Fixes resolver to only consider the default index for packages when a secondary index is not specified. This brings the code into alignment with stated assumptions about index restricted packages behavior of pipenv. [#5737](https://github.com/pypa/pipenv/issues/5737) <https://github.com/pypa/pipenv/issues/5737>_
Removals and Deprecations
Deprecation of --skip-lock flag as it bypasses the security benefits of pipenv. Plus it lacks proper deterministic support of installation from multiple package indexes. [#5737](https://github.com/pypa/pipenv/issues/5737) <https://github.com/pypa/pipenv/issues/5737>_
2023.6.12 (2023-06-11)
Pipenv 2023.6.12 (2023-06-11)
Bug Fixes
Remove the sys.path modifications and as a result fixes keyring support. [#5719](https://github.com/pypa/pipenv/issues/5719) <https://github.com/pypa/pipenv/issues/5719>_
2023.6.11 (2023-06-11)
Pipenv 2023.6.11 (2023-06-11)
Vendored Libraries
Upgrades to pipdeptree==2.8.0 which fixes edge cases of the pipenv graph command. [#5720](https://github.com/pypa/pipenv/issues/5720) <https://github.com/pypa/pipenv/issues/5720>_
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Updates the requirements on pipenv to permit the latest version.
Release notes
Sourced from pipenv's releases.
Changelog
Sourced from pipenv's changelog.
... (truncated)
Commits
eb18a8b
Release v2023.6.1894710b3
Add news fragments.bd85705
remove skip-lock from docs8775d59
Deprecate --skip-lock flag6daa947
skip other failing test -- won't be possible to support multiple indexes with...2058565
Fix failing testf72c77d
fix secondary bug without we pull the sources when index is supplied.c80ee7d
Only search the Pipenv default index when an alternative index is not specified.226fd25
Merge branch 'main' of github.com:pypa/pipenvfa6239b
Add back version import (was required to publish and I think support command ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)