:

$ pip install -t . tomlkit==0.12.3 --upgrade
$ rm -rf tomlkit-0.12.3.dist-info

from pipenv/vendor folder.

Then seearch and replace from tomlkit with from pipenv.vendor.tomlkit, and restore the > LICENSE file that got removed for some reason.

Happy to get guidance on the correct way to do it, or just close this PR altogether and let you handle it, just let me know.

By the way, we've been running the upgrade for a few days now. No related user reports so far and the error rates have dropped considerably, so the new version of tomlkit seems good 👍.

I generated this patch with:

```
$ pip install -t . tomlkit==0.12.3 --upgrade
$ rm -rf tomlkit-0.12.3.dist-info
```

from pipenv/vendor folder.

Then seearch and replace "from tomlkit" with "from
pipenv.vendor.tomlkit", and restore the LICENSE file that got removed
for some reason.
@deivid-rodriguez
Copy link
Contributor Author

I pushed an update to vendor.txt in case that's the only thing I was missing.

@matteius
Copy link
Member

matteius commented Dec 1, 2023

@deivid-rodriguez to be sure it has the right imports and everything, can you run invoke vendoring.update --package="tomlkit==0.12.3"?

Example:

pipenv) matteius@matteius-VirtualBox:~/pipenv$ invoke vendoring.update --package="tomlkit==0.12.3"
[vendoring.update] Using vendor dir: /home/matteius/pipenv/pipenv/vendor
[vendoring.update] Reinstalling vendored libraries
[vendoring.update] Using requirements file: -r /home/matteius/pipenv/pipenv/vendor/vendor.txt
[vendoring.update] using requirements file: /home/matteius/pipenv/pipenv/vendor/vendor.txt
[vendoring.update] Matched req: 'tomlkit==0.12.3'
Collecting tomlkit==0.12.3
  Downloading tomlkit-0.12.3-py3-none-any.whl.metadata (2.7 kB)
Downloading tomlkit-0.12.3-py3-none-any.whl (37 kB)
Installing collected packages: tomlkit
Successfully installed tomlkit-0.12.3
[vendoring.update] Running post-install cleanup...
[vendoring.update] Removing unused modules and files ...
[vendoring.update] Detected vendored libraries: safety, markupsafe, ruamel, tomli, tomlkit, click, dparse, shellingham, pexpect, colorama, pydantic, ptyprocess, dotenv, plette, pythonfinder, click_didyoumean, pipdeptree, pip, requests, packaging, pkg_resources, pyparsing, ruamel.yaml, urllib3
[vendoring.update] Applying pre-patches...
[vendoring.update] Removing scandir library files...
[vendoring.update] Renaming specified libs...
[vendoring.update] Rewriting imports for /home/matteius/pipenv/pipenv/vendor/tomlkit...
[vendoring.update] Downloading licenses
[vendoring.update] ['tomlkit==0.12.3']
Collecting flit
  Downloading flit-3.9.0-py3-none-any.whl.metadata (3.7 kB)
Collecting flit_core>=3.9.0 (from flit)
  Downloading flit_core-3.9.0-py3-none-any.whl.metadata (822 bytes)
Requirement already satisfied: requests in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from flit) (2.31.0)
Requirement already satisfied: docutils in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from flit) (0.17.1)
Collecting tomli-w (from flit)
  Downloading tomli_w-1.0.0-py3-none-any.whl (6.0 kB)
Requirement already satisfied: charset-normalizer<4,>=2 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests->flit) (3.3.0)
Requirement already satisfied: idna<4,>=2.5 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests->flit) (3.4)
Requirement already satisfied: urllib3<3,>=1.21.1 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests->flit) (2.0.7)
Requirement already satisfied: certifi>=2017.4.17 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests->flit) (2023.7.22)
Downloading flit-3.9.0-py3-none-any.whl (49 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 49.9/49.9 kB 866.1 kB/s eta 0:00:00
Downloading flit_core-3.9.0-py3-none-any.whl (63 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 63.1/63.1 kB 2.6 MB/s eta 0:00:00
Installing collected packages: tomli-w, flit_core, flit
Successfully installed flit-3.9.0 flit_core-3.9.0 tomli-w-1.0.0
Collecting tomlkit==0.12.3
  Downloading tomlkit-0.12.3.tar.gz (190 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 191.0/191.0 kB 1.8 MB/s eta 0:00:00
  Preparing metadata (pyproject.toml): started
  Preparing metadata (pyproject.toml): finished with status 'done'
ERROR: Exception:
Traceback (most recent call last):
