- Fix regression where
--skip-lock --dev
was incorrectly searching Lockfile categories ("default", "develop") instead of Pipfile categories ("packages", "dev-packages"), causing packages to not be found.#6304 <https://github.com/pypa/pipenv/issues/6304>
_ - Fix issue where pipenv install would unintentionally upgrade packages that had wildcard (*) specifiers in the Pipfile, even when locked versions existed and no upgrade was requested.
#6306 <https://github.com/pypa/pipenv/issues/6306>
_ - Fix issue where modules could not be found
#6307 <https://github.com/pypa/pipenv/issues/6307>
_
- Vendor in
pip==24.3.1
.#6292 <https://github.com/pypa/pipenv/issues/6292>
_ -
- Update vendored dependencies:
- importlib-metadata from 8.4.0 to 8.5.0
- packaging from 24.0 to 24.1
- tomli from 2.0.1 to 2.0.2
- tomlkit from 0.12.4 to 0.13.2
- zipp from 3.18.1 to 3.20.2
#6293 <https://github.com/pypa/pipenv/issues/6293>
_ 2024.3.1 (2024-10-30) =====================
- Update vendored dependencies:
- Fix the readthedocs.org build that has been failing and not updating our official docs at https://pipenv.pypa.io/en/latest/
#6291 <https://github.com/pypa/pipenv/issues/6291>
_ - Fix regression of
2024.3.0
when using the--system
flag without--deploy
flag.#6295 <https://github.com/pypa/pipenv/issues/6295>
_ -
- Bugfix: Fixed Regression with the
pipenv update
routine to allow for package upgrades without requiring an existing lockfile. This change improves the flexibility of the update process by determining which packages require updating and handling cases where the lockfile is absent or partially defined. - Tests Added: Comprehensive integration tests for the updated functionality, covering scenarios like updating packages without a lockfile, detecting modified entries, handling VCS changes, and verifying the correct application of extras during installation.
#6299 <https://github.com/pypa/pipenv/issues/6299>
_
- Bugfix: Fixed Regression with the
-
Fix dependency resolution edge cases and versioning constraints handling:
- Allow JSON format options for
--reverse
dependency graph output matching pipdeptree - Improve installation and upgrade routines to better handle dependencies
- Add ability to specify json output as pipdeptree does
- Add more consistent handling of VCS dependencies and references
- Fix synchronization of development and default dependencies during updates
- Ensure proper propagation of version constraints during updates
- Fix handling of
~=
and other version specifiers during updates
Key Changes:
- Improved reverse dependency analysis to catch conflicts earlier in resolution
- Better handling of VCS package lock data, preserving refs and subdirectories
- Fixed issue where VCS references could be lost in lock file when installed via commit hash
- Better handling of pipfile categories during installation and updates
- Corrected logic for development dependency resolution and constraint propagation
- Improved validation and preservation of version specifiers during updates
This improves stability when working with complex dependency trees and version constraints.
#6281 <https://github.com/pypa/pipenv/issues/6281>
_ - Allow JSON format options for
-
Fixes issue with --skip-lock not providing pip the proper package specifier when version was a string (issue did not impact dict with version key).
#6288 <https://github.com/pypa/pipenv/issues/6288>
_
-
-
Refactored and simplified install routines, improving maintainability and reliability (#6276)
- Split install logic into smaller, focused functions.
- Eliminated Pipfile caching for now to prevent bugs and reduce complexity.
- Fixed edge cases with package category selection.
- Improved handling of VCS dependencies during updates, fixing when ref is a revision and not a branch.
-
Enhanced VCS URL handling with better environment variable support (#6276)
- More reliable expansion of environment variables in Git URLs.
- Better handling of authentication components in VCS URLs.
- Improved error messaging for missing environment variables.
- Fixed issue where Git reference could be dropped during relock.
#6276 <https://github.com/pypa/pipenv/issues/6276>
_
-
- Update pipdeptree to version 2.23.4
#6275 <https://github.com/pypa/pipenv/issues/6275>
_
- Upgrade from
pip==24.0
topip==24.1.2
.#6253 <https://github.com/pypa/pipenv/issues/6253>
_
- Fixes regression in lock file generation that caused environment variable references (e.g., ${GIT_PASSWORD}) in VCS URLs to be stripped out. This restores the ability to use credential placeholders in version control system URLs.
#6256 <https://github.com/pypa/pipenv/issues/6256>
_
- Disable
ResourceWarning
warning for temporary files that are cleaned on program exit.#6151 <https://github.com/pypa/pipenv/issues/6151>
_ - Fixed package sorting when installing a package with extras.
#6171 <https://github.com/pypa/pipenv/issues/6171>
_ - Fixed
pipenv uninstall --all
failing when the virtual environment no longer exists.#6185 <https://github.com/pypa/pipenv/issues/6185>
_ - Fix issue where installing a vcs dependency using pipenv CLI yielded the wrong Pipfile entry such that it could not lock.
#6242 <https://github.com/pypa/pipenv/issues/6242>
_ - Fix report that pipenv requires
packaging>=22
on some systems by setting it as a dependency.#6243 <https://github.com/pypa/pipenv/issues/6243>
_
- Initial support for python3.13
#6240 <https://github.com/pypa/pipenv/issues/6240>
_
- Fix bump version in CI/CD pipeline
#6177 <https://github.com/pypa/pipenv/issues/6177>
_ - Swap old_version and new_version in pipenv update --outdated output.
#6179 <https://github.com/pypa/pipenv/issues/6179>
_ - Update shell detection to only check the end of the command used.
#6197 <https://github.com/pypa/pipenv/issues/6197>
_ - Fix loading dot env twice #6198
#6202 <https://github.com/pypa/pipenv/issues/6202>
_ - Solve issue with quiet lock not writing the lock file #6207.
#6207 <https://github.com/pypa/pipenv/issues/6207>
_ - Fix regression introduced with the "smarter uninstall" PR. Uninstall
--all
should not clear the Pipfile entries.#6209 <https://github.com/pypa/pipenv/issues/6209>
_ - Fixed regression where all local file installations were incorrectly treated as editable. Ensure that local file installations are explicitly marked as editable in both Pipfile and Pipfile.lock entries if editable installation is desired.
#6222 <https://github.com/pypa/pipenv/issues/6222>
_ - Corrected behavior of
pipenv install --skip-lock
after behavioral install refactor introduced regression. No Pipfile.lock is generated with this fix and installation of vcs no longer fails with revision missing error.#6225 <https://github.com/pypa/pipenv/issues/6225>
_ - Fix for Windows on ARM missing distlib binaries in pyproject.toml
#6240 <https://github.com/pypa/pipenv/issues/6240>
_
- Clean up usage of click styling from exceptions, shell and virtualenv
#6178 <https://github.com/pypa/pipenv/issues/6178>
_ - Remove click.echo from pipenv/cli
#6182 <https://github.com/pypa/pipenv/issues/6182>
_ - Remove click.echo from exceptions.py
#6216 <https://github.com/pypa/pipenv/issues/6216>
_ - Update importlib-metadata to 8.4.0
#6235 <https://github.com/pypa/pipenv/issues/6235>
_
No significant changes.
- Supply any
--extra-pip-args
also in the resolver steps.#6006 <https://github.com/pypa/pipenv/issues/6006>
_ - The
uninstall
command now does the inverse ofupgrade
which means it no longer invokes a fulllock
cycle which was problematic for projects with many dependencies.#6029 <https://github.com/pypa/pipenv/issues/6029>
_ - The
pipenv requirements
subcommand now supports the--from-pipfile
flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages.#6156 <https://github.com/pypa/pipenv/issues/6156>
_
pipenv==2024.0.0
denotes the first major release of our semver strategy. As much requested, theinstall
no longer does a complete lock operation. Insteadinstall
follows the same code path as pipenv update (which is upgrade + sync). This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable. Remember that complete lock resolution can be invoked withpipenv lock
just as before.#6098 <https://github.com/pypa/pipenv/issues/6098>
_
- Fix a bug that passes pipenv check command if Pipfile.lock not exist
#6126 <https://github.com/pypa/pipenv/issues/6126>
_ - Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one
#6136 <https://github.com/pypa/pipenv/issues/6136>
_ pipenv
converts offpkg_resources
API usages. This necessitated also vendoring in:- latest
pipdeptree==2.18.1
which also converted offpkg_resources
importlib-metadata==7.1.0
to continue supporting python 3.8 and 3.9packaging==24.0
since the packaging we were utilizing in pip's vendor was insufficient for this conversion.#6139 <https://github.com/pypa/pipenv/issues/6139>
- latest
- Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, <3.12 in the [requires] field, the code has been modified to explicitly express in an error log that absolute versioning must be used.
#6164 <https://github.com/pypa/pipenv/issues/6164>
_
- Vendor in
pip==24.0
#6117 <https://github.com/pypa/pipenv/issues/6117>
_ - Spring 2024 Vendoring includes:
click-didyoumean==0.3.1
expect==4.9.0
pipdeptree==2.16.2
python-dotenv==1.0.1
ruamel.yaml==0.18.6
shellingham==1.5.4
tomlkit==0.12.4
#6118 <https://github.com/pypa/pipenv/issues/6118>
_
- Remove debug print statements that should not have made it into the last release.
#6079 <https://github.com/pypa/pipenv/issues/6079>
_ 2023.12.0 (2024-02-01) ====================== Pipenv 2023.12.0 (2024-02-01) =============================
- Removal of pydantic from pythonfinder and pipenv; reduced complexity of pythonfinder pathlib usage (avoid posix conversions).
#6065 <https://github.com/pypa/pipenv/issues/6065>
_ - Adjusted logic which assumed any file, path or VCS install should be considered editable. Instead relies on the user specified editable flag to mark requirement as editable install.
#6069 <https://github.com/pypa/pipenv/issues/6069>
_ - Remove logic that treats
CI
variable to usedo_run_nt
shell logic, as the original reasons for that patch were no longer valid.#6072 <https://github.com/pypa/pipenv/issues/6072>
_ 2023.11.17 (2024-01-21) ======================= Pipenv 2023.11.17 (2024-01-21) ==============================
- Add markers to Pipfile when parsing requirements.txt
#6008 <https://github.com/pypa/pipenv/issues/6008>
_ - Fix KeyError when using a source without a name in Pipfile
#6021 <https://github.com/pypa/pipenv/issues/6021>
_ - Fix a bug with locking projects that contains packages with non canonical names from private indexes
#6056 <https://github.com/pypa/pipenv/issues/6056>
_
- Update vendored tomlkit to
0.12.3
#6024 <https://github.com/pypa/pipenv/issues/6024>
_ - Bump version of pipdeptree to 0.13.2
#6055 <https://github.com/pypa/pipenv/issues/6055>
_ 2023.11.15 (2023-11-15) ======================= Pipenv 2023.11.15 (2023-11-15) ==============================
- Fix regression with path installs on most recent release
2023.11.14
#6017 <https://github.com/pypa/pipenv/issues/6017>
_
- pipenv now ignores existing venv dir when
PIPENV_VENV_IN_PROJECT
is false.#6009 <https://github.com/pypa/pipenv/issues/6009>
_
- Assume the vcs and direct URL installs need to be reinstalled.
#5936 <https://github.com/pypa/pipenv/issues/5936>
_ - Pass through pipfile index urls when creating https session so that keyring fully works
#5994 <https://github.com/pypa/pipenv/issues/5994>
_ - Fix Using dependencies from a URL fails on Windows.
#6011 <https://github.com/pypa/pipenv/issues/6011>
_
- Officially support python 3.12
#5987 <https://github.com/pypa/pipenv/issues/5987>
_
- Additional safety check in fold_markers logic that affected some lock resolutions in prior release.
#5988 <https://github.com/pypa/pipenv/issues/5988>
- Update vendored versions of:
- click==8.1.7
- markupsafe==2.1.3
- pydantic==1.10.13
- pythonfinder==2.0.6
- ruamel.yaml==0.17.39
- shellingham==1.5.3
- tomlkit==0.12.1
#5986 <https://github.com/pypa/pipenv/issues/5986>
_
- Update vendored pip to
23.3.1
#5991 <https://github.com/pypa/pipenv/issues/5991>
_
- Add quiet option to pipenv shell, hiding "Launching subshell in virtual environment..."
#5966 <https://github.com/pypa/pipenv/issues/5966>
_ - Vendor in pip==23.3 which includes updates to certifi, urllib3, and adds truststore among other improvements.
#5979 <https://github.com/pypa/pipenv/issues/5979>
_
- Change
--py
to useprint
preventing insertion of newline characters#5969 <https://github.com/pypa/pipenv/issues/5969>
_
- Drop pep517 - as it is no longer used.
#5970 <https://github.com/pypa/pipenv/issues/5970>
_
- Drop support for Python 3.7
#5879 <https://github.com/pypa/pipenv/issues/5879>
_
- Eveb better handling of vcs branch references that contain special characters.
#5934 <https://github.com/pypa/pipenv/issues/5934>
_ - Bump certifi from 2023.5.7 to 2023.7.22 in /examples to address a security vulnerability
#5941 <https://github.com/pypa/pipenv/issues/5941>
_
- ignore_compatibility was supposed to default to False (except for hash collection)
#5926 <https://github.com/pypa/pipenv/issues/5926>
_
-
Modernizes the build process by consolidating all of
setuptools
metadata withinpyproject.toml
and removing deprecatedsetup.cfg
andsetup.py
.#5837 <https://github.com/pypa/pipenv/issues/5837>
_
- Restore the ignore compatibility finder pip patch to resolve issues collecting hashes from google artifact registry (and possibly others).
#5887 <https://github.com/pypa/pipenv/issues/5887>
_ - Handle case better where setup.py name is referencing a variable that is a string while encouraging folks to migrate their projects to pyproject.toml
#5905 <https://github.com/pypa/pipenv/issues/5905>
_ - Better handling of local file install edge cases; handle local file extras.
#5919 <https://github.com/pypa/pipenv/issues/5919>
_ - Include the Pipfile markers in the install phase when using
--skip-lock
.#5920 <https://github.com/pypa/pipenv/issues/5920>
_ - Fallback to default vcs ref when no ref is supplied.
More proactively determine package name from the pip line where possible, fallback to the existing file scanning logics when unable to determine name.
#5921 <https://github.com/pypa/pipenv/issues/5921>
_
- Top level Pipfile sys_platform markers should be transitive; adds top level platform_machine entries that are also transitive. Marker entries continue to operate the same as before. #5892
- Apply patch for install_search_all_sources = True functionality. #5895
- Relative paths improvements for editable installs. #5896
- Set log level in resolver to WARN when verbose is not passed. #5897
- Handle more variations in private index html to improve hash collection. #5898
- Revert change that caused the credentials in source url issue. #5878
- Do not treat named requirements as file installs just becacuse a match path exists; better handling of editable keyword for local file installs. Handle additional edge cases in the setup.py ast parser logic for trying to determine local install package name. #5885
- Additional property caching to avoid duplication of sources in the resolver. #5863
- Fix recent regressions with local/editable file installs. #5870
- Fixes the vcs subdirectory fragments regression; fixes sys_platform markers regression. #5871
- Fix regression that caused printing non-printable ascii characters when help was called. #5872
- Fix regression of hash collection when downloading package from private indexes when the hash is not found in the index href url fragment. #5866
- More gracefully handle @ symbols in vcs URLs to address recent regression with vcs URLs. #5849
- Fix regression with
ssh://
vcs URLs introduced in2023.8.21
whereby ssh vcs URLs are expected to have at least one@
symbol. #5846
- Add back some relevant caching to increase performance after the major refactor released with
2023.8.19
#5841 - Fix some edge cases around vcs dependencies without a ref, and older Pipfile/lockfile formats. #5843
- Remove unused command line interface for vendored packages. #5840
- Fix the expected output of the
version
command. #5838
- The
--categories
option now works with requirements.txt file. #5722
- Drop requirementslib for managing pip lines and InstallRequirements, bring remaining requirementslib functionality into pipenv. Fixes numerous reports about extras installs with vcs and file installs; format pip lines correctly to not generate deprecation warnings. #5793
- Update pip 23.2 -> 23.2.1 #5822
- Added documentation on how to move or rename a project directory #5129
- The
--skip-lock
flag which was deprecated, has now been removed to unblock modernizing the pipenv resolver code. #5805
- Upgrades
pip==23.2
which includes everything from the pip changelog. Drops the "install_compatatability_finder" pip internals patch. #5808
- Fix issue parsing some Pipfiles with separate packages.<pkg> sections (tomlkit OutOfOrderTableProxy) #5794
- Fix all ruff linter warnings #5807
- Restore running Resolver in sub-process using the project python by default; maintains ability to run directly by setting
PIPENV_RESOLVER_PARENT_PYTHON
environment variable to 1 (useful for internal debugging). #5809 - Fix error when a Windows path begins with a '' with
pythonfinder==2.0.5
. #5812
- Remove usage of click.secho in some modules. #5804
2023.7.11 (2023-07-11)
- Invoke the resolver in the same process as pipenv rather than utilizing subprocess. #5787
- Fix regression markers being included as None/null in requirements command. #5788
- Drop the --keep-outdated flag and --selective-upgrade flags that have been deprecated in favor of update/upgrade commands. #5730
- Fix regressions in the
requirements
command related to standard index extras and handling of local file requirements. #5784
- Fixes regression on Pipfile requirements syntax. Ensure default operator is provided to requirement lib to avoid crash. #5765
- Ensure hashes included in a generated requirements file are after any markers. #5777
- Fix regression with
--system
flag usage. #5773
- Patch
_get_requests_session
method to considerPIP_CLIENT_CERT
value when present. #5746 - Fix regression in
requirements
command that was causing package installs after upgrade torequirementslib==3.0.0
. #5755 - Fix
error: invalid command 'egg_info'
edge case with requirementslib 3.0.0. It exposed pipenv resolver sometimes was using a different python than expected. #5760 - Fix issue in requirementslib 3.0.0 where dependencies defined in pyproject.toml were not being included in the lock file. #5766
- Bump dparse to 0.6.3 #5750
- Add missing environment variable descriptions back to documentation #missing_env_var_desc
- Fixes resolver to only consider the default index for packages when a secondary index is not specified. This brings the code into alignment with stated assumptions about index restricted packages behavior of
pipenv
. #5737
- Deprecation of
--skip-lock
flag as it bypasses the security benefits of pipenv. Plus it lacks proper deterministic support of installation from multiple package indexes. #5737
- Remove the
sys.path
modifications and as a result fixes keyring support. #5719
- Upgrades to
pipdeptree==2.8.0
which fixes edge cases of thepipenv graph
command. #5720
- Resolver performance: package sources following PEP 503 will leverage package hashes from the URL fragment, without downloading the package. #5701
- Improve regex for python versions to handle hidden paths; handle relative paths to python better as well. #4588
- Update
pythonfinder==2.0.4
with fix for "RecursionError: maximum recursion depth exceeded". #5709
- Drop old vendored toml library. Use stdlib tomllib or tomli instead. #5678
- Drop vendored library cerberus. This isn't actually used by pipenv. #5699
- Consider
--index
argument inupdate
andupgrade
commands. #5692
- Upgrade
pythonfinder==2.0.0
which also brings inpydantic==1.10.7
. #5677
- Vendor in
pip==23.1.2
latest. #5671 - Vendor in
requirementslib==2.3.0
which drops usage ofvistir
. #5672
-
Checks environment variable
PIP_TRUSTED_HOSTS
when evaluating an index specified at the command line when adding toPipfile
.For example, this command line
PIP_TRUSTED_HOSTS=internal.mycompany.com pipenv install pypkg --index=https://internal.mycompany.com/pypi/simple
will add the following to the
Pipfile
:[[source]] url = 'https://internal.mycompany.com/pypi/simple' verify_ssl = false name = 'Internalmycompany' [packages] pypkg = {version="*", index="Internalmycompany"}
This allows users with private indexes to add them to
Pipfile
initially from command line with correct permissions using environment variablePIP_TRUSTED_HOSTS
. #5572 -
Vendor in the updates, upgrades and fixes provided by
pip==23.1
. #5655
- Fix regression with
--skip-lock
option withinstall
command. #5653
- Vendor in latest
python-dotenv==1.0.0
#5656 - Vendor in latest available dependencies:
attrs==23.1.0
click-didyoumean==0.3.0
click==8.1.3
markupsafe==2.1.2
pipdeptree==2.7.0
shellingham==1.5.0.post1
tomlkit==0.11.7
#5657 - Vendor in latest
requirementslib==2.2.5
which includes updates for pip 23.1 #5659
- Made documentation clear about tilde-equals operator for package versions. #5594
No significant changes.
