pipenv requirements now requiring installation of VCS modules #5755
Closed
Description
Issue description
This is less a "bug" per se, but it is absolutely a change in behavior that was not marked in the release notes, so I'm not sure if it was intended or not. Also, it's not clear why pipenv requirements needs to install via VCS, I would've assumed it's a simple translation of the Pipfile.lock file.
As a side note, this was also a breaking change for us, because we use pipenv requirements in places where ssh keys are not always available.
Steps to replicate
Pipfile:
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
pyjwt = {extras = ["crypto"], editable = true, ref = "2.6.0", git = "ssh://git@github.com/jpadilla/pyjwt.git"}
[dev-packages]
[requires]
python_version = "3.9"
Lock the above with pipenv lock. Then run pipenv requirements with the two versions:
> pip install "pipenv==2023.6.18"
> pipenv requirements
...
cffi==1.15.1
cryptography==41.0.1 ; python_version >= '3.7'
pycparser==2.21
-e git+ssh://git@github.com/jpadilla/pyjwt.git@7665aa625506a11bae50b56d3e04413a3dc6fdf8#egg=pyjwt[crypto]
This is also very fast and shows no indication of network calls
> pip install "pipenv==2023.6.26"
> pipenv requirements
...
INFO:root:running egg_info
INFO:root:creating /var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info
INFO:root:writing /var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/PKG-INFO
INFO:root:writing dependency_links to /var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/dependency_links.txt
INFO:root:writing requirements to /var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/requires.txt
INFO:root:writing top-level names to /var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/top_level.txt
INFO:root:writing manifest file '/var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/SOURCES.txt'
INFO:root:reading manifest file '/var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/SOURCES.txt'
INFO:root:reading manifest template 'MANIFEST.in'
WARNING:root:warning: no previously-included files found matching 'codecov.yml'
WARNING:root:warning: no previously-included files matching '*' found under directory 'docs/_build'
WARNING:root:warning: no previously-included files matching '*.py[co]' found under directory '*'
WARNING:root:warning: no previously-included files matching '__pycache__' found under directory '*'
INFO:root:adding license file 'LICENSE'
INFO:root:adding license file 'AUTHORS.rst'
INFO:root:writing manifest file '/var/folders/jh/0_l94d8n51n2gjzt_5l8mv8r0000gq/T/reqlib-src9gkpd_ke/pyjwt/reqlib-metadata/PyJWT.egg-info/SOURCES.txt'
/.../.pyenv/versions/3.9.16/lib/python3.9/site-packages/pipenv/patched/pip/_internal/models/link.py:391: PipDeprecationWarning: DEPRECATION: git+ssh://****@github.com/jpadilla/pyjwt.git@7665aa625506a11bae50b56d3e04413a3dc6fdf8#egg=pyjwt[crypto] contains an egg fragment with a non-PEP 508 name pip 25.0 will enforce this behaviour change. A possible replacement is to use the req @ url syntax, and remove the egg fragment. Discussion can be found at https://github.com/pypa/pip/issues/11617
deprecated(
cffi==1.15.1
cryptography==41.0.1 ; python_version >= '3.7'
pycparser==2.21
-e git+ssh://git@github.com/jpadilla/pyjwt.git@7665aa625506a11bae50b56d3e04413a3dc6fdf8#egg=pyjwt[crypto]
This takes quite a bit longer, and includes the network calls, etc.
Note, I have removed the deprecation warnings mentioned in #5626.