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/cli/base_command.py", line 180, in exc_logging_wrapper
    status = run_func(*args)
             ^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/cli/req_command.py", line 245, in wrapper
    return func(self, options, args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/commands/download.py", line 132, in run
    requirement_set = resolver.resolve(reqs, check_supported_wheels=True)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 95, in resolve
    result = self._result = resolver.resolve(
                            ^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/resolvelib/resolvers.py", line 546, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/resolvelib/resolvers.py", line 397, in resolve
    self._add_to_criteria(self.state.criteria, r, parent=None)
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/resolvelib/resolvers.py", line 173, in _add_to_criteria
    if not criterion.candidates:
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/resolvelib/structs.py", line 156, in __bool__
    return bool(self._sequence)
           ^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 155, in __bool__
    return any(self)
           ^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 143, in <genexpr>
    return (c for c in iterator if id(c) not in self._incompatible_ids)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 47, in _iter_built
    candidate = func()
                ^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 211, in _make_candidate_from_link
    self._link_candidate_cache[link] = LinkCandidate(
                                       ^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 293, in __init__
    super().__init__(
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 156, in __init__
    self.dist = self._prepare()
                ^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 225, in _prepare
    dist = self._prepare_distribution()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 304, in _prepare_distribution
    return preparer.prepare_linked_requirement(self._ireq, parallel_builds=True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/operations/prepare.py", line 525, in prepare_linked_requirement
    return self._prepare_linked_requirement(req, parallel_builds)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/operations/prepare.py", line 640, in _prepare_linked_requirement
    dist = _get_prepared_distribution(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/operations/prepare.py", line 71, in _get_prepared_distribution
    abstract_dist.prepare_distribution_metadata(
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/distributions/sdist.py", line 67, in prepare_distribution_metadata
    self.req.prepare_metadata()
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/req/req_install.py", line 577, in prepare_metadata
    self.metadata_directory = generate_metadata(
                              ^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/operations/build/metadata.py", line 35, in generate_metadata
    distinfo_dir = backend.prepare_metadata_for_build_wheel(metadata_dir)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_internal/utils/misc.py", line 772, in prepare_metadata_for_build_wheel
    return super().prepare_metadata_for_build_wheel(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/pyproject_hooks/_impl.py", line 186, in prepare_metadata_for_build_wheel
    return self._call_hook('prepare_metadata_for_build_wheel', {
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/pyproject_hooks/_impl.py", line 321, in _call_hook
    raise BackendUnavailable(data.get('traceback', ''))
pip._vendor.pyproject_hooks._impl.BackendUnavailable: Traceback (most recent call last):
  File "/home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 77, in _build_backend
    obj = import_module(mod_path)
          ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1126, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1126, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1126, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1140, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'poetry'

Collecting poetry
  Downloading poetry-1.7.1-py3-none-any.whl.metadata (6.8 kB)
Requirement already satisfied: build<2.0.0,>=1.0.3 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (1.0.3)
Collecting cachecontrol<0.14.0,>=0.13.0 (from cachecontrol[filecache]<0.14.0,>=0.13.0->poetry)
  Downloading cachecontrol-0.13.1-py3-none-any.whl.metadata (3.0 kB)
Collecting cleo<3.0.0,>=2.1.0 (from poetry)
  Downloading cleo-2.1.0-py3-none-any.whl.metadata (12 kB)
Collecting crashtest<0.5.0,>=0.4.1 (from poetry)
  Downloading crashtest-0.4.1-py3-none-any.whl (7.6 kB)
Collecting dulwich<0.22.0,>=0.21.2 (from poetry)
  Downloading dulwich-0.21.6-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (4.3 kB)
Collecting fastjsonschema<3.0.0,>=2.18.0 (from poetry)
  Using cached fastjsonschema-2.19.0-py3-none-any.whl.metadata (2.0 kB)
Collecting installer<0.8.0,>=0.7.0 (from poetry)
  Downloading installer-0.7.0-py3-none-any.whl (453 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 453.8/453.8 kB 3.2 MB/s eta 0:00:00
Requirement already satisfied: keyring<25.0.0,>=24.0.0 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (24.2.0)
Requirement already satisfied: packaging>=20.5 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (23.2)
Collecting pexpect<5.0.0,>=4.7.0 (from poetry)
  Downloading pexpect-4.9.0-py2.py3-none-any.whl.metadata (2.5 kB)
Requirement already satisfied: pkginfo<2.0.0,>=1.9.4 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (1.9.6)
Requirement already satisfied: platformdirs<4.0.0,>=3.0.0 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (3.11.0)
Collecting poetry-core==1.8.1 (from poetry)
  Using cached poetry_core-1.8.1-py3-none-any.whl.metadata (3.5 kB)
Collecting poetry-plugin-export<2.0.0,>=1.6.0 (from poetry)
  Downloading poetry_plugin_export-1.6.0-py3-none-any.whl.metadata (2.8 kB)
Requirement already satisfied: pyproject-hooks<2.0.0,>=1.0.0 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (1.0.0)
Requirement already satisfied: requests<3.0,>=2.26 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (2.31.0)
Requirement already satisfied: requests-toolbelt<2,>=0.9.1 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (1.0.0)
Collecting shellingham<2.0,>=1.5 (from poetry)
  Downloading shellingham-1.5.4-py2.py3-none-any.whl.metadata (3.5 kB)
Collecting tomlkit<1.0.0,>=0.11.4 (from poetry)
  Using cached tomlkit-0.12.3-py3-none-any.whl.metadata (2.7 kB)
Collecting trove-classifiers>=2022.5.19 (from poetry)
  Downloading trove_classifiers-2023.11.29-py3-none-any.whl.metadata (2.2 kB)
Requirement already satisfied: virtualenv<21.0.0,>=20.23.0 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from poetry) (20.24.5)
Collecting msgpack>=0.5.2 (from cachecontrol<0.14.0,>=0.13.0->cachecontrol[filecache]<0.14.0,>=0.13.0->poetry)
  Downloading msgpack-1.0.7-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (9.1 kB)
Requirement already satisfied: filelock>=3.8.0 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from cachecontrol[filecache]<0.14.0,>=0.13.0->poetry) (3.12.4)
Collecting rapidfuzz<4.0.0,>=3.0.0 (from cleo<3.0.0,>=2.1.0->poetry)
  Downloading rapidfuzz-3.5.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (11 kB)
Requirement already satisfied: urllib3>=1.25 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from dulwich<0.22.0,>=0.21.2->poetry) (2.0.7)
Requirement already satisfied: jaraco.classes in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from keyring<25.0.0,>=24.0.0->poetry) (3.3.0)
Requirement already satisfied: importlib-metadata>=4.11.4 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from keyring<25.0.0,>=24.0.0->poetry) (6.8.0)
Collecting SecretStorage>=3.2 (from keyring<25.0.0,>=24.0.0->poetry)
  Downloading SecretStorage-3.3.3-py3-none-any.whl (15 kB)
Collecting jeepney>=0.4.2 (from keyring<25.0.0,>=24.0.0->poetry)
  Downloading jeepney-0.8.0-py3-none-any.whl (48 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 48.4/48.4 kB 4.2 MB/s eta 0:00:00
Collecting ptyprocess>=0.5 (from pexpect<5.0.0,>=4.7.0->poetry)
  Downloading ptyprocess-0.7.0-py2.py3-none-any.whl (13 kB)
Requirement already satisfied: charset-normalizer<4,>=2 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests<3.0,>=2.26->poetry) (3.3.0)
Requirement already satisfied: idna<4,>=2.5 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests<3.0,>=2.26->poetry) (3.4)
Requirement already satisfied: certifi>=2017.4.17 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from requests<3.0,>=2.26->poetry) (2023.7.22)
Requirement already satisfied: distlib<1,>=0.3.7 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from virtualenv<21.0.0,>=20.23.0->poetry) (0.3.7)
Collecting zipp>=0.5 (from importlib-metadata>=4.11.4->keyring<25.0.0,>=24.0.0->poetry)
  Downloading zipp-3.17.0-py3-none-any.whl.metadata (3.7 kB)
Collecting cryptography>=2.0 (from SecretStorage>=3.2->keyring<25.0.0,>=24.0.0->poetry)
  Downloading cryptography-41.0.7-cp37-abi3-manylinux_2_28_x86_64.whl.metadata (5.2 kB)
Requirement already satisfied: more-itertools in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from jaraco.classes->keyring<25.0.0,>=24.0.0->poetry) (10.1.0)
Collecting cffi>=1.12 (from cryptography>=2.0->SecretStorage>=3.2->keyring<25.0.0,>=24.0.0->poetry)
  Downloading cffi-1.16.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (1.5 kB)
Collecting pycparser (from cffi>=1.12->cryptography>=2.0->SecretStorage>=3.2->keyring<25.0.0,>=24.0.0->poetry)
  Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 kB 8.4 MB/s eta 0:00:00
Downloading poetry-1.7.1-py3-none-any.whl (235 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 236.0/236.0 kB 10.3 MB/s eta 0:00:00
Using cached poetry_core-1.8.1-py3-none-any.whl (306 kB)
Downloading cachecontrol-0.13.1-py3-none-any.whl (22 kB)
Downloading cleo-2.1.0-py3-none-any.whl (78 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 78.7/78.7 kB 6.5 MB/s eta 0:00:00
Downloading dulwich-0.21.6-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (513 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 513.8/513.8 kB 10.1 MB/s eta 0:00:00
Using cached fastjsonschema-2.19.0-py3-none-any.whl (23 kB)
Downloading pexpect-4.9.0-py2.py3-none-any.whl (63 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 63.8/63.8 kB 7.3 MB/s eta 0:00:00
Downloading poetry_plugin_export-1.6.0-py3-none-any.whl (10 kB)
Downloading shellingham-1.5.4-py2.py3-none-any.whl (9.8 kB)
Using cached tomlkit-0.12.3-py3-none-any.whl (37 kB)
Downloading trove_classifiers-2023.11.29-py3-none-any.whl (13 kB)
Downloading msgpack-1.0.7-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (557 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 558.0/558.0 kB 17.7 MB/s eta 0:00:00
Downloading rapidfuzz-3.5.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.3 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.3/3.3 MB 24.1 MB/s eta 0:00:00
Downloading cryptography-41.0.7-cp37-abi3-manylinux_2_28_x86_64.whl (4.4 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.4/4.4 MB 26.0 MB/s eta 0:00:00
Downloading zipp-3.17.0-py3-none-any.whl (7.4 kB)
Downloading cffi-1.16.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (464 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 464.8/464.8 kB 25.2 MB/s eta 0:00:00
Installing collected packages: trove-classifiers, ptyprocess, fastjsonschema, zipp, tomlkit, shellingham, rapidfuzz, pycparser, poetry-core, pexpect, msgpack, jeepney, installer, dulwich, crashtest, cleo, cffi, cachecontrol, cryptography, SecretStorage, poetry-plugin-export, poetry
Successfully installed SecretStorage-3.3.3 cachecontrol-0.13.1 cffi-1.16.0 cleo-2.1.0 crashtest-0.4.1 cryptography-41.0.7 dulwich-0.21.6 fastjsonschema-2.19.0 installer-0.7.0 jeepney-0.8.0 msgpack-1.0.7 pexpect-4.9.0 poetry-1.7.1 poetry-core-1.8.1 poetry-plugin-export-1.6.0 ptyprocess-0.7.0 pycparser-2.21 rapidfuzz-3.5.2 shellingham-1.5.4 tomlkit-0.12.3 trove-classifiers-2023.11.29 zipp-3.17.0
Collecting hatch-vcs
  Using cached hatch_vcs-0.4.0-py3-none-any.whl.metadata (8.6 kB)
Collecting hatchling>=1.1.0 (from hatch-vcs)
  Using cached hatchling-1.18.0-py3-none-any.whl.metadata (3.8 kB)
Collecting setuptools-scm>=6.4.0 (from hatch-vcs)
  Using cached setuptools_scm-8.0.4-py3-none-any.whl.metadata (6.4 kB)
Collecting editables>=0.3 (from hatchling>=1.1.0->hatch-vcs)
  Using cached editables-0.5-py3-none-any.whl.metadata (3.1 kB)
Requirement already satisfied: packaging>=21.3 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from hatchling>=1.1.0->hatch-vcs) (23.2)
Requirement already satisfied: pathspec>=0.10.1 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from hatchling>=1.1.0->hatch-vcs) (0.11.2)
Requirement already satisfied: pluggy>=1.0.0 in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from hatchling>=1.1.0->hatch-vcs) (1.3.0)
Requirement already satisfied: trove-classifiers in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from hatchling>=1.1.0->hatch-vcs) (2023.11.29)
Requirement already satisfied: setuptools in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from setuptools-scm>=6.4.0->hatch-vcs) (68.2.2)
Requirement already satisfied: typing-extensions in /home/matteius/.virtualenvs/pipenv_311/lib/python3.11/site-packages (from setuptools-scm>=6.4.0->hatch-vcs) (4.8.0)
Using cached hatch_vcs-0.4.0-py3-none-any.whl (8.4 kB)
Using cached hatchling-1.18.0-py3-none-any.whl (75 kB)
Using cached setuptools_scm-8.0.4-py3-none-any.whl (42 kB)
Using cached editables-0.5-py3-none-any.whl (5.1 kB)
Installing collected packages: setuptools-scm, editables, hatchling, hatch-vcs
Successfully installed editables-0.5 hatch-vcs-0.4.0 hatchling-1.18.0 setuptools-scm-8.0.4
Collecting tomlkit==0.12.3
  Using cached tomlkit-0.12.3.tar.gz (190 kB)
  Preparing metadata (pyproject.toml): started
  Preparing metadata (pyproject.toml): finished with status 'done'
Saved ./pipenv/vendor/__tmp__/tomlkit-0.12.3.tar.gz
Successfully downloaded tomlkit
[vendoring.update] Extracting tomlkit-0.12.3/LICENSE into /home/matteius/pipenv/pipenv/vendor/tomlkit/LICENSE
[vendoring.update] Ignoring tomlkit-0.12.3/tests/toml-spec-tests/LICENSE
[vendoring.update] Ignoring tomlkit-0.12.3/tests/toml-test/COPYING
[vendoring.update] Vendored tomlkit==0.12.3

