Bump pipenv from 2022.4.8 to 2023.8.28 in /python/helpers #7922
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
python
|
Cherry-picked my fixes from: |
jeffwidman
force-pushed
the
dependabot/pip/python/helpers/pipenv-2023.8.28
branch
from
573da66
to
bc78bc8
Compare
|
A newer version of pipenv exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
|
rly wanna see this 🥺 |
jurre
force-pushed
the
dependabot/pip/python/helpers/pipenv-2023.8.28
branch
4 times, most recently
from
1e07f69
to
2b3c241
Compare
abdulapopoola
approved these changes
Sep 21, 2023
Bumps [pipenv](https://github.com/pypa/pipenv) from 2022.4.8 to 2023.8.28. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2022.4.8...v2023.8.28) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Old error format: ``` ERROR:pip.subprocessor:Command errored out with exit status 128:\n command: git clone -q https://github.com/user/django.git ``` New format: ``` ERROR:pip.subprocessor:[present-rich] git clone --filter=blob:none https://github.com/user/django.git /tmp/reqlib-src4k0l3qz3/django_56e3fa519acb44ee941b689a515b62fe exited with 128 ``` Updated the regex accordingly.
The format of this error message changed.
Old message:
```
ERROR:pip.subprocessor:Command errored out with exit status 1:
command: git checkout -q v15.1.2
cwd: /tmp/pipenv-4y8m31vy-src/pythonfinder
Complete output (1 lines):
error: pathspec 'v15.1.2' did not match any file(s) known to git
<full traceback>
```
New message:
```
ERROR:pip.subprocessor:[present-rich] git checkout -q v15.1.2 exited with 1
<full traceback>
```
So updated the regex to match the new format.
Unfortunately the dependency name is nowhere to be found in the error
message or full traceback, so we can no longer provide the user with
that helpful information.
I'm planning to reach out to the `pipenv` maintainers to see if they'd
be open to exposing that information again in this error message.
Upstream `pipenv` renamed their internal patched version of `pip` folder to be called `patch.pip`: * pypa/pipenv#5199 So this updates our code as well.
jurre
force-pushed
the
dependabot/pip/python/helpers/pipenv-2023.8.28
branch
from
2b3c241
to
b3ea738
Compare
|
|
||
| [packages] | ||
| requests = "==2.18.0" | ||
| pyobjc = "*" |
There was a problem hiding this comment.
How does new pipenv handle this file (and lockfile) now?
There was a problem hiding this comment.
It fails with a generic Dependabot::DependencyFileNotResolvable but without a message explaining the dep can't be built on linux. There is not really any information to let us infer this is the case anymore, and the exception was specific to a single dependency
There was a problem hiding this comment.
Dependabot::DependencyFileNotResolvable is a Dependabot error, not specific to pipenv, right? My question was more, what message does new pipenv give now?
The previous message was not really related to platforms either, I guess it was impossible to resolve that particular dependency on Linux and we simply rescued the generic error and explained that.
Anyways, I was just curious. As you point out, it's a single dependency and worst case scenario would be that Dependabot gets enabled on a repo using it and the error message the user faces is worse now. Does not seem like a big deal!
There was a problem hiding this comment.
Ah, this is the error:
Creating a virtualenv for this project...
Pipfile: dependabot_tmp_dir/Pipfile
Using default python from /usr/local/.pyenv/versions/3.11.5/bin/python (3.11.5) to create virtualenv...
created virtual environment CPython3.11.5.final.0-64 in 432ms
creator CPython3Posix(dest=/home/dependabot/.local/share/virtualenvs/dependabot_20230921-53449-6wdxjb-Z2f_DZo1, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/dependabot/.local/share/virtualenv)
added seed packages: pip==23.2.1, setuptools==68.2.0, wheel==0.41.2
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /home/dependabot/.local/share/virtualenvs/dependabot_20230921-53449-6wdxjb-Z2f_DZo1
Locking [packages] dependencies...
Building requirements...
Resolving dependencies...
✘ Locking Failed!
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting requests<=2.18.4,>=2.18.0 (from -r /tmp/pipenv-n0h_9viw-requirements/pipenv-gpwo7a4a-constraints.txt (line 3))
INFO:pipenv.patched.pip._internal.network.download:Using cached requests-2.18.4-py2.py3-none-any.whl (88 kB)
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting pyobjc==5.1.1 (from -r /tmp/pipenv-n0h_9viw-requirements/pipenv-gpwo7a4a-constraints.txt (line 2))
INFO:pipenv.patched.pip._internal.network.download:Using cached pyobjc-5.1.1-py3-none-any.whl (2.8 kB)
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting pyobjc-core==5.1.1 (from pyobjc==5.1.1->-r /tmp/pipenv-n0h_9viw-requirements/pipenv-gpwo7a4a-constraints.txt (line 2))
INFO:pipenv.patched.pip._internal.network.download:Using cached pyobjc-core-5.1.1.tar.gz (793 kB)
INFO:pipenv.patched.pip._internal.cli.spinners:Preparing metadata (setup.py): started
INFO:pipenv.patched.pip._internal.cli.spinners:Preparing metadata (setup.py): finished with status 'error'
ERROR:pip.subprocessor:[present-rich] python setup.py egg_info exited with 1
[ResolutionFailure]: File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/resolver.py", line 646, in _main
[ResolutionFailure]: resolve_packages(
[ResolutionFailure]: File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/resolver.py", line 613, in resolve_packages
[ResolutionFailure]: results, resolver = resolve(
[ResolutionFailure]: ^^^^^^^^
[ResolutionFailure]: File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/resolver.py", line 593, in resolve
[ResolutionFailure]: return resolve_deps(
[ResolutionFailure]: ^^^^^^^^^^^^^
[ResolutionFailure]: File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/utils/resolver.py", line 845, in resolve_deps
[ResolutionFailure]: results, hashes, internal_resolver = actually_resolve_deps(
[ResolutionFailure]: ^^^^^^^^^^^^^^^^^^^^^^
[ResolutionFailure]: File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/utils/resolver.py", line 618, in actually_resolve_deps
[ResolutionFailure]: resolver.resolve()
[ResolutionFailure]: File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/utils/resolver.py", line 444, in resolve
[ResolutionFailure]: raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: metadata generation failed
Traceback (most recent call last):
File "/usr/local/.pyenv/versions/3.11.5/bin/pipenv", line 8, in <module>
sys.exit(cli())
^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/core.py", line 1130, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/cli/options.py", line 58, in main
return super().main(*args, **kwargs, windows_expand_args=False)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/core.py", line 1055, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/decorators.py", line 84, in new_func
return ctx.invoke(f, obj, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/vendor/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/cli/command.py", line 340, in lock
do_lock(
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/routines/lock.py", line 65, in do_lock
venv_resolve_deps(
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/utils/resolver.py", line 786, in venv_resolve_deps
c = resolve(cmd, st, project=project)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/.pyenv/versions/3.11.5/lib/python3.11/site-packages/pipenv/utils/resolver.py", line 655, in resolve
raise RuntimeError("Failed to lock Pipfile.lock!")
RuntimeError: Failed to lock Pipfile.lock!
There was a problem hiding this comment.
We could actually maybe look for Collecting pyobjc I suppose, although since it's in line with other errors now, I think the default error behavior is fine?
There was a problem hiding this comment.
I suppose so, yes. I think the aggressive removal is fine too though, there's probably bigger fish to fry.
brettfo
pushed a commit
to brettfo/dependabot-core
that referenced
this pull request
Oct 11, 2023
…hon/helpers/pipenv-2023.8.28 Bump pipenv from 2022.4.8 to 2023.8.28 in /python/helpers
jeffwidman
reviewed
Oct 13, 2023
| if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX) | ||
| tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag") | ||
| # Unfortunately the error message doesn't include the package name. | ||
| # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output |
There was a problem hiding this comment.
tag @matteius in case you didn't see ☝️ ... not sure why this error no longer shows the end user the package name?
|
Thanks for pushing this over the finish line @jurre, I felt bad I wasn't able to complete it before signing off. |
All good @jeffwidman! |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps pipenv from 2022.4.8 to 2023.8.28.
Release notes
Sourced from pipenv's releases.
... (truncated)
Changelog
Sourced from pipenv's changelog.
... (truncated)
Commits
10d4d96Release v2023.8.288aa204eAssorted local editable file file fixes (#5886)47ead91Do not lock or sync when running in outdated mode (#5875)413675fRevert change that caused the credentials in source url issue (#5882)6cd5a99clean of .rst leftovers in commands.md (#5876)c0d83c9Bumped version.e446087Release v2023.8.2608c14e9Fix for sys platform markers from Pipfile + fix for vcs subdirectory fragment...80eeaffAdd news fragmentea79c0dMerge pull request #5863 from kalebmckale/cache-dedupe-sourcesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)