Update dependency pipenv to v2025 (master) #33

renovate · 2025-05-01T15:22:42Z

This PR contains the following updates:

Package	Change	Age	Confidence
pipenv	`==2022.1.8` -> `==2025.0.4`

Release Notes

pypa/pipenv (pipenv)

`v2025.0.4`

Compare Source

=====================

`v2025.0.3`

Compare Source

============================

Vendored Libraries

`v2025.0.2`

Compare Source

==============================

Bug Fixes

Cleanup unused dependencies when upgrading packages. #6386 <https://github.com/pypa/pipenv/issues/6386>_
Fix for UnboundLocalError in ensure_python when SESSION_IS_INTERACTIVE=False, using pyenv, and python version in Pipfile not available. #6389 <https://github.com/pypa/pipenv/issues/6389>_

`v2025.0.1`

Compare Source

==============================

Bug Fixes

Cleanup unused dependencies when upgrading packages. #6386 <https://github.com/pypa/pipenv/issues/6386>_
Fix for UnboundLocalError in ensure_python when SESSION_IS_INTERACTIVE=False, using pyenv, and python version in Pipfile not available. #6389 <https://github.com/pypa/pipenv/issues/6389>_

`v2025.0.0`

Compare Source

============================

Bug Fixes

Fix for broken import requirements in 2025.0.0 #6385 <https://github.com/pypa/pipenv/issues/6385>_

`v2024.4.1`

Compare Source

Version v2024.4.1

Bug Fixes

Running "pipenv shell" on MacOS in Powershell (pwsh) references incorrect Activate.ps1 _
Fix repr(Shell) _
Fix incorrect path for 'pipenv shell' _
Fix license declaration for PyPI _

Vendored Libraries

Remove click.echo from exceptions.py _

Contributors

@aidencullo
@oz123
@samer-shah
@shdarrina
@shaneikennedy
@socram8888

`v2024.4.0`

Compare Source

=====================

`v2024.3.1`

Compare Source

What's Changed

try rebuilding the docs by @matteius in https://github.com/pypa/pipenv/pull/6291
Fix the --system without --deploy flag bug by @matteius in https://github.com/pypa/pipenv/pull/6297
refinements to update -- determine which packages may need upgrading by @matteius in https://github.com/pypa/pipenv/pull/6300
Prevent breakage from vcs URL in lockfile from having package name @ by @matteius in https://github.com/pypa/pipenv/pull/6302
Prevent breakage from vcs URL in lockfile from having package name @ Part II by @matteius in https://github.com/pypa/pipenv/pull/6303

Full Changelog: pypa/pipenv@v2024.3.0...v2024.3.1

`v2024.3.0`

Compare Source

=====================

Bug Fixes

Fix dependency resolution edge cases and versioning constraints handling:
- Allow JSON format options for --reverse dependency graph output matching pipdeptree
- Improve installation and upgrade routines to better handle dependencies
- Add ability to specify json output as pipdeptree does
- Add more consistent handling of VCS dependencies and references
- Fix synchronization of development and default dependencies during updates
- Ensure proper propagation of version constraints during updates
- Fix handling of ~= and other version specifiers during updates
Key Changes:
- Improved reverse dependency analysis to catch conflicts earlier in resolution
- Better handling of VCS package lock data, preserving refs and subdirectories
- Fixed issue where VCS references could be lost in lock file when installed via commit hash
- Better handling of pipfile categories during installation and updates
- Corrected logic for development dependency resolution and constraint propagation
- Improved validation and preservation of version specifiers during updates
This improves stability when working with complex dependency trees and version constraints. #6281 <https://github.com/pypa/pipenv/issues/6281>_
Fixes issue with --skip-lock not providing pip the proper package specifier when version was a string (issue did not impact dict with version key). #6288 <https://github.com/pypa/pipenv/issues/6288>_

`v2024.2.0`

Compare Source

=====================

Bug Fixes

Features & Bug Fixes
- Refactored and simplified install routines, improving maintainability and reliability (#6276)
  - Split install logic into smaller, focused functions.
  - Eliminated Pipfile caching for now to prevent bugs and reduce complexity.
  - Fixed edge cases with package category selection.
  - Improved handling of VCS dependencies during updates, fixing when ref is a revision and not a branch.
- Enhanced VCS URL handling with better environment variable support (#6276)
  - More reliable expansion of environment variables in Git URLs.
  - Better handling of authentication components in VCS URLs.
  - Improved error messaging for missing environment variables.
  - Fixed issue where Git reference could be dropped during relock. #6276 <https://github.com/pypa/pipenv/issues/6276>_

Vendored Libraries

Update pipdeptree to version 2.23.4 #6275 <https://github.com/pypa/pipenv/issues/6275>_

`v2024.1.0`

Compare Source

=====================

Features & Improvements

Upgrade from pip==24.0 to pip==24.1.2. #6253 <https://github.com/pypa/pipenv/issues/6253>_

Bug Fixes

Fixes regression in lock file generation that caused environment variable references (e.g., ${GIT_PASSWORD}) in VCS URLs to be stripped out. This restores the ability to use credential placeholders in version control system URLs. #6256 <https://github.com/pypa/pipenv/issues/6256>_

`v2024.0.3`

Compare Source

=====================

Bug Fixes

Disable ResourceWarning warning for temporary files that are cleaned on program exit. #6151 <https://github.com/pypa/pipenv/issues/6151>_
Fixed package sorting when installing a package with extras. #6171 <https://github.com/pypa/pipenv/issues/6171>_
Fixed pipenv uninstall --all failing when the virtual environment no longer exists. #6185 <https://github.com/pypa/pipenv/issues/6185>_
Fix issue where installing a vcs dependency using pipenv CLI yielded the wrong Pipfile entry such that it could not lock. #6242 <https://github.com/pypa/pipenv/issues/6242>_
Fix report that pipenv requires packaging>=22 on some systems by setting it as a dependency. #6243 <https://github.com/pypa/pipenv/issues/6243>_

`v2024.0.2`

Compare Source

=====================

Features & Improvements

Initial support for python3.13 #6240 <https://github.com/pypa/pipenv/issues/6240>_

Bug Fixes

Fix bump version in CI/CD pipeline #6177 <https://github.com/pypa/pipenv/issues/6177>_
Swap old_version and new_version in pipenv update --outdated output. #6179 <https://github.com/pypa/pipenv/issues/6179>_
Update shell detection to only check the end of the command used. #6197 <https://github.com/pypa/pipenv/issues/6197>_
Fix loading dot env twice #6198 #6202 <https://github.com/pypa/pipenv/issues/6202>_
Solve issue with quiet lock not writing the lock file #6207. #6207 <https://github.com/pypa/pipenv/issues/6207>_
Fix regression introduced with the "smarter uninstall" PR. Uninstall --all should not clear the Pipfile entries. #6209 <https://github.com/pypa/pipenv/issues/6209>_
Fixed regression where all local file installations were incorrectly treated as editable. Ensure that local file installations are explicitly marked as editable in both Pipfile and Pipfile.lock entries if editable installation is desired. #6222 <https://github.com/pypa/pipenv/issues/6222>_
Corrected behavior of pipenv install --skip-lock after behavioral install refactor introduced regression. No Pipfile.lock is generated with this fix and installation of vcs no longer fails with revision missing error. #6225 <https://github.com/pypa/pipenv/issues/6225>_
Fix for Windows on ARM missing distlib binaries in pyproject.toml #6240 <https://github.com/pypa/pipenv/issues/6240>_

Vendored Libraries

Clean up usage of click styling from exceptions, shell and virtualenv #6178 <https://github.com/pypa/pipenv/issues/6178>_
Remove click.echo from pipenv/cli #6182 <https://github.com/pypa/pipenv/issues/6182>_
Remove click.echo from exceptions.py #6216 <https://github.com/pypa/pipenv/issues/6216>_
Update importlib-metadata to 8.4.0 #6235 <https://github.com/pypa/pipenv/issues/6235>_

`v2024.0.1`

Compare Source

=====================

No significant changes.

`v2024.0.0`

Compare Source

=====================

Features & Improvements

Supply any --extra-pip-args also in the resolver steps. #6006 <https://github.com/pypa/pipenv/issues/6006>_
The uninstall command now does the inverse of upgrade which means it no longer invokes a full lock cycle which was problematic for projects with many dependencies. #6029 <https://github.com/pypa/pipenv/issues/6029>_
The pipenv requirements subcommand now supports the --from-pipfile flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages. #6156 <https://github.com/pypa/pipenv/issues/6156>_

Behavior Changes

pipenv==2024.0.0 denotes the first major release of our semver strategy.
As much requested, the install no longer does a complete lock operation. Instead install follows the same code path as pipenv update (which is upgrade + sync).
This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable.
Remember that complete lock resolution can be invoked with pipenv lock just as before. #6098 <https://github.com/pypa/pipenv/issues/6098>_

Bug Fixes

Fix a bug that passes pipenv check command if Pipfile.lock not exist #6126 <https://github.com/pypa/pipenv/issues/6126>_
Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one #6136 <https://github.com/pypa/pipenv/issues/6136>_
pipenv converts off pkg_resources API usages. This necessitated also vendoring in:
- latest pipdeptree==2.18.1 which also converted off pkg_resources
- importlib-metadata==7.1.0 to continue supporting python 3.8 and 3.9
- packaging==24.0 since the packaging we were utilizing in pip's vendor was insufficient for this conversion. #6139 <https://github.com/pypa/pipenv/issues/6139>
Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, <3.12 in the [requires] field, the code has been modified to explicitly express in an error log that absolute versioning must be used. #6164 <https://github.com/pypa/pipenv/issues/6164>_

Vendored Libraries

Vendor in pip==24.0 #6117 <https://github.com/pypa/pipenv/issues/6117>_
Spring 2024 Vendoring includes:
- click-didyoumean==0.3.1
- expect==4.9.0
- pipdeptree==2.16.2
- python-dotenv==1.0.1
- ruamel.yaml==0.18.6
- shellingham==1.5.4
- tomlkit==0.12.4 #6118 <https://github.com/pypa/pipenv/issues/6118>_

`v2023.12.1`

Compare Source

======================

Bug Fixes

`v2023.12.0`

Compare Source

=============================

Bug Fixes

`v2023.11.17`

Compare Source

==============================

Bug Fixes

Add markers to Pipfile when parsing requirements.txt #6008 <https://github.com/pypa/pipenv/issues/6008>_
Fix KeyError when using a source without a name in Pipfile #6021 <https://github.com/pypa/pipenv/issues/6021>_
Fix a bug with locking projects that contains packages with non canonical names from private indexes #6056 <https://github.com/pypa/pipenv/issues/6056>_

Vendored Libraries

`v2023.11.15`

Compare Source

==============================

Bug Fixes

Fix regression with path installs on most recent release 2023.11.14 #6017 <https://github.com/pypa/pipenv/issues/6017>_

`v2023.11.14`

Compare Source

==============================

Bug Fixes

Fix regression with path installs on most recent release 2023.11.14 #6017 <https://github.com/pypa/pipenv/issues/6017>_

`v2023.10.24`

Compare Source

=======================

Features & Improvements

Officially support python 3.12 #5987 <https://github.com/pypa/pipenv/issues/5987>_

Bug Fixes

Additional safety check in fold_markers logic that affected some lock resolutions in prior release. #5988 <https://github.com/pypa/pipenv/issues/5988>

Vendored Libraries

Update vendored versions of:
- click==8.1.7
- markupsafe==2.1.3
- pydantic==1.10.13
- pythonfinder==2.0.6
- ruamel.yaml==0.17.39
- shellingham==1.5.3
- tomlkit==0.12.1 #5986 <https://github.com/pypa/pipenv/issues/5986>_
Update vendored pip to 23.3.1 #5991 <https://github.com/pypa/pipenv/issues/5991>_

`v2023.10.20`

Compare Source

=======================

Features & Improvements

Add quiet option to pipenv shell, hiding "Launching subshell in virtual environment..." #5966 <https://github.com/pypa/pipenv/issues/5966>_
Vendor in pip==23.3 which includes updates to certifi, urllib3, and adds truststore among other improvements. #5979 <https://github.com/pypa/pipenv/issues/5979>_

Behavior Changes

Change --py to use print preventing insertion of newline characters #5969 <https://github.com/pypa/pipenv/issues/5969>_

Vendored Libraries

Drop pep517 - as it is no longer used. #5970 <https://github.com/pypa/pipenv/issues/5970>_

Removals and Deprecations

Drop support for Python 3.7 #5879 <https://github.com/pypa/pipenv/issues/5879>_

`v2023.10.3`

Compare Source

======================

Bug Fixes

Eveb better handling of vcs branch references that contain special characters. #5934 <https://github.com/pypa/pipenv/issues/5934>_
Bump certifi from 2023.5.7 to 2023.7.22 in /examples to address a security vulnerability #5941 <https://github.com/pypa/pipenv/issues/5941>_

`v2023.9.8`

Compare Source

=====================

Bug Fixes

ignore_compatibility was supposed to default to False (except for hash collection) #5926 <https://github.com/pypa/pipenv/issues/5926>_

`v2023.9.7`

Compare Source

=====================

Features & Improvements

Updates build to use exclusively pyproject.toml

Modernizes the build process by consolidating all of setuptools metadata within pyproject.toml and removing deprecated setup.cfg and setup.py. #5837 <https://github.com/pypa/pipenv/issues/5837>_

Bug Fixes

Restore the ignore compatibility finder pip patch to resolve issues collecting hashes from google artifact registry (and possibly others). #5887 <https://github.com/pypa/pipenv/issues/5887>_
Handle case better where setup.py name is referencing a variable that is a string while encouraging folks to migrate their projects to pyproject.toml #5905 <https://github.com/pypa/pipenv/issues/5905>_
Better handling of local file install edge cases; handle local file extras. #5919 <https://github.com/pypa/pipenv/issues/5919>_
Include the Pipfile markers in the install phase when using --skip-lock. #5920 <https://github.com/pypa/pipenv/issues/5920>_
Fallback to default vcs ref when no ref is supplied.
More proactively determine package name from the pip line where possible, fallback to the existing file scanning logics when unable to determine name. #5921 <https://github.com/pypa/pipenv/issues/5921>_

`v2023.9.1`

Compare Source

Features & Improvements

Top level Pipfile sys_platform markers should be transitive; adds top level platform_machine entries that are also transitive. Marker entries continue to operate the same as before. #5892

Bug Fixes

Apply patch for install_search_all_sources = True functionality. #5895
Relative paths improvements for editable installs. #5896
Set log level in resolver to WARN when verbose is not passed. #5897
Handle more variations in private index html to improve hash collection. #5898

`v2023.8.28`

Compare Source

Bug Fixes

Revert change that caused the credentials in source url issue. #5878
Do not treat named requirements as file installs just becacuse a match path exists; better handling of editable keyword for local file installs.
Handle additional edge cases in the setup.py ast parser logic for trying to determine local install package name. #5885

`v2023.8.26`

Compare Source

Bug Fixes

Additional property caching to avoid duplication of sources in the resolver. #5863
Fix recent regressions with local/editable file installs. #5870
Fixes the vcs subdirectory fragments regression; fixes sys_platform markers regression. #5871
Fix regression that caused printing non-printable ascii characters when help was called. #5872

`v2023.8.25`

Compare Source

Bug Fixes

Fix regression of hash collection when downloading package from private indexes when the hash is not found in the index href url fragment. #5866

`v2023.8.23`

Compare Source

Bug Fixes

More gracefully handle @ symbols in vcs URLs to address recent regression with vcs URLs. #5849

`v2023.8.22`

Compare Source

Bug Fixes

Fix regression with ssh:// vcs URLs introduced in 2023.8.21 whereby ssh vcs URLs are expected to have at least one @ symbol. #5846

`v2023.8.21`

Compare Source

Bug Fixes

Fix regression with ssh:// vcs URLs introduced in 2023.8.21 whereby ssh vcs URLs are expected to have at least one @ symbol. #5846

`v2023.8.20`

Compare Source

Bug Fixes

Fix the expected output of the version command. #5838

`v2023.8.19`

Compare Source

Bug Fixes

Add back some relevant caching to increase performance after the major refactor released with 2023.8.19 #5841
Fix some edge cases around vcs dependencies without a ref, and older Pipfile/lockfile formats. #5843

Vendored Libraries

Remove unused command line interface for vendored packages. #5840

`v2023.7.23`

Compare Source

Features & Improvements

Upgrades pip==23.2 which includes everything from the pip changelog. Drops the "install_compatatability_finder" pip internals patch. #5808

Bug Fixes

Fix issue parsing some Pipfiles with separate packages.<pkg> sections (tomlkit OutOfOrderTableProxy) #5794
Fix all ruff linter warnings #5807
Restore running Resolver in sub-process using the project python by default; maintains ability to run directly by setting PIPENV_RESOLVER_PARENT_PYTHON environment variable to 1 (useful for internal debugging). #5809
Fix error when a Windows path begins with a '' with pythonfinder==2.0.5. #5812

Vendored Libraries

Remove usage of click.secho in some modules. #5804

2023.7.11 (2023-07-11)

Bug Fixes

Invoke the resolver in the same process as pipenv rather than utilizing subprocess. #5787
Fix regression markers being included as None/null in requirements command. #5788