- Fix import error in virtualenv utility for creating new environments caused by
2023.3.18
release. #5636
- Provide a more powerful solution than
--keep-outdated
and--selective-upgrade
which are deprecated for removal. Introducing thepipenv upgrade
command which takes the same package specifiers aspipenv install
and updates thePipfile
andPipfile.lock
with a valid lock resolution that only effects the specified packages and their dependencies. Additionally, thepipenv update
command has been updated to use thepipenv upgrade
routine when packages are provided, which will install sync the new lock file as well. #5617
- Bump vistir to 0.8.0, requirementslib to 2.2.4. #5635
pipenv
now reads the systempip.conf
orpip.ini
file in order to determine pre-defined indexes to use for package resolution and installation. #5297- Behavior change for
pipenv check
now checks the default packages group of the lockfile. Specifying--categories
to override which categories to check against. Pass--use-installed
to get the prior behavior of checking the packages actually installed into the environment. #5600
- Fix regression with detection of
CI
env variable being set to something other than a truthy value. #5554 - Fix
--categories
argument inconsistency between requirements command and install/sync by allowing comma separated values or spaces. #5570 - Use Nushell overlays when running
pipenv shell
. #5603
- Vendor in the
pip==23.0
release. #5586 - Vendor in
pip==23.0.1
minor pt release. Updatespythonfinder==1.3.2
. #5614
- Make some improvements to the contributing guide. #5611
- Fix overwriting of output in verbose mode #5530
- Fix for resolution error when direct url includes an extras. #5536
- Remove pytest-pypi package since it's not used anymore #5556
- Remove deprecated --three flag from the CLI. #5576
- Fix for
requirementslib
hanging during install of remote wheels files. #5546
- virtualenv creation no longer uses
--creator=venv
by default; introduced two environment variables:PIPENV_VIRTUALENV_CREATOR
-- May be specified to instruct virtualenv which--creator=
to use.PIPENV_VIRTUALENV_COPIES
-- When specified as truthy, instructs virtualenv to not use symlinks. #5477 - Fix regression where
path
is not propagated to thePipfile.lock
. #5479 - Solve issue where null markers were getting added to lock file when extras were provided. #5486
- Fix:
update --outdated
raises NonExistentKey with outdated dev packages #5540
- Vendor in
pip==22.3.1
which is currently the latest version ofpip
. #5520 -
- Bump version of requirementslib to 2.2.1
- Bump version of vistir to 0.7.5
- Bump version of colorama to 0.4.6 #5522
- Bump plette version to 0.4.4 #5539
- Fix regression: pipenv does not sync indexes to lockfile. #5508
- Solving issue where
pipenv check
command has been broken in the published wheel distribution. #5493
- Stop building universal wheels since Python 2 is no longer supported. #5496
- Find nushell activate scripts. #5470
-
- Drop unused code from cerberus
- Drop unused module wheel #5467
-
- Replace yaspin spinner with rich spinner.
- Bump vistir version to 0.7.4 #5468
- Bump version of requirementslib to 2.2.0 Drop yaspin which is no longer used. Bump vistir to version 0.7.4 Remove parse. Remove termcolor. Remove idna. #5481
- Fix regression of lock generation that caused the keep-outdated behavior to be default. #5456
- Rollback the change in version of
colorama
due to regressions in core functionality. #5459
- Allow pipenv settings to be explicitly disabled more easily by assigning to the environment variable a falsy value. #5451
- Provide an install iteration per index when
install_search_all_sources
isfalse
(default behavior). This fixes regression where install phase was using unexpected index after updatingpip==22.3
#5444
- Drop tomli, which is not used anymore. Bump attrs version see #5449. Drop distlib, colorama and platformdirs - use the ones from pip._vendor. #5450
- Add support to export requirements file for a specified set of categories. #5431
- Remove appdirs.py in favor of platformdirs. #5420
- Remove usage of vistir.cmdparse in favor of pipenv.cmdparse #5419
- Update pipenv docs for with example for callabale package functions in Pipfile scripts #5396
- Revert decision to change the default isolation level because it caused problems with existing workflows; solution is to recommend users that have issues requiring pre-requisites to pass --extra-pip-args="--no-build-isolation" in their install or sync commands. #5399
- Add ability for callable scripts in Pipfile under [scripts]. Callables can now be added like:
<pathed.module>:<func>
and can also take arguments. For example:func = {call = "package.module:func('arg1', 'arg2')"}
then this can be activated in the shell withpipenv run func
#5294
- Fixes regression from
2022.10.9
wherePipfile
withpipenv
section began generating new hash, and also fix regression where lock phase did not update the hash value. #5394
- New pipfiles show python_full_version under [requires] if specified. Previously creating a new pipenv project would only specify in the Pipfile the major and minor version, i.e. "python_version = 3.7". Now if you create a new project with a fully named python version it will record both in the Pipfile. So: "python_version = 3.7" and "python_full_version = 3.7.2" #5345
- Silence majority of pytest.mark warnings by registering custom marks. Can view a list of custom marks by running
pipenv run pytest --markers
- Use
--creator=venv
when creating virtual environments to avoid issue with sysconfigposix_prefix
on some systems. #5075 - Prefer to use the lockfile sources if available during the install phase. #5380
- Drop vendored six - we no longer depend on this library, as we migrated from pipfile to plette. #5187
- Update
requirementslib==2.0.3
to always evaluate the requirement markers fresh (without lru_cache) to fix marker determinism issue. #4660
- Fix regression to
install --skip-lock
with update toplette
. #5368
-
Remove usage of pipfile module in favour of Plette. pipfile is not actively maintained anymore. Plette is actively maintained, and has stricter checking of the Pipefile and Pipefile.lock. As a result, Pipefile with unnamed package indices will fail to lock. If a Pipefile was hand crafeted, and the source is anonymous an error will be thrown. The solution is simple, add a name to your index, e.g, replace:
[[source]] url = "https://pypi.acme.com/simple" verify_ssl = true
With:
[[source]] url = "https://pypi.acme.com/simple" verify_ssl = true name = acmes_private_index `#5339 <https://github.com/pypa/pipenv/issues/5339>`_
- Modernize
pipenv
path patch withimportlib.util
to eliminate import ofpkg_resources
#5349
- Remove iso8601 from vendored packages since it was not used. #5346
- It is now possible to supply additional arguments to
pip
install by supplying--extra-pip-args="<arg1> <arg2>"
See the updated documentationSupplying additional arguments to pip
for more details. #5283
- Make editable detection better because not everyone specifies editable entry in the Pipfile for local editable installs. #4784
- Add error handling for when the installed package setup.py does not contain valid markers. #5329
- Load the dot env earlier so that
PIPENV_CUSTOM_VENV_NAME
is more useful across projects. #5334
- Bump version of shellingham to support nushell. #5336
- Bump plette to version v0.3.0 #5337
- Bump version of pipdeptree #5343
- Add deprecation warning to the --three flag. Pipenv now uses python3 by default. #5328
- Convert the test runner to use
pypiserver
as a standalone process for all tests that referencce internalpypi
artifacts. General refactoring of some test cases to create more variety in packages selected--preferring lighter weight packages--in existing test cases.
- Fix the issue from
2022.9.2
where tarball URL packages were being skipped on batch_install. #5306
- Fix issue where unnamed constraints were provided but which are not allowed by
pip
resolver. #5273
- Performance optimization to
batch_install
results in a faster and less CPU intensivepipenv sync
orpipenv install
experience. #5301
pipenv
now uses aNamedTemporaryFile
for rsolver constraints and drops internal env varPIPENV_PACKAGES
. #4925
- Remove no longer used method
which_pip
. #5314 - Drop progress bar file due to recent performance optimization to combine
batch_install
requirements in at most two invocations ofpip install
. To see progress of install pass--verbose
flag andpip
progress will be output in realtime. #5315
- Fix an issue when using
pipenv install --system
on systems that having thepython
executable pointing to Python 2 and a Python 3 executable beingpython3
. #5296 - Sorting
constraints
before resolving, which fixespipenv lock
generates nondeterminism environment markers. #5299 - Fix #5273, use our own method for checking if a package is a valid constraint. #5309
- Vendor in
requirementslib==2.0.1
which fixes issue with local install not marked editable, and vendor invistir==0.6.1
which drops python2 support. Dropsorderedmultidict
from vendoring. #5308
- Remove eager and unnecessary importing of
setuptools
andpkg_resources
to avoid conflict upgradingsetuptools
. Roll backsysconfig
patch ofpip
because it was problematic for some--system
commands. #5228
- Vendor in
requirementslib==2.0.0
and droppip-shims
entirely. #5228 - Vendor in
pythonfinder==1.3.1
#5292
- Fix issue where resolver is provided with
install_requires
constraints fromsetup.py
that depend on editable dependencies and could not resolve them. #5271 - Fix for
pipenv lock
fails for packages with extras as of2022.8.13
. #5274 - Revert the exclusion of
BAD_PACKAGES
frombatch_install
in order forpipenv
to install specific versions ofsetuptools
. To prevent issue upgradingsetuptools
this patches_USE_SYSCONFIG_DEFAULT
to usesysconfig
for3.7
and above whereaspip
default behavior was3.10
and above. #5275
- Fix "The Python interpreter can't be found" error when running
pipenv install --system
with a python3 but no python. #5261 - Revise pip import patch to include only
pipenv
from site-packages and removed--ignore-installed
argument from pip install in order to fix regressions with--use-site-packages
. #5265
pip_install
method was using a different way of finding the python executable than otherpipenv
commands, which caused an issue with skipping package installation if it was already installed in site-packages. #5254
- Removed
packaging
library fromBAD_PACKAGES
constant to allow it to be installed, which fixes regression frompipenv==2022.8.13
. #5247
- If environment variable
CI
orTF_BUILD
is set but does not evaluate toFalse
it is now treated asTrue
. #5128 - Fix auto-complete crashing on 'install' and 'uninstall' keywords #5214
- Address remaining
pipenv
commands that were still referencing the user or system installedpip
to use the vendoredpip
internal topipenv
. #5229 - Use
packages
as constraints when lockingdev-packages
in Pipfile. Usepackages
as constraints when installing newdev-packages
. #5234
- Vendor in minor
pip
update22.2.2
#5230
- Add documentation for environment variables the configure pipenv. #5235
- The deprecated way of generating requirements
install -r
orlock -r
has been removed in favor of thepipenv requirements
command. #5200
- support PIPENV_CUSTOM_VENV_NAME to be the venv name if specified, update relevant docs. #4974
- Remove usages of
pip_shims
from the non vendoredpipenv
code, but retain initialization forrequirementslib
still has usages. #5204 - Fix case sensitivity of color name
red
in exception when getting hashes from pypi in_get_hashes_from_pypi
. #5206 - Write output from
subprocess_run
directly tostdout
instead of creating temporary file. Remove deprecateddistutils.sysconfig
, usesysconfig
. #5210
-
- Rename patched
notpip
topip
in order to be clear that its a patched version of pip. - Remove the part of _post_pip_import.patch that overrode the standalone pip to be the user installed pip, now we fully rely on our vendored and patched
pip
, even for all types of installs. - Vendor in the next newest version of
pip==22.2
- Modify patch for
pipdeptree
to not usepip-shims
#5188 - Remove vendored
urllib3
in favor of using it from vendored version inpip._vendor
#5215
- Rename patched
- Remove tests that have been for a while been marked skipped and are no longer relevant. #5165
- Re-enabled three installs tests again on the Windows CI as recent refactor work has fixed them. #5064
- Support ANSI
NO_COLOR
environment variable and deprecatePIPENV_COLORBLIND
variable, which will be removed after this release. #5158 - Fixed edge case where a non-editable file, url or vcs would overwrite the value
no_deps
for all other requirements in the loop causing a retry condition. #5164 - Vendor in latest
requirementslib
for fix to lock when using editable VCS module with specific@
git reference. #5179
- Remove crayons and replace with click.secho and click.styles per #3741 #3741
- Vendor in latest version of
pip==22.1.2
which upgradespipenv
frompip==22.0.4
. Vendor in latest version ofrequirementslib==1.6.7
which includes a fix for tracebacks on encountering Annotated variables. Vendor in latest version ofpip-shims==0.7.3
such that imports could be rewritten to utilizepackaging
from vendor'dpip
. Drop thepackaging
requirement from thevendor
directory inpipenv
. #5147 - Remove unused vendored dependency
normailze-charset
. #5161 - Remove obsolete package
funcsigs
. #5168 - Bump vendored dependency
pyparsing==3.0.9
. #5170
- Adjust
pipenv requirements
to add markers and add an--exclude-markers
option to allow the exclusion of markers. #5092
- Stopped expanding environment variables when using
pipenv requirements
#5134
- Depend on
requests
andcertifi
from vendoredpip
and remove them as explicit vendor dependencies. #5000 - Vendor in the latest version of
requirementslib==1.6.5
which includes bug fixes for beta python versions, projects with an at sign (@) in the path, and asetuptools
deprecation warning. #5132
- Switch from using type comments to type annotations.
