pipenv doesn't throw error, when extras are a string instead of a list-like
#5440
Comments
con-f-use
changed the title
extras are a string instead of a list-like
|
Question: have you added |
|
I assume you mean as opposed to via |
|
I agree with you, but still, I wanted to know what the root cause was. |
|
Also, I think this should be fixed in https://github.com/sarugaku/plette |
oz123
added
the
good first issue
|
If this issue hasn't been resolved, I'd like to be assigned it. Especially considering it is a good first issue :) |
|
There you go 🙂 I think the actual fix is in plette but I might be wrong. |
|
But should i check if it was fixed in plette? Would we still want it resolved in pipenv regardless?
… El 25/10/2022, a las 2:11 p. m., Oz N Tiram ***@***.***> escribió:
There you go 🙂 I think the actual fix is in plette but I might be wrong.
—
Reply to this email directly, view it on GitHub <#5440 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADNQYBKNHUV6LAB3ESMIFS3WFAWHNANCNFSM6AAAAAARNDWO5I>.
You are receiving this because you were assigned.
|
|
The PR should be in that repository. You can prototype and test your changes on |
|
Oz, is there some way I can contact you? I have some questions regarding this issue and pipenv in general that I'm not sure belong on this issue thread, my email is on my profile. Thanks |
|
Sent you and email. Feel to answer there. |
matteius
added
the
Type: Possible Bug
|
I was able to pin-point this bug. It's not about syncing, it's about requirements generation. The underlying problem is |
Until now one could write anything in package extras.
If one happend to write a string, e.g:
```
msal = {version="==1.20.0", extras="broker"}
```
It would silently pass, and result in a Pipfile.lock containing a list
of characters:
```
"msal": {
"extras": [
"b",
"e",
"k",
"o",
"r"
],
```
With this change, a validation is added to check that extras
are a list.
Also added is a check that packages specifiers are in a dictionary
and not a list.
This is a potential fix for pypa/pipenv#5440.
|
Hi Oz,
Thank you for sending me this, i will look more into the requirements generation mechanism then.
I haven’t had a lot of time to work on this recently, but i will have time this upcoming week and try to submit a fix by then.
Best,
Aiden
… El 13/12/2022, a las 3:33 a. m., Oz N Tiram ***@***.***> escribió:
I was able to pin-point this bug. It's not about syncing, it's about requirements generation.
***@***.***:/tmp/pipenv-ncbhfaai-project $ cat Pipfile
[packages]
msal = {version="==1.20.0", extras="broker"}
***@***.***:/tmp/pipenv-ncbhfaai-project $ pipenv lock
Locking [packages] dependencies...
Locking [dev-packages] dependencies...
Updated Pipfile.lock (d5418ae7afddb195bc750352ac1c92fb7c0040ad281c7a4ca32db6c2a4ad2c7c)!
***@***.***:/tmp/pipenv-ncbhfaai-project $ pipenv requirements
-i https://pypi.org/simple
certifi==2022.12.7 ; python_version >= '3.6'
cffi==1.15.1
charset-normalizer==2.1.1 ; python_full_version >= '3.6.0'
cryptography==38.0.4 ; python_version >= '3.6'
idna==3.4 ; python_version >= '3.5'
msal[b,e,k,o,r]==1.20.0
pycparser==2.21
pyjwt[crypto]==2.6.0 ; python_version >= '3.7'
requests==2.28.1 ; python_version >= '3.7' and python_version < '4'
urllib3==1.26.13 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'
—
Reply to this email directly, view it on GitHub <#5440 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADNQYBLMSW5X2BHWSH72S33WNAYFDANCNFSM6AAAAAARNDWO5I>.
You are receiving this because you were assigned.
|
|
I think Oz did a fix in palette for this today. |
|
It's already fixed in plette. |
|
Please try |
Something like text above in a Pipfile, during locking, results in the bug evidenced by output below:
It should error. Note that is not immediately obvious what is going wrong, as the letters in
[b,e,k,o,r]are not even in the same order as the extra dependency "broker".The text was updated successfully, but these errors were encountered: