Fix: SSH VCS URLs without branch ref being corrupted #6493
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When installing a git dependency over SSH without specifying a branch/ref
(e.g., git+ssh://git@github.com/user/repo.git#egg=package), the URL was
being incorrectly parsed. The @ symbol in 'git@github.com' was being
treated as a branch/ref separator, resulting in corrupted entries like:
"git": "git+ssh://git"
instead of the correct:
"git": "git+ssh://git@github.com/user/repo.git"
The fix checks if the @ symbol is in the path part of the URL (indicating
a branch/ref) rather than in the netloc (hostname) part before splitting.
This matches the behavior of the normalize_vcs_url() function.
Added regression tests for SSH URL handling with and without branch refs.
Fixes #6076
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #6076
Problem
When installing a git dependency over SSH without specifying a branch/ref (e.g.,
git+ssh://git@github.com/user/repo.git#egg=package), the URL was being incorrectly parsed. The@symbol ingit@github.comwas being treated as a branch/ref separator, resulting in corrupted Pipfile.lock entries like:instead of the correct:
This caused pip to fail with errors like:
Root Cause
In
pipenv/project.py, thegenerate_package_pipfile_entry()function was usingrsplit("@", 1)to extract the branch/ref from VCS URLs. This incorrectly split on the@in SSH URLs likegit@github.com, treatinggithub.com/user/repo.gitas the ref andgit+ssh://gitas the URL.Solution
The fix checks if the
@symbol is in the path part of the URL (indicating a branch/ref) rather than in the netloc (hostname) part before splitting. This matches the behavior of the existingnormalize_vcs_url()function inpipenv/utils/dependencies.py.Changes
pipenv/project.py: Updatedgenerate_package_pipfile_entry()to useurllib.parse.urlparse()to check if@is in the path before treating it as a ref separator.tests/unit/test_vcs.py: Added regression tests for SSH URL handling with and without branch refs.Testing
Pull Request opened by Augment Code with guidance from the PR author