Update pipenv to 2020.11.15 and unpin pip #1169
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously the buildpack used pipenv `2018.5.18`, which didn't support newer pip, meaning that apps using pipenv had to be pinned to a much older version of pip. For apps using pipenv, the buildpack now installs pipenv `2020.11.15` and no longer overrides the pip version compared to non-pipenv installs, meaning pip `20.1.1` is now used instead of pip `9.0.2`. Changes: https://github.com/pypa/pipenv/blob/master/CHANGELOG.rst#20201115-2020-11-15 pypa/pipenv@v2018.05.18...v2020.11.15 This is particularly important since the recently released `cryptography` v3.4 requires at least pip 19.x, otherwise pip is unable to use its newer style wheels, and so falls back to building the source distribution. This causes the install to fail, since building `cryptography` now requires Rust, which is not present in the Heroku stack image. Fixes #979. Fixes #987. Fixes #1108. Closes GUS-W-8054805.
403d7c3 to
36a91ef
Compare
danielleadams
approved these changes
Feb 11, 2021
|
I'll release this to the buildpack registry tomorrow (which is the release that apps use with the buildpack URL of |
|
This has now been released to the buildpack registry in #1170, so available via the |
This was referenced Feb 12, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously the buildpack used pipenv
2018.5.18, which in addition to being out of date doesn't support newer pip, meaning that apps using pipenv had to be pinned to a much older version of pip.For apps using pipenv, the buildpack now installs pipenv
2020.11.15and no longer overrides the pip version compared to non-pipenv installs, meaning pip20.1.1is now used instead of pip9.0.2. (The pip version is still pinned, but to the reasonably new pip version used by all other non-pipenv builds.)Changes:
https://github.com/pypa/pipenv/blob/master/CHANGELOG.rst#20201115-2020-11-15
pypa/pipenv@v2018.05.18...v2020.11.15
This is particularly important since
cryptographyv3.4 (released 2021-02-07) requires at least pip 19.x, otherwise pip is unable to use its newer styleabi3wheels, and so falls back to building the source distribution. This causes the install to fail, since buildingcryptographyfrom the sdist now requires Rust, which is not present in the Heroku stack image. As seen in:For more info on the
cryptographyissue, see:https://cryptography.io/en/latest/faq.html#installing-cryptography-fails-with-error-can-not-find-rust-compiler
pyca/cryptography#5771
pyca/cryptography#5798
Fixes #979.
Fixes #987.
Fixes #1108.
Closes GUS-W-8054805.