pipenv
pipenv copied to clipboard
Published
20 hours ago •
pypa
pypa
pipenv check doesn't consider package versions of current environment
Issue description
When running pipenv check, only the site-packages of the user installation are considered instead of the pipenv environment.
Is this expected behaviour?
Currently my workaround is to install safety in the environment and then run pipenv run safety check which checks the correct packages.
Expected result
pipenv check runs a safety check on the packages of the current environment
Actual result
pipenv check only checks the user's site-packages
Steps to replicate
$ pip show pylint
Name: pylint
Version: 2.10.2
Summary: python code static checker
Home-page: https://github.com/PyCQA/pylint
Author: Python Code Quality Authority
Author-email: [email protected]
License: GPL-2.0-or-later
Location: /home/USER/.local/lib/python3.8/site-packages
Requires: astroid, isort, mccabe, platformdirs, toml
Required-by:
$ pipenv install pylint==2.14.4
Creating a virtualenv for this project...
Pipfile: /home/USER/Downloads/test/Pipfile
Using /home/USER/.pyenv/versions/3.10.5/bin/python3 (3.10.5) to create virtualenv...
⠹ Creating virtual environment...created virtual environment CPython3.10.5.final.0-64 in 101ms
creator CPython3Posix(dest=/home/USER/.local/share/virtualenvs/test-LQFnpRW5, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/USER/.local/share/virtualenv)
added seed packages: pip==22.1.2, setuptools==62.6.0, wheel==0.37.1
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /home/USER/.virtualenvs/test-LQFnpRW5
Installing pylint==2.14.4...
Adding pylint to Pipfile's [packages]...
✔ Installation Succeeded
Pipfile.lock (e4eef2) out of date, updating to (b7beaf)...
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
Building requirements...
Resolving dependencies...
✔ Success!
Updated Pipfile.lock (b7beaf)!
Installing dependencies from Pipfile.lock (b7beaf)...
🐍 ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 0/0 — 00:00:00
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
$ pipenv run pip show pylint
Name: pylint
Version: 2.14.4
Summary: python code static checker
Home-page:
Author: Python Code Quality Authority
Author-email: [email protected]
License: GPL-2.0-or-later
Location: /home/USER/.local/share/virtualenvs/test-LQFnpRW5/lib/python3.10/site-packages
Requires: astroid, dill, isort, mccabe, platformdirs, tomli, tomlkit
Required-by:
$ pipenv check --verbose
Checking PEP 508 requirements...
Running command: $ /home/USER/.virtualenvs/test-LQFnpRW5/bin/python /home/USER/.local/lib/python3.8/site-packages/pipenv/pep508checker.py
Command output: {"os_name": "posix", "sys_platform": "linux", "platform_machine": "x86_64", "platform_python_implementation": "CPython", "platform_release": "5.13.0-51-generic", "platform_system": "Linux", "platform_version": "#58~20.04.1-Ubuntu SMP Tue Jun 14 11:29:12 UTC 2022", "python_version": "3.10", "python_full_version": "3.10.5", "implementation_name": "cpython", "implementation_version": "3.10.5"}
Passed!
Checking installed package safety...
Running command: $ /home/USER/.virtualenvs/test-LQFnpRW5/bin/python /home/USER/.local/lib/python3.8/site-packages/pipenv/patched/safety check --json
Command output: [
[
"pylint",
"<2.13.0",
"2.10.2",
"Pylint 2.13.0 fixes a crash when using the doc_params extension.\r\nhttps://github.com/PyCQA/pylint/issues/5322",
"45185",
null,
null
]
]
45185: pylint <2.13.0 resolved (2.10.2 installed)!
Pylint 2.13.0 fixes a crash when using the doc_params extension.