@deivid-rodriguez
Copy link
Contributor Author

If I run that on top of my patch, the command fails and generates an empty diff:

➜  pipenv git:(vendor-latest-tomlkit) invoke vendoring.update --package="tomlkit==0.12.3"
[vendoring.update] Using vendor dir: /Users/deivid/code/pypa/pipenv/pipenv/vendor
[vendoring.update] Reinstalling vendored libraries
[vendoring.update] Using requirements file: -r /Users/deivid/code/pypa/pipenv/pipenv/vendor/vendor.txt
[vendoring.update] using requirements file: /Users/deivid/code/pypa/pipenv/pipenv/vendor/vendor.txt
[vendoring.update] Matched req: 'tomlkit==0.12.3'
Collecting tomlkit==0.12.3
  Using cached tomlkit-0.12.3-py3-none-any.whl.metadata (2.7 kB)
Using cached tomlkit-0.12.3-py3-none-any.whl (37 kB)
Installing collected packages: tomlkit
Successfully installed tomlkit-0.12.3
[vendoring.update] Running post-install cleanup...
[vendoring.update] Removing unused modules and files ...
[vendoring.update] Detected vendored libraries: safety, plette, click_didyoumean, dparse, markupsafe, dotenv, colorama, click, shellingham, tomli, pipdeptree, pexpect, ptyprocess, pythonfinder, pydantic, tomlkit, ruamel, pip, requests, packaging, pkg_resources, pyparsing, ruamel.yaml, urllib3
[vendoring.update] Applying pre-patches...
[vendoring.update] Removing scandir library files...
[vendoring.update] Renaming specified libs...
[vendoring.update] Rewriting imports for /Users/deivid/code/pypa/pipenv/pipenv/vendor/tomlkit...
Traceback (most recent call last):
  File "/Users/deivid/.asdf/installs/python/3.11.4/bin/invoke", line 8, in <module>
    sys.exit(program.run())
             ^^^^^^^^^^^^^
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/program.py", line 398, in run
    self.execute()
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/program.py", line 583, in execute
    executor.execute(*self.tasks)
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/executor.py", line 140, in execute
    result = call.task(*args, **call.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/tasks.py", line 138, in __call__
    result = self.body(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/deivid/code/pypa/pipenv/tasks/vendoring/__init__.py", line 763, in main
    download_licenses(ctx, vendor_dir, package=package)
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/tasks.py", line 138, in __call__
    result = self.body(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/deivid/code/pypa/pipenv/tasks/vendoring/__init__.py", line 508, in download_licenses
    import parse
ModuleNotFoundError: No module named 'parse'

➜  pipenv git:(vendor-latest-tomlkit) git diff
# empty

If I run that against the main branch, it also fails and generates a diff almost the same as my patch (except that it duplicates the entry in vendor.txt and does not include a changelog fragment):

➜  pipenv git:(main) invoke vendoring.update --package="tomlkit==0.12.3"
[vendoring.update] Using vendor dir: /Users/deivid/code/pypa/pipenv/pipenv/vendor
[vendoring.update] Reinstalling vendored libraries
[vendoring.update] Using requirements file: -r /Users/deivid/code/pypa/pipenv/pipenv/vendor/vendor.txt
[vendoring.update] using requirements file: /Users/deivid/code/pypa/pipenv/pipenv/vendor/vendor.txt
[vendoring.update] Writing requirements file: /Users/deivid/code/pypa/pipenv/pipenv/vendor/vendor.txt
Collecting tomlkit==0.12.3
  Using cached tomlkit-0.12.3-py3-none-any.whl.metadata (2.7 kB)
Using cached tomlkit-0.12.3-py3-none-any.whl (37 kB)
Installing collected packages: tomlkit
Successfully installed tomlkit-0.12.3
[vendoring.update] Running post-install cleanup...
[vendoring.update] Removing unused modules and files ...
[vendoring.update] Detected vendored libraries: safety, plette, click_didyoumean, dparse, markupsafe, dotenv, colorama, click, shellingham, tomli, pipdeptree, pexpect, ptyprocess, pythonfinder, pydantic, tomlkit, ruamel, pip, requests, packaging, pkg_resources, pyparsing, ruamel.yaml, urllib3
[vendoring.update] Applying pre-patches...
[vendoring.update] Removing scandir library files...
[vendoring.update] Renaming specified libs...
[vendoring.update] Rewriting imports for /Users/deivid/code/pypa/pipenv/pipenv/vendor/tomlkit...
Traceback (most recent call last):
  File "/Users/deivid/.asdf/installs/python/3.11.4/bin/invoke", line 8, in <module>
    sys.exit(program.run())
             ^^^^^^^^^^^^^
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/program.py", line 398, in run
    self.execute()
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/program.py", line 583, in execute
    executor.execute(*self.tasks)
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/executor.py", line 140, in execute
    result = call.task(*args, **call.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/tasks.py", line 138, in __call__
    result = self.body(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/deivid/code/pypa/pipenv/tasks/vendoring/__init__.py", line 763, in main
    download_licenses(ctx, vendor_dir, package=package)
  File "/Users/deivid/.asdf/installs/python/3.11.4/lib/python3.11/site-packages/invoke/tasks.py", line 138, in __call__
    result = self.body(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/deivid/code/pypa/pipenv/tasks/vendoring/__init__.py", line 508, in download_licenses
    import parse
ModuleNotFoundError: No module named 'parse'

➜  pipenv git:(main) ✗ git diff vendor-latest-tomlkit 
diff --git a/news/6024.vendor.rst b/news/6024.vendor.rst
deleted file mode 100644
index 0aec2abf..00000000
--- a/news/6024.vendor.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update vendored tomlkit to ``0.12.3``
diff --git a/pipenv/vendor/vendor.txt b/pipenv/vendor/vendor.txt
index 9b0c801d..b2306187 100644
--- a/pipenv/vendor/vendor.txt
+++ b/pipenv/vendor/vendor.txt
@@ -13,4 +13,5 @@ pythonfinder==2.0.6
 ruamel.yaml==0.17.39
 shellingham==1.5.3
 tomli==2.0.1
-tomlkit==0.12.3
+tomlkit==0.12.1
+tomlkit==0.12.3
\ No newline at end of file

I think that means my patch is correct!