`v2023.7.11`

Compare Source

What's Changed

Fix markers being included as None/null by @matteius in https://github.com/pypa/pipenv/pull/5788
Invoke the resolver in the same process as pipenv rather than utilzing subprocess. by @matteius in https://github.com/pypa/pipenv/pull/5787

Full Changelog: pypa/pipenv@v2023.7.9...v2023.7.11

`v2023.7.9`

Compare Source

Bug Fixes

Drop the --keep-outdated flag and --selective-upgrade flags that have been deprecated in favor of update/upgrade commands. #5730
Fix regressions in the requirements command related to standard index extras and handling of local file requirements. #5784

`v2023.7.4`

Compare Source

Bug Fixes

Fixes regression on Pipfile requirements syntax. Ensure default operator is provided to requirement lib to avoid crash. #5765
Ensure hashes included in a generated requirements file are after any markers. #5777

`v2023.7.3`

Compare Source

Bug Fixes

Fix regression with --system flag usage. #5773

`v2023.7.1`

Compare Source

Bug Fixes

Patch _get_requests_session method to consider PIP_CLIENT_CERT value when present. #5746
Fix regression in requirements command that was causing package installs after upgrade to requirementslib==3.0.0. #5755
Fix error: invalid command 'egg_info' edge case with requirementslib 3.0.0. It exposed pipenv resolver sometimes was using a different python than expected. #5760
Fix issue in requirementslib 3.0.0 where dependencies defined in pyproject.toml were not being included in the lock file. #5766

Removals and Deprecations

Bump dparse to 0.6.3 #5750

`v2023.6.26`

Compare Source

Improved Documentation

Add missing environment variable descriptions back to documentation #missing_env_var_desc

`v2023.6.18`

Compare Source

Bug Fixes

Fixes resolver to only consider the default index for packages when a secondary index is not specified. This brings the code into alignment with stated assumptions about index restricted packages behavior of pipenv. #5737

Removals and Deprecations

Deprecation of --skip-lock flag as it bypasses the security benefits of pipenv. Plus it lacks proper deterministic support of installation from multiple package indexes. #5737

`v2023.6.12`

Compare Source

Bug Fixes

Remove the sys.path modifications and as a result fixes keyring support. #5719

`v2023.6.11`

Compare Source

Vendored Libraries

Upgrades to pipdeptree==2.8.0 which fixes edge cases of the pipenv graph command. #5720

`v2023.6.2`

Compare Source

Improved Documentation

Add missing environment variable descriptions back to documentation #missing_env_var_desc

`v2023.5.19`

Compare Source

Bug Fixes

Consider --index argument in update and upgrade commands. #5692

Vendored Libraries

Upgrade pythonfinder==2.0.0 which also brings in pydantic==1.10.7. #5677

`v2023.4.29`

Compare Source

Vendored Libraries

Vendor in pip==23.1.2 latest. #5671
Vendor in requirementslib==2.3.0 which drops usage of vistir. #5672

`v2023.4.20`

Compare Source

Features & Improvements

Checks environment variable PIP_TRUSTED_HOSTS when evaluating an
index specified at the command line when adding to Pipfile.

For example, this command line
```
PIP_TRUSTED_HOSTS=internal.mycompany.com pipenv install pypkg --index=https://internal.mycompany.com/pypi/simple
```
will add the following to the Pipfile:
```
[[source]]
url = 'https://internal.mycompany.com/pypi/simple'
verify_ssl = false
name = 'Internalmycompany'

[packages]
pypkg = {version="*", index="Internalmycompany"}
```
This allows users with private indexes to add them to Pipfile
initially from command line with correct permissions using environment
variable PIP_TRUSTED_HOSTS. #5572
Vendor in the updates, upgrades and fixes provided by pip==23.1. #5655
Replace flake8 and isort with ruff. #ruff

Bug Fixes

Fix regression with --skip-lock option with install command. #5653

Vendored Libraries

Vendor in latest python-dotenv==1.0.0 #5656
Vendor in latest available dependencies: attrs==23.1.0 click-didyoumean==0.3.0 click==8.1.3 markupsafe==2.1.2 pipdeptree==2.7.0 shellingham==1.5.0.post1 tomlkit==0.11.7 #5657
Vendor in latest requirementslib==2.2.5 which includes updates for pip 23.1 #5659

Improved Documentation

Made documentation clear about tilde-equals operator for package versions. #5594

`v2023.3.20`

Compare Source

No significant changes.