https://github.com/PyCQA/pylint/issues/5322
$ pipenv --support
Pipenv version: '2022.6.7'
Pipenv location: '/home/USER/.local/lib/python3.8/site-packages/pipenv'
Python location: '/usr/bin/python3'
Python installations found:
3.10.5:/home/USER/.pyenv/versions/3.10.5/bin/python33.8.13:/home/USER/.pyenv/versions/3.8.13/bin/python3.83.8.10:/usr/bin/python3.83.8.10:/usr/bin/python33.8.10:/bin/python3.83.8.10:/bin/python33.8.0:/home/USER/.pyenv/versions/3.8.0/bin/python3.82.7.18:/usr/bin/python2.72.7.18:/usr/bin/python22.7.18:/usr/bin/python2.7.18:/bin/python2.72.7.18:/bin/python22.7.18:/bin/python
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.8.10',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '5.13.0-51-generic',
'platform_system': 'Linux',
'platform_version': '#58~20.04.1-Ubuntu SMP Tue Jun 14 11:29:12 UTC 2022',
'python_full_version': '3.8.10',
'python_version': '3.8',
'sys_platform': 'linux'}
System environment variables:
SHELLSESSION_MANAGERQT_ACCESSIBILITYCOLORTERMPYENV_SHELLXDG_CONFIG_DIRSHISTCONTROLXDG_MENU_PREFIXGNOME_DESKTOP_SESSION_IDHISTSIZEMANDATORY_PATHLC_ADDRESSGNOME_SHELL_SESSION_MODELC_NAMESSH_AUTH_SOCKXMODIFIERS__GIT_PROMPT_SHOW_UNTRACKED_FILESDESKTOP_SESSIONLC_MONETARYSSH_AGENT_PIDGTK_MODULESPWDLOGNAMEXDG_SESSION_DESKTOPXDG_SESSION_TYPEGPG_AGENT_INFOXAUTHORITYWINDOWPATHHOMEUSERNAMEIM_CONFIG_PHASELC_PAPERLANGLS_COLORSXDG_CURRENT_DESKTOPVTE_VERSIONPROMPT_COMMANDGNOME_TERMINAL_SCREENINVOCATION_IDMANAGERPIDWORKON_HOMELESSCLOSEXDG_SESSION_CLASSTERMLC_IDENTIFICATIONDEFAULTS_PATHLESSOPENUSERGNOME_TERMINAL_SERVICEDISPLAYSHLVLLC_TELEPHONEQT_IM_MODULELC_MEASUREMENTCMAKE_BUILD_PARALLEL_LEVELDESKTOP_AUTOSTART_IDXDG_RUNTIME_DIRPYENV_ROOTLC_TIMEJOURNAL_STREAMXDG_DATA_DIRSPATHGDMSESSIONHISTFILESIZEDBUS_SESSION_BUS_ADDRESSGIT_BRANCHLC_NUMERICOLDPWD_PIP_SHIMS_BASE_MODULEPIP_DISABLE_PIP_VERSION_CHECKPIP_PYTHON_PATHPYTHONDONTWRITEBYTECODEPYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH:/home/USER/.pyenv/shims:/home/USER/.pyenv/bin:/home/USER/.local/bin:/home/USER/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/binSHELL:/bin/bashLANG:en_US.UTF-8PWD:/home/USER/Downloads/test
Contents of Pipfile ('/home/USER/Downloads/test/Pipfile'):
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
pylint = "==2.14.4"
safety = "*"
[dev-packages]
[requires]
python_version = "3.10"
Contents of Pipfile.lock ('/home/parchent/Downloads/test/Pipfile.lock'):
{
"_meta": {
"hash": {
"sha256": "9d422390fcd6951f029e52351dcc79303c9b120dbdca2c290313e9495bcdde11"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.10"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"astroid": {
"hashes": [
"sha256:4f933d0bf5e408b03a6feb5d23793740c27e07340605f236496cd6ce552043d6",
"sha256:ba33a82a9a9c06a5ceed98180c5aab16e29c285b828d94696bf32d6015ea82a9"
],
"markers": "python_full_version >= '3.6.2'",
"version": "==2.11.6"
},
"certifi": {
"hashes": [
"sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d",
"sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"
],
"markers": "python_version >= '3.6'",
"version": "==2022.6.15"
},
"charset-normalizer": {
"hashes": [
"sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
"sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
],
"markers": "python_version >= '3.6'",
"version": "==2.1.0"
},
"click": {
"hashes": [
"sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e",
"sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"
],
"markers": "python_version >= '3.7'",
"version": "==8.1.3"
},
"dill": {
"hashes": [
"sha256:33501d03270bbe410c72639b350e941882a8b0fd55357580fbc873fba0c59302",
"sha256:d75e41f3eff1eee599d738e76ba8f4ad98ea229db8b085318aa2b3333a208c86"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6'",
"version": "==0.3.5.1"
},
"dparse": {
"hashes": [
"sha256:a1b5f169102e1c894f9a7d5ccf6f9402a836a5d24be80a986c7ce9eaed78f367",
"sha256:e953a25e44ebb60a5c6efc2add4420c177f1d8404509da88da9729202f306994"
],
"markers": "python_version >= '3.5'",
"version": "==0.5.1"
},
"idna": {
"hashes": [
"sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
"sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
],
"markers": "python_version >= '3.5'",
"version": "==3.3"
},
"isort": {
"hashes": [
"sha256:6f62d78e2f89b4500b080fe3a81690850cd254227f27f75c3a0c491a1f351ba7",
"sha256:e8443a5e7a020e9d7f97f1d7d9cd17c88bcb3bc7e218bf9cf5095fe550be2951"
],
"markers": "python_version < '4' and python_full_version >= '3.6.1'",
"version": "==5.10.1"
},
"lazy-object-proxy": {
"hashes": [
"sha256:043651b6cb706eee4f91854da4a089816a6606c1428fd391573ef8cb642ae4f7",
"sha256:07fa44286cda977bd4803b656ffc1c9b7e3bc7dff7d34263446aec8f8c96f88a",
"sha256:12f3bb77efe1367b2515f8cb4790a11cffae889148ad33adad07b9b55e0ab22c",
"sha256:2052837718516a94940867e16b1bb10edb069ab475c3ad84fd1e1a6dd2c0fcfc",
"sha256:2130db8ed69a48a3440103d4a520b89d8a9405f1b06e2cc81640509e8bf6548f",
"sha256:39b0e26725c5023757fc1ab2a89ef9d7ab23b84f9251e28f9cc114d5b59c1b09",
"sha256:46ff647e76f106bb444b4533bb4153c7370cdf52efc62ccfc1a28bdb3cc95442",
"sha256:4dca6244e4121c74cc20542c2ca39e5c4a5027c81d112bfb893cf0790f96f57e",
"sha256:553b0f0d8dbf21890dd66edd771f9b1b5f51bd912fa5f26de4449bfc5af5e029",
"sha256:677ea950bef409b47e51e733283544ac3d660b709cfce7b187f5ace137960d61",
"sha256:6a24357267aa976abab660b1d47a34aaf07259a0c3859a34e536f1ee6e76b5bb",
"sha256:6a6e94c7b02641d1311228a102607ecd576f70734dc3d5e22610111aeacba8a0",
"sha256:6aff3fe5de0831867092e017cf67e2750c6a1c7d88d84d2481bd84a2e019ec35",
"sha256:6ecbb350991d6434e1388bee761ece3260e5228952b1f0c46ffc800eb313ff42",
"sha256:7096a5e0c1115ec82641afbdd70451a144558ea5cf564a896294e346eb611be1",
"sha256:70ed0c2b380eb6248abdef3cd425fc52f0abd92d2b07ce26359fcbc399f636ad",
"sha256:8561da8b3dd22d696244d6d0d5330618c993a215070f473b699e00cf1f3f6443",
"sha256:85b232e791f2229a4f55840ed54706110c80c0a210d076eee093f2b2e33e1bfd",
"sha256:898322f8d078f2654d275124a8dd19b079080ae977033b713f677afcfc88e2b9",
"sha256:8f3953eb575b45480db6568306893f0bd9d8dfeeebd46812aa09ca9579595148",
"sha256:91ba172fc5b03978764d1df5144b4ba4ab13290d7bab7a50f12d8117f8630c38",
"sha256:9d166602b525bf54ac994cf833c385bfcc341b364e3ee71e3bf5a1336e677b55",
"sha256:a57d51ed2997e97f3b8e3500c984db50a554bb5db56c50b5dab1b41339b37e36",
"sha256:b9e89b87c707dd769c4ea91f7a31538888aad05c116a59820f28d59b3ebfe25a",
"sha256:bb8c5fd1684d60a9902c60ebe276da1f2281a318ca16c1d0a96db28f62e9166b",
"sha256:c19814163728941bb871240d45c4c30d33b8a2e85972c44d4e63dd7107faba44",
"sha256:c4ce15276a1a14549d7e81c243b887293904ad2d94ad767f42df91e75fd7b5b6",
"sha256:c7a683c37a8a24f6428c28c561c80d5f4fd316ddcf0c7cab999b15ab3f5c5c69",
"sha256:d609c75b986def706743cdebe5e47553f4a5a1da9c5ff66d76013ef396b5a8a4",
"sha256:d66906d5785da8e0be7360912e99c9188b70f52c422f9fc18223347235691a84",
"sha256:dd7ed7429dbb6c494aa9bc4e09d94b778a3579be699f9d67da7e6804c422d3de",
"sha256:df2631f9d67259dc9620d831384ed7732a198eb434eadf69aea95ad18c587a28",
"sha256:e368b7f7eac182a59ff1f81d5f3802161932a41dc1b1cc45c1f757dc876b5d2c",
"sha256:e40f2013d96d30217a51eeb1db28c9ac41e9d0ee915ef9d00da639c5b63f01a1",
"sha256:f769457a639403073968d118bc70110e7dce294688009f5c24ab78800ae56dc8",
"sha256:fccdf7c2c5821a8cbd0a9440a456f5050492f2270bd54e94360cac663398739b",
"sha256:fd45683c3caddf83abbb1249b653a266e7069a09f486daa8863fb0e7496a9fdb"
],
"markers": "python_version >= '3.6'",
"version": "==1.7.1"
},
"mccabe": {
"hashes": [
"sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325",
"sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e"
],
"markers": "python_version >= '3.6'",
"version": "==0.7.0"
},
"packaging": {
"hashes": [
"sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb",
"sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"
],
"markers": "python_version >= '3.6'",
"version": "==21.3"
},
"platformdirs": {
"hashes": [
"sha256:027d8e83a2d7de06bbac4e5ef7e023c02b863d7ea5d079477e722bb41ab25788",
"sha256:58c8abb07dcb441e6ee4b11d8df0ac856038f944ab98b7be6b27b2a3c7feef19"
],
"markers": "python_version >= '3.7'",
"version": "==2.5.2"
},
"pylint": {
"hashes": [
"sha256:47705453aa9dce520e123a7d51843d5f0032cbfa06870f89f00927aa1f735a4a",
"sha256:89b61867db16eefb7b3c5b84afc94081edaf11544189e2b238154677529ad69f"
],
"index": "pypi",
"version": "==2.14.4"
},
"pyparsing": {
"hashes": [
"sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb",
"sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"
],
"markers": "python_full_version >= '3.6.8'",
"version": "==3.0.9"
},
"pyyaml": {
"hashes": [
"sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293",
"sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b",
"sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57",
"sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b",
"sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4",
"sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07",
"sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba",
"sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9",
"sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287",
"sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513",
"sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0",
"sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0",
"sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92",
"sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f",
"sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2",
"sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc",
"sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c",
"sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86",
"sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4",
"sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c",
"sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34",
"sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b",
"sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c",
"sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb",
"sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737",
"sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3",
"sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d",
"sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53",
"sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78",
"sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803",
"sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a",
"sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174",
"sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5"
],
"markers": "python_version >= '3.6'",
"version": "==6.0"
},
"requests": {
"hashes": [
"sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983",
"sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"
],
"markers": "python_version >= '3.7' and python_version < '4'",
"version": "==2.28.1"
},
"ruamel.yaml": {
"hashes": [
"sha256:742b35d3d665023981bd6d16b3d24248ce5df75fdb4e2924e93a05c1f8b61ca7",
"sha256:8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af"
],
"markers": "python_version >= '3'",
"version": "==0.17.21"
},
"ruamel.yaml.clib": {
"hashes": [
"sha256:0847201b767447fc33b9c235780d3aa90357d20dd6108b92be544427bea197dd",
"sha256:1070ba9dd7f9370d0513d649420c3b362ac2d687fe78c6e888f5b12bf8bc7bee",
"sha256:1866cf2c284a03b9524a5cc00daca56d80057c5ce3cdc86a52020f4c720856f0",
"sha256:221eca6f35076c6ae472a531afa1c223b9c29377e62936f61bc8e6e8bdc5f9e7",
"sha256:31ea73e564a7b5fbbe8188ab8b334393e06d997914a4e184975348f204790277",
"sha256:3fb9575a5acd13031c57a62cc7823e5d2ff8bc3835ba4d94b921b4e6ee664104",
"sha256:4ff604ce439abb20794f05613c374759ce10e3595d1867764dd1ae675b85acbd",
"sha256:6e7be2c5bcb297f5b82fee9c665eb2eb7001d1050deaba8471842979293a80b0",
