Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add name key to sources in Pipfiles #7744

Merged
merged 1 commit into from
Aug 10, 2023
Merged

Add name key to sources in Pipfiles #7744

merged 1 commit into from
Aug 10, 2023

Commits on Aug 10, 2023

  1. Add name key to sources in Pipfiles 

    Newer versions of `pipenv` require any specified `sources` to be
explicitly `name`'d.

More context here: pypa/pipenv#5370 (comment)

This has been true since at least Sept 2022. Our version of `pipenv` is
from April of 2022, so it doesn't complain. But it will as soon as we upgrade.

Also, for sources that :dependabot: dynamically injects into the
`Pipfile`, they need a name. These sources are stripped from the final
`Pipfile` / `Pipfile.lock` during the `FileUpdater#post_process_lockfile`
method, so all we need is a placeholder `name` to placate `pipenv`.

Long term, we may want to add custom error handling to flag this
missing key as a `Dependabot::DependencyFileNotResolvable` error.

But I decided that was out of scope for now as this PR does not generate
the error... that will not happen until we upgrade to newer `pipenv`.
And even at that point, our first priority will be upgrading, and then
from there handling any new errors that start popping up.

And even then, most of the active users of `pipenv` are unlikely to see this
error because they're likely running a newer version of `pipenv`.
    @jeffwidman
    jeffwidman committed Aug 10, 2023
    Configuration menu
    Copy the full SHA
    16be5d4 View commit details
    Browse the repository at this point in the history