I am having issues with Pipenv. I run pipenv install --dev in order to install some dependencies from a Pipfile within my project. Upon running this command, Pipenv generates an MD5 hash for a certain dependency. The error is saying that MD5 is not supported yet still generates it. I have not set any configurations on my local machine or in any configuration file. I cannot seem to pinpoint this issue. Any help is greatly appreciated.
[pipenv.exceptions.InstallError]: pip: error: Allowed hash algorithms for --hash are sha256, sha384, sha512.
Pipfile.lock
{
"_meta": {
"hash": {
"sha256": "7e0f1d75f7df19f9500f55bd2f1da163cb4a8c7f485aab61c521d70e3865a507"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.6"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"certain-dependency": {
"hashes": [
"md5:8faf2e4ff85c34b5d0c000c017f81f52",
"md5:1508a7f05b17d292f7890b8c58a451cf",
],
"version": "==11.10.20"
}
}
}
Try clearing your pipenv cache:
Make sure your dependencies actually do resolve. If you’re confident they are, you may need to clear your resolver cache. Run the following command:
pipenv lock --clearand try again.
If this does not work, try manually deleting the whole cache directory. It is usually one of the following locations:
~/Library/Caches/pipenv(macOS)%LOCALAPPDATA%\pipenv\pipenv\Cache(Windows)~/.cache/pipenv(other operating systems)
While the current release of pipenv only accepts sha256 hashes, it loads package URLs from a cache and writes those cached URLs' hashes to Pipfile.lock. If those cached hashes are md5 hashes from previously-installed packages, pipenv uses those values as-is without verifying that they are sha256/FAVORITE_HASH.
Clearing the cache and re-locking will cause pipenv to cache miss and re-fetch package URLs which end in sha256 hashes, and write them to Pipfile.lock as you'd hope, and prevent you from running into the issue again.