"sha256:72a2b8b2ff0a627496aad76f37a652bcef400fd861721744201ef1b45199ab78",
"sha256:77df077d32921ad46f34816a9a16e6356d8100374579bc35e15bab5d4e9377de",
"sha256:78988ed190206672da0f5d50c61afef8f67daa718d614377dcd5e3ed85ab4a99",
"sha256:7b2927e92feb51d830f531de4ccb11b320255ee95e791022555971c466af4527",
"sha256:7f7ecb53ae6848f959db6ae93bdff1740e651809780822270eab111500842a84",
"sha256:825d5fccef6da42f3c8eccd4281af399f21c02b32d98e113dbc631ea6a6ecbc7",
"sha256:846fc8336443106fe23f9b6d6b8c14a53d38cef9a375149d61f99d78782ea468",
"sha256:89221ec6d6026f8ae859c09b9718799fea22c0e8da8b766b0b2c9a9ba2db326b",
"sha256:9efef4aab5353387b07f6b22ace0867032b900d8e91674b5d8ea9150db5cae94",
"sha256:a32f8d81ea0c6173ab1b3da956869114cae53ba1e9f72374032e33ba3118c233",
"sha256:a49e0161897901d1ac9c4a79984b8410f450565bbad64dbfcbf76152743a0cdb",
"sha256:ada3f400d9923a190ea8b59c8f60680c4ef8a4b0dfae134d2f2ff68429adfab5",
"sha256:bf75d28fa071645c529b5474a550a44686821decebdd00e21127ef1fd566eabe",
"sha256:cfdb9389d888c5b74af297e51ce357b800dd844898af9d4a547ffc143fa56751",
"sha256:d67f273097c368265a7b81e152e07fb90ed395df6e552b9fa858c6d2c9f42502",
"sha256:dc6a613d6c74eef5a14a214d433d06291526145431c3b964f5e16529b1842bed",
"sha256:de9c6b8a1ba52919ae919f3ae96abb72b994dd0350226e28f3686cb4f142165c"
],
"markers": "python_version < '3.11' and platform_python_implementation == 'CPython'",
"version": "==0.2.6"
},
"safety": {
"hashes": [
"sha256:77cebdd128ce47b941e68a1b3bbc29fbbd2b9e98d11f179c5def64c1d05da295",
"sha256:d739d00a9e4203cfaba34540c822a73ca1d327159ed7776b3dce09391f81c35d"
],
"index": "pypi",
"version": "==2.0.0"
},
"setuptools": {
"hashes": [
"sha256:990a4f7861b31532871ab72331e755b5f14efbe52d336ea7f6118144dd478741",
"sha256:c1848f654aea2e3526d17fc3ce6aeaa5e7e24e66e645b5be2171f3f6b4e5a178"
],
"markers": "python_version >= '3.7'",
"version": "==62.6.0"
},
"toml": {
"hashes": [
"sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b",
"sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"
],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==0.10.2"
},
"tomli": {
"hashes": [
"sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc",
"sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"
],
"markers": "python_version < '3.11'",
"version": "==2.0.1"
},
"tomlkit": {
"hashes": [
"sha256:0f4050db66fd445b885778900ce4dd9aea8c90c4721141fde0d6ade893820ef1",
"sha256:71ceb10c0eefd8b8f11fe34e8a51ad07812cb1dc3de23247425fbc9ddc47b9dd"
],
"markers": "python_version >= '3.6' and python_version < '4'",
"version": "==0.11.0"
},
"urllib3": {
"hashes": [
"sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14",
"sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
"version": "==1.26.9"
},
"wrapt": {
"hashes": [
"sha256:00b6d4ea20a906c0ca56d84f93065b398ab74b927a7a3dbd470f6fc503f95dc3",
"sha256:01c205616a89d09827986bc4e859bcabd64f5a0662a7fe95e0d359424e0e071b",
"sha256:02b41b633c6261feff8ddd8d11c711df6842aba629fdd3da10249a53211a72c4",
"sha256:07f7a7d0f388028b2df1d916e94bbb40624c59b48ecc6cbc232546706fac74c2",
"sha256:11871514607b15cfeb87c547a49bca19fde402f32e2b1c24a632506c0a756656",
"sha256:1b376b3f4896e7930f1f772ac4b064ac12598d1c38d04907e696cc4d794b43d3",
"sha256:21ac0156c4b089b330b7666db40feee30a5d52634cc4560e1905d6529a3897ff",
"sha256:257fd78c513e0fb5cdbe058c27a0624c9884e735bbd131935fd49e9fe719d310",
"sha256:2b39d38039a1fdad98c87279b48bc5dce2c0ca0d73483b12cb72aa9609278e8a",
"sha256:2cf71233a0ed05ccdabe209c606fe0bac7379fdcf687f39b944420d2a09fdb57",
"sha256:2fe803deacd09a233e4762a1adcea5db5d31e6be577a43352936179d14d90069",
"sha256:3232822c7d98d23895ccc443bbdf57c7412c5a65996c30442ebe6ed3df335383",
"sha256:34aa51c45f28ba7f12accd624225e2b1e5a3a45206aa191f6f9aac931d9d56fe",
"sha256:36f582d0c6bc99d5f39cd3ac2a9062e57f3cf606ade29a0a0d6b323462f4dd87",
"sha256:380a85cf89e0e69b7cfbe2ea9f765f004ff419f34194018a6827ac0e3edfed4d",
"sha256:40e7bc81c9e2b2734ea4bc1aceb8a8f0ceaac7c5299bc5d69e37c44d9081d43b",
