Pipenv version doesn't support categories

[devanubis]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

pip

Package manager version

pipenv 2022.10.25

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

We've started using Pipfile categories to group some optional dependencies in our project, however it seems the dependabot is using pipenv version 2022.4.8.

Dependabot is writing the old lock file format, without our optional category. Fortunately this is caught in our build process, which uses the a newer versions of pipenv and detects that the lock file hashes to not match.

Categories were introduced in version 2022.10.10.

Please could you upgrade to a more recent version of pipenv?

Alternatively, are we able to specific a newer pipenv version ourselves in our dependaboy.yml ?

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[pavera]

We are currently pinned to 2022.4.8 to maintain Python 3.6 support. I believe we made an attempt to allow newer pipenv versions for newer Python versions but were unable to get it to work correctly. I will make another attempt and document the findings here.

[pavera]

@deivid-rodriguez was already working on this: #6104. We have a number of tests that fail due to changes in pipenv args and error output. It looks like we're going to need to match pipenv version with each project since the output (lockfile format and errors) change between versions.

Unfortunately, I don't think this is trivial as each project might use a different method to bootstrap pipenv. Out of curiosity how do you bootstrap pipenv in your project? The most common method I think I've seen is to use a dedicated requirements-pipenv.txt.

[devanubis]

Out of curiosity how do you bootstrap pipenv in your project?

We're deploying through docker, so for us we just pip install --upgrade pipenv in our Dockerfile and in our CI environment.

Although using a requirements-pipenv.text to pin to specific versions of pipenv might be a good idea for us too for any future changes pipenv makes.

[matteius]

Howdy -- pipenv maintainer here for the past year. I just came to look for if dependabot supported named package categories and if it makes use of --keep-outdated which we plan to drop support for (it doesn't appear that dependabot uses this flag).

I know we had to change underlying library for the Pipfile/lockfile, but I did not think there were these compatibility issues. I would be happy to shed more light on any issues if you could provide more details on what you have encountered so far.

[deivid-rodriguez]

Thanks so much for chiming in @matteius, and sorry for not saying anything before 🙏.

Upgrading Pipenv and getting it to a good state should be much easier with your support ❤️. I think I'll ask some questions at #6104 when I get back to working on it if you're still willing to help.

[deivid-rodriguez]

We have now updated pipenv, so closing this! 🎉