Bump pipenv from 2023.8.28 to 2023.9.8 in /python/helpers

Bumps [pipenv](https://github.com/pypa/pipenv) from 2023.8.28 to 2023.9.8. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.md) - [Commits](pypa/pipenv@v2023.8.28...v2023.9.8) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-minor ... Upgrade required the following changes: * Move GitDependencyReferenceNotFound regexp match to happen earlier so that the error does not get miscategorized as a generic resolution error. * Adapt the GitDependenciesNotReachable regexp to match what pipenv now runs. * Adapt the regexp to catch installation errors to be multiline, since the error is now wrapped across multiple lines, and make sure to pass the `--verbose` flag to `pipenv lock`, since the error is now hidden behind that flag. Signed-off-by: dependabot[bot] <[email protected]>
dependabot · Nov 2, 2023 · 2b77a75 · 2b77a75
1 parent c947610
commit 2b77a75
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 21 deletions.
diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
@@ -2,7 +2,7 @@ pip==23.3.1
 pip-tools==7.3.0
 flake8==6.1.0
 hashin==0.17.0
-pipenv==2023.8.28
+pipenv==2023.9.8
 pipfile==0.0.2
 poetry==1.6.1
 

diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
@@ -19,11 +19,11 @@ module Dependabot
   module Python
     class UpdateChecker
       class PipenvVersionResolver
-        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none --quiet (?<url>[^\s]+).*/
         GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
         PIPENV_INSTALLATION_ERROR = "python setup.py egg_info exited with 1"
         PIPENV_INSTALLATION_ERROR_REGEX =
-          /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/
+          /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/m
 
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
 
@@ -90,6 +90,19 @@ def handle_pipenv_errors(error)
             raise DependencyFileNotResolvable, msg
           end
 
+          if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
+            tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
+            # Unfortunately the error message doesn't include the package name.
+            # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
+            raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
+          end
+
+          if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
+                       .named_captures.fetch("url")
+            raise GitDependenciesNotReachable, url
+          end
+
           if error.message.include?("Could not find a version") || error.message.include?("ResolutionFailure")
             check_original_requirements_resolvable
           end
@@ -119,19 +132,6 @@ def handle_pipenv_errors(error)
             return if error.message.match?(/#{Regexp.quote(dependency.name)}/i)
           end
 
-          if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
-            tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
-            # Unfortunately the error message doesn't include the package name.
-            # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
-            raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
-          end
-
-          if error.message.match?(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-            url = error.message.match(GIT_DEPENDENCY_UNREACHABLE_REGEX)
-                       .named_captures.fetch("url")
-            raise GitDependenciesNotReachable, url
-          end
-
           raise unless error.message.include?("could not be resolved")
         end
         # rubocop:enable Metrics/CyclomaticComplexity
@@ -178,10 +178,6 @@ def handle_pipenv_errors_resolving_original_reqs(error)
             raise DependencyFileNotResolvable, msg
           end
 
-          # NOTE: Pipenv masks the actual error, see this issue for updates:
-          # https://github.com/pypa/pipenv/issues/2791
-          # TODO: This may no longer be reproducible on latest pipenv, see linked issue,
-          # so investigate when we next bump to newer pipenv...
           handle_pipenv_installation_error(error.message) if error.message.match?(PIPENV_INSTALLATION_ERROR_REGEX)
 
           # Raise an unhandled error, as this could be a problem with

diff --git a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
@@ -373,7 +373,7 @@
         expect { subject }
           .to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
             expect(error.message).to include(
-              "ERROR:pip.subprocessor:[present-rich] python setup.py egg_info exited with 1"
+              "ERROR:pip.subprocessor: python setup.py egg_info exited with 1"
             )
           end
       end