"sha256:43ca3bbbe97af00f49efb06e352eae40434ca9d915906f77def219b88e85d907",
"sha256:4fcc4649dc762cddacd193e6b55bc02edca674067f5f98166d7713b193932b7f",
"sha256:5a0f54ce2c092aaf439813735584b9537cad479575a09892b8352fea5e988dc0",
"sha256:5a9a0d155deafd9448baff28c08e150d9b24ff010e899311ddd63c45c2445e28",
"sha256:5b02d65b9ccf0ef6c34cba6cf5bf2aab1bb2f49c6090bafeecc9cd81ad4ea1c1",
"sha256:60db23fa423575eeb65ea430cee741acb7c26a1365d103f7b0f6ec412b893853",
"sha256:642c2e7a804fcf18c222e1060df25fc210b9c58db7c91416fb055897fc27e8cc",
"sha256:6a9a25751acb379b466ff6be78a315e2b439d4c94c1e99cb7266d40a537995d3",
"sha256:6b1a564e6cb69922c7fe3a678b9f9a3c54e72b469875aa8018f18b4d1dd1adf3",
"sha256:6d323e1554b3d22cfc03cd3243b5bb815a51f5249fdcbb86fda4bf62bab9e164",
"sha256:6e743de5e9c3d1b7185870f480587b75b1cb604832e380d64f9504a0535912d1",
"sha256:709fe01086a55cf79d20f741f39325018f4df051ef39fe921b1ebe780a66184c",
"sha256:7b7c050ae976e286906dd3f26009e117eb000fb2cf3533398c5ad9ccc86867b1",
"sha256:7d2872609603cb35ca513d7404a94d6d608fc13211563571117046c9d2bcc3d7",
"sha256:7ef58fb89674095bfc57c4069e95d7a31cfdc0939e2a579882ac7d55aadfd2a1",
"sha256:80bb5c256f1415f747011dc3604b59bc1f91c6e7150bd7db03b19170ee06b320",
"sha256:81b19725065dcb43df02b37e03278c011a09e49757287dca60c5aecdd5a0b8ed",
"sha256:833b58d5d0b7e5b9832869f039203389ac7cbf01765639c7309fd50ef619e0b1",
"sha256:88bd7b6bd70a5b6803c1abf6bca012f7ed963e58c68d76ee20b9d751c74a3248",
"sha256:8ad85f7f4e20964db4daadcab70b47ab05c7c1cf2a7c1e51087bfaa83831854c",
"sha256:8c0ce1e99116d5ab21355d8ebe53d9460366704ea38ae4d9f6933188f327b456",
"sha256:8d649d616e5c6a678b26d15ece345354f7c2286acd6db868e65fcc5ff7c24a77",
"sha256:903500616422a40a98a5a3c4ff4ed9d0066f3b4c951fa286018ecdf0750194ef",
"sha256:9736af4641846491aedb3c3f56b9bc5568d92b0692303b5a305301a95dfd38b1",
"sha256:988635d122aaf2bdcef9e795435662bcd65b02f4f4c1ae37fbee7401c440b3a7",
"sha256:9cca3c2cdadb362116235fdbd411735de4328c61425b0aa9f872fd76d02c4e86",
"sha256:9e0fd32e0148dd5dea6af5fee42beb949098564cc23211a88d799e434255a1f4",
"sha256:9f3e6f9e05148ff90002b884fbc2a86bd303ae847e472f44ecc06c2cd2fcdb2d",
"sha256:a85d2b46be66a71bedde836d9e41859879cc54a2a04fad1191eb50c2066f6e9d",
"sha256:a9a52172be0b5aae932bef82a79ec0a0ce87288c7d132946d645eba03f0ad8a8",
"sha256:aa31fdcc33fef9eb2552cbcbfee7773d5a6792c137b359e82879c101e98584c5",
"sha256:b014c23646a467558be7da3d6b9fa409b2c567d2110599b7cf9a0c5992b3b471",
"sha256:b21bb4c09ffabfa0e85e3a6b623e19b80e7acd709b9f91452b8297ace2a8ab00",
"sha256:b5901a312f4d14c59918c221323068fad0540e34324925c8475263841dbdfe68",
"sha256:b9b7a708dd92306328117d8c4b62e2194d00c365f18eff11a9b53c6f923b01e3",
"sha256:d1967f46ea8f2db647c786e78d8cc7e4313dbd1b0aca360592d8027b8508e24d",
"sha256:d52a25136894c63de15a35bc0bdc5adb4b0e173b9c0d07a2be9d3ca64a332735",
"sha256:d77c85fedff92cf788face9bfa3ebaa364448ebb1d765302e9af11bf449ca36d",
"sha256:d79d7d5dc8a32b7093e81e97dad755127ff77bcc899e845f41bf71747af0c569",
"sha256:dbcda74c67263139358f4d188ae5faae95c30929281bc6866d00573783c422b7",
"sha256:ddaea91abf8b0d13443f6dac52e89051a5063c7d014710dcb4d4abb2ff811a59",
"sha256:dee0ce50c6a2dd9056c20db781e9c1cfd33e77d2d569f5d1d9321c641bb903d5",
"sha256:dee60e1de1898bde3b238f18340eec6148986da0455d8ba7848d50470a7a32fb",
"sha256:e2f83e18fe2f4c9e7db597e988f72712c0c3676d337d8b101f6758107c42425b",
"sha256:e3fb1677c720409d5f671e39bac6c9e0e422584e5f518bfd50aa4cbbea02433f",
"sha256:ee2b1b1769f6707a8a445162ea16dddf74285c3964f605877a20e38545c3c462",
"sha256:ee6acae74a2b91865910eef5e7de37dc6895ad96fa23603d1d27ea69df545015",
"sha256:ef3f72c9666bba2bab70d2a8b79f2c6d2c1a42a7f7e2b0ec83bb2f9e383950af"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==1.14.1"
}
},
"develop": {}
}
@qi55wyqu I was unable to reproduce this issue:
matte@LAPTOP-N5VSGIBD MINGW64 ~/Projects/pipenv-triage/pipenv-5159
$ pipenv check --verbose
Checking PEP 508 requirements...
