Installing VCS module with extras in editable mode yields deprecation warning

[mgmarino]

Issue description

If a VCS module is installed editable (as suggested in the docs) and with extras, then a subsequent installation will yield a deprecation warning. See e.g. the referenced discussion here.

It looks as if the underlying call to pip just needs to be modified. to use the "module @ vcs..." syntax.

EDIT: Possible related issues:

• pip freeze outputs deprecated form of VCS requirement pip#9106
• Allow PEP 508 URL spec as editable pip#9471

Steps to replicate

This is just an example, pyjwt is clearly installable also without VCS.

In a fresh directory:

pipenv install -e "pyjwt[crypto] @ git+ssh://[email protected]/jpadilla/[email protected]"
# remove venv and reinstall
pipenv --rm
pipenv sync

This will yield:

Creating a virtualenv for this project...
Pipfile: /test/test_pipenv/Pipfile
Using /Users/xxxx/.pyenv/versions/3.9.16/bin/python3.9 (3.9.16) to create virtualenv...
⠸ Creating virtual environment...created virtual environment CPython3.9.16.final.0-64 in 244ms
  creator CPython3Posix(dest=/test/test_pipenv/.venv, clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/Users/xxxx/Library/Application Support/virtualenv)
    added seed packages: pip==23.0, setuptools==67.1.0, wheel==0.38.4
  activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator

✔ Successfully created virtual environment!
Virtualenv location: /test/test_pipenv/.venv
Installing dependencies from Pipfile.lock (598c8c)...
/Users/xxx/.pyenv/versions/3.9.16/lib/python3.9/site-packages/pipenv/patched/pip/_internal/models/link.py:379: PipDeprecationWarning: DEPRECATION: git+ssh://****@github.com/jpadilla/pyjwt.git@7665aa625506a11bae50b56d3e04413a3dc6fdf8#egg=pyjwt[crypto] contains an egg fragment with a non-PEP 508 name pip 25.0 will enforce this behaviour change. A possible replacement is to use the req @ url syntax, and remove the egg fragment. Discussion can be found at https://github.com/pypa/pip/issues/11617
  deprecated(
Installing dependencies from Pipfile.lock (598c8c)...
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
All dependencies are now up-to-date!

This is with the most recent version of pipenv

> pipenv --version
pipenv, version 2023.2.18

The generated Pipfile:

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
pyjwt = {extras = ["crypto"], editable = true, ref = "2.6.0", git = "ssh://[email protected]/jpadilla/pyjwt.git"}

[dev-packages]

[requires]
python_version = "3.9"

[matteius]

This will be addressed in the requirementslib refactor efforts. I asked a question here to gain clarity: pypa/pip@dca39dd#commitcomment-114148055

[matteius]

I am looking for help testing a rather major overhaul that also should address this issue #5818