From 83c82354a0edf636984153c5975ffdee44eeb49b Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Sat, 5 Aug 2023 15:48:16 -0700
Subject: [PATCH] Switch from `pipfile` to `plette` lib

The main user of `pipfile` is `pipenv`, and _not_ any of the other
python package managers.

However, `pipfile` library has been pretty much unmaintained, so
`pipenv` switched to using `plette` for parsing/validation of
`Pipfile`'s:
* https://github.com/pypa/pipenv/issues/5310
* https://github.com/pypa/pipenv/pull/5339

So let's switch our usage as well. Today we only use `pipfile` for
generating hashes, so this is effectively a silent no-op. However, down
the road we could leverage `plette` for `Pipfile` parsing/validation...
for example see how it's flagging things here:
https://github.com/dependabot/dependabot-core/pull/6104#issuecomment-1356403336
---
 python/helpers/lib/hasher.py    | 7 ++++---
 python/helpers/requirements.txt | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/python/helpers/lib/hasher.py b/python/helpers/lib/hasher.py
index b134017d79e4..7e105c18c472 100644
--- a/python/helpers/lib/hasher.py
+++ b/python/helpers/lib/hasher.py
@@ -1,6 +1,6 @@
 import hashin
 import json
-import pipfile
+import plette
 from poetry.factory import Factory
 
 
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
 
 
 def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
+    with open(directory + '/Pipfile') as f:
+        pipfile = plette.Pipfile.load(f)
 
-    return json.dumps({"result": p.hash})
+    return json.dumps({"result": pipfile.get_hash().value})
 
 
 def get_pyproject_hash(directory):
diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
index 2119ad2c596f..104e8da74d53 100644
--- a/python/helpers/requirements.txt
+++ b/python/helpers/requirements.txt
@@ -3,7 +3,7 @@ pip-tools==7.3.0
 flake8==6.1.0
 hashin==0.17.0
 pipenv@git+https://github.com/pypa/pipenv@main
-pipfile==0.0.2
+plette==0.4.4
 poetry==1.7.1
 
 # Some dependencies will only install if Cython is present