Running command: $ /c/Users/matte/.virtualenvs/pipenv-5159-Q24uc9cA/Scripts/python.exe c:/users/matte/projects/pipenv/pipenv/pep508checker.py
Command output: {"os_name": "nt", "sys_platform": "win32", "platform_machine": "AMD64", "platform_python_implementation": "CPython", "platform_release": "10", "platform_sys
tem": "Windows", "platform_version": "10.0.22000", "python_version": "3.10", "python_full_version": "3.10.5", "implementation_name": "cpython", "implementation_version": "3
.10.5"}
Passed!
Checking installed package safety...
Running command: $ /c/Users/matte/.virtualenvs/pipenv-5159-Q24uc9cA/Scripts/python.exe c:\users\matte\projects\pipenv\pipenv\patched\safety check --json
Command output: []
All good!
matte@LAPTOP-N5VSGIBD MINGW64 ~/Projects/pipenv-triage/pipenv-5159
$ pipenv run pip show pylint
Name: pylint
Version: 2.14.4
Summary: python code static checker
Home-page:
Author: Python Code Quality Authority
Author-email: [email protected]
License: GPL-2.0-or-later
Location: c:\c\users\matte\.virtualenvs\pipenv-5159-q24uc9ca\lib\site-packages
Requires: astroid, colorama, dill, isort, mccabe, platformdirs, tomli, tomlkit
Required-by:
matte@LAPTOP-N5VSGIBD MINGW64 ~/Projects/pipenv-triage/pipenv-5159
$ pipenv --version
pipenv, version 2022.7.4
$ cat Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
pylint = "==2.14.4"
safety = "*"
[dev-packages]
[requires]
python_version = "3.10"
I can reproduce with the following:
cd "$(mktemp -d)"
pipenv shell
pipenv check
With a few comments and additional commands, this is what I get:
$ # Force the creation of a new virtualenv
$ cd "$(mktemp -d)"
$ pip show pipenv
Name: pipenv
Version: 2022.10.4
Summary: Python Development Workflow for Humans.
Home-page: https://github.com/pypa/pipenv
Author: Pipenv maintainer team
Author-email: [email protected]
License: MIT
Location: /usr/lib/python3.10/site-packages
Requires: certifi, setuptools, virtualenv, virtualenv-clone
Required-by:
$ pipenv shell
Creating a virtualenv for this project...
Pipfile: /tmp/tmp.NNYuKN2jn8/Pipfile
Using /usr/bin/python3 (3.10.8) to create virtualenv...
⠴ Creating virtual environment...created virtual environment CPython3.10.8.final.0-64 in 772ms
creator Venv(dest=/home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB, clear=False, no_vcs_ignore=False, global=False, describe=CPython3Posix)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/gary/.local/share/virtualenv)
added seed packages: pip==22.3, setuptools==65.5.0, wheel==0.37.1
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB
Creating a Pipfile for this project...
Launching subshell in virtual environment...
$ . /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/bin/activate
$ pipenv check --verbose
Checking PEP 508 requirements...
Running command: $ /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/bin/python /usr/lib/python3.10/site-packages/pipenv/pep508checker.py
Command output: {"os_name": "posix", "sys_platform": "linux", "platform_machine": "x86_64", "platform_python_implementation": "CPython", "platform_release": "6.0.7-arch1-1", "platform_system": "Linux", "platform_version": "#1 SMP PREEMPT_DYNAMIC Thu, 03 Nov 2022 18:01:58 +0000", "python_version": "3.10", "python_full_version": "3.10.8", "implementation_name": "cpython", "implementation_version": "3.10.8"}
Passed!
Checking installed package safety...
Running command: $ /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/bin/python /usr/lib/python3.10/site-packages/pipenv/patched/safety check --json
Command output: [
[
"wheel",
"<0.38.0",
"0.37.1",
"Wheel 0.38.0 fixes a potential DoS attack via the 'WHEEL_INFO_RE' regular expression.",
"51499",
null,
null
]
]
51499: wheel <0.38.0 resolved (0.37.1 installed)!
Wheel 0.38.0 fixes a potential DoS attack via the 'WHEEL_INFO_RE' regular expression.
$ pip show wheel
Name: wheel
Version: 0.37.1
Summary: A built-package format for Python
Home-page: https://github.com/pypa/wheel
Author: Daniel Holth
Author-email: [email protected]
License: MIT
Location: /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/lib/python3.10/site-packages
Requires:
Required-by:
$ # I haven't asked for `wheel` to be installed yet, it is coming from `pipenv`, but fair enough
$ pip install --upgrade wheel
Requirement already satisfied: wheel in /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/lib/python3.10/site-packages (0.37.1)
Collecting wheel
Using cached wheel-0.38.2-py3-none-any.whl (36 kB)
Installing collected packages: wheel
Attempting uninstall: wheel
Found existing installation: wheel 0.37.1
Uninstalling wheel-0.37.1:
Successfully uninstalled wheel-0.37.1
Successfully installed wheel-0.38.2
$ pip show wheel
Name: wheel
Version: 0.38.2
Summary: A built-package format for Python
Home-page: https://github.com/pypa/wheel
Author: Daniel Holth
Author-email: [email protected]
License: MIT
Location: /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/lib/python3.10/site-packages
Requires:
Required-by:
$ # So now we're good, right?
$ pipenv check --verbose
Checking PEP 508 requirements...
Running command: $ /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/bin/python /usr/lib/python3.10/site-packages/pipenv/pep508checker.py
Command output: {"os_name": "posix", "sys_platform": "linux", "platform_machine": "x86_64", "platform_python_implementation": "CPython", "platform_release": "6.0.7-arch1-1", "platform_system": "Linux", "platform_version": "#1 SMP PREEMPT_DYNAMIC Thu, 03 Nov 2022 18:01:58 +0000", "python_version": "3.10", "python_full_version": "3.10.8", "implementation_name": "cpython", "implementation_version": "3.10.8"}
Passed!
Checking installed package safety...
Running command: $ /home/gary/.local/share/virtualenvs/tmp.NNYuKN2jn8-TrKfDGXB/bin/python /usr/lib/python3.10/site-packages/pipenv/patched/safety check --json
Command output: [
[
"wheel",
"<0.38.0",
"0.37.1",
"Wheel 0.38.0 fixes a potential DoS attack via the 'WHEEL_INFO_RE' regular expression.",
"51499",
null,
null
]
]
51499: wheel <0.38.0 resolved (0.37.1 installed)!
Wheel 0.38.0 fixes a potential DoS attack via the 'WHEEL_INFO_RE' regular expression.
$ # But where does that `0.37.1` come from then... System `pip`?
$ sudo /usr/bin/pip show wheel
Name: wheel
Version: 0.37.1
Summary: A built-package format for Python
Home-page: https://github.com/pypa/wheel
Author: Daniel Holth
Author-email: [email protected]
License: MIT
Location: /usr/lib/python3.10/site-packages
Requires:
Required-by:
$ # :facepalm:
To me, most of the issues relate to how sys.path is handled in pipenv/patched/safety/__main__.py.
The reference to __file__ in:
PATCHED_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
Sounds like an issue to me.
Also:
PIPENV_DIR = os.path.dirname(PATCHED_DIR)
VENDORED_DIR = os.path.join("PIPENV_DIR", "vendor")
I would have expected "PIPENV_DIR" to be unquoted.
A very quick-and-dirty test shows that if you replace the logic of sys.path handling in pipenv/patched/safety/__main__.py, with the implementation from pipenv/patched/pip/__main__.py, pipenv check behaves correctly.
New version of pipenv released today has the latest version of safety check. Please check it out.
Hi @matteius, issue is still happening (though wheel was updated on archlinux so the reproducer doesn't quite work anymore).
I believe the rest off my last message gives a pretty good description of why the issue occurs and how to fix it. Please let me know if have any question about it.
Ok sorry about that -- there was still an issue with the wheel not including the rumael vendoring. I just verified that new release 2022.11.25 does in fact include the required ruamel, and a fix for this issue.