`v2023.3.18`

Compare Source

Bug Fixes

Fix import error in virtualenv utility for creating new environments caused by 2023.3.18 release. #5636

`v2023.2.18`

Compare Source

Features & Improvements

pipenv now reads the system pip.conf or pip.ini file in order to determine pre-defined indexes to use for package resolution and installation. #5297
Behavior change for pipenv check now checks the default packages group of the lockfile.
Specifying --categories to override which categories to check against.
Pass --use-installed to get the prior behavior of checking the packages actually installed into the environment. #5600

Bug Fixes

Fix regression with detection of CI env variable being set to something other than a truthy value. #5554
Fix --categories argument inconsistency between requirements command and install/sync by allowing comma separated values or spaces. #5570
Use Nushell overlays when running pipenv shell. #5603

Vendored Libraries

Vendor in the pip==23.0 release. #5586
Vendor in pip==23.0.1 minor pt release. Updates pythonfinder==1.3.2. #5614

Improved Documentation

Make some improvements to the contributing guide. #5611

`v2023.2.4`

Compare Source

Bug Fixes

Fix overwriting of output in verbose mode #5530
Fix for resolution error when direct url includes an extras. #5536

Removals and Deprecations

Remove pytest-pypi package since it's not used anymore #5556
Remove deprecated --three flag from the CLI. #5576

`v2022.12.19`

Compare Source

Bug Fixes

Fix for requirementslib hanging during install of remote wheels files. #5546

`v2022.12.17`

Compare Source

Bug Fixes

virtualenv creation no longer uses --creator=venv by default; introduced two environment variables:
PIPENV_VIRTUALENV_CREATOR -- May be specified to instruct virtualenv which --creator= to use.
PIPENV_VIRTUALENV_COPIES -- When specified as truthy, instructs virtualenv to not use symlinks. #5477
Fix regression where path is not propagated to the Pipfile.lock. #5479
Solve issue where null markers were getting added to lock file when extras were provided. #5486
Fix: update --outdated raises NonExistentKey with outdated dev packages #5540

Vendored Libraries

Vendor in pip==22.3.1 which is currently the latest version of pip. #5520
- Bump version of requirementslib to 2.2.1
- Bump version of vistir to 0.7.5
- Bump version of colorama to 0.4.6 #5522
Bump plette version to 0.4.4 #5539

`v2022.11.30`

Compare Source

Bug Fixes

Fix regression: pipenv does not sync indexes to lockfile. #5508

`v2022.11.25`

Compare Source

Bug Fixes

Solving issue where pipenv check command has been broken in the published wheel distribution. #5493

`v2022.11.24`

Compare Source

Bug Fixes

Stop building universal wheels since Python 2 is no longer supported. #5496

`v2022.11.23`

Compare Source

Features & Improvements

Find nushell activate scripts. #5470

Vendored Libraries

- Drop unused code from cerberus
- Drop unused module wheel #5467
- Replace yaspin spinner with rich spinner.
- Bump vistir version to 0.7.4 #5468
Bump version of requirementslib to 2.2.0
Drop yaspin which is no longer used.
Bump vistir to version 0.7.4
Remove parse.
Remove termcolor.
Remove idna. #5481

`v2022.11.11`

Compare Source

Bug Fixes

Fix regression of lock generation that caused the keep-outdated behavior to be default. #5456

`v2022.11.5`

Compare Source

Bug Fixes

Rollback the change in version of colorama due to regressions in core functionality. #5459

`v2022.11.4`

Compare Source

Features & Improvements

Allow pipenv settings to be explicitly disabled more easily by assigning to the environment variable a falsy value. #5451

Bug Fixes

Provide an install iteration per index when install_search_all_sources is false (default behavior).
This fixes regression where install phase was using unexpected index after updating pip==22.3 #5444

Vendored Libraries

Drop tomli, which is not used anymore.
Bump attrs version see #5449.
Drop distlib, colorama and platformdirs - use the ones from pip._vendor. #5450

`v2022.10.25`

Compare Source

Features & Improvements

Add support to export requirements file for a specified set of categories. #5431

Vendored Libraries

Remove appdirs.py in favor of platformdirs. #5420

Removals and Deprecations

Remove usage of vistir.cmdparse in favor of pipenv.cmdparse #5419

`v2022.10.12`

Compare Source

Improved Documentation

Update pipenv docs for with example for callabale package functions in Pipfile scripts #5396

