Merge branch 'master' into add_fedora_install

2026-06-05 14:50:16 +00:00 · 2018-06-26 15:48:12 -04:00
parent 5e3a49a628 9ec6b74eb8
commit e5fa0acb2e
76 changed files with 311 additions and 236 deletions
@@ -1,100 +1,190 @@
-2018.6.0.dev0 (2018-06-18)
-==========================
-
+2018.6.25 (2018-06-25)
+======================

 Features & Improvements
 -----------------------

- Pipenv-created virtualenvs will now be associated with a ``.project`` folder (features can be implemented on top of this later or users may choose to use ``pipenv-pipes`` to take full advantage of this.)  `#1861 <https://github.com/pypa/pipenv/issues/1861>`_
-  
- Virtualenv names will now appear in prompts for most Windows users.  `#2167 <https://github.com/pypa/pipenv/issues/2167>`_
-  
- Added support for cmder shell paths with spaces.  `#2168 <https://github.com/pypa/pipenv/issues/2168>`_
-  
- Added nested JSON output to the ``pipenv graph`` command.  `#2199 <https://github.com/pypa/pipenv/issues/2199>`_
-  
- Dropped vendored pip 9 and vendored, patched, and migrated to pip 10.
-  Updated patched piptools version.  `#2255 <https://github.com/pypa/pipenv/issues/2255>`_
-  
- PyPI mirror URLs can now be set to override instances of PyPI urls by passing the ``--pypi-mirror`` argument from the command line or setting the ``PIPENV_PYPI_MIRROR`` environment variable.  `#2281 <https://github.com/pypa/pipenv/issues/2281>`_
-  
- Virtualenv activation lines will now avoid being written to some shell history files.  `#2287 <https://github.com/pypa/pipenv/issues/2287>`_
-  
- Pipenv will now only search for ``requirements.txt`` files when creating new projects, and during that time only if the user doesn't specify packages to pass in.  `#2309 <https://github.com/pypa/pipenv/issues/2309>`_
-  
- Added support for mounted drives via UNC paths.  `#2331 <https://github.com/pypa/pipenv/issues/2331>`_
-  
- Added support for Windows Subsystem for Linux bash shell detection.  `#2363 <https://github.com/pypa/pipenv/issues/2363>`_
-  
+- Pipenv-created virtualenvs will now be associated with a ``.project`` folder
+  (features can be implemented on top of this later or users may choose to use
+  ``pipenv-pipes`` to take full advantage of this.)  `#1861
+  <https://github.com/pypa/pipenv/issues/1861>`_
+
+- Virtualenv names will now appear in prompts for most Windows users.  `#2167
+  <https://github.com/pypa/pipenv/issues/2167>`_
+
+- Added support for cmder shell paths with spaces.  `#2168
+  <https://github.com/pypa/pipenv/issues/2168>`_
+
+- Added nested JSON output to the ``pipenv graph`` command.  `#2199
+  <https://github.com/pypa/pipenv/issues/2199>`_
+
+- Dropped vendored pip 9 and vendored, patched, and migrated to pip 10. Updated
+  patched piptools version.  `#2255
+  <https://github.com/pypa/pipenv/issues/2255>`_
+
+- PyPI mirror URLs can now be set to override instances of PyPI urls by passing
+  the ``--pypi-mirror`` argument from the command line or setting the
+  ``PIPENV_PYPI_MIRROR`` environment variable.  `#2281
+  <https://github.com/pypa/pipenv/issues/2281>`_
+
+- Virtualenv activation lines will now avoid being written to some shell
+  history files.  `#2287 <https://github.com/pypa/pipenv/issues/2287>`_
+
+- Pipenv will now only search for ``requirements.txt`` files when creating new
+  projects, and during that time only if the user doesn't specify packages to
+  pass in.  `#2309 <https://github.com/pypa/pipenv/issues/2309>`_
+
+- Added support for mounted drives via UNC paths.  `#2331
+  <https://github.com/pypa/pipenv/issues/2331>`_
+
+- Added support for Windows Subsystem for Linux bash shell detection.  `#2363
+  <https://github.com/pypa/pipenv/issues/2363>`_
+
+- Pipenv will now generate hashes much more quickly by resolving them in a
+  single pass during locking.  `#2384
+  <https://github.com/pypa/pipenv/issues/2384>`_
+
+- ``pipenv run`` will now avoid spawning additional ``COMSPEC`` instances to
+  run commands in when possible.  `#2385
+  <https://github.com/pypa/pipenv/issues/2385>`_
+
+- Massive internal improvements to requirements parsing codebase, resolver, and
+  error messaging.  `#2388 <https://github.com/pypa/pipenv/issues/2388>`_
+
+- ``pipenv check`` now may take multiple of the additional argument
+  ``--ignore`` which takes a parameter ``cve_id`` for the purpose of ignoring
+  specific CVEs.  `#2408 <https://github.com/pypa/pipenv/issues/2408>`_
+

 Behavior Changes
 ----------------

 - Pipenv will now parse & capitalize ``platform_python_implementation`` markers
+  .. warning:: This could cause an issue if you have an out of date ``Pipfile``
+  which lowercases the comparison value (e.g. ``cpython`` instead of
+  ``CPython``).  `#2123 <https://github.com/pypa/pipenv/issues/2123>`_
+
+- Pipenv will now only search for ``requirements.txt`` files when creating new
+  projects, and during that time only if the user doesn't specify packages to
+  pass in.  `#2309 <https://github.com/pypa/pipenv/issues/2309>`_

-    .. warning:: 
-  
-      This could cause an issue if you have an out of date ``Pipfile`` which lowercases the comparison value (e.g. ``cpython`` instead of ``CPython``).  `#2123 <https://github.com/pypa/pipenv/issues/2123>`_
-  
- Pipenv will now only search for ``requirements.txt`` files when creating new projects, and during that time only if the user doesn't specify packages to pass in.  `#2309 <https://github.com/pypa/pipenv/issues/2309>`_
-  

