I recently updated python (3.9.13)/ pip (22.1.2)/ pipenv (2022.9.20) while setting up a new environment for a project. I had an existing Pipfile, using AWS CodeArtifact as the source containing PyPI and our private projects, which had worked in the past:
[[source]]
url = "https://aws:${AUTH}@${CODEARTIFACT_URI}"
verify_ssl = true
[packages]
boto3 = "*"
...
[dev-packages]
pytest = "*"
...
[requires]
python_version = "3.9"
On running pipenv sync --dev, I received a stack trace ending with:
pipenv.vendor.plette.models.base.ValidationError: {'url': 'https://aws:${AUTH}@${CODEARTIFACT_URI}', 'verify_ssl': True}
name: required field
Adding a name to the source section fixes it, but I'm trying to understand why. I was reading the Advanced use of Pipenv documentation. It says Should you wish to use an alternative default index other than PyPI: simply do not specify PyPI as one of the sources in your Pipfile which is what we do. I'm curious if this is a new validation in a newer version of Pipenv, or if we are doing something incorrectly, since I still see Pipfiles out there with only a url and verify_ssl specified.
This was answered by @matteius over on https://github.com/pypa/pipenv/discussions/5370:
We converted to plette which is more strict, primarily because we have access to make modifications to that library, which we need to do for named package categories (slated for October 🤞). Plette already requires url, verify_url and name be supplied per each source entered, hence it is more strict than Pipfile was. It is good practice anyway to name your sources, because while the first source is the default install source for all unspecified packages, to specify any other index would require a name. From the sound of it we need to update the documentation (which is quiet true in a number of ways).