@matteius
Copy link
Member

matteius commented Dec 1, 2023

yeah, you would have to run pipenv sync --dev to have the parse dependency but anyway, I kicked off the CI again but I suspect we'll have to look at the safety command because the last run broke on that.

@deivid-rodriguez
Copy link
Contributor Author

deivid-rodriguez commented Dec 1, 2023

Right, I did that and the invoke command wrapped with pipenv run no longer fails 👍. Diffs are the same.

@deivid-rodriguez
Copy link
Contributor Author

I kicked off the CI again but I suspect we'll have to look at the safety command because the last run broke on that.

Right! It seems to be complaining about a vulnerable pip 23.2.1, but pipenv vendors 23.3.1 so that should be fine? Maybe it's referring to the globally installed pip, in which case upgrading pip in the CI env would do the trick?

@matteius
Copy link
Member

matteius commented Dec 1, 2023

Oh good point -- when I saw this late last night I assumed something related broke in the toml upgrade and not a new test failure. OK, we can address that separately.

@matteius
Copy link
Member

matteius commented Dec 1, 2023

CI already has python -m pip install --upgrade pip setuptools wheel so I am not sure why 🤔

@matteius matteius merged commit 62c11f3 into pypa:main Dec 1, 2023
4 of 19 checks passed
@deivid-rodriguez deivid-rodriguez deleted the vendor-latest-tomlkit branch December 1, 2023 13:14
@deivid-rodriguez
Copy link
Contributor Author

Thanks for merging!

achim-k pushed a commit to foxglove/ws-protocol that referenced this pull request Jan 22, 2024
Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.11.15 to
2023.11.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/releases">pipenv's
releases</a>.</em></p>
<blockquote>
<h2>Release v2023.11.17</h2>
<h2>What's Changed</h2>
<ul>
<li>Vendor latest tomlkit by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li>Chore: Resolve CI deprecation warnings by <a
href="https://github.com/stumpylog"><code>@​stumpylog</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li>Fix the issue(<a
href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>):
Add additional installation method in README by <a
href="https://github.com/y-vectorfield"><code>@​y-vectorfield</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li>
<li>Make <code>project.get_default_index()</code> populate a default
name by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li>
<li>Drop markupsafe - way too late for that by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li>
<li>Fix for the safety test failure in the CI by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li>
<li>Add markers to Pipfile when parsing requirements.txt by <a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a> in
<a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li>Fixed a bug with locking packages with non canonical names by <a
href="https://github.com/mangin"><code>@​mangin</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li>Bump jinja2 from 3.1.2 to 3.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li>
<li>Vendor bump pipdeptree by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li>
<li>updated readme by <a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
<li>Update release script to enforce semver going forward in 2024 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li>
<li>Vendoring in pip-23.3.2 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li><a href="https://github.com/stumpylog"><code>@​stumpylog</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li><a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li><a href="https://github.com/mangin"><code>@​mangin</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li><a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's
changelog</a>.</em></p>
<blockquote>
<h1>2023.11.17 (2024-01-21)</h1>
<h1>Pipenv 2023.11.17 (2024-01-21)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Add markers to Pipfile when parsing requirements.txt
<code>[#6008](pypa/pipenv#6008)
&lt;https://github.com/pypa/pipenv/issues/6008&gt;</code>_</li>
<li>Fix KeyError when using a source without a name in Pipfile
<code>[#6021](pypa/pipenv#6021)
&lt;https://github.com/pypa/pipenv/issues/6021&gt;</code>_</li>
<li>Fix a bug with locking projects that contains packages with non
canonical names from private indexes
<code>[#6056](pypa/pipenv#6056)
&lt;https://github.com/pypa/pipenv/issues/6056&gt;</code>_</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Update vendored tomlkit to <code>0.12.3</code>
<code>[#6024](pypa/pipenv#6024)
&lt;https://github.com/pypa/pipenv/issues/6024&gt;</code>_</li>
<li>Bump version of pipdeptree to 0.13.2
<code>[#6055](pypa/pipenv#6055)
&lt;https://github.com/pypa/pipenv/issues/6055&gt;</code>_</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a>
Release v2023.11.17</li>
<li><a
href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a>
Bumped version to 2023.11.17.</li>
<li><a
href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a>
upgrade sphinx due to release script bug</li>
<li><a
href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a>
Vendoring in pip-23.3.2 (<a
href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/0379507abb315a3da7dcee05a274b8e535d6b060"><code>0379507</code></a>
Update release script to enforce semver going forward in 2024 (<a
href="https://redirect.github.com/pypa/pipenv/issues/6052">#6052</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/eaca109fb39a934d240abdce6c2330c75047ae91"><code>eaca109</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pipenv/issues/6049">#6049</a>
from Suprithvarma1/pipit</li>
<li><a
href="https://github.com/pypa/pipenv/commit/9217384411824cdc1857532bd42c251f1a4060ba"><code>9217384</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pipenv/issues/6055">#6055</a>
from pypa/vendor-bump-pipdeptree</li>
<li><a
href="https://github.com/pypa/pipenv/commit/cdaaa3084809ed48a7e7f684838d25f77978a1a0"><code>cdaaa30</code></a>
Bump jinja2 from 3.1.2 to 3.1.3</li>
<li><a
href="https://github.com/pypa/pipenv/commit/463d9c8999caa75ec13d5187073d3cbf39345d97"><code>463d9c8</code></a>
built index mapping using canonical package names instead of raw package
names</li>
<li><a
href="https://github.com/pypa/pipenv/commit/dc261212c845d3f5e33b472ba11008b07cb8ea19"><code>dc26121</code></a>
fixed a bug with locking packages with uncanonical names</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.11.15&new-version=2023.11.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to NomicFoundation/slang that referenced this pull request Feb 3, 2024
Bumps the non-major-dependencies group with 1 update:
[pipenv](https://github.com/pypa/pipenv).

