Switch from pipfile to plette lib

The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: dependabot#6104 (comment)
jeffwidman · Dec 16, 2023 · be06f53 · be06f53
1 parent 005c6e6
commit be06f53
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/python/helpers/lib/hasher.py b/python/helpers/lib/hasher.py
@@ -1,6 +1,6 @@
 import hashin
 import json
-import pipfile
+import plette
 from poetry.factory import Factory
 
 
@@ -15,9 +15,10 @@ def get_dependency_hash(dependency_name, dependency_version, algorithm):
 
 
 def get_pipfile_hash(directory):
-    p = pipfile.load(directory + '/Pipfile')
+    with open(directory + '/Pipfile') as f:
+        pipfile = plette.Pipfile.load(f)
 
-    return json.dumps({"result": p.hash})
+    return json.dumps({"result": pipfile.get_hash().value})
 
 
 def get_pyproject_hash(directory):

diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
@@ -3,7 +3,7 @@ pip-tools==7.3.0
 flake8==6.1.0
 hashin==0.17.0
 pipenv@git+https://github.com/pypa/pipenv@main
-pipfile==0.0.2
+plette==0.4.4
 poetry==1.7.1
 # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.
 toml==0.10.2