 Bug Fixes
 ---------

- Massive internal improvements to requirements parsing codebase, resolver, and error messaging.  `#1962 <https://github.com/pypa/pipenv/issues/1962>`_,
+- Massive internal improvements to requirements parsing codebase, resolver, and
+  error messaging.  `#1962 <https://github.com/pypa/pipenv/issues/1962>`_,
  `#2186 <https://github.com/pypa/pipenv/issues/2186>`_,
  `#2263 <https://github.com/pypa/pipenv/issues/2263>`_,
  `#2312 <https://github.com/pypa/pipenv/issues/2312>`_
-  
- Pipenv will now parse & capitalize ``platform_python_implementation`` markers.  `#2123 <https://github.com/pypa/pipenv/issues/2123>`_
-  
- Fixed a bug with parsing and grouping old-style ``setup.py`` extras during resolution  `#2142 <https://github.com/pypa/pipenv/issues/2142>`_
-  
- Fixed a bug causing pipenv graph to throw unhelpful exceptions when running against empty or non-existent environments.  `#2161 <https://github.com/pypa/pipenv/issues/2161>`_
-  
- Fixed a bug which caused ``--system`` to incorrectly abort when users were in a virtualenv.  `#2181 <https://github.com/pypa/pipenv/issues/2181>`_
-  
- Removed vendored ``cacert.pem`` which could cause issues for some users with custom certificate settings.  `#2193 <https://github.com/pypa/pipenv/issues/2193>`_
-  
- Fixed a regression which led to direct invocations of ``virtualenv``, rather than calling it by module.  `#2198 <https://github.com/pypa/pipenv/issues/2198>`_
-  
+
+- Pipenv will now parse & capitalize ``platform_python_implementation``
+  markers.  `#2123 <https://github.com/pypa/pipenv/issues/2123>`_
+
+- Fixed a bug with parsing and grouping old-style ``setup.py`` extras during
+  resolution  `#2142 <https://github.com/pypa/pipenv/issues/2142>`_
+
+- Fixed a bug causing pipenv graph to throw unhelpful exceptions when running
+  against empty or non-existent environments.  `#2161
+  <https://github.com/pypa/pipenv/issues/2161>`_
+
+- Fixed a bug which caused ``--system`` to incorrectly abort when users were in
+  a virtualenv.  `#2181 <https://github.com/pypa/pipenv/issues/2181>`_
+
+- Removed vendored ``cacert.pem`` which could cause issues for some users with
+  custom certificate settings.  `#2193
+  <https://github.com/pypa/pipenv/issues/2193>`_
+
+- Fixed a regression which led to direct invocations of ``virtualenv``, rather
+  than calling it by module.  `#2198
+  <https://github.com/pypa/pipenv/issues/2198>`_
+
 - Locking will now pin the correct VCS ref during ``pipenv update`` runs.
-  Running ``pipenv update`` with a new vcs ref specified in the ``Pipfile`` will now properly obtain, resolve, and install the specified dependency at the specified ref.  `#2209 <https://github.com/pypa/pipenv/issues/2209>`_
+  Running ``pipenv update`` with a new vcs ref specified in the ``Pipfile``
+  will now properly obtain, resolve, and install the specified dependency at
+  the specified ref.  `#2209 <https://github.com/pypa/pipenv/issues/2209>`_
+
+- ``pipenv clean`` will now correctly ignore comments from ``pip freeze`` when
+  cleaning the environment.  `#2262
+  <https://github.com/pypa/pipenv/issues/2262>`_
+
+- Resolution bugs causing packages for incompatible python versions to be
+  locked have been fixed.  `#2267
+  <https://github.com/pypa/pipenv/issues/2267>`_
+
+- Fixed a bug causing pipenv graph to fail to display sometimes.  `#2268
+  <https://github.com/pypa/pipenv/issues/2268>`_
+
+- Updated ``requirementslib`` to fix a bug in pipfile parsing affecting
+  relative path conversions.  `#2269
+  <https://github.com/pypa/pipenv/issues/2269>`_
+
+- Windows executable discovery now leverages ``os.pathext``.  `#2298
+  <https://github.com/pypa/pipenv/issues/2298>`_
+
+- Fixed a bug which caused ``--deploy --system`` to inadvertently create a
+  virtualenv before failing.  `#2301
+  <https://github.com/pypa/pipenv/issues/2301>`_
+
+- Fixed an issue which led to a failure to unquote special characters in file
+  and wheel paths.  `#2302 <https://github.com/pypa/pipenv/issues/2302>`_
+
+- VCS dependencies are now manually obtained only if they do not match the
+  requested ref.  `#2304 <https://github.com/pypa/pipenv/issues/2304>`_
+
+- Added error handling functionality to properly cope with single-digit
+  ``Requires-Python`` metatdata with no specifiers.  `#2377
+  <https://github.com/pypa/pipenv/issues/2377>`_
+
+- ``pipenv update`` will now always run the resolver and lock before ensuring
+  your dependencies are in sync with your lockfile.  `#2379
+  <https://github.com/pypa/pipenv/issues/2379>`_
+
+- Resolved a bug in our patched resolvers which could cause nondeterministic
+  resolution failures in certain conditions. Running ``pipenv install`` with no
+  arguments in a project with only a ``Pipfile`` will now correctly lock first
+  for dependency resolution before installing.  `#2384
+  <https://github.com/pypa/pipenv/issues/2384>`_
+
+- Patched ``python-dotenv`` to ensure that environment variables always get
+  encoded to the filesystem encoding.  `#2386
+  <https://github.com/pypa/pipenv/issues/2386>`_
+
+
+Improved Documentation
+----------------------
+
+- Update documentation wording to clarify Pipenv's overall role in the packaging ecosystem.  `#2194 <https://github.com/pypa/pipenv/issues/2194>`_
  
- ``pipenv clean`` will now correctly ignore comments from ``pip freeze`` when cleaning the environment.  `#2262 <https://github.com/pypa/pipenv/issues/2262>`_
+- Added contribution documentation and guidelines.  `#2205 <https://github.com/pypa/pipenv/issues/2205>`_
  
- Resolution bugs causing packages for incompatible python versions to be locked have been fixed.  `#2267 <https://github.com/pypa/pipenv/issues/2267>`_
-  
- Fixed a bug causing pipenv graph to fail to display sometimes.  `#2268 <https://github.com/pypa/pipenv/issues/2268>`_
-  
- Updated ``requirementslib`` to fix a bug in pipfile parsing affecting relative path conversions.  `#2269 <https://github.com/pypa/pipenv/issues/2269>`_
-  
- Windows executable discovery now leverages ``os.pathext``.  `#2298 <https://github.com/pypa/pipenv/issues/2298>`_
-  
- Fixed a bug which caused ``--deploy --system`` to inadvertently create a virtualenv before failing.  `#2301 <https://github.com/pypa/pipenv/issues/2301>`_
-  
- Fixed an issue which led to a failure to unquote special characters in file and wheel paths.  `#2302 <https://github.com/pypa/pipenv/issues/2302>`_
-  
- VCS dependencies are now manually obtained only if they do not match the requested ref.  `#2304 <https://github.com/pypa/pipenv/issues/2304>`_
-  
- Added error handling functionality to properly cope with single-digit ``Requires-Python`` metatdata with no specifiers.  `#2377 <https://github.com/pypa/pipenv/issues/2377>`_
-  
- ``pipenv update`` will now always run the resolver and lock before ensuring your dependencies are in sync with your lockfile.  `#2379 <https://github.com/pypa/pipenv/issues/2379>`_
+- Added instructions for supervisord compatibility.  `#2215 <https://github.com/pypa/pipenv/issues/2215>`_
  
+- Fixed broken links to development philosophy and contribution documentation.  `#2248 <https://github.com/pypa/pipenv/issues/2248>`_
+

 Vendored Libraries
 ------------------

- Removed vendored ``cacert.pem`` which could cause issues for some users with custom certificate settings.  `#2193 <https://github.com/pypa/pipenv/issues/2193>`_
-  
- Dropped vendored pip 9 and vendored, patched, and migrated to pip 10.
-  Updated patched piptools version.  `#2255 <https://github.com/pypa/pipenv/issues/2255>`_
-  
- Updated ``requirementslib`` to fix a bug in pipfile parsing affecting relative path conversions.  `#2269 <https://github.com/pypa/pipenv/issues/2269>`_
-  
- Added custom shell detection library ``shellingham``, a port of our changes to ``pew``.  `#2363 <https://github.com/pypa/pipenv/issues/2363>`_
-  
+- Removed vendored ``cacert.pem`` which could cause issues for some users with
+  custom certificate settings.  `#2193
+  <https://github.com/pypa/pipenv/issues/2193>`_
+
+- Dropped vendored pip 9 and vendored, patched, and migrated to pip 10. Updated
+  patched piptools version.  `#2255
+  <https://github.com/pypa/pipenv/issues/2255>`_
+
+- Updated ``requirementslib`` to fix a bug in pipfile parsing affecting
+  relative path conversions.  `#2269
+  <https://github.com/pypa/pipenv/issues/2269>`_
+
+- Added custom shell detection library ``shellingham``, a port of our changes
+  to ``pew``.  `#2363 <https://github.com/pypa/pipenv/issues/2363>`_
+
+- Patched ``python-dotenv`` to ensure that environment variables always get
+  encoded to the filesystem encoding.  `#2386
+  <https://github.com/pypa/pipenv/issues/2386>`_
+
 - Updated vendored libraries. The following vendored libraries were updated:

  * distlib from version ``0.2.6`` to ``0.2.7``.
@@ -1,4 +1,10 @@
- - Virtualenv names will now appear in prompts for most Windows users. 2167 feature
+2018.6.25
+ - Added error handling functionality to properly cope with single-digit `Requires-Python` metatdata with no specifiers.
+ - Pipenv will now generate hashes much more quickly by resolving them in a single pass during locking.
+ - `pipenv run` will now avoid spawning additional `COMSPEC` instances to run commands in when possible.
+ - `pipenv check` now may take multiple of the additional argument `--ignore` which takes a parameter `cve_id` for the purpose of ignoring specific CVEs.
+ - Patched `python-dotenv` to ensure that environment variables always get encoded to the filesystem encoding.
+ - Virtualenv names will now appear in prompts for most Windows users.
 - Resolver runtime and caching has been improved.
 - Improved virtualenv discovery when using `pipenv --venv`.
 - Improved error messages when failing to activate virtualenvs.
@@ -1 +0,0 @@
-Pipenv-created virtualenvs will now be associated with a ``.project`` folder (features can be implemented on top of this later or users may choose to use ``pipenv-pipes`` to take full advantage of this.)
@@ -1 +0,0 @@
-Massive internal improvements to requirements parsing codebase, resolver, and error messaging.
@@ -1,5 +0,0 @@
-Pipenv will now parse & capitalize ``platform_python_implementation`` markers
-
-  .. warning:: 
-  
-    This could cause an issue if you have an out of date ``Pipfile`` which lowercases the comparison value (e.g. ``cpython`` instead of ``CPython``). 
@@ -1 +0,0 @@
-Pipenv will now parse & capitalize ``platform_python_implementation`` markers.
@@ -1 +0,0 @@
-Fixed a bug with parsing and grouping old-style ``setup.py`` extras during resolution
@@ -1 +0,0 @@
-Fixed a bug causing pipenv graph to throw unhelpful exceptions when running against empty or non-existent environments.
@@ -1 +0,0 @@
-Virtualenv names will now appear in prompts for most Windows users.
@@ -1 +0,0 @@
-Added support for cmder shell paths with spaces.
@@ -1 +0,0 @@
-Fixed a bug which caused ``--system`` to incorrectly abort when users were in a virtualenv.
@@ -1 +0,0 @@
-Added an invoke task to generate patches against vendored dependencies.
@@ -1 +0,0 @@
-Massive internal improvements to requirements parsing codebase, resolver, and error messaging.
@@ -1 +0,0 @@
-Removed vendored ``cacert.pem`` which could cause issues for some users with custom certificate settings.
@@ -1 +0,0 @@
-Removed vendored ``cacert.pem`` which could cause issues for some users with custom certificate settings.
@@ -1 +0,0 @@
-Update documentation wording to clarify Pipenv's overall role in the packaging ecosystem.
@@ -1 +0,0 @@
-Fixed a regression which led to direct invocations of ``virtualenv``, rather than calling it by module.
@@ -1 +0,0 @@
-Added nested JSON output to the ``pipenv graph`` command.
@@ -1 +0,0 @@
-Added contribution documentation and guidelines.
@@ -1,2 +0,0 @@
-Locking will now pin the correct VCS ref during ``pipenv update`` runs.
-Running ``pipenv update`` with a new vcs ref specified in the ``Pipfile`` will now properly obtain, resolve, and install the specified dependency at the specified ref.
@@ -1 +0,0 @@
-Added instructions for supervisord compatibility.
@@ -1 +0,0 @@
-Fixed broken links to development philosophy and contribution documentation.
@@ -1,2 +0,0 @@
-Dropped vendored pip 9 and vendored, patched, and migrated to pip 10.
-Updated patched piptools version.
@@ -1,2 +0,0 @@
-Dropped vendored pip 9 and vendored, patched, and migrated to pip 10.
-Updated patched piptools version.
@@ -1 +0,0 @@
-``pipenv clean`` will now correctly ignore comments from ``pip freeze`` when cleaning the environment.
@@ -1 +0,0 @@
-Massive internal improvements to requirements parsing codebase, resolver, and error messaging.
@@ -1 +0,0 @@
-Resolution bugs causing packages for incompatible python versions to be locked have been fixed.
@@ -1 +0,0 @@
-Fixed a bug causing pipenv graph to fail to display sometimes.
@@ -1 +0,0 @@
-Updated ``requirementslib`` to fix a bug in pipfile parsing affecting relative path conversions.
@@ -1 +0,0 @@
-Updated ``requirementslib`` to fix a bug in pipfile parsing affecting relative path conversions.
@@ -1 +0,0 @@
-PyPI mirror URLs can now be set to override instances of PyPI urls by passing the ``--pypi-mirror`` argument from the command line or setting the ``PIPENV_PYPI_MIRROR`` environment variable.
@@ -1 +0,0 @@
-Virtualenv activation lines will now avoid being written to some shell history files.
@@ -1 +0,0 @@
-Windows executable discovery now leverages ``os.pathext``.
@@ -1 +0,0 @@
-Fixed a bug which caused ``--deploy --system`` to inadvertently create a virtualenv before failing.
@@ -1 +0,0 @@
-Fixed an issue which led to a failure to unquote special characters in file and wheel paths.
@@ -1 +0,0 @@
-VCS dependencies are now manually obtained only if they do not match the requested ref.
@@ -1 +0,0 @@
-Change function name of ``pipenv.utils.actually_resolve_reps`` to ``pipenv.utils.actually_resolve_deps``.
@@ -1 +0,0 @@
-Pipenv will now only search for ``requirements.txt`` files when creating new projects, and during that time only if the user doesn't specify packages to pass in.
@@ -1 +0,0 @@
-Pipenv will now only search for ``requirements.txt`` files when creating new projects, and during that time only if the user doesn't specify packages to pass in.
@@ -1 +0,0 @@
-Removed unnecessary comma from documentation.
@@ -1 +0,0 @@
-Massive internal improvements to requirements parsing codebase, resolver, and error messaging.
@@ -1 +0,0 @@
-Added ``pipenv run`` suggestion for users who are first creating environment.
@@ -1 +0,0 @@
-Added support for mounted drives via UNC paths.
@@ -1 +0,0 @@
-Added support for Windows Subsystem for Linux bash shell detection.
@@ -1 +0,0 @@
-Added custom shell detection library ``shellingham``, a port of our changes to ``pew``.
@@ -1,15 +0,0 @@
-Updated vendored libraries. The following vendored libraries were updated:
-
-* distlib from version ``0.2.6`` to ``0.2.7``.
-* jinja2 from version ``2.9.5`` to ``2.10``.
-* pathlib2 from version ``2.1.0`` to ``2.3.2``.
-* parse from version ``2.8.0`` to ``2.8.4``.
-* pexpect from version ``2.5.2`` to ``2.6.0``.
-* requests from version ``2.18.4`` to ``2.19.1``.
-* idna from version ``2.6`` to ``2.7``.
-* certifi from version ``2018.1.16`` to ``2018.4.16``.
-* packaging from version ``16.8`` to ``17.1``.
-* six from version ``1.10.0`` to ``1.11.0``.
-* requirementslib from version ``0.2.0`` to ``1.0.1``. 
-
-In addition, scandir was vendored and patched to avoid importing host system binaries when falling back to pathlib2.
@@ -1 +0,0 @@
-Added error handling functionality to properly cope with single-digit ``Requires-Python`` metatdata with no specifiers.
@@ -1 +0,0 @@
-``pipenv update`` will now always run the resolver and lock before ensuring your dependencies are in sync with your lockfile.
@@ -1,2 +0,0 @@
-Resolved a bug in our patched resolvers which could cause nondeterministic resolution failures in certain conditions.
-Running ``pipenv install`` with no arguments in a project with only a ``Pipfile`` will now correctly lock first for dependency resolution before installing.
@@ -1 +0,0 @@
-Pipenv will now generate hashes much more quickly by resolving them in a single pass during locking.
@@ -1,2 +0,0 @@
-Updated mocked pypi dependencies.
-Removed ellipsis and em-dash characters from terminal output.
@@ -1 +0,0 @@
-``pipenv run`` will now avoid spawning additional ``COMSPEC`` instances to run commands in when possible.``
@@ -1 +0,0 @@
-Patched ``python-dotenv`` to ensure that environment variables always get encoded to the filesystem encoding.
@@ -1 +0,0 @@
-Patched ``python-dotenv`` to ensure that environment variables always get encoded to the filesystem encoding.
@@ -1 +0,0 @@
-Massive internal improvements to requirements parsing codebase, resolver, and error messaging.
@@ -0,0 +1 @@
+Fixed a logic error which caused ``--deploy --system`` to overwrite editable vcs packages in the pipfile before installing, which caused any installation to fail by default.
@@ -0,0 +1 @@
+Updated requirementslib to fix an issue with properly quoting markers in VCS requirements.
@@ -0,0 +1 @@
+Updated requirementslib to fix an issue with properly quoting markers in VCS requirements.
@@ -1 +0,0 @@
-Added release tasks for maintainers.
@@ -2,4 +2,4 @@
 #   //   ) ) / / //   ) ) //___) ) //   ) ) ||  / /
 #  //___/ / / / //___/ / //       //   / /  || / /
 # //       / / //       ((____   //   / /   ||/ /
-__version__ = '2018.6.0.dev0'
+__version__ = '2018.6.26.dev0'
@@ -694,6 +694,12 @@ def run(command, args, three=None, python=False):
    default=False,
    help="Given a code path, show potentially unused dependencies.",
 )
+@option(
+    '--ignore',
+    '-i',
+    multiple=True,
+    help="Ignore specified vulnerability during safety checks."
+)
@argument('args', nargs=-1)
 def check(
    three=None,
@@ -701,12 +707,17 @@ def check(
    system=False,
    unused=False,
    style=False,
+    ignore=None,
    args=None,
 ):
    from .core import do_check
-
    do_check(
-        three=three, python=python, system=system, unused=unused, args=args
+        three=three,
+        python=python,
+        system=system,
+        unused=unused,
+        ignore=ignore,
+        args=args
    )


@@ -617,7 +617,7 @@ def ensure_project(
    # Automatically use an activated virtualenv.
    if PIPENV_USE_SYSTEM:
        system = True
-    if not project.pipfile_exists:
+    if not project.pipfile_exists and not deploy:
        project.touch_pipfile()
    # Skip virtualenv creation when --system was used.
    if not system:
@@ -911,7 +911,6 @@ def do_create_virtualenv(python=None, site_packages=False):
            '-m',
            'pipenv.pew',
            'new',
-            project.virtualenv_name,
            '-d',
            '-a',
            project.project_directory,
@@ -929,6 +928,8 @@ def do_create_virtualenv(python=None, site_packages=False):
        err=True,
    )
    cmd = cmd + ['-p', python]
+    if not project.is_venv_in_project():
+        cmd = cmd + ['--', project.virtualenv_name]
    # Actually create the virtualenv.
    with spinner():
        try:
@@ -1061,7 +1062,7 @@ def do_lock(
                u'{0} {1} {2}'.format(
                    crayons.normal('Locking'),
                    crayons.red('[{0}]'.format(settings['log_string'])),
-                    crayons.normal('dependencies…'),
+                    crayons.normal('dependencies...'),
                ),
                err=True,
            )
@@ -1268,7 +1269,8 @@ def do_init(
                cleanup_virtualenv(bare=False)
                sys.exit(1)
    # Ensure the Pipfile exists.
-    ensure_pipfile(system=system)
+    if not deploy:
+        ensure_pipfile(system=system)
    if not requirements_dir:
        cleanup_reqdir = True
        requirements_dir = TemporaryDirectory(
@@ -1845,7 +1847,7 @@ def do_install(
        error, traceback = None, None
        click.echo(
            crayons.normal(
-                u'Requirements file provided! Importing into Pipfile...¦',
+                u'Requirements file provided! Importing into Pipfile...',
                bold=True,
            ),
            err=True,
@@ -1915,7 +1917,8 @@ def do_install(
        package_name = False
    # Install editable local packages before locking - this gives us access to dist-info
    if project.pipfile_exists and (
-        not project.lockfile_exists or not project.virtualenv_exists
+        # double negatives are for english readability, leave them alone.
+        (not project.lockfile_exists and not deploy) or (not project.virtualenv_exists and not system)
    ):
        section = project.editable_packages if not dev else project.editable_dev_packages
        for package in section.keys():
@@ -1952,7 +1955,7 @@ def do_install(
            except KeyError:
                pass
    # Install all dependencies, if none was provided.
-    # This basically ensures that we have a pipfile and lockfile, then it locks and 
+    # This basically ensures that we have a pipfile and lockfile, then it locks and
    # installs from the lockfile
    if package_name is False:
        # Update project settings with pre preference.
@@ -1972,7 +1975,7 @@ def do_install(
            pypi_mirror=pypi_mirror,
        )

-    # This is for if the user passed in dependencies, then we want to maek sure we 
+    # This is for if the user passed in dependencies, then we want to maek sure we
    else:
        for package_name in package_names:
            click.echo(
@@ -2338,7 +2341,7 @@ def do_run(command, args, three=None, python=False):
        do_run_posix(script, command=command)


-def do_check(three=None, python=False, system=False, unused=False, args=None):
+def do_check(three=None, python=False, system=False, unused=False, ignore=None, args=None):
    if not system:
        # Ensure that virtualenv is available.
        ensure_project(three=three, python=python, validate=False, warn=False)
@@ -2409,9 +2412,14 @@ def do_check(three=None, python=False, system=False, unused=False, args=None):
        python = which('python')
    else:
        python = system_which('python')
+    if ignore:
+        ignored = '--ignore {0}'.format('--ignore '.join(ignore))
+        click.echo(crayons.normal('Notice: Ignoring CVE(s) {0}'.format(crayons.yellow(', '.join(ignore)))), err=True)
+    else:
+        ignored = ''
    c = delegator.run(
-        '"{0}" {1} check --json --key=1ab8d58f-5122e025-83674263-bc1e79e0'.format(
-            python, escape_grouped_arguments(path)
+        '"{0}" {1} check --json --key=1ab8d58f-5122e025-83674263-bc1e79e0 {2}'.format(
+            python, escape_grouped_arguments(path), ignored
        )
    )
    try:
@@ -2564,6 +2572,8 @@ def do_sync(
    unused=False,
    sequential=False,
    pypi_mirror=None,
+    system=False,
+    deploy=False,
 ):
    # The lock file needs to exist because sync won't write to it.
    if not project.lockfile_exists:
@@ -2576,8 +2586,8 @@ def do_sync(
        )
        sys.exit(1)

-    # Ensure that virtualenv is available.
-    ensure_project(three=three, python=python, validate=False)
+    # Ensure that virtualenv is available if not system.
+    ensure_project(three=three, python=python, validate=False, deploy=deploy)

    # Install everything.
    requirements_dir = TemporaryDirectory(
@@ -2590,6 +2600,8 @@ def do_sync(
        requirements_dir=requirements_dir,
        ignore_pipfile=True,    # Don't check if Pipfile and lock match.
        pypi_mirror=pypi_mirror,
+        deploy=deploy,
+        system=system,
    )
    requirements_dir.cleanup()
    click.echo(crayons.green('All dependencies are now up-to-date!'))
@@ -19,7 +19,6 @@ from .._compat import (
    PyPI,
    InstallRequirement,
    SafeFileCache,
-    InstallationError,
 )

 from pipenv.patched.notpip._vendor.packaging.requirements import InvalidRequirement, Requirement
@@ -27,6 +26,7 @@ from pipenv.patched.notpip._vendor.packaging.version import Version, InvalidVers
 from pipenv.patched.notpip._vendor.packaging.specifiers import SpecifierSet, InvalidSpecifier, Specifier
 from pipenv.patched.notpip._vendor.packaging.markers import Marker, Op, Value, Variable
 from pipenv.patched.notpip._vendor.pyparsing import ParseException
+from pipenv.patched.notpip._internal.exceptions import InstallationError

 from ..cache import CACHE_DIR
 from pipenv.environments import PIPENV_CACHE_DIR
@@ -278,13 +278,16 @@ class PyPIRepository(BaseRepository):
            if ireq.editable:
                try:
                    dist = ireq.get_dist()
+                except InstallationError:
+                    ireq.run_egg_info()
+                    dist = ireq.get_dist()
+                except (TypeError, ValueError, AttributeError):
+                    pass
+                else:
                    if dist.has_metadata('requires.txt'):
                        setup_requires = self.finder.get_extras_links(
                            dist.get_metadata_lines('requires.txt')
                        )
-                except (TypeError, ValueError, AttributeError):
-                    pass
-
            try:
                # Pip < 9 and below
                reqset = RequirementSet(
@@ -856,11 +856,6 @@ def path_to_url(path):
    return Path(normalize_drive(os.path.abspath(path))).as_uri()


-def get_converted_relative_path(path, relative_to=os.curdir):
-    """Given a vague relative path, return the path relative to the given location"""
-    return os.path.join('.', os.path.relpath(path, start=relative_to))
-
-
 def walk_up(bottom):
    """Mimic os.walk, but walk 'up' instead of down the directory tree.
    From: https://gist.github.com/zdavkeos/1098474
@@ -1,5 +1,5 @@
 # -*- coding=utf-8 -*-
-__version__ = "1.0.5.dev0"
+__version__ = "1.0.6"


 from .exceptions import RequirementError
@@ -649,7 +649,7 @@ class Requirement(object):
    @property
    def markers_as_pip(self):
        if self.markers:
-            return "; {0}".format(self.markers)
+            return "; {0}".format(self.markers.replace('"', "'"))

        return ""

@@ -2,6 +2,7 @@
 from __future__ import absolute_import
 import logging
 import os
+import posixpath
 import six

 from itertools import product
@@ -60,20 +61,25 @@ def is_vcs(pipfile_entry):


 def get_converted_relative_path(path, relative_to=os.curdir):
-    """Given a vague relative path, return the path relative to the given location"""
+    """Convert `path` to be relative.
+
+    Given a vague relative path, return the path relative to the given
+    location.
+
+    This performs additional conversion to ensure the result is of POSIX form,
+    and starts with `./`, or is precisely `.`.
+    """
    start = Path(relative_to)
    try:
        start = start.resolve()
    except OSError:
        start = start.absolute()
-    path = start.joinpath(".", path).relative_to(start)
-    # Normalize these to use forward slashes even on windows
-    if os.name == "nt":
-        relpath = os.altsep.join([".", path.as_posix()])
-    relpath = os.sep.join([".", path.as_posix()])
-    if relpath in ['./.', '.\\.']:
-        relpath = '.'
-    return relpath
+    path = start.joinpath(path).relative_to(start)
+
+    relpath_s = posixpath.normpath(path.as_posix())
+    if not (relpath_s == "." or relpath_s.startswith("./")):
+        relpath_s = posixpath.join(".", relpath_s)
+    return relpath_s


 def multi_split(s, split):
@@ -27,7 +27,7 @@ requests==2.19.1
    idna==2.7
    urllib3==1.23
    certifi==2018.4.16
-requirementslib==1.0.4
+requirementslib==1.0.6
    attrs==18.1.0
    distlib==0.2.7
    packaging==17.1
@@ -104,7 +104,7 @@ setup(
    author='Kenneth Reitz',
    author_email='me@kennethreitz.org',
    url='https://github.com/pypa/pipenv',
-    packages=find_packages(exclude=['tests']),
+    packages=find_packages(exclude=['tests', 'tasks']),
    entry_points={
        'console_scripts': [
            'pipenv=pipenv:cli',
@@ -116,6 +116,7 @@ setup(
        '': ['LICENSE', 'NOTICES'],
        "pipenv.vendor.requests": ["*.pem"],
        "pipenv.vendor.certifi": ["*.pem"],
+        "pipenv.vendor.click_completion": ["*.j2"],
        "pipenv.patched.notpip._vendor.certifi": ["*.pem"],
        "pipenv.patched.notpip._vendor.requests": ["*.pem"],
        "pipenv.patched.notpip._vendor.distlib._backport": ["sysconfig.cfg"],
@@ -58,11 +58,11 @@ def generate_changelog(ctx, commit=False, draft=False):
    if draft:
        commit = False
        log('Writing draft to file...')
-        ctx.run('towncrier --draft > CHANGELOG.rst')
+        ctx.run('towncrier --draft > CHANGELOG.draft.rst')
    if commit:
        ctx.run('towncrier')
        log('Committing...')
-        ctx.run('git add .')
+        ctx.run('git add CHANGELOG.rst')
        ctx.run('git commit -m "Update changelog."')


@@ -77,7 +77,7 @@ def tag_version(ctx, push=False):


@invoke.task
-def bump_version(ctx, dry_run=False, increment=True, release=False, dev=False, pre=False, tag=None, clear=False):
+def bump_version(ctx, dry_run=False, increment=True, release=False, dev=False, pre=False, tag=None, clear=False, commit=False,):
    current_version = Version.parse(__version__)
    today = datetime.date.today()
    next_month_number = today.month + 1 if today.month != 12 else 1
@@ -111,3 +111,6 @@ def bump_version(ctx, dry_run=False, increment=True, release=False, dev=False, p
    else:
        log('Updating to: %s' % new_version.normalize())
        version_file.write_text(file_contents.replace(__version__, str(new_version.normalize())))
+        if commit:
+            log('Committing...')
+            ctx.run('git commit -s -m "Bumped version."')
@@ -19,7 +19,7 @@ index 4e6174c..75f9b49 100644
 # NOTE
 # We used to store the cache dir under ~/.pip-tools, which is not the
 diff --git a/pipenv/patched/piptools/repositories/pypi.py b/pipenv/patched/piptools/repositories/pypi.py
-index 1c4b943..07cd667 100644
+index 1c4b943..c4e5b0e 100644
 --- a/pipenv/patched/piptools/repositories/pypi.py
 +++ b/pipenv/patched/piptools/repositories/pypi.py
@@ -4,6 +4,7 @@ from __future__ import (absolute_import, division, print_function,
@@ -38,7 +38,6 @@ index 1c4b943..07cd667 100644
 +    PyPI,
 +    InstallRequirement,
 +    SafeFileCache,
-+    InstallationError,
 )
 
 +from pip._vendor.packaging.requirements import InvalidRequirement, Requirement
@@ -46,6 +45,7 @@ index 1c4b943..07cd667 100644
 +from pip._vendor.packaging.specifiers import SpecifierSet, InvalidSpecifier, Specifier
 +from pip._vendor.packaging.markers import Marker, Op, Value, Variable
 +from pip._vendor.pyparsing import ParseException
+from pip._internal.exceptions import InstallationError
 +
 from ..cache import CACHE_DIR
 +from pipenv.environments import PIPENV_CACHE_DIR
@@ -223,10 +223,11 @@ index 1c4b943..07cd667 100644
         """
         Given a pinned or an editable InstallRequirement, returns a set of
         dependencies (also InstallRequirements, but not necessarily pinned).
-@@ -155,6 +270,20 @@ class PyPIRepository(BaseRepository):
+@@ -155,7 +270,24 @@ class PyPIRepository(BaseRepository):
                     os.makedirs(download_dir)
             if not os.path.isdir(self._wheel_download_dir):
                 os.makedirs(self._wheel_download_dir)
+-
 +            # Collect setup_requires info from local eggs.
 +            # Do this after we call the preparer on these reqs to make sure their
 +            # egg info has been created
@@ -235,16 +236,20 @@ index 1c4b943..07cd667 100644
 +            if ireq.editable:
 +                try:
 +                    dist = ireq.get_dist()
+                except InstallationError:
+                    ireq.run_egg_info()
+                    dist = ireq.get_dist()
+                except (TypeError, ValueError, AttributeError):
+                    pass
+                else:
 +                    if dist.has_metadata('requires.txt'):
 +                        setup_requires = self.finder.get_extras_links(
 +                            dist.get_metadata_lines('requires.txt')
 +                        )
-+                except (TypeError, ValueError, AttributeError):
-+                    pass
- 
             try:
                 # Pip < 9 and below
-@@ -164,11 +293,14 @@ class PyPIRepository(BaseRepository):
+                 reqset = RequirementSet(
+@@ -164,11 +296,14 @@ class PyPIRepository(BaseRepository):
                     download_dir=download_dir,
                     wheel_download_dir=self._wheel_download_dir,
                     session=self.session,
@@ -261,7 +266,7 @@ index 1c4b943..07cd667 100644
                 )
             except TypeError:
                 # Pip >= 10 (new resolver!)
-@@ -188,17 +320,97 @@ class PyPIRepository(BaseRepository):
+@@ -188,17 +323,97 @@ class PyPIRepository(BaseRepository):
                     finder=self.finder,
                     session=self.session,
                     upgrade_strategy="to-satisfy-only",
@@ -362,7 +367,7 @@ index 1c4b943..07cd667 100644
         return set(self._dependencies_cache[ireq])
 
     def get_hashes(self, ireq):
-@@ -217,24 +429,22 @@ class PyPIRepository(BaseRepository):
+@@ -217,24 +432,22 @@ class PyPIRepository(BaseRepository):
         # We need to get all of the candidates that match our current version
         # pin, these will represent all of the files that could possibly
         # satisfy this constraint.
@@ -82,7 +82,14 @@ def test_pipenv_graph_reverse(PipenvInstance, pypi):
 def test_pipenv_check(PipenvInstance, pypi):
    with PipenvInstance(pypi=pypi) as p:
        p.pipenv('install requests==1.0.0')
-        assert 'requests' in p.pipenv('check').out
+        c = p.pipenv('check')
+        assert c.return_code != 0
+        assert 'requests' in c.out
+        p.pipenv('uninstall requests')
+        p.pipenv('install six')
+        c = p.pipenv('check --ignore 35015')
+        assert c.return_code == 0
+        assert 'Ignoring' in c.err


@pytest.mark.cli
@@ -276,7 +276,11 @@ def test_requirements_to_pipfile(PipenvInstance, pypi):
@pytest.mark.install
@pytest.mark.requirements
 def test_skip_requirements_when_pipfile(PipenvInstance, pypi):
+    """Ensure requirements.txt is NOT imported when

+    1. We do `pipenv install [package]`
+    2. A Pipfile already exists when we run `pipenv install`.
+    """
    with PipenvInstance(chdir=True, pypi=pypi) as p:
        with open('requirements.txt', 'w') as f:
            f.write('requests==2.18.1\n')
@@ -308,9 +312,8 @@ def test_clean_on_empty_venv(PipenvInstance, pypi):

@pytest.mark.install
 def test_install_does_not_extrapolate_environ(PipenvInstance, pypi):
-    """This test is deisgned to make sure that pipenv ignores requirements.txt files
-    for projects that already exist (already have a Pipfile) as well as for times when a
-    package name is passed in to the install command."""
+    """Ensure environment variables are not expanded in lock file.
+    """
    with temp_environ(), PipenvInstance(pypi=pypi, chdir=True) as p:
        os.environ['PYPI_URL'] = pypi.url

@@ -348,9 +351,11 @@ def test_editable_no_args(PipenvInstance):
@pytest.mark.install
@pytest.mark.virtualenv
 def test_install_venv_project_directory(PipenvInstance, pypi):
-    """Test pew's project functionality during virtualenv creation.  Since .venv
-    virtualenvs are not created with pew, we need to swap to a workon_home based
-    virtualenv for this test"""
+    """Test pew's project functionality during virtualenv creation.
+
+    Since .venv virtualenvs are not created with pew, we need to swap to a
+    workon_home based virtualenv for this test.
+    """
    with PipenvInstance(pypi=pypi, chdir=True) as p:
        with temp_environ(), TemporaryDirectory(prefix='pipenv-', suffix='temp_workon_home') as workon_home:
            os.environ['WORKON_HOME'] = workon_home.name
@@ -20,8 +20,7 @@ from flaky import flaky
    ['-e .[dev]', {'testpipenv': {'path': '.', 'editable': True, 'extras': ['dev']}}]
 ])
 def test_local_extras_install(PipenvInstance, pypi, line, pipfile):
-    """Test -e .[extras] installs... note that the extras themselves
-    are currently not landing in the lockfile for reasons that are unclear.
+    """Ensure -e .[extras] installs.
    """
    with PipenvInstance(pypi=pypi, chdir=True) as p:
        project = Project()
@@ -2,11 +2,20 @@

 XXX: Try our best to reduce tests in this file.
 """
+import os
+from tempfile import gettempdir, mkdtemp
+
+import mock
+import pytest

 from pipenv.core import activate_virtualenv
 from pipenv.project import Project
 from pipenv.vendor import delegator
-import pytest
+
+try:
+    from pathlib import Path
+except ImportError:
+    from pipenv.vendor.pathlib2 import Path


@pytest.mark.code
@@ -92,3 +101,26 @@ def test_proper_names_unamanged_virtualenv(PipenvInstance, pypi):
        assert c.return_code == 0
        project = Project()
        assert project.proper_names == []
+
+
+@pytest.mark.cli
+def test_directory_with_leading_dash(PipenvInstance):
+    def mocked_mkdtemp(suffix, prefix, dir):
+        if suffix == '-project':
+            temp_dir = Path(gettempdir()) / '-dir-with-leading-dash'
+            temp_dir.mkdir()
+            return str(temp_dir)
+        else:
+            return mkdtemp(suffix, prefix, dir)
+
+    with mock.patch('pipenv._compat.mkdtemp', side_effect=mocked_mkdtemp):
+        with PipenvInstance(chdir=True) as p:
+            # This environment variable is set in the context manager and will
+            # cause pipenv to use virtualenv, not pew.
+            del os.environ['PIPENV_VENV_IN_PROJECT']
+            p.pipenv('--python python')
+            venv_path = p.pipenv('--venv').out.strip()
+            assert os.path.isdir(venv_path)
+            # Manually clean up environment, since PipenvInstance assumes that
+            # the virutalenv is in the project directory.
+            p.pipenv('--rm')
@@ -220,32 +220,6 @@ class TestUtils:
        assert pipenv.utils.is_valid_url(url)
        assert pipenv.utils.is_valid_url(not_url) is False

-    @pytest.mark.utils
-    @pytest.mark.parametrize(
-        'input_path, expected',
-        [
-            ('artifacts/file.zip', './artifacts/file.zip'),
-            ('./artifacts/file.zip', './artifacts/file.zip'),
-            ('../otherproject/file.zip', './../otherproject/file.zip'),
-        ],
-    )
-    @pytest.mark.skipif(os.name == 'nt', reason='Nix-based file paths tested')
-    def test_nix_converted_relative_path(self, input_path, expected):
-        assert pipenv.utils.get_converted_relative_path(input_path) == expected
-
-    @pytest.mark.utils
-    @pytest.mark.parametrize(
-        'input_path, expected',
-        [
-            ('artifacts/file.zip', '.\\artifacts\\file.zip'),
-            ('./artifacts/file.zip', '.\\artifacts\\file.zip'),
-            ('../otherproject/file.zip', '.\\..\\otherproject\\file.zip'),
-        ],
-    )
-    @pytest.mark.skipif(os.name != 'nt', reason='Windows-based file paths tested')
-    def test_win_converted_relative_path(self, input_path, expected):
-        assert pipenv.utils.get_converted_relative_path(input_path) == expected
-
    @pytest.mark.utils
    def test_download_file(self):
        url = "https://github.com/kennethreitz/pipenv/blob/master/README.rst"
				`@@ -1 +0,0 @@`
				Pipenv-created virtualenvs will now be associated with a ``.project`` folder (features can be implemented on top of this later or users may choose to use ``pipenv-pipes`` to take full advantage of this.)
				`@@ -1 +0,0 @@`
				`Massive internal improvements to requirements parsing codebase, resolver, and error messaging.`
				`@@ -1 +0,0 @@`
				Pipenv will now parse & capitalize ``platform_python_implementation`` markers.
				`@@ -1 +0,0 @@`
				Fixed a bug with parsing and grouping old-style ``setup.py`` extras during resolution
				`@@ -1 +0,0 @@`
				`Fixed a bug causing pipenv graph to throw unhelpful exceptions when running against empty or non-existent environments.`
				`@@ -1 +0,0 @@`
				`Virtualenv names will now appear in prompts for most Windows users.`
				`@@ -1 +0,0 @@`
				`Added support for cmder shell paths with spaces.`
				`@@ -1 +0,0 @@`
				Fixed a bug which caused ``--system`` to incorrectly abort when users were in a virtualenv.
				`@@ -1 +0,0 @@`
				`Added an invoke task to generate patches against vendored dependencies.`
				`@@ -1 +0,0 @@`
				Removed vendored ``cacert.pem`` which could cause issues for some users with custom certificate settings.