Until now one could write anything in package extras. If one happend to write a string, e.g:
msal = {version="==1.20.0", extras="broker"}
It would silently pass, and result in a Pipfile.lock containing a list of characters:
"msal": {
"extras": [
"b",
"e",
"k",
"o",
"r"
],
With this change, a validation is added to check that extras are a list.
Also added is a check that packages specifiers are in a dictionary and not a list.
Until now one could write anything in package extras. If one happend to write a string, e.g:
It would silently pass, and result in a Pipfile.lock containing a list of characters:
With this change, a validation is added to check that extras are a list. Also added is a check that packages specifiers are in a dictionary and not a list.
This is a potential fix for https://github.com/pypa/pipenv/issues/5440.