Replace package pipfile with plette #5310
Assignees
Labels
Type: Vendored Dependencies
This issue affects vendored dependencies within pipenv.
Comments
matteius
added
the
Type: Vendored Dependencies
|
When we complete this, we can also close #5187. |
jeffwidman
added a commit
to dependabot/dependabot-core
that referenced
this issue
Aug 10, 2023
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
jeffwidman
added a commit
to dependabot/dependabot-core
that referenced
this issue
Aug 23, 2023
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment)
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this issue
Mar 21, 2024
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: dependabot#6104 (comment)
abdulapopoola
added a commit
to dependabot/dependabot-core
that referenced
this issue
Mar 22, 2024
The main user of `pipfile` is `pipenv`, and _not_ any of the other python package managers. However, `pipfile` library has been pretty much unmaintained, so `pipenv` switched to using `plette` for parsing/validation of `Pipfile`'s: * pypa/pipenv#5310 * pypa/pipenv#5339 So let's switch our usage as well. Today we only use `pipfile` for generating hashes, so this is effectively a silent no-op. However, down the road we could leverage `plette` for `Pipfile` parsing/validation... for example see how it's flagging things here: #6104 (comment) Co-authored-by: AbdulFattaah Popoola <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
plette has all the abilities of pipfile and more.
The API is identical.
Also, pipfile isn't really maintained anymore. Hence, we should drop it, and use plette instead.
The text was updated successfully, but these errors were encountered: