chore(deps): bump pipenv from 2023.12.1 to 2024.0.0

[dependabot]

Bumps pipenv from 2023.12.1 to 2024.0.0.

Release notes

Sourced from pipenv's releases.

Release v2024.0.0

What's Changed

• Update CONTRIBUTING.md by @​PzaThief in pypa/pipenv#6084
• Check for name attribute in source parameter. by @​jralls in pypa/pipenv#6114
• Smarter uninstall by @​matteius in pypa/pipenv#6029
• Use fancy mode for pwsh on *nix (draft) by @​samcarswell in pypa/pipenv#6108
• Vendor in Pip 24.0 by @​matteius in pypa/pipenv#6117
• Update index.md by @​mierzejk in pypa/pipenv#6129
• Spring 2024 vendoring by @​matteius in pypa/pipenv#6118
• Add nested vcs dependency subdirectory when locking to Pipfile.lock (Fix #6120) by @​AlexandreArpin in pypa/pipenv#6136
• pipenv upgrade invoke -d by @​matteius in pypa/pipenv#6138
• Bump plette take 2 by @​oz123 in pypa/pipenv#6134
• Convert off pkg resources by @​matteius in pypa/pipenv#6139
• Fix the issue(#6126): add lockfile_path presence in pipenv check command by @​nitintecg in pypa/pipenv#6135
• debugging weird CI failures by @​matteius in pypa/pipenv#6143
• apply ruff fixes by @​matteius in pypa/pipenv#6145
• docs update for scripts section and other small changes by @​sss-ng in pypa/pipenv#6152
• Add --from-pipfile subcommand to pipenv requirements by @​sanspareilsmyn in pypa/pipenv#6156
• Bump jinja2 from 3.1.3 to 3.1.4 by @​dependabot in pypa/pipenv#6150
• Bump requests from 2.31.0 to 2.32.0 by @​dependabot in pypa/pipenv#6157
• Fix windows CI for 3.8 and the outdated command that was refactored to remove pkg_resources. by @​matteius in pypa/pipenv#6146
• pipenv 2024 install (behavioral refactor) by @​matteius in pypa/pipenv#6098
• Supply the extra pip args in the resolver. by @​matteius in pypa/pipenv#6006
• Handle unsupported python versioning on Pipfile by @​sanspareilsmyn in pypa/pipenv#6164
• Remove secho from pipenv.utils.shell by @​aidencullo in pypa/pipenv#6170

New Contributors

• @​PzaThief made their first contribution in pypa/pipenv#6084
• @​jralls made their first contribution in pypa/pipenv#6114
• @​samcarswell made their first contribution in pypa/pipenv#6108
• @​mierzejk made their first contribution in pypa/pipenv#6129
• @​AlexandreArpin made their first contribution in pypa/pipenv#6136
• @​nitintecg made their first contribution in pypa/pipenv#6135
• @​sss-ng made their first contribution in pypa/pipenv#6152
• @​sanspareilsmyn made their first contribution in pypa/pipenv#6156
• @​aidencullo made their first contribution in pypa/pipenv#6170

Full Changelog: pypa/pipenv@v2023.12.1...v2024.0.0

Changelog

Sourced from pipenv's changelog.

2024.0.0 (2024-06-06)

Pipenv 2024.0.0 (2024-06-06)

Features & Improvements

• Supply any --extra-pip-args also in the resolver steps. [#6006](https://github.com/pypa/pipenv/issues/6006) <https://github.com/pypa/pipenv/issues/6006>_
• The uninstall command now does the inverse of upgrade which means it no longer invokes a full lock cycle which was problematic for projects with many dependencies. [#6029](https://github.com/pypa/pipenv/issues/6029) <https://github.com/pypa/pipenv/issues/6029>_
• The pipenv requirements subcommand now supports the --from-pipfile flag. When this flag is used, the requirements file will only include the packages explicitly listed in the Pipfile, excluding any sub-packages. [#6156](https://github.com/pypa/pipenv/issues/6156) <https://github.com/pypa/pipenv/issues/6156>_

Behavior Changes

• pipenv==3000.0.0 denotes the first major release of our semver strategy. As much requested, the install no longer does a complete lock operation. Instead install follows the same code path as pipenv update (which is upgrade + sync). This is what most new users expect the behavior to be; it is a behavioral change, a necessary one to make the tool more usable. Remember that complete lock resolution can be invoked with pipenv lock just as before. [#6098](https://github.com/pypa/pipenv/issues/6098) <https://github.com/pypa/pipenv/issues/6098>_

Bug Fixes

• Fix a bug that passes pipenv check command if Pipfile.lock not exist [#6126](https://github.com/pypa/pipenv/issues/6126) <https://github.com/pypa/pipenv/issues/6126>_
• Fix a bug that vcs subdependencies were locked without their subdirectory fragment if they had one [#6136](https://github.com/pypa/pipenv/issues/6136) <https://github.com/pypa/pipenv/issues/6136>_
• pipenv converts off pkg_resources API usages. This necessitated also vendoring in:
  • latest pipdeptree==2.18.1 which also converted off pkg_resources
  • importlib-metadata==7.1.0 to continue supporting python 3.8 and 3.9
  • packaging==24.0 since the packaging we were utilizing in pip's vendor was insufficient for this conversion. [#6139](https://github.com/pypa/pipenv/issues/6139) <https://github.com/pypa/pipenv/issues/6139>
• Pipenv only supports absolute python version. If the user specifies a Python version with inequality signs like >=3.12, `_

Vendored Libraries

• Vendor in pip==24.0 [#6117](https://github.com/pypa/pipenv/issues/6117) <https://github.com/pypa/pipenv/issues/6117>_
• Spring 2024 Vendoring includes:
  • click-didyoumean==0.3.1
  • expect==4.9.0
  • pipdeptree==2.16.2
  • python-dotenv==1.0.1
  • ruamel.yaml==0.18.6
  • shellingham==1.5.4
  • tomlkit==0.12.4 [#6118](https://github.com/pypa/pipenv/issues/6118) <https://github.com/pypa/pipenv/issues/6118>_

Commits

• 0618fab Prepare actually for 2024.0.0 release after peer feedback.
• fd76351 Release v2024.0.0
• 878d7c4 Bumped version to 2024.0.0.
• a84ecd3 Release v3000.0.0
• 0cee88e Bumped version to 3000.0.0.
• 2c04a63 Remove secho from pipenv.utils.shell
• 6abb08c Merge pull request #6164 from sanspareilsmyn/handle-unspecified-python-version
• 66eef03 Supply the extra pip args in the resolver. (#6006)
• 0979912 pipenv 3000 install (behavioral refactor) (#6098)
• a1fe8d7 Apply feedbacks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)