Plugin not compatible with =>2022.8.13 of pipenv
tylerzisk opened this issue · 4 comments
Issue Description
Currently the plugin is not compatible with any version of pipenv
> 2022.8.13 as they have changed how the requirements.txt
command is used.
The plugin currently calls pipenv lock --requirements --keep-outdated
and starting with 2022.8.13 they have removed the -requirements and --keep-outdated flags and consolidated to pipenv requirements
.
Not blaming the plugin as this seems like a very dumb and breaking change on part of the maintainers of pipenv
.
The current workaround I have employed to my company's codebases is to set the install step of pipenv to use version 2022.8.5, as it is the last with the old syntax usage:
pip install pipenv==2022.8.5
I'd recommend calling pipenv requirements --hash
as the equivalent of this. Maybe the hash is a new feature but it helps maintain the protection against package confusion attacks.
I'm now doing this manually before calling serverless package
though I also have to delete my pipfile and pipfile.lock as part of the build to make sure that this plugin uses the requirements.txt instead of the pipfile
A temporary workaround to solve this issue is to install the plugin through the PR branch with
npm install andidev/serverless-python-requirements#support-latest-pipenv
A temporary workaround to solve this issue is to install the plugin through the PR branch with
npm install andidev/serverless-python-requirements#support-latest-pipenv
Hey, I've added a PR to fix an issue I've hadd with git packages being the sources.