-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch from pipfile to plette lib #7741
Conversation
91ce1b7
to
08a9369
Compare
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
08a9369
to
a4a8f75
Compare
I'm actively working on palette. It's pretty much complete, hence there is not much to do. |
I couldn't figure out why the tests for: * dependabot#7741 were all failing until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on it's import as a side-effect of `pipfile`. The `toml` version that `pipfile` imports isn't pinned, so I just pinned to the latest release.
I couldn't figure out why the tests for: * dependabot#7741 were all failing until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on it's import as a side-effect of `pipfile`. The `toml` version that `pipfile` imports isn't pinned, so I just pinned to the latest release.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on it's import as a side-effect of `pipfile`. The `toml` version that `pipfile` imports isn't pinned, so I just pinned to the latest release.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
Superseded by (since I am not working on the team, I no longer have write access to this repo): The failing test is solved by: |
Hey Jeff, headsup, I am about to release a new version of plette some when in January 2024. I am just waiting from the review from @matteius. Then new release is a complete rewrite of the core without cerberus. |
Thanks for the heads up, maybe we can have the conversation over in #8627 though since I am no longer on the Dependabot team I had to re-open this PR from my own fork... But really though, as long as the public API for hash generation doesn't change, then it won't really matter. Can merge this now and then will send a bump PR whenever you release the new version. |
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
I couldn't figure out why the tests were failing for: * #7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely. Co-authored-by: AbdulFattaah Popoola <abdulapopoola@github.com>
plette
requirespython 3.7
, so blocked on:The main user of
pipfile
ispipenv
, and not any of the otherpython package managers.
However,
pipfile
library has been pretty much unmaintained, sopipenv
switched to usingplette
for parsing/validation ofPipfile
's:So let's switch our usage as well. Today we only use
pipfile
forgenerating hashes, so this is effectively a silent no-op. However, down
the road we could leverage
plette
forPipfile
parsing/validation...for example see how it's flagging things here:
#6104 (comment)