- Adjust pipenv to work with the newly added
venv
install scheme in Python. First check ifvenv
is among the available install schemes, and use it if it is. Otherwise fall back to thent
orposix_prefix
install schemes as before. This should produce no change for environments where the install schemes were not redefined. #5096
- Fixes issue of
pipenv lock -r
command printing to stdout instead of stderr. #5091
- Fixes issue of
requirements
command problem by modifying to print-e
and path of the editable package. #5070 - Revert specifier of
setuptools
requirement insetup.py
back to what it was in order to fixFileNotFoundError: [Errno 2]
issue report. #5075 - Fixes issue of requirements command where git requirements cause the command to fail, solved by using existing convert_deps_to_pip function. #5076
- Vendor in
requirementslib==1.6.4
to FixSetuptoolsDeprecationWarning
setuptools.config.read_configuration
became deprecated. #5081
- Remove more usage of misc functions of vistir. Many of this function are available in the STL or in another dependency of pipenv. #5078
- Updated setup.py to remove support for python 3.6 from built
pipenv
packages' Metadata. #5065
- Added new Pipenv option
install_search_all_sources
that allows installation of packages from an existingPipfile.lock
to search all defined indexes for the constrained package version and hash signatures. #5041
- allow the user to disable the
no_input
flag, so the use of e.g Google Artifact Registry is possible. #4706 - Fixes case where packages could fail to install and the exit code was successful. #5031
- Updated vendor version of
pip
from21.2.2
to22.0.4
which fixes a number of bugs including several reports of pipenv locking for an infinite amount of time when using certain package constraints. This also drops support for python 3.6 as it is EOL and support was removed in pip 22.x #4995
- Removed the vendor dependency
more-itertools
as it was originally added forzipp
, which since stopped using it. #5044 - Removed all usages of
pipenv.vendor.vistir.compat.fs_str
, since this function was used for PY2-PY3 compatibility and is no longer needed. #5062
- Added pytest-cov and basic configuration to the project for generating html testing coverage reports.
- Make all CI jobs run only after the lint stage. Also added a makefile target for vendoring the packages.
- Implements a
pipenv requirements
command which generates a requirements.txt compatible output without locking. #4959 - Internal to pipenv, the utils.py was split into a utils module with unused code removed. #4992
- Pipenv will now ignore
.venv
in the project whenPIPENV_VENV_IN_PROJECT
variable is False. Unset variable maintains the existing behavior of preferring to use the project's.venv
should it exist. #2763 - Fix an edge case of hash collection in index restricted packages whereby the hashes for some packages would
be missing from the
Pipfile.lock
following package index restrictions added inpipenv==2022.3.23
. #5023
- Pipenv CLI documentation generation has been fixed. It had broke when
click
was vendored into the project in2021.11.9
because by defaultsphinx-click
could no longer determine the CLI inherited from click. #4778 - Improve documentation around extra indexes and index restricted packages. #5022
- Removes the optional
install
argument--extra-index-url
as it was not compatible with index restricted packages. Using the--index
argument is the correct way to specify a package should be pulled from the non-default index. #5022
- Added code linting using pre-commit-hooks, black, flake8, isort, pygrep-hooks, news-fragments and check-manifest.
Very similar to pip's configuration; adds a towncrier new's type
process
for change to Development processes.
- Environment variables were not being loaded when the
--quiet
flag was set #5010 - It would appear that
requirementslib
was not fully specifying the subdirectory tobuild_pep517
and and when a new version ofsetuptools
was released, the testtest_lock_nested_vcs_direct_url
broke indicating the Pipfile.lock no longer contained the extra dependencies that should have been resolved. This regression affectedpipenv>=2021.11.9
but has been fixed by a patch torequirementslib
. #5019
- Vendor in pip==21.2.4 (from 21.2.2) in order to bring in requested bug fix for python3.6. Note: support for 3.6 will be dropped in a subsequent release. #5008
- It is now possible to silence the
Loading .env environment variables
message onpipenv run
with the--quiet
flag or thePIPENV_QUIET
environment variable. #4027
- Fixes issue with new index safety restriction, whereby an unnamed extra sources index caused and error to be thrown during install. #5002
- The text
Loading .env environment variables...
has been switched back to stderr as to not break requirements.txt generation. Also it only prints now when a.env
file is actually present. #5003
- Use environment variable
PIPENV_SKIP_LOCK
to control the behaviour of lock skipping. #4797 - New CLI command
verify
, checks the Pipfile.lock is up-to-date #4893
- Pattern expansion for arguments was disabled on Windows. #4935
- Python versions on Windows can now be installed automatically through pyenv-win #4525
- Patched our vendored Pip to fix: Pipenv Lock (Or Install) Does Not Respect Index Specified For A Package. #4637
- If
PIP_TARGET
is set to environment variables, Refer specified directory for calculate delta, instead default directory #4775 - Remove remaining mention of python2 and --two flag from codebase. #4938
- Use
CI
environment value, over mere existence of name #4944 - Environment variables from dot env files are now properly expanded when included in scripts. #4975
- Updated vendor version of
pythonfinder
from1.2.9
to1.2.10
which fixes a bug with WSL (Windows Subsystem for Linux) when a path can not be read and Permission Denied error is encountered. #4976
- Removes long broken argument
--code
frominstall
and--unused
fromcheck
. Check command no longer takes in arguments to ignore. Removed the vendored dependencies:pipreqs
andyarg
#4998
- Remove the extra parentheses around the venv prompt. #4877
- Fix a bug of installation fails when extra index url is given. #4881
- Fix regression where lockfiles would only include the hashes for releases for the platform generating the lockfile #4885
- Fix the index parsing to reject illegal requirements.txt. #4899
- Update
charset-normalizer
from2.0.3
to2.0.7
, this fixes an import error on Python 3.6. #4865 - Fix a bug of deleting a virtualenv that is not managed by Pipenv. #4867
- Fix a bug that source is not added to
Pipfile
when index url is given withpipenv install
. #4873
- Return an empty dict when
PIPENV_DONT_LOAD_ENV
is set. #4851 - Don't use
sys.executable
when inside an activated venv. #4852
- Drop the vendored
jinja2
dependency as it is not needed any more. #4858 - Update
click
from8.0.1
to8.0.3
, to fix a problem with bash completion. #4860 - Drop unused vendor
chardet
. #4862
- Fix the documentation to reflect the fact that special characters must be percent-encoded in the URL. #4856
- Replace
click-completion
withclick
's own completion implementation. #4786
- Fix a bug that
pipenv run
doesn't set environment variables correctly. #4831 - Fix a bug that certifi can't be loaded within
notpip
's vendor library. This makes several objects ofpip
fail to be imported. #4833 - Fix a bug that
3.10.0
can be found be python finder. #4837
- Update
pythonfinder
from1.2.8
to1.2.9
. #4837
- Fix a regression that
pipenv shell
fails to start a subshell. #4828 - Fix a regression that
pip_shims
object isn't imported correctly. #4829
- Avoid sharing states but create project objects on demand. So that most integration test cases are able to switch to a in-process execution method. #4757
- Shell-quote
pip
commands when logging. #4760
- Ignore empty .venv in rood dir and create project name base virtual environment #4790
-
Update vendored dependencies -
attrs
from20.3.0
to21.2.0
-cerberus
from1.3.2
to1.3.4
-certifi
from2020.11.8
to2021.5.30
-chardet
from3.0.4
to4.0.0
-click
from7.1.2
to8.0.1
-distlib
from0.3.1
to0.3.2
-idna
from2.10
to3.2
-importlib-metadata
from2.0.0
to4.6.1
-importlib-resources
from3.3.0
to5.2.0
-jinja2
from2.11.2
to3.0.1
-markupsafe
from1.1.1
to2.0.1
-more-itertools
from5.0.0
to8.8.0
-packaging
from20.8
to21.0
-pep517
from0.9.1
to0.11.0
-pipdeptree
from1.0.0
to2.0.0
-ptyprocess
from0.6.0
to0.7.0
-python-dateutil
from2.8.1
to2.8.2
-python-dotenv
from0.15.0
to0.19.0
-pythonfinder
from1.2.5
to1.2.8
-requests
from2.25.0
to2.26.0
-shellingham
from1.3.2
to1.4.0
-six
from1.15.0
to1.16.0
-tomlkit
from0.7.0
to0.7.2
-urllib3
from1.26.1
to1.26.6
-zipp
from1.2.0
to3.5.0
Add new vendored dependencies -
charset-normalizer 2.0.3
-termcolor 1.1.0
-tomli 1.1.0
-wheel 0.36.2
#4747 -
Drop the dependencies for Python 2.7 compatibility purpose. #4751
-
Switch the dependency resolver from
pip-tools
topip
.Update vendor libraries: - Update
requirementslib
from1.5.16
to1.6.1
- Updatepip-shims
from0.5.6
to0.6.0
- New vendorplatformdirs 2.4.0
#4759
- remove prefixes on install commands for easy copy/pasting #4792
- Officially drop support for Python 2.7 and Python 3.5. #4261
- Fix a bug where passing --skip-lock when PIPFILE has no [SOURCE] section throws the error: "tomlkit.exceptions.NonExistentKey: 'Key "source" does not exist.'" #4141
- Fix bug where environment wouldn't activate in paths containing & and $ symbols #4538
- Fix a bug that
importlib-metadata
from the project's dependencies conflicts with that frompipenv
's. #4549 - Fix a bug where
pep508checker.py
did not expect double-digit Python minor versions (e.g. "3.10"). #4602 - Fix bug where environment wouldn't activate in paths containing () and [] symbols #4615
- Fix bug preventing use of pipenv lock --pre #4642
- Update
packaging
from20.4
to20.8
. #4591
- Support expanding environment variables in requirement URLs. #3516
- Show warning message when a dependency is skipped in locking due to the mismatch of its markers. #4346
- Fix a bug that executable scripts with leading backslash can't be executed via
pipenv run
. #4368 - Fix a bug that VCS dependencies always satisfy even if the ref has changed. #4387
- Restrict the acceptable hash type to SHA256 only. #4517
- Fix the output of
pipenv scripts
under Windows platform. #4523 - Fix a bug that the resolver takes wrong section to validate constraints. #4527
- Update vendored dependencies:
: -
colorama
from0.4.3
to0.4.4
python-dotenv
from0.10.3
to0.15.0
first
from2.0.1
to2.0.2
iso8601
from0.1.12
to0.1.13
parse
from1.15.0
to1.18.0
pipdeptree
from0.13.2
to1.0.0
requests
from2.23.0
to2.25.0
idna
from2.9
to2.10
urllib3
from1.25.9
to1.26.1
certifi
from2020.4.5.1
to2020.11.8
requirementslib
from1.5.15
to1.5.16
attrs
from19.3.0
to20.3.0
distlib
from0.3.0
to0.3.1
packaging
from20.3
to20.4
six
from1.14.0
to1.15.0
semver
from2.9.0
to2.13.0
toml
from0.10.1
to0.10.2
cached-property
from1.5.1
to1.5.2
yaspin
from0.14.3
to1.2.0
resolvelib
from0.3.0
to0.5.2
pep517
from0.8.2
to0.9.1
zipp
from0.6.0
to1.2.0
importlib-metadata
from1.6.0
to2.0.0
importlib-resources
from1.5.0
to3.3.0
#4533
- Fix suggested pyenv setup to avoid using shimmed interpreter #4534
- Add a new command
pipenv scripts
to display shortcuts from Pipfile. #3686 - Retrieve package file hash from URL to accelerate the locking process. #3827
- Add the missing
--system
option topipenv sync
. #4441 - Add a new option pair
--header/--no-header
topipenv lock
command, which adds a header to the generated requirements.txt #4443
- Fix a bug that percent encoded characters will be unquoted incorrectly in the file URL. #4089
- Fix a bug where setting PIPENV_PYTHON to file path breaks environment name #4225
- Fix a bug that paths are not normalized before comparison. #4330
- Handle Python major and minor versions correctly in Pipfile creation. #4379
- Fix a bug that non-wheel file requirements can be resolved successfully. #4386
- Fix a bug that
pexept.exceptions.TIMEOUT
is not caught correctly because of the wrong import path. #4424 - Fix a bug that compound TOML table is not parsed correctly. #4433
- Fix a bug that invalid Python paths from Windows registry break
pipenv install
. #4436 - Fix a bug that function calls in
setup.py
can't be parsed rightly. #4446 - Fix a bug that dist-info inside
venv
directory will be mistaken as the editable package's metadata. #4480 - Make the order of hashes in resolution result stable. #4513
- Discourage homebrew installation in installation guides. #4013
- Fixed behaviour of
pipenv uninstall --all-dev
. From now on it does not uninstall regular packages. #3722 - Fix a bug that incorrect Python path will be used when
--system
flag is on. #4315 - Fix falsely flagging a Homebrew installed Python as a virtual environment #4316
- Fix a bug that
pipenv uninstall
throws an exception that does not exist. #4321 - Fix a bug that Pipenv can't locate the correct file of special directives in
setup.cfg
of an editable package. #4335 - Fix a bug that
setup.py
can't be parsed correctly when the assignment is type-annotated. #4342 - Fix a bug that
pipenv graph
throws an exception that PipenvCmdError(cmd_string, c.out, c.err, return_code). #4388 - Do not copy the whole directory tree of local file package. #4403
- Correctly detect whether Pipenv in run under an activated virtualenv. #4412
- Update
requirementslib
to1.5.12
. #4385 -
- Update
requirements
to1.5.13
. - Update
pip-shims
to0.5.3
. #4421
- Update
- Pipenv will now detect existing
venv
andvirtualenv
based virtual environments more robustly. #4276
+
signs in URL authentication fragments will no longer be incorrectly replaced with space ( `` `` ) characters. #4271- Fixed a regression which caused Pipenv to fail when running under
/
. #4273 setup.py
files withversion
variables read fromos.environ
are now able to be parsed successfully. #4274- Fixed a bug which caused Pipenv to fail to install packages in a virtual environment if those packages were already present in the system global environment. #4276
- Fix a bug that caused non-specific versions to be pinned in
Pipfile.lock
. #4278 - Corrected a missing exception import and invalid function call invocations in
pipenv.cli.command
. #4286 - Fixed an issue with resolving packages with names defined by function calls in
setup.py
. #4292 - Fixed a regression with installing the current directory, or
.
, inside avenv
based virtual environment. #4295 - Fixed a bug with the discovery of python paths on Windows which could prevent installation of environments during
pipenv install
. #4296 - Fixed an issue in the
requirementslib
AST parser which prevented parsing ofsetup.py
files for dependency metadata. #4298 - Fix a bug where Pipenv doesn't realize the session is interactive #4305
- Updated requirementslib to version
1.5.11
. #4292 - Updated vendored dependencies:
: - pythonfinder:
1.2.2
=>1.2.4
- requirementslib:
1.5.9
=>1.5.10
#4302
- requirementslib:
-
pipenv install
andpipenv sync
will no longer attempt to install satisfied dependencies during installation. #3057, #3506 -
Added support for resolution of direct-url dependencies in
setup.py
files to respectPEP-508
style URL dependencies. #3148 -
Added full support for resolution of all dependency types including direct URLs, zip archives, tarballs, etc.
- Improved error handling and formatting.
- Introduced improved cross platform stream wrappers for better
stdout
andstderr
consistency. #3298
-
For consistency with other commands and the
--dev
option description,pipenv lock --requirements --dev
now emits both default and development dependencies. The new--dev-only
option requests the previous behaviour (e.g. to generate adev-requirements.txt
file). #3316 -
Pipenv will now successfully recursively lock VCS sub-dependencies. #3328
-
Added support for
--verbose
output topipenv run
. #3348 -
Pipenv will now discover and resolve the intrinsic dependencies of all VCS dependencies, whether they are editable or not, to prevent resolution conflicts. #3368
-
Added a new environment variable,
PIPENV_RESOLVE_VCS
, to toggle dependency resolution off for non-editable VCS, file, and URL based dependencies. #3577 -
Added the ability for Windows users to enable emojis by setting
PIPENV_HIDE_EMOJIS=0
. #3595 -
Allow overriding PIPENV_INSTALL_TIMEOUT environment variable (in seconds). #3652
-
Allow overriding PIP_EXISTS_ACTION environment variable (value is passed to pip install). Possible values here: https://pip.pypa.io/en/stable/reference/pip/#exists-action-option Useful when you need to
PIP_EXISTS_ACTION=i
(ignore existing packages) - great for CI environments, where you need really fast setup. #3738 -
Pipenv will no longer forcibly override
PIP_NO_DEPS
on all vcs and file dependencies as resolution happens on these in a pre-lock step. #3763 -
Improved verbose logging output during
pipenv lock
will now stream output to the console while maintaining a spinner. #3810 -
Added support for automatic python installs via
asdf
and associatedPIPENV_DONT_USE_ASDF
environment variable. #4018 -
Pyenv/asdf can now be used whether or not they are available on PATH. Setting PYENV_ROOT/ASDF_DIR in a Pipenv's .env allows Pipenv to install an interpreter without any shell customizations, so long as pyenv/asdf is installed. #4245
-
Added
--key
command line parameter for including personal PyUp.io API tokens when runningpipenv check
. #4257
- Make conservative checks of known exceptions when subprocess returns output, so user won't see the whole traceback - just the error. #2553
- Do not touch Pipfile early and rely on it so that one can do
pipenv sync
without a Pipfile. #3386 - Re-enable
--help
option forpipenv run
command. #3844 - Make sure
pipenv lock -r --pypi-mirror {MIRROR_URL}
will respect the pypi-mirror in requirements output. #4199
-
Raise
PipenvUsageError
when [[source]] does not contain url field. #2373 -
Fixed a bug which caused editable package resolution to sometimes fail with an unhelpful setuptools-related error message. #2722
-
Fixed an issue which caused errors due to reliance on the system utilities
which
andwhere
which may not always exist on some systems. - Fixed a bug which caused periodic failures in python discovery when executables namedpython
were not present on the target$PATH
. #2783 -
Dependency resolution now writes hashes for local and remote files to the lockfile. #3053
-
Fixed a bug which prevented
pipenv graph
from correctly showing all dependencies when running from withinpipenv shell
. #3071 -
Fixed resolution of direct-url dependencies in
setup.py
files to respectPEP-508
style URL dependencies. #3148 -
Fixed a bug which caused failures in warning reporting when running pipenv inside a virtualenv under some circumstances.
- Fixed a bug with package discovery when running
pipenv clean
. #3298
- Fixed a bug with package discovery when running
-
Quote command arguments with carets (
^
) on Windows to work around unintended shell escapes. #3307 -
Handle alternate names for UTF-8 encoding. #3313
-
Abort pipenv before adding the non-exist package to Pipfile. #3318
-
Don't normalize the package name user passes in. #3324
-
Fix a bug where custom virtualenv can not be activated with pipenv shell #3339
-
Fix a bug that
--site-packages
flag is not recognized. #3351 -
Fix a bug where pipenv --clear is not working #3353
-
Fix unhashable type error during
$ pipenv install --selective-upgrade
#3384 -
Dependencies with direct
PEP508
compliant VCS URLs specified in theirinstall_requires
will now be successfully locked during the resolution process. #3396 -
Fixed a keyerror which could occur when locking VCS dependencies in some cases. #3404
-
Fixed a bug that
ValidationError
is thrown when some fields are missing in source section. #3427 -
Updated the index names in lock file when source name in Pipfile is changed. #3449
-
Fixed an issue which caused
pipenv install --help
to show duplicate entries for--pre
. #3479 -
Fix bug causing
[SSL: CERTIFICATE_VERIFY_FAILED]
when Pipfile[[source]]
has verify_ssl=false and url with custom port. #3502 -
Fix
sync --sequential
ignoringpip install
errors and logs. #3537 -
Fix the issue that lock file can't be created when
PIPENV_PIPFILE
is not under working directory. #3584 -
Pipenv will no longer inadvertently set
editable=True
on all vcs dependencies. #3647 -
The
--keep-outdated
argument topipenv install
andpipenv lock
will now drop specifier constraints when encountering editable dependencies. - In addition,--keep-outdated
will retain specifiers that would otherwise be dropped from any entries that have not been updated. #3656 -
Fixed a bug which sometimes caused pipenv to fail to respect the
--site-packages
flag when passed withpipenv install
. #3718 -
Normalize the package names to lowercase when comparing used and in-Pipfile packages. #3745
-
pipenv update --outdated
will now correctly handle comparisons between pre/post-releases and normal releases. #3766 -
Fixed a
KeyError
which could occur when pinning outdated VCS dependencies viapipenv lock --keep-outdated
. #3768 -
Resolved an issue which caused resolution to fail when encountering poorly formatted
python_version
markers insetup.py
andsetup.cfg
files. #3786 -
Fix a bug that installation errors are displayed as a list. #3794
-
Update
pythonfinder
to fix a problem thatpython.exe
will be mistakenly chosen for virtualenv creation under WSL. #3807 -
Fixed several bugs which could prevent editable VCS dependencies from being installed into target environments, even when reporting successful installation. #3809
-
pipenv check --system
should find the correct Python interpreter whenpython
does not exist on the system. #3819 -
Resolve the symlinks when the path is absolute. #3842
-
Pass
--pre
and--clear
options topipenv update --outdated
. #3879 -
Fixed a bug which prevented resolution of direct URL dependencies which have PEP508 style direct url VCS sub-dependencies with subdirectories. #3976
-
Honor PIPENV_SPINNER environment variable #4045
-
Fixed an issue with
pipenv check
failing due to an invalid API key frompyup.io
. #4188 -
Fixed a bug which caused versions from VCS dependencies to be included in
Pipfile.lock
inadvertently. #4217 -
Fixed a bug which caused pipenv to search non-existent virtual environments for
pip
when installing using--system
. #4220 -
Requires-Python
values specifying constraint versions of python starting from1.x
will now be parsed successfully. #4226 -
Fix a bug of
pipenv update --outdated
that can't print output correctly. #4229 -
Fixed a bug which caused pipenv to prefer source distributions over wheels from
PyPI
during the dependency resolution phase. Fixed an issue which prevented proper build isolation usingpep517
based builders during dependency resolution. #4231 -
Don't fallback to system Python when no matching Python version is found. #4232
-
Updated vendored dependencies:
- attrs:
18.2.0
=>19.1.0
- certifi:
2018.10.15
=>2019.3.9
- cached_property:
1.4.3
=>1.5.1
- cerberus:
1.2.0
=>1.3.1
- click-completion:
0.5.0
=>0.5.1
- colorama:
0.3.9
=>0.4.1
- distlib:
0.2.8
=>0.2.9
- idna:
2.7
=>2.8
- jinja2:
2.10.0
=>2.10.1
- markupsafe:
1.0
=>1.1.1
- orderedmultidict:
(new)
=>1.0
- packaging:
18.0
=>19.0
- parse:
1.9.0
=>1.12.0
- pathlib2:
2.3.2
=>2.3.3
- pep517:
(new)
=>0.5.0
- pexpect:
4.6.0
=>4.7.0
- pipdeptree:
0.13.0
=>0.13.2
- pyparsing:
2.2.2
=>2.3.1
- python-dotenv:
0.9.1
=>0.10.2
- pythonfinder:
1.1.10
=>1.2.1
- pytoml:
(new)
=>0.1.20
- requests:
2.20.1
=>2.21.0
- requirementslib:
1.3.3
=>1.5.0
- scandir:
1.9.0
=>1.10.0
- shellingham:
1.2.7
=>1.3.1
- six:
1.11.0
=>1.12.0
- tomlkit:
0.5.2
=>0.5.3
- urllib3:
1.24
=>1.25.2
- vistir:
0.3.0
=>0.4.1
- yaspin:
0.14.0
=>0.14.3
- Removed vendored dependency cursor. #3298
- attrs:
-
Updated
pip_shims
to support--outdated
with new pip versions. #3766 -
Update vendored dependencies and invocations
- Update vendored and patched dependencies
- Update patches on
piptools
,pip
,pip-shims
,tomlkit
- Fix invocations of dependencies
- Fix custom
InstallCommand
instantiation - Update
PackageFinder
usage - Fix
Bool
stringify attempts fromtomlkit
Updated vendored dependencies: : - attrs:
`18.2.0
=>`19.1.0
-
certifi:
`2018.10.15
=>`2019.3.9
-
cached_property:
`1.4.3
=>`1.5.1
-
cerberus:
`1.2.0
=>`1.3.1
-
click:
`7.0.0
=>`7.1.1
-
click-completion:
`0.5.0
=>`0.5.1
-
colorama:
`0.3.9
=>`0.4.3
-
contextlib2:
`(new)
=>`0.6.0.post1
-
distlib:
`0.2.8
=>`0.2.9
-
funcsigs:
`(new)
=>`1.0.2
-
importlib_metadata
`1.3.0
=>`1.5.1
-
importlib-resources:
`(new)
=>`1.4.0
-
idna:
`2.7
=>`2.9
-
jinja2:
`2.10.0
=>`2.11.1
-
markupsafe:
`1.0
=>`1.1.1
-
more-itertools:
`(new)
=>`5.0.0
-
orderedmultidict:
`(new)
=>`1.0
-
packaging:
`18.0
=>`19.0
-
parse:
`1.9.0
=>`1.15.0
-
pathlib2:
`2.3.2
=>`2.3.3
-
pep517:
`(new)
=>`0.5.0
-
pexpect:
`4.6.0
=>`4.8.0
-
pip-shims:
`0.2.0
=>`0.5.1
-
pipdeptree:
`0.13.0
=>`0.13.2
-
pyparsing:
`2.2.2
=>`2.4.6
-
python-dotenv:
`0.9.1
=>`0.10.2
-
pythonfinder:
`1.1.10
=>`1.2.2
-
pytoml:
`(new)
=>`0.1.20
-
requests:
`2.20.1
=>`2.23.0
-
requirementslib:
`1.3.3
=>`1.5.4
-
scandir:
`1.9.0
=>`1.10.0
-
shellingham:
`1.2.7
=>`1.3.2
-
six:
`1.11.0
=>`1.14.0
-
tomlkit:
`0.5.2
=>`0.5.11
-
urllib3:
`1.24
=>`1.25.8
-
vistir:
`0.3.0
=>`0.5.0
-
yaspin:
`0.14.0
=>`0.14.3
-
zipp:
`0.6.0
-
Removed vendored dependency cursor. #4169
-
Add and update vendored dependencies to accommodate
safety
vendoring: - safety(none)
=>1.8.7
- dparse(none)
=>0.5.0
- pyyaml(none)
=>5.3.1
- urllib31.25.8
=>1.25.9
- certifi2019.11.28
=>2020.4.5.1
- pyparsing2.4.6
=>2.4.7
- resolvelib0.2.2
=>0.3.0
- importlib-metadata1.5.1
=>1.6.0
- pip-shims0.5.1
=>0.5.2
- requirementslib1.5.5
=>1.5.6
#4188 -
Updated vendored
pip
=>20.0.2
andpip-tools
=>5.0.0
. #4215 -
Updated vendored dependencies to latest versions for security and bug fixes:
- requirementslib
1.5.8
=>1.5.9
- vistir
0.5.0
=>0.5.1
- jinja2
2.11.1
=>2.11.2
- click
7.1.1
=>7.1.2
- dateutil
(none)
=>2.8.1
- backports.functools_lru_cache
1.5.0
=>1.6.1
- enum34
1.1.6
=>1.1.10
- toml
0.10.0
=>0.10.1
- importlib_resources
1.4.0
=>1.5.0
#4226
- requirementslib
-
Changed attrs import path in vendored dependencies to always import from
pipenv.vendor
. #4267
- Added documentation about variable expansion in
Pipfile
entries. #2317 - Consolidate all contributing docs in the rst file #3120
- Update the out-dated manual page. #3246
- Move CLI docs to its own page. #3346
- Replace (non-existent) video on docs index.rst with equivalent gif. #3499
- Clarify wording in Basic Usage example on using double quotes to escape shell redirection #3522
- Ensure docs show navigation on small-screen devices #3527
- Added a link to the TOML Spec under General Recommendations & Version Control to clarify how Pipfiles should be written. #3629
- Updated the documentation with the new
pytest
entrypoint. #3759 - Fix link to GIF in README.md demonstrating Pipenv's usage, and add descriptive alt text. #3911
- Added a line describing potential issues in fancy extension. #3912
- Documental description of how Pipfile works and association with Pipenv. #3913
- Clarify the proper value of
python_version
andpython_full_version
. #3914 - Write description for --deploy extension and few extensions differences. #3915
- More documentation for
.env
files #4100 - Updated documentation to point to working links. #4137
- Replace docs.pipenv.org with pipenv.pypa.io #4167
- Added functionality to check spelling in documentation and cleaned up existing typographical issues. #4209
- Environment variables are expanded correctly before running scripts on POSIX. #3178
- Pipenv will no longer disable user-mode installation when the
--system
flag is passed in. #3222 - Fixed an issue with attempting to render unicode output in non-unicode locales. #3223
- Fixed a bug which could cause failures to occur when parsing python entries from global pyenv version files. #3224
- Fixed an issue which prevented the parsing of named extras sections from certain
setup.py
files. #3230 - Correctly detect the virtualenv location inside an activated virtualenv. #3231
- Fixed a bug which caused spinner frames to be written to standard output during locking operations which could cause redirection pipes to fail. #3239
- Fixed a bug that editable packages can't be uninstalled correctly. #3240
- Corrected an issue with installation timeouts which caused dependency resolution to fail for longer duration resolution steps. #3244
- Adding normal pep 508 compatible markers is now fully functional when using VCS dependencies. #3249
- Updated
requirementslib
andpythonfinder
for multiple bug fixes. #3254 - Pipenv will now ignore hashes when installing with
--skip-lock
. #3255 - Fixed an issue where pipenv could crash when multiple pipenv processes attempted to create the same directory. #3257
- Fixed an issue which sometimes prevented successful creation of a project Pipfile. #3260
pipenv install
will now unset thePYTHONHOME
environment variable when not combined with--system
. #3261- Pipenv will ensure that warnings do not interfere with the resolution process by suppressing warnings' usage of standard output and writing to standard error instead. #3273
- Fixed an issue which prevented variables from the environment, such as
PIPENV_DEV
orPIPENV_SYSTEM
, from being parsed and implemented correctly. #3278 - Clear pythonfinder cache after Python install. #3287
- Fixed a race condition in hash resolution for dependencies for certain dependencies with missing cache entries or fresh Pipenv installs. #3289
- Pipenv will now respect top-level pins over VCS dependency locks. #3296
- Update vendored dependencies to resolve resolution output parsing and python finding:
: -
pythonfinder 1.1.9 -> 1.1.10
requirementslib 1.3.1 -> 1.3.3
vistir 0.2.3 -> 0.2.5
#3280
- Improved exceptions and error handling on failures. #1977
- Added persistent settings for all CLI flags via
PIPENV_{FLAG_NAME}
environment variables by enablingauto_envvar_prefix=PIPENV
in click (implements PEEP-0002). #2200 - Added improved messaging about available but skipped updates due to dependency conflicts when running
pipenv update --outdated
. #2411 - Added environment variable
PIPENV_PYUP_API_KEY
to add ability to override the bundled PyUP.io API key. #2825 - Added additional output to
pipenv update --outdated
to indicate that the operation succeeded and all packages were already up to date. #2828 - Updated
crayons
patch to enable colors on native powershell but swap native blue for magenta. #3020 - Added support for
--bare
topipenv clean
, and fixedpipenv sync --bare
to actually reduce output. #3041 - Added windows-compatible spinner via upgraded
vistir
dependency. #3089 -
- Added support for python installations managed by
asdf
. #3096
- Added support for python installations managed by
- Improved runtime performance of no-op commands such as
pipenv --venv
by around 2/3. #3158 - Do not show error but success for running
pipenv uninstall --all
in a fresh virtual environment. #3170 - Improved asynchronous installation and error handling via queued subprocess parallelization. #3217
- Remote non-PyPI artifacts and local wheels and artifacts will now include their own hashes rather than including hashes from
PyPI
. #2394 - Non-ascii characters will now be handled correctly when parsed by pipenv's
ToML
parsers. #2737 - Updated
pipenv uninstall
to respect the--skip-lock
argument. #2848 - Fixed a bug which caused uninstallation to sometimes fail to successfully remove packages from
Pipfiles
with comments on preceding or following lines. #2885, #3099 - Pipenv will no longer fail when encountering python versions on Windows that have been uninstalled. #2983
- Fixed unnecessary extras are added when translating markers #3026
- Fixed a virtualenv creation issue which could cause new virtualenvs to inadvertently attempt to read and write to global site packages. #3047
- Fixed an issue with virtualenv path derivation which could cause errors, particularly for users on WSL bash. #3055
- Fixed a bug which caused
Unexpected EOF
errors to be thrown whenpip
was waiting for input from users who had put login credentials in environment variables. #3088 - Fixed a bug in
requirementslib
which prevented successful installation from mercurial repositories. #3090 - Fixed random resource warnings when using pyenv or any other subprocess calls. #3094
-
- Fixed a bug which sometimes prevented cloning and parsing
mercurial
requirements. #3096
- Fixed a bug which sometimes prevented cloning and parsing
- Fixed an issue in
delegator.py
related to subprocess calls when usingPopenSpawn
to stream output, which sometimes threw unexpectedEOF
errors. #3102, #3114, #3117 - Fix the path casing issue that makes
pipenv clean
fail on Windows #3104 - Pipenv will avoid leaving build artifacts in the current working directory. #3106
- Fixed issues with broken subprocess calls leaking resource handles and causing random and sporadic failures. #3109
- Fixed an issue which caused
pipenv clean
to sometimes clean packages from the basesite-packages
folder or fail entirely. #3113 - Updated
pythonfinder
to correct an issue with unnesting of nested paths when searching for python versions. #3121 - Added additional logic for ignoring and replacing non-ascii characters when formatting console output on non-UTF-8 systems. #3131
- Fix virtual environment discovery when
PIPENV_VENV_IN_PROJECT
is set, but the in-project.venv
is a file. #3134 - Hashes for remote and local non-PyPI artifacts will now be included in
Pipfile.lock
during resolution. #3145 - Fix project path hashing logic in purpose to prevent collisions of virtual environments. #3151
- Fix package installation when the virtual environment path contains parentheses. #3158
- Azure Pipelines YAML files are updated to use the latest syntax and product name. #3164
- Fixed new spinner success message to write only one success message during resolution. #3183
- Pipenv will now correctly respect the
--pre
option when used withpipenv install
. #3185 - Fix a bug where exception is raised when run pipenv graph in a project without created virtualenv #3201
- When sources are missing names, names will now be derived from the supplied URL. #3216
- Updated
pythonfinder
to correct an issue with unnesting of nested paths when searching for python versions. #3061, #3121 - Updated vendored dependencies:
: -
certifi 2018.08.24 => 2018.10.15
urllib3 1.23 => 1.24
requests 2.19.1 => 2.20.0
shellingham ``1.2.6 => 1.2.7
tomlkit 0.4.4. => 0.4.6
vistir 0.1.6 => 0.1.8
pythonfinder 0.1.2 => 0.1.3
requirementslib 1.1.9 => 1.1.10
backports.functools_lru_cache 1.5.0 (new)
cursor 1.2.0 (new)
#3089
- Updated vendored dependencies:
: -
requests 2.19.1 => 2.20.1
tomlkit 0.4.46 => 0.5.2
vistir 0.1.6 => 0.2.4
pythonfinder 1.1.2 => 1.1.8
requirementslib 1.1.10 => 1.3.0
#3096
- Switch to
tomlkit
for parsing and writing. Dropprettytoml
andcontoml
from vendors. #3191 - Updated
requirementslib
to aid in resolution of local and remote archives. #3196
- Expanded development and testing documentation for contributors to get started. #3074
- Fixed a bug in
pipenv clean
which caused global packages to sometimes be inadvertently targeted for cleanup. #2849 - Fix broken backport imports for vendored vistir. #2950, #2955, #2961
- Fixed a bug with importing local vendored dependencies when running
pipenv graph
. #2952 - Fixed a bug which caused executable discovery to fail when running inside a virtualenv. #2957
- Fix parsing of outline tables. #2971
- Fixed a bug which caused
verify_ssl
to fail to drop through topip install
correctly astrusted-host
. #2979 - Fixed a bug which caused canonicalized package names to fail to resolve against PyPI. #2989
- Enhanced CI detection to detect Azure Devops builds. #2993
- Fixed a bug which prevented installing pinned versions which used redirection symbols from the command line. #2998
- Fixed a bug which prevented installing the local directory in non-editable mode. #3005
- Updated
requirementslib
to version1.1.9
. #2989 - Upgraded
pythonfinder => 1.1.1
andvistir => 0.1.7
. #3007
-
Added environment variables
PIPENV_VERBOSE
andPIPENV_QUIET
to control output verbosity without needing to pass options. #2527 -
Updated test-PyPI add-on to better support json-API access (forward compatibility). Improved testing process for new contributors. #2568
-
Greatly enhanced python discovery functionality:
- Added pep514 (windows launcher/finder) support for python discovery.
- Introduced architecture discovery for python installations which support different architectures. #2582
-
Added support for
pipenv shell
on msys and cygwin/mingw/git bash for Windows. #2641 -
Enhanced resolution of editable and VCS dependencies. #2643
-
Deduplicate and refactor CLI to use stateful arguments and object passing. See this issue for reference. #2814
- Virtual environment activation for
run
is revised to improve interpolation with other Python discovery tools. #2503 - Improve terminal coloring to display better in Powershell. #2511
- Invoke
virtualenv
directly for virtual environment creation, instead of depending onpew
. #2518 pipenv --help
will now include short help descriptions. #2542- Add
COMSPEC
to fallback option (along withSHELL
andPYENV_SHELL
) if shell detection fails, improving robustness on Windows. #2651 - Fallback to shell mode if
run
fails with Windows error 193 to handle non-executable commands. This should improve usability on Windows, where some users run non-executable files without specifying a command, relying on Windows file association to choose the current command. #2718
- Fixed a bug which prevented installation of editable requirements using
ssh://
style URLs #1393 - VCS Refs for locked local editable dependencies will now update appropriately to the latest hash when running
pipenv update
. #1690 .tar.gz
and.zip
artifacts will now have dependencies installed even when they are missing from the Lockfile. #2173- The command line parser will now handle multiple
-e/--editable
dependencies properly via click's option parser to help mitigate future parsing issues. #2279 - Fixed the ability of pipenv to parse
dependency_links
fromsetup.py
whenPIP_PROCESS_DEPENDENCY_LINKS
is enabled. #2434 - Fixed a bug which could cause
-i/--index
arguments to sometimes be incorrectly picked up in packages. This is now handled in the command line parser. #2494 - Fixed non-deterministic resolution issues related to changes to the internal package finder in
pip 10
. #2499, #2529, #2589, #2666, #2767, #2785, #2795, #2801, #2824, #2862, #2879, #2894, #2933 - Fix subshell invocation on Windows for Python 2. #2515
- Fixed a bug which sometimes caused pipenv to throw a
TypeError
or to run into encoding issues when writing a Lockfile on python 2. #2561 - Improve quoting logic for
pipenv run
so it works better with Windows built-in commands. #2563 - Fixed a bug related to parsing VCS requirements with both extras and subdirectory fragments.
Corrected an issue in the
requirementslib
parser which led to some markers being discarded rather than evaluated. #2564 - Fixed multiple issues with finding the correct system python locations. #2582
- Catch JSON decoding error to prevent exception when the lock file is of invalid format. #2607
- Fixed a rare bug which could sometimes cause errors when installing packages with custom sources. #2610
- Update requirementslib to fix a bug which could raise an
UnboundLocalError
when parsing malformed VCS URIs. #2617 - Fixed an issue which prevented passing multiple
--ignore
parameters topipenv check
. #2632 - Fixed a bug which caused attempted hashing of
ssh://
style URIs which could cause failures during installation of private ssh repositories. - Corrected path conversion issues which caused certain editable VCS paths to be converted tossh://
URIs improperly. #2639 - Fixed a bug which caused paths to be formatted incorrectly when using
pipenv shell
in bash for windows. #2641 - Dependency links to private repositories defined via
ssh://
schemes will now install correctly and skip hashing as long asPIP_PROCESS_DEPENDENCY_LINKS=1
. #2643 - Fixed a bug which sometimes caused pipenv to parse the
trusted_host
argument to pip incorrectly when parsing source URLs which specifyverify_ssl = false
. #2656 - Prevent crashing when a virtual environment in
WORKON_HOME
is faulty. #2676 - Fixed virtualenv creation failure when a .venv file is present in the project root. #2680
- Fixed a bug which could cause the
-e/--editable
argument on a dependency to be accidentally parsed as a dependency itself. #2714 - Correctly pass
verbose
anddebug
flags to the resolver subprocess so it generates appropriate output. This also resolves a bug introduced by the fix to #2527. #2732 - All markers are now included in
pipenv lock --requirements
output. #2748 - Fixed a bug in marker resolution which could cause duplicate and non-deterministic markers. #2760
- Fixed a bug in the dependency resolver which caused regular issues when handling
setup.py
based dependency resolution. #2766 - Updated vendored dependencies:
: -
pip-tools
(updated and patched to latest w/pip 18.0
compatibility)pip 10.0.1 => 18.0
click 6.7 => 7.0
toml 0.9.4 => 0.10.0
pyparsing 2.2.0 => 2.2.2
delegator 0.1.0 => 0.1.1
attrs 18.1.0 => 18.2.0
distlib 0.2.7 => 0.2.8
packaging 17.1.0 => 18.0
passa 0.2.0 => 0.3.1
pip_shims 0.1.2 => 0.3.1
plette 0.1.1 => 0.2.2
pythonfinder 1.0.2 => 1.1.0
pytoml 0.1.18 => 0.1.19
requirementslib 1.1.16 => 1.1.17
shellingham 1.2.4 => 1.2.6
tomlkit 0.4.2 => 0.4.4
vistir 0.1.4 => 0.1.6
#2802, #2867, #2880
- Fixed a bug where
pipenv
crashes when theWORKON_HOME
directory does not exist. #2877 - Fixed pip is not loaded from pipenv's patched one but the system one #2912
- Fixed various bugs related to
pip 18.1
release which prevented locking, installation, and syncing, and dumping to arequirements.txt
file. #2924
- Pew is no longer vendored. Entry point
pewtwo
, packagespipenv.pew
andpipenv.patched.pew
are removed. #2521 - Update
pythonfinder
to major release1.0.0
for integration. #2582 - Update requirementslib to fix a bug which could raise an
UnboundLocalError
when parsing malformed VCS URIs. #2617 -
- Vendored new libraries
vistir
andpip-shims
,tomlkit
,modutil
, andplette
. - Update vendored libraries:
-
scandir
to1.9.0
-click-completion
to0.4.1
-semver
to2.8.1
-shellingham
to1.2.4
-pytoml
to0.1.18
-certifi
to2018.8.24
-ptyprocess
to0.6.0
-requirementslib
to1.1.5
-pythonfinder
to1.0.2
-pipdeptree
to0.13.0
-python-dotenv
to0.9.1
#2639
- Vendored new libraries
- Updated vendored dependencies:
: -
pip-tools
(updated and patched to latest w/pip 18.0
compatibility)pip 10.0.1 => 18.0
click 6.7 => 7.0
toml 0.9.4 => 0.10.0
pyparsing 2.2.0 => 2.2.2
delegator 0.1.0 => 0.1.1
attrs 18.1.0 => 18.2.0
distlib 0.2.7 => 0.2.8
packaging 17.1.0 => 18.0
passa 0.2.0 => 0.3.1
pip_shims 0.1.2 => 0.3.1
plette 0.1.1 => 0.2.2
pythonfinder 1.0.2 => 1.1.0
pytoml 0.1.18 => 0.1.19
requirementslib 1.1.16 => 1.1.17
shellingham 1.2.4 => 1.2.6
tomlkit 0.4.2 => 0.4.4
vistir 0.1.4 => 0.1.6
#2902, #2935
- Simplified the test configuration process. #2568
- Updated documentation to use working fortune cookie add-on. #2644
- Added additional information about troubleshooting
pipenv shell
by using the the$PIPENV_SHELL
environment variable. #2671 - Added a link to
PEP-440
version specifiers in the documentation for additional detail. #2674 - Added simple example to README.md for installing from git. #2685
- Stopped recommending
--system
for Docker contexts. #2762 - Fixed the example url for doing "pipenv install -e some-repository-url#egg=something", it was missing the "egg=" in the fragment identifier. #2792
- Fixed link to the "be cordial" essay in the contribution documentation. #2793
- Clarify
pipenv install
documentation #2844 - Replace reference to uservoice with PEEP-000 #2909
- All calls to
pipenv shell
are now implemented from the ground up using shellingham, a custom library which was purpose built to handle edge cases and shell detection. #2371 - Added support for python 3.7 via a few small compatibility / bug fixes. #2427, #2434, #2436
- Added new flag
pipenv --support
to replace the diagnostic commandpython -m pipenv.help
. #2477, #2478 - Improved import times and CLI run times with minor tweaks. #2485
- Fixed an ongoing bug which sometimes resolved incompatible versions into the project Lockfile. #1901
- Fixed a bug which caused errors when creating virtualenvs which contained leading dash characters. #2415
- Fixed a logic error which caused
--deploy --system
to overwrite editable vcs packages in the Pipfile before installing, which caused any installation to fail by default. #2417 - Updated requirementslib to fix an issue with properly quoting markers in VCS requirements. #2419
- Installed new vendored jinja2 templates for
click-completion
which were causing template errors for users with completion enabled. #2422 - Added support for python 3.7 via a few small compatibility / bug fixes. #2427
- Fixed an issue reading package names from
setup.py
files in projects which imported utilities such asversioneer
. #2433 - Pipenv will now ensure that its internal package names registry files are written with unicode strings. #2450
- Fixed a bug causing requirements input as relative paths to be output as absolute paths or URIs.
Fixed a bug affecting normalization of
git+git@host
URLs. #2453 - Pipenv will now always use
pathlib2
forPath
based filesystem interactions by default onpython<3.5
. #2454 - Fixed a bug which prevented passing proxy PyPI indexes set with
--pypi-mirror
from being passed to pip during virtualenv creation, which could cause the creation to freeze in some cases. #2462 - Using the
python -m pipenv.help
command will now use proper encoding for the host filesystem to avoid encoding issues. #2466 - The new
jinja2
templates forclick_completion
will now be included in pipenv source distributions. #2479 - Resolved a long-standing issue with re-using previously generated
InstallRequirement
objects for resolution which could causePKG-INFO
file information to be deleted, raising aTypeError
. #2480 - Resolved an issue parsing usernames from private PyPI URIs in
Pipfiles
by updatingrequirementslib
. #2484
- All calls to
pipenv shell
are now implemented from the ground up using shellingham, a custom library which was purpose built to handle edge cases and shell detection. #2371 - Updated requirementslib to fix an issue with properly quoting markers in VCS requirements. #2419
- Installed new vendored jinja2 templates for
click-completion
which were causing template errors for users with completion enabled. #2422 - Add patch to
prettytoml
to support Python 3.7. #2426 - Patched
prettytoml.AbstractTable._enumerate_items
to handleStopIteration
errors in preparation of release of python 3.7. #2427 - Fixed an issue reading package names from
setup.py
files in projects which imported utilities such asversioneer
. #2433 - Updated
requirementslib
to version1.0.9
#2453 - Unraveled a lot of old, unnecessary patches to
pip-tools
which were causing non-deterministic resolution errors. #2480 - Resolved an issue parsing usernames from private PyPI URIs in
Pipfiles
by updatingrequirementslib
. #2484
- Added instructions for installing using Fedora's official repositories. #2404
- Pipenv-created virtualenvs will now be associated with a
.project
folder (features can be implemented on top of this later or users may choose to usepipenv-pipes
to take full advantage of this.) #1861 - Virtualenv names will now appear in prompts for most Windows users. #2167
- Added support for cmder shell paths with spaces. #2168
- Added nested JSON output to the
pipenv graph
command. #2199 - Dropped vendored pip 9 and vendored, patched, and migrated to pip 10. Updated patched piptools version. #2255
- PyPI mirror URLs can now be set to override instances of PyPI URLs by passing
the
--pypi-mirror
argument from the command line or setting thePIPENV_PYPI_MIRROR
environment variable. #2281 - Virtualenv activation lines will now avoid being written to some shell history files. #2287
- Pipenv will now only search for
requirements.txt
files when creating new projects, and during that time only if the user doesn't specify packages to pass in. #2309 - Added support for mounted drives via UNC paths. #2331
- Added support for Windows Subsystem for Linux bash shell detection. #2363
- Pipenv will now generate hashes much more quickly by resolving them in a single pass during locking. #2384
pipenv run
will now avoid spawning additionalCOMSPEC
instances to run commands in when possible. #2385- Massive internal improvements to requirements parsing codebase, resolver, and error messaging. #2388
pipenv check
now may take multiple of the additional argument--ignore
which takes a parametercve_id
for the purpose of ignoring specific CVEs. #2408
- Pipenv will now parse & capitalize
platform_python_implementation
markers .. warning:: This could cause an issue if you have an out of datePipfile
which lower-cases the comparison value (e.g.cpython
instead ofCPython
). #2123 - Pipenv will now only search for
requirements.txt
files when creating new projects, and during that time only if the user doesn't specify packages to pass in. #2309
- Massive internal improvements to requirements parsing codebase, resolver, and error messaging. #1962, #2186, #2263, #2312
- Pipenv will now parse & capitalize
platform_python_implementation
markers. #2123 - Fixed a bug with parsing and grouping old-style
setup.py
extras during resolution #2142 - Fixed a bug causing pipenv graph to throw unhelpful exceptions when running against empty or non-existent environments. #2161
- Fixed a bug which caused
--system
to incorrectly abort when users were in a virtualenv. #2181 - Removed vendored
cacert.pem
which could cause issues for some users with custom certificate settings. #2193 - Fixed a regression which led to direct invocations of
virtualenv
, rather than calling it by module. #2198 - Locking will now pin the correct VCS ref during
pipenv update
runs. Runningpipenv update
with a new vcs ref specified in thePipfile
will now properly obtain, resolve, and install the specified dependency at the specified ref. #2209 pipenv clean
will now correctly ignore comments frompip freeze
when cleaning the environment. #2262- Resolution bugs causing packages for incompatible python versions to be locked have been fixed. #2267
- Fixed a bug causing pipenv graph to fail to display sometimes. #2268
- Updated
requirementslib
to fix a bug in Pipfile parsing affecting relative path conversions. #2269 - Windows executable discovery now leverages
os.pathext
. #2298 - Fixed a bug which caused
--deploy --system
to inadvertently create a virtualenv before failing. #2301 - Fixed an issue which led to a failure to unquote special characters in file and wheel paths. #2302
- VCS dependencies are now manually obtained only if they do not match the requested ref. #2304
- Added error handling functionality to properly cope with single-digit
Requires-Python
metadata with no specifiers. #2377 pipenv update
will now always run the resolver and lock before ensuring dependencies are in sync with project Lockfile. #2379- Resolved a bug in our patched resolvers which could cause nondeterministic
resolution failures in certain conditions. Running
pipenv install
with no arguments in a project with only aPipfile
will now correctly lock first for dependency resolution before installing. #2384 - Patched
python-dotenv
to ensure that environment variables always get encoded to the filesystem encoding. #2386
- Update documentation wording to clarify Pipenv's overall role in the packaging ecosystem. #2194
- Added contribution documentation and guidelines. #2205
- Added instructions for supervisord compatibility. #2215
- Fixed broken links to development philosophy and contribution documentation. #2248
-
Removed vendored
cacert.pem
which could cause issues for some users with custom certificate settings. #2193 -
Dropped vendored pip 9 and vendored, patched, and migrated to pip 10. Updated patched piptools version. #2255
-
Updated
requirementslib
to fix a bug in Pipfile parsing affecting relative path conversions. #2269 -
Added custom shell detection library
shellingham
, a port of our changes topew
. #2363 -
Patched
python-dotenv
to ensure that environment variables always get encoded to the filesystem encoding. #2386 -
Updated vendored libraries. The following vendored libraries were updated:
- distlib from version
0.2.6
to0.2.7
. - jinja2 from version
2.9.5
to2.10
. - pathlib2 from version
2.1.0
to2.3.2
. - parse from version
2.8.0
to2.8.4
. - pexpect from version
2.5.2
to2.6.0
. - requests from version
2.18.4
to2.19.1
. - idna from version
2.6
to2.7
. - certifi from version
2018.1.16
to2018.4.16
. - packaging from version
16.8
to17.1
. - six from version
1.10.0
to1.11.0
. - requirementslib from version
0.2.0
to1.0.1
.
In addition, scandir was vendored and patched to avoid importing host system binaries when falling back to pathlib2. #2368
- distlib from version