`v2022.10.11`

Compare Source

Bug Fixes

Revert decision to change the default isolation level because it caused problems with existing workflows; solution is to recommend users that have issues requiring pre-requisites to pass --extra-pip-args="--no-build-isolation" in their install or sync commands. #5399

`v2022.10.10`

Compare Source

Features & Improvements

Add ability for callable scripts in Pipfile under [scripts]. Callables can now be added like: <pathed.module>:<func> and can also take arguments. For example: func = {call = "package.module:func('arg1', 'arg2')"} then this can be activated in the shell with pipenv run func #5294

Bug Fixes

Fixes regression from 2022.10.9 where Pipfile with pipenv section began generating new hash,
and also fix regression where lock phase did not update the hash value. #5394

`v2022.10.9`

Compare Source

Features & Improvements

Add ability for callable scripts in Pipfile under [scripts]. Callables can now be added like: <pathed.module>:<func> and can also take arguments. For example: func = {call = "package.module:func('arg1', 'arg2')"} then this can be activated in the shell with pipenv run func #5294

Bug Fixes

Fixes regression from 2022.10.9 where Pipfile with pipenv section began generating new hash,
and also fix regression where lock phase did not update the hash value. #5394

`v2022.10.4`

Compare Source

Bug Fixes

Use --creator=venv when creating virtual environments to avoid issue with sysconfig posix_prefix on some systems. #5075
Prefer to use the lockfile sources if available during the install phase. #5380

Vendored Libraries

Drop vendored six - we no longer depend on this library, as we migrated from pipfile to plette. #5187

`v2022.9.24`

Compare Source

Bug Fixes

Update requirementslib==2.0.3 to always evaluate the requirement markers fresh (without lru_cache) to fix marker determinism issue. #4660

`v2022.9.21`

Compare Source

Bug Fixes

Fix regression to install --skip-lock with update to plette. #5368

`v2022.9.20`

Compare Source

Behavior Changes

Remove usage of pipfile module in favour of Plette.
pipfile is not actively maintained anymore. Plette is actively maintained,
and has stricter checking of the Pipefile and Pipefile.lock. As a result,
Pipefile with unnamed package indices will fail to lock. If a Pipefile
was hand crafeted, and the source is anonymous an error will be thrown.
The solution is simple, add a name to your index, e.g, replace:
```
[[source]]
url = "https://pypi.acme.com/simple"
verify_ssl = true
```
With:
```
[[source]]
url = "https://pypi.acme.com/simple"
verify_ssl = true
name = acmes_private_index  `#&#8203;5339 <https://github.com/pypa/pipenv/issues/5339>`_
```

Bug Fixes

Modernize pipenv path patch with importlib.util to eliminate import of pkg_resources #5349

Vendored Libraries

Remove iso8601 from vendored packages since it was not used. #5346

`v2022.9.8`

Compare Source

Features & Improvements

It is now possible to supply additional arguments to pip install by supplying --extra-pip-args="<arg1> <arg2>"
See the updated documentation Supplying additional arguments to pip for more details. #5283

Bug Fixes

Make editable detection better because not everyone specifies editable entry in the Pipfile for local editable installs. #4784
Add error handling for when the installed package setup.py does not contain valid markers. #5329
Load the dot env earlier so that PIPENV_CUSTOM_VENV_NAME is more useful across projects. #5334

Vendored Libraries

Bump version of shellingham to support nushell. #5336
Bump plette to version v0.3.0 #5337
Bump version of pipdeptree #5343

Removals and Deprecations

Add deprecation warning to the --three flag. Pipenv now uses python3 by default. #5328

Relates to dev process changes

Convert the test runner to use pypiserver as a standalone process for all tests that referencce internal pypi artifacts.
General refactoring of some test cases to create more variety in packages selected--preferring lighter weight packages--in existing test cases.

`v2022.9.4`

Compare Source

Bug Fixes

Fix the issue from 2022.9.2 where tarball URL packages were being skipped on batch_install. #5306

`v2022.9.2`

Compare Source

Bug Fixes

Update requirementslib==2.0.3 to always evaluate the requirement markers fresh (without lru_cache) to fix marker determinism issue. #4660

`v2022.8.31`

Compare Source

Features & Improvements

Performance optimization to batch_install results in a faster and less CPU intensive pipenv sync or pipenv install experience. #5301

Bug Fixes

pipenv now uses a NamedTemporaryFile for rsolver constraints and drops internal env var PIPENV_PACKAGES. #4925

Removals and Deprecations

Remove no longer used method which_pip. #5314
Drop progress bar file due to recent performance optimization to combine batch_install requirements in at most two invocations of pip install.
To see progress of install pass --verbose flag and pip progress will be output in realtime. #5315

`v2022.8.30`

Compare Source

Bug Fixes

Fix an issue when using pipenv install --system on systems that having the python executable pointing to Python 2 and a Python 3 executable being python3. #5296
Sorting constraints before resolving, which fixes pipenv lock generates nondeterminism environment markers. #5299
Fix #5273, use our own method for checking if a package is a valid constraint. #5309

Vendored Libraries

Vendor in requirementslib==2.0.1 which fixes issue with local install not marked editable, and vendor in vistir==0.6.1 which drops python2 support.
Drops orderedmultidict from vendoring. #5308

`v2022.8.24`

Compare Source

Bug Fixes

Remove eager and unnecessary importing of setuptools and pkg_resources to avoid conflict upgrading setuptools.
Roll back sysconfig patch of pip because it was problematic for some --system commands. #5228

Vendored Libraries

Vendor in requirementslib==2.0.0 and drop pip-shims entirely. #5228
Vendor in pythonfinder==1.3.1 #5292

`v2022.8.19`

Compare Source

Bug Fixes

Fix issue where resolver is provided with install_requires constraints from setup.py that depend on editable dependencies and could not resolve them. #5271
Fix for pipenv lock fails for packages with extras as of 2022.8.13. #5274
Revert the exclusion of BAD_PACKAGES from batch_install in order for pipenv to install specific versions of setuptools.
To prevent issue upgrading setuptools this patches _USE_SYSCONFIG_DEFAULT to use sysconfig for 3.7 and above whereas pip default behavior was 3.10 and above. #5275

`v2022.8.17`

Compare Source

Bug Fixes

Fix "The Python interpreter can't be found" error when running pipenv install --system with a python3 but no python. #5261
Revise pip import patch to include only pipenv from site-packages and removed --ignore-installed argument from pip install in order to fix regressions with --use-site-packages. #5265

`v2022.8.15`

Compare Source

Bug Fixes

pip_install method was using a different way of finding the python executable than other `

Configuration

📅 Schedule: Branch creation - "after 5pm on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the dependencies label May 1, 2025

renovate bot force-pushed the renovate/master-pipenv-2025.x branch from 3af1549 to e35e804 Compare May 2, 2025 18:56

renovate bot force-pushed the renovate/master-pipenv-2025.x branch from e35e804 to 23299a8 Compare May 30, 2025 02:23

Update dependency pipenv to v2025

c786fb1

renovate bot force-pushed the renovate/master-pipenv-2025.x branch from 23299a8 to c786fb1 Compare July 7, 2025 23:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency pipenv to v2025 (master) #33

Update dependency pipenv to v2025 (master) #33

Uh oh!

renovate bot commented May 1, 2025 •

edited

Loading

Uh oh!

Uh oh!

Update dependency pipenv to v2025 (master) #33

Are you sure you want to change the base?

Update dependency pipenv to v2025 (master) #33

Uh oh!

Conversation

renovate bot commented May 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Vendored Libraries

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Vendored Libraries

Contributors

What's Changed

Bug Fixes

Bug Fixes

Features & Bug Fixes

Vendored Libraries

Features & Improvements

Bug Fixes

Bug Fixes

Features & Improvements

Bug Fixes

Vendored Libraries

Features & Improvements

Behavior Changes

Bug Fixes

Vendored Libraries

Bug Fixes

Bug Fixes

Bug Fixes

Vendored Libraries

Bug Fixes

Bug Fixes

Features & Improvements

Bug Fixes

Vendored Libraries

Features & Improvements

Behavior Changes

Vendored Libraries

Removals and Deprecations

Bug Fixes

Bug Fixes

Features & Improvements

Updates build to use exclusively pyproject.toml

Bug Fixes

Features & Improvements

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Vendored Libraries

Features & Improvements

Bug Fixes

Vendored Libraries

Bug Fixes

What's Changed

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Removals and Deprecations

Improved Documentation

Bug Fixes

Removals and Deprecations

Bug Fixes

Vendored Libraries

Improved Documentation

Bug Fixes

Vendored Libraries

Vendored Libraries

Features & Improvements

Bug Fixes

renovate bot commented May 1, 2025 •

edited

Loading

Updates build to use exclusively `pyproject.toml`