Updates `pipenv` from 2023.2.18 to 2023.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/releases">pipenv's
releases</a>.</em></p>
<blockquote>
<h2>Release v2023.12.0</h2>
<h2>What's Changed</h2>
<ul>
<li>NOTE: this is our second semver release with a plan to release major
version 3000 later this winter/Spring.</li>
<li>Convert from pydantic to vanilla dataclasses (includes pythonfinder
2.1.0) by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6065">pypa/pipenv#6065</a></li>
<li>Remove forcing CI code path to use nt shell code path by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6072">pypa/pipenv#6072</a></li>
<li>Only editable entry should trigger editable installs by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6069">pypa/pipenv#6069</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0">https://github.com/pypa/pipenv/compare/v2023.11.17...v2023.12.0</a></p>
<h2>Release v2023.11.17</h2>
<h2>What's Changed</h2>
<ul>
<li>Vendor latest tomlkit by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li>Chore: Resolve CI deprecation warnings by <a
href="https://github.com/stumpylog"><code>@​stumpylog</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li>Fix the issue(<a
href="https://redirect.github.com/pypa/pipenv/issues/6022">#6022</a>):
Add additional installation method in README by <a
href="https://github.com/y-vectorfield"><code>@​y-vectorfield</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6023">pypa/pipenv#6023</a></li>
<li>Make <code>project.get_default_index()</code> populate a default
name by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6021">pypa/pipenv#6021</a></li>
<li>Drop markupsafe - way too late for that by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6033">pypa/pipenv#6033</a></li>
<li>Fix for the safety test failure in the CI by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6038">pypa/pipenv#6038</a></li>
<li>Add markers to Pipfile when parsing requirements.txt by <a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a> in
<a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li>Fixed a bug with locking packages with non canonical names by <a
href="https://github.com/mangin"><code>@​mangin</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li>Bump jinja2 from 3.1.2 to 3.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6059">pypa/pipenv#6059</a></li>
<li>Vendor bump pipdeptree by <a
href="https://github.com/oz123"><code>@​oz123</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6055">pypa/pipenv#6055</a></li>
<li>updated readme by <a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
<li>Update release script to enforce semver going forward in 2024 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6052">pypa/pipenv#6052</a></li>
<li>Vendoring in pip-23.3.2 by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6064">pypa/pipenv#6064</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6024">pypa/pipenv#6024</a></li>
<li><a href="https://github.com/stumpylog"><code>@​stumpylog</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6025">pypa/pipenv#6025</a></li>
<li><a
href="https://github.com/geonik-code"><code>@​geonik-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6008">pypa/pipenv#6008</a></li>
<li><a href="https://github.com/mangin"><code>@​mangin</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6057">pypa/pipenv#6057</a></li>
<li><a
href="https://github.com/Suprithvarma1"><code>@​Suprithvarma1</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/pipenv/pull/6049">pypa/pipenv#6049</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17">https://github.com/pypa/pipenv/compare/v2023.11.15...v2023.11.17</a></p>
<h2>Release v2023.11.15</h2>
<h2>What's Changed</h2>
<ul>
<li>Treat all return paths of this method as strings by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6017">pypa/pipenv#6017</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15">https://github.com/pypa/pipenv/compare/v2023.11.14...v2023.11.15</a></p>
<h2>Release v2023.11.14</h2>
<h2>What's Changed</h2>
<ul>
<li>Restore this code that should prevent the string has no attribute
update bug. by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6007">pypa/pipenv#6007</a></li>
<li>Pass through pipfile index urls when creating https session so that
keyring fully works by <a
href="https://github.com/mungojam"><code>@​mungojam</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/5994">pypa/pipenv#5994</a></li>
<li>Fix issue-6011 direct file url path by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/6012">pypa/pipenv#6012</a></li>
<li>Ignore existing venv dir when PIPENV_VENV_IN_PROJECT is false by <a
href="https://github.com/arnaud-dezandee"><code>@​arnaud-dezandee</code></a>
in <a
href="https://redirect.github.com/pypa/pipenv/pull/6009">pypa/pipenv#6009</a></li>
