Upgrade Pipenv to something newer than 2018.5.18 and unpin Pip

[alexandrenicol]

Description

It would be good to be able to use a newer version of pip when using pipenv and Pipfile.

Alternativaly, maybe if both requirements.txt and Pipfile files are in the repository, the buildpack could ignore the Pipfile?

At the moment, if a Pipfile is in the repository, it automatically goes back to pip version 9.x, which doesn't necessarily allow the build of some dependencies.

heroku-buildpack-python/bin/steps/python

Lines 178 to 186 in c9504ff

	if [[ -f "$BUILD_DIR/Pipfile" ]]; then
	# The buildpack is pinned to old pipenv, which requires older pip.
	# Pip 9.0.2 doesn't support installing itself from a wheel, so we have to use split
	# versions here (ie: installer pip version different from target pip version).
	PIP_VERSION='9.0.2'
	PIP_TO_INSTALL="pip==${PIP_VERSION}"
	else
	PIP_TO_INSTALL="${PIP_WHEEL}"
	fi

[edmorley]

Hi! This is related to #1093 (though that's about being able to override the default version, whereas this seems to be more about changing the default version itself).

I would love to be able to use the same pip for pipenv users as everyone else. The reason it's pinned is:
#833 (comment)

...though unfortunately no repro case was provided, so it's hard for me to know whether the issue is now fixed.

Alternativaly, maybe if both requirements.txt and Pipfile files are in the repository, the buildpack could ignore the Pipfile?

I agree this would be a good idea. In a world where the buildpack supports multiple package managers, I think having requirements.txt take precedence is best.

[tolomea]

Just tried to upgrade cryptography and ran face first into this.

Is there any mechanism at all to force newer versions of Pip and Pipenv?

[FreneticScribbler]

Just a note, you're going to want to rename the env var name PIPENV_VERSION when you do finally upgrade the version: pypa/pipenv#3633 (comment)

[timmygee]

This issue has been solved with this fork https://github.com/alan-eu/heroku-buildpack-python

[edmorley]

Hi! Sorry for the delay in getting this resolved. I've just shipped #1169 for this, and there's a bit more context in:
#987 (comment)

Just a note, you're going to want to rename the env var name PIPENV_VERSION

@FreneticScribbler Good spot, thank you :-) I ended up removing the export instead, since the variable is only needed in the buildpack script and not by subprocesses. In general there are lots of unnecessary exports in the buildpack at the moment - they are on my list to clean up everywhere :-)

[jsayles]

Any chance we can upgrade Pip to 2022.12.19? My builds are failing because my Pipenv.lock checksums don't match if I'm running the latest version locally.

[edmorley]

@jsayles Hi! I've been glancing at the pipenv releases periodically trying to find a release with as few regressions as possible - however it's been hard to find one that doesn't break as many things as it fixes. Some of the more recent releases seem slightly better, so I was planning on upgrading to one of them in the next couple of weeks :-)

[edmorley]

Pipenv has been updated in #1407.

[edmorley]

(Adjusting the issue title to make it clearer that it's an old already-closed issue. For any future Pipenv related requests, please open new GitHub issues 🙂)