search

mozilla / FoxPuppet

Other
17 stars 14 forks source link

Bump pipenv from 2018.11.26 to 2020.5.28 #287

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps pipenv from 2018.11.26 to 2020.5.28.

Release notes

Sourced from pipenv's releases.

Release v2020.5.28

2020.5.28 (2020-05-28)

Features & Improvements

  • pipenv install and pipenv sync will no longer attempt to install satisfied dependencies during installation. #3057, #3506
  • Added support for resolution of direct-url dependencies in setup.py files to respect PEP-508 style URL dependencies. #3148
  • Added full support for resolution of all dependency types including direct URLs, zip archives, tarballs, etc.
    • Improved error handling and formatting.
    • Introduced improved cross platform stream wrappers for better stdout and stderr consistency. #3298
  • For consistency with other commands and the --dev option description, pipenv lock --requirements --dev now emits both default and development dependencies. The new --dev-only option requests the previous behaviour (e.g. to generate a dev-requirements.txt file). #3316
  • Pipenv will now successfully recursively lock VCS sub-dependencies. #3328
  • Added support for --verbose output to pipenv run. #3348
  • Pipenv will now discover and resolve the intrinsic dependencies of all VCS dependencies, whether they are editable or not, to prevent resolution conflicts. #3368
  • Added a new environment variable, PIPENV_RESOLVE_VCS, to toggle dependency resolution off for non-editable VCS, file, and URL based dependencies. #3577
  • Added the ability for Windows users to enable emojis by setting PIPENV_HIDE_EMOJIS=0. #3595
  • Allow overriding PIPENV_INSTALL_TIMEOUT environment variable (in seconds). #3652
  • Allow overriding PIP_EXISTS_ACTION evironment variable (value is passed to pip install). Possible values here: https://pip.pypa.io/en/stable/reference/pip/#exists-action-option Useful when you need to PIP\_EXISTS\_ACTION=i (ignore existing packages) - great for CI environments, where you need really fast setup. #3738
  • Pipenv will no longer forcibly override PIP_NO_DEPS on all vcs and file dependencies as resolution happens on these in a pre-lock step. #3763
  • Improved verbose logging output during pipenv lock will now stream output to the console while maintaining a spinner. #3810
  • Added support for automatic python installs via asdf and associated PIPENV_DONT_USE_ASDF environment variable. #4018
  • Pyenv/asdf can now be used whether or not they are available on PATH. Setting PYENV_ROOT/ASDF_DIR in a .env file allows Pipenv to install an interpreter without any shell customizations, so long as pyenv/asdf is installed. #4245
  • Added --key command line parameter for including personal PyUp.io API tokens when running pipenv check. #4257

Behavior Changes

  • Make conservative checks of known exceptions when subprocess returns output, so user won't see the whole traceback - just the error. #2553
  • Do not touch Pipfile early and rely on it so that one can do pipenv sync without a Pipfile. #3386
  • Re-enable --help option for pipenv run command. #3844
  • Make sure pipenv lock -r --pypi-mirror {MIRROR_URL} will respect the pypi-mirror in requirements output. #4199

Bug Fixes

  • Raise PipenvUsageError when [[source]] does not contain url field. #2373
  • Fixed a bug which caused editable package resolution to sometimes fail with an unhelpful setuptools-related error message. #2722
  • Fixed an issue which caused errors due to reliance on the system utilities which and where which may not always exist on some systems.
  • Fixed a bug which caused periodic failures in python discovery when executables named python were not present on the target $PATH. #2783
  • Dependency resolution now writes hashes for local and remote files to the lockfile. #3053
  • Fixed a bug which prevented pipenv graph from correctly showing all dependencies when running from within pipenv shell. #3071
  • Fixed resolution of direct-url dependencies in setup.py files to respect PEP-508 style URL dependencies. #3148
  • Fixed a bug which caused failures in warning reporting when running pipenv inside a virtualenv under some circumstances.
  • Fixed a bug with package discovery when running pipenv clean. #3298
  • Quote command arguments with carets (^) on Windows to work around unintended shell escapes. #3307
  • Handle alternate names for UTF-8 encoding. #3313
  • Abort pipenv before adding the non-exist package to Pipfile. #3318
... (truncated)
Changelog

Sourced from pipenv's changelog.

2020.5.28 (2020-05-28)

Features & Improvements

  • pipenv install and pipenv sync will no longer attempt to install satisfied dependencies during installation. #3057, #3506

  • Added support for resolution of direct-url dependencies in setup.py files to respect PEP-508 style URL dependencies. #3148

  • Added full support for resolution of all dependency types including direct URLs, zip archives, tarballs, etc.

    • Improved error handling and formatting.

    • Introduced improved cross platform stream wrappers for better stdout and stderr consistency. #3298

  • For consistency with other commands and the --dev option description, pipenv lock --requirements --dev now emits both default and development dependencies. The new --dev-only option requests the previous behaviour (e.g. to generate a dev-requirements.txt file). #3316

  • Pipenv will now successfully recursively lock VCS sub-dependencies. #3328

  • Added support for --verbose output to pipenv run. #3348

  • Pipenv will now discover and resolve the intrinsic dependencies of all VCS dependencies, whether they are editable or not, to prevent resolution conflicts. #3368

  • Added a new environment variable, PIPENV_RESOLVE_VCS, to toggle dependency resolution off for non-editable VCS, file, and URL based dependencies. #3577

  • Added the ability for Windows users to enable emojis by setting PIPENV_HIDE_EMOJIS=0. #3595

  • Allow overriding PIPENV_INSTALL_TIMEOUT environment variable (in seconds). #3652

  • Allow overriding PIP_EXISTS_ACTION evironment variable (value is passed to pip install). Possible values here: https://pip.pypa.io/en/stable/reference/pip/#exists-action-option Useful when you need to PIP_EXISTS_ACTION=i (ignore existing packages) - great for CI environments, where you need really fast setup. #3738

  • Pipenv will no longer forcibly override PIP_NO_DEPS on all vcs and file dependencies as resolution happens on these in a pre-lock step. #3763

  • Improved verbose logging output during pipenv lock will now stream output to the console while maintaining a spinner. #3810

  • Added support for automatic python installs via asdf and associated PIPENV_DONT_USE_ASDF environment variable. #4018

  • Pyenv/asdf can now be used whether or not they are available on PATH. Setting PYENV_ROOT/ASDF_DIR in a Pipenv's .env allows Pipenv to install an interpreter without any shell customizations, so long as pyenv/asdf is installed. #4245

  • Added --key command line parameter for including personal PyUp.io API tokens when running pipenv check. #4257

Behavior Changes

  • Make conservative checks of known exceptions when subprocess returns output, so user won't see the whole traceback - just the error. #2553
  • Do not touch Pipfile early and rely on it so that one can do pipenv sync without a Pipfile. #3386
  • Re-enable --help option for pipenv run command. #3844
  • Make sure pipenv lock -r --pypi-mirror {MIRROR_URL} will respect the pypi-mirror in requirements output. #4199

Bug Fixes

  • Raise PipenvUsageError when [[source]] does not contain url field. #2373

  • Fixed a bug which caused editable package resolution to sometimes fail with an unhelpful setuptools-related error message. #2722

  • Fixed an issue which caused errors due to reliance on the system utilities which and where which may not always exist on some systems.

    • Fixed a bug which caused periodic failures in python discovery when executables named python were not present on the target $PATH. #2783

  • Dependency resolution now writes hashes for local and remote files to the lockfile. #3053

  • Fixed a bug which prevented pipenv graph from correctly showing all dependencies when running from within pipenv shell. #3071

  • Fixed resolution of direct-url dependencies in setup.py files to respect PEP-508 style URL dependencies. #3148

  • Fixed a bug which caused failures in warning reporting when running pipenv inside a virtualenv under some circumstances.

    • Fixed a bug with package discovery when running pipenv clean. #3298

  • Quote command arguments with carets (^) on Windows to work around unintended shell escapes. #3307

  • Handle alternate names for UTF-8 encoding. #3313

... (truncated)
Commits
  • 472618c Release v2020.5.28
  • ed30845 Update gitignore and release task
  • 3bbdb74 Fix whitespace
  • 06f5d7f Merge pull request #4267 from torsava/import-vendored-attrs
  • 4567514 Merge branch 'master' into import-vendored-attrs
  • df664f2 Add patch to update attrs import paths and add news entry.
  • 3acad96 Fix piptools patch typo
  • 41042cf Make sure to import the vendored attrs
  • df0eabf Bumped version.
  • 96df756 Release v2020.4.1b2
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 4 years ago

Superseded by #290.