Switch from pipfile to plette lib #7741
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jeffwidman
added
the
Ecosystems
jeffwidman
force-pushed
the
switch-from-pipfile-to-plette-lib
branch
from
91ce1b7
to
08a9369
Compare
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
jeffwidman
force-pushed
the
switch-from-pipfile-to-plette-lib
branch
from
08a9369
to
a4a8f75
Compare
|
I'm actively working on palette. It's pretty much complete, hence there is not much to do. |
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 16, 2023
I couldn't figure out why the tests for: * dependabot#7741 were all failing until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on it's import as a side-effect of `pipfile`. The `toml` version that `pipfile` imports isn't pinned, so I just pinned to the latest release.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 16, 2023
I couldn't figure out why the tests for: * dependabot#7741 were all failing until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on it's import as a side-effect of `pipfile`. The `toml` version that `pipfile` imports isn't pinned, so I just pinned to the latest release.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 16, 2023
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on it's import as a side-effect of `pipfile`. The `toml` version that `pipfile` imports isn't pinned, so I just pinned to the latest release.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 16, 2023
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`. So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 16, 2023
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 16, 2023
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
|
Superseded by (since I am not working on the The failing test is solved by: |
team, I no longer have write access to this repo):
|
Hey Jeff, headsup, I am about to release a new version of plette some when in January 2024. I am just waiting from the review from @matteius. Then new release is a complete rewrite of the core without cerberus. |
|
Thanks for the heads up, maybe we can have the conversation over in #8627 though since I am no longer on the Dependabot team I had to re-open this PR from my own fork... But really though, as long as the public API for hash generation doesn't change, then it won't really matter. Can merge this now and then |
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Dec 18, 2023
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Jan 23, 2024
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Jan 23, 2024
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Jan 24, 2024
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this pull request
Mar 11, 2024
I couldn't figure out why the tests were failing for: * dependabot#7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely.
abdulapopoola
added a commit
that referenced
this pull request
Mar 14, 2024
I couldn't figure out why the tests were failing for: * #7741 until I realized that `pipfile` imports `toml`: https://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44 which then gets used over in the unrelated file `parser.py`: https://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24 So let's make the import of `toml` explicit so that we aren't relying on the side effects of importing `pipfile`. The `toml` requirement from `pipfile` isn't pinned, so I simply pinned to the latest release. Python `3.11` added a native `tomllib` library, so once we drop support for `3.10` we can drop this 3p lib entirely. Co-authored-by: AbdulFattaah Popoola <abdulapopoola@github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
pletterequirespython 3.7, so blocked on:The main user of
pipfileispipenv, and not any of the otherpython package managers.
However,
pipfilelibrary has been pretty much unmaintained, sopipenvswitched to usingplettefor parsing/validation ofPipfile's:So let's switch our usage as well. Today we only use
pipfileforgenerating hashes, so this is effectively a silent no-op. However, down
the road we could leverage
pletteforPipfileparsing/validation...for example see how it's flagging things here:
#6104 (comment)