<li>Assume that vcs and direct URL installs need to be reinstalled by <a
href="https://github.com/matteius"><code>@​matteius</code></a> in <a
href="https://redirect.github.com/pypa/pipenv/pull/5936">pypa/pipenv#5936</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pipenv/blob/main/CHANGELOG.md">pipenv's
changelog</a>.</em></p>
<blockquote>
<h1>2023.12.0 (2024-02-01)</h1>
<h1>Pipenv 2023.12.0 (2024-02-01)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Removal of pydantic from pythonfinder and pipenv; reduced complexity
of pythonfinder pathlib usage (avoid posix conversions).
<code>[#6065](pypa/pipenv#6065)
&lt;https://github.com/pypa/pipenv/issues/6065&gt;</code>_</li>
<li>Adjusted logic which assumed any file, path or VCS install should be
considered editable. Instead relies on the user specified editable flag
to mark requirement as editable install.
<code>[#6069](pypa/pipenv#6069)
&lt;https://github.com/pypa/pipenv/issues/6069&gt;</code>_</li>
<li>Remove logic that treats <code>CI</code> variable to use
<code>do_run_nt</code> shell logic, as the original reasons for that
patch were no longer valid.
<code>[#6072](pypa/pipenv#6072)
&lt;https://github.com/pypa/pipenv/issues/6072&gt;</code>_
2023.11.17 (2024-01-21)
=======================
Pipenv 2023.11.17 (2024-01-21)
==============================</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Add markers to Pipfile when parsing requirements.txt
<code>[#6008](pypa/pipenv#6008)
&lt;https://github.com/pypa/pipenv/issues/6008&gt;</code>_</li>
<li>Fix KeyError when using a source without a name in Pipfile
<code>[#6021](pypa/pipenv#6021)
&lt;https://github.com/pypa/pipenv/issues/6021&gt;</code>_</li>
<li>Fix a bug with locking projects that contains packages with non
canonical names from private indexes
<code>[#6056](pypa/pipenv#6056)
&lt;https://github.com/pypa/pipenv/issues/6056&gt;</code>_</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Update vendored tomlkit to <code>0.12.3</code>
<code>[#6024](pypa/pipenv#6024)
&lt;https://github.com/pypa/pipenv/issues/6024&gt;</code>_</li>
<li>Bump version of pipdeptree to 0.13.2
<code>[#6055](pypa/pipenv#6055)
&lt;https://github.com/pypa/pipenv/issues/6055&gt;</code>_
2023.11.15 (2023-11-15)
=======================
Pipenv 2023.11.15 (2023-11-15)
==============================</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix regression with path installs on most recent release
<code>2023.11.14</code>
<code>[#6017](pypa/pipenv#6017)
&lt;https://github.com/pypa/pipenv/issues/6017&gt;</code>_</li>
</ul>
<h1>2023.11.14 (2023-11-14)</h1>
<h1>Pipenv 2023.11.14 (2023-11-14)</h1>
<h2>Behavior Changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pipenv/commit/d4483dd2a3cd55c45de2e3d5ca98094c67b64af3"><code>d4483dd</code></a>
Release v2023.12.0</li>
<li><a
href="https://github.com/pypa/pipenv/commit/e26edd59a6f8486cf24038b248eeb65f9d9147f9"><code>e26edd5</code></a>
Bumped version to 2023.12.0.</li>
<li><a
href="https://github.com/pypa/pipenv/commit/23dbe27544ed159b9ab3b5b988439dd08483ef3c"><code>23dbe27</code></a>
Only editable entry should trigger editable installs (<a
href="https://redirect.github.com/pypa/pipenv/issues/6069">#6069</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/15149f0091c757689249aee04a6afc87895289a3"><code>15149f0</code></a>
Remove forcing CI code path to use nt shell code path (<a
href="https://redirect.github.com/pypa/pipenv/issues/6072">#6072</a>)</li>
<li><a
href="https://github.com/pypa/pipenv/commit/95df3fd6495544eed7835fbf677069d401d3ed9d"><code>95df3fd</code></a>
Convert from pydantic to vanilla dataclasses (includes pythonfinder
2.1.0) (#...</li>
<li><a
href="https://github.com/pypa/pipenv/commit/2bd7eab65e3644ac44a1dda2809fa6e9e046b286"><code>2bd7eab</code></a>
Fix release CI step for next release</li>
<li><a
href="https://github.com/pypa/pipenv/commit/7a640f21266efac7c530c772ebabf08ee0a7e1f1"><code>7a640f2</code></a>
Release v2023.11.17</li>
<li><a
href="https://github.com/pypa/pipenv/commit/d202fac429fb9f9959767ce7ae48d88c307e23cd"><code>d202fac</code></a>
Bumped version to 2023.11.17.</li>
<li><a
href="https://github.com/pypa/pipenv/commit/542554e4e84da228fa42aed34c60747c2b051fff"><code>542554e</code></a>
upgrade sphinx due to release script bug</li>
<li><a
href="https://github.com/pypa/pipenv/commit/624ec01ef385cf36a84938d2a097e1819a01cbb9"><code>624ec01</code></a>
Vendoring in pip-23.3.2 (<a
href="https://redirect.github.com/pypa/pipenv/issues/6064">#6064</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pipenv/compare/v2023.2.18...v2023.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pipenv&package-manager=pip&previous-version=2023.2.18&new-version=2023.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants