Switch from pipfile to plette lib

The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
dependabot · Aug 10, 2023 · 08a9369 · 08a9369
1 parent 68ea8f5
commit 08a9369
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/python/helpers/lib/hasher.py b/python/helpers/lib/hasher.py
@@ -1,6 +1,6 @@
 import hashin
 import json
-import pipfile
+import plette
 from poetry.factory import Factory
 
 
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
 
 
 def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
+    with open(directory + '/Pipfile') as f:
+        pipfile = plette.Pipfile.load(f)
 
-    return json.dumps({"result": p.hash})
+    return json.dumps({"result": pipfile.get_hash().value})
 
 
 def get_pyproject_hash(directory):

diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
@@ -2,7 +2,7 @@ pip>=21.3.1,<23.2.0  # Range maintains py36 support TODO: Review python 3.6 supp
 pip-tools>=6.4.0,<=6.14.0  # Range maintains py36 support TODO: Review python 3.6 support in April 2023 (eol ubuntu 18.04)
 hashin==0.17.0
 pipenv==2022.4.8
-pipfile==0.0.2
+plette==0.4.4
 poetry>=1.1.15,<1.6.0
 # For now we chose to pin `wheel` even though we don't import it directly.
 # Background context: https://github.com/dependabot/dependabot-core/pull/5597