Bump pipenv from 2023.12.1 to 2024.0.2 in /python/helpers in the pipe…

…nv group across 1 directory (#10609) * Bump pipenv in /python/helpers in the pipenv group across 1 directory Bumps the pipenv group with 1 update in the /python/helpers directory: [pipenv](https://github.com/pypa/pipenv). Updates `pipenv` from 2023.12.1 to 2024.0.2 - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.md) - [Commits](pypa/pipenv@v2023.12.1...v2024.0.2) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-major dependency-group: pipenv ... Signed-off-by: dependabot[bot] <[email protected]> * Fixes issues related with pipenv update --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: sachin-sandhu <[email protected]>
dependabot · Sep 19, 2024 · 9974bc4 · 9974bc4
1 parent ed7cfd6
commit 9974bc4
Show file tree

Hide file tree

Showing 7 changed files with 190 additions and 2 deletions.
diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
@@ -2,7 +2,7 @@ pip==24.0
 pip-tools==7.4.1
 flake8==7.1.0
 hashin==1.0.1
-pipenv==2023.12.1
+pipenv==2024.0.2
 plette==2.1.0
 poetry==1.8.3
 # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10.

diff --git a/python/lib/dependabot/python/file_updater/pipfile_file_updater.rb b/python/lib/dependabot/python/file_updater/pipfile_file_updater.rb
@@ -133,6 +133,8 @@ def prepared_pipfile_content
           content = updated_pipfile_content
           content = add_private_sources(content)
           content = update_python_requirement(content)
+          content = update_ssl_requirement(content, updated_pipfile_content)
+
           content
         end
 
@@ -142,6 +144,12 @@ def update_python_requirement(pipfile_content)
             .update_python_requirement(language_version_manager.python_major_minor)
         end
 
+        def update_ssl_requirement(pipfile_content, parsed_file)
+          Python::FileUpdater::PipfilePreparer
+            .new(pipfile_content: pipfile_content)
+            .update_ssl_requirement(parsed_file)
+        end
+
         def add_private_sources(pipfile_content)
           PipfilePreparer
             .new(pipfile_content: pipfile_content)

diff --git a/python/lib/dependabot/python/file_updater/pipfile_preparer.rb b/python/lib/dependabot/python/file_updater/pipfile_preparer.rb
@@ -39,6 +39,21 @@ def update_python_requirement(requirement)
           TomlRB.dump(pipfile_object)
         end
 
+        def update_ssl_requirement(parsed_file)
+          pipfile_object = TomlRB.parse(pipfile_content)
+          parsed_object = TomlRB.parse(parsed_file)
+
+          # we parse the verify_ssl value from manifest if it exists
+          verify_ssl = parsed_object["source"].map { |x| x["verify_ssl"] }.first
+
+          # provide a default "true" value to file generator in case no value is provided in manifest file
+          pipfile_object["source"].each do |key|
+            key["verify_ssl"] = verify_ssl.nil? ? true : verify_ssl
+          end
+
+          TomlRB.dump(pipfile_object)
+        end
+
         private
 
         attr_reader :pipfile_content

diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
@@ -30,7 +30,7 @@ class PipenvVersionResolver
         PIPENV_INSTALLATION_ERROR_REGEX =
           /[\s\S]*Collecting\s(?<name>.+)\s\(from\s-r.+\)[\s\S]*(#{PIPENV_INSTALLATION_ERROR})/
 
-        PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
+        PIPENV_RANGE_WARNING = /Python version range specifier '(?<ver>.*)' is not supported/
 
         attr_reader :dependency
         attr_reader :dependency_files
@@ -284,6 +284,8 @@ def pipfile_content
           content = pipfile.content
           content = add_private_sources(content)
           content = update_python_requirement(content)
+          content = update_ssl_requirement(content, pipfile.content)
+
           content
         end
 
@@ -293,6 +295,12 @@ def update_python_requirement(pipfile_content)
             .update_python_requirement(language_version_manager.python_major_minor)
         end
 
+        def update_ssl_requirement(pipfile_content, parsed_file)
+          Python::FileUpdater::PipfilePreparer
+            .new(pipfile_content: pipfile_content)
+            .update_ssl_requirement(parsed_file)
+        end
+
         def add_private_sources(pipfile_content)
           Python::FileUpdater::PipfilePreparer
             .new(pipfile_content: pipfile_content)

diff --git a/python/spec/dependabot/python/file_updater/pipfile_file_updater_spec.rb b/python/spec/dependabot/python/file_updater/pipfile_file_updater_spec.rb
@@ -472,6 +472,65 @@
       end
     end
 
+    context "when the Pipfile included an environment variable source" do
+      let(:pipfile_fixture_name) { "environment_variable_verify_ssl_false" }
+      let(:lockfile_fixture_name) { "environment_variable_verify_ssl_false.lock" }
+      let(:credentials) do
+        [
+          Dependabot::Credential.new({
+            "type" => "git_source",
+            "host" => "github.com",
+            "username" => "x-access-token",
+            "password" => "token"
+          }),
+          Dependabot::Credential.new({
+            "type" => "python_index",
+            "index-url" => "https://pypi.org/simple"
+          })
+        ]
+      end
+
+      let(:dependency) do
+        Dependabot::Dependency.new(
+          name: "requests",
+          version: "2.18.4",
+          previous_version: "2.18.0",
+          package_manager: "pip",
+          requirements: [{
+            requirement: "==2.18.4",
+            file: "Pipfile",
+            source: nil,
+            groups: ["default"]
+          }],
+          previous_requirements: [{
+            requirement: "==2.18.0",
+            file: "Pipfile",
+            source: nil,
+            groups: ["default"]
+          }]
+        )
+      end
+
+      it "updates both files correctly" do
+        expect(updated_files.map(&:name)).to eq(%w(Pipfile Pipfile.lock))
+
+        updated_lockfile = updated_files.find { |f| f.name == "Pipfile.lock" }
+        updated_pipfile = updated_files.find { |f| f.name == "Pipfile" }
+        json_lockfile = JSON.parse(updated_lockfile.content)
+
+        expect(updated_pipfile.content)
+          .to include("pypi.org/${ENV_VAR}")
+        expect(json_lockfile["default"]["requests"]["version"])
+          .to eq("==2.18.4")
+        expect(json_lockfile["_meta"]["sources"])
+          .to eq([{ "url" => "https://pypi.org/${ENV_VAR}",
+                    "verify_ssl" => true }])
+        expect(updated_lockfile.content)
+          .not_to include("pypi.org/simple")
+        expect(json_lockfile["develop"]["pytest"]["version"]).to eq("==3.4.0")
+      end
+    end
+
     context "with a requirements.txt" do
       let(:dependency_files) { [pipfile, lockfile, requirements_file] }
 

diff --git a/python/spec/fixtures/pipfile_files/environment_variable_verify_ssl_false b/python/spec/fixtures/pipfile_files/environment_variable_verify_ssl_false
@@ -0,0 +1,10 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/${ENV_VAR}"
+verify_ssl = false
+
+[dev-packages]
+pytest = "==3.4.0"
+
+[packages]
+requests = "==2.18.0"
diff --git a/python/spec/fixtures/pipfile_files/environment_variable_verify_ssl_false.lock b/python/spec/fixtures/pipfile_files/environment_variable_verify_ssl_false.lock
@@ -0,0 +1,88 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "60e573c7eb5986a35673614ffd23a685f76846f0ac9f4fa4a4577377e98545a6"
+        },
+        "pipfile-spec": 6,
+        "requires": {},
+        "sources": [
+            {
+                "url": "https://pypi.org/${ENV_VAR}",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "certifi": {
+            "hashes": [
+                "sha256:14131608ad2fd56836d33a71ee60fa1c82bc9d2c8d98b7bdbc631fe1b3cd1296",
+                "sha256:edbc3f203427eef571f79a7692bb160a2b0f7ccaa31953e99bd17e307cf63f7d"
+            ],
+            "version": "==2018.1.18"
+        },
+        "chardet": {
+            "hashes": [
+                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691",
+                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae"
+            ],
+            "version": "==3.0.4"
+        },
+        "idna": {
+            "hashes": [
+                "sha256:cc19709fd6d0cbfed39ea875d29ba6d4e22c0cebc510a76d6302a28385e8bb70",
+                "sha256:3cb5ce08046c4e3a560fc02f138d0ac63e00f8ce5901a56b32ec8b7994082aab"
+            ],
+            "version": "==2.5"
+        },
+        "requests": {
+            "hashes": [
+                "sha256:5e88d64aa56ac0fda54e77fb9762ebc65879e171b746d5479a33c4082519d6c6",
+                "sha256:cd0189f962787284bff715fddaad478eb4d9c15aa167bd64e52ea0f661e7ea5c"
+            ],
+            "version": "==2.18.0"
+        },
+        "urllib3": {
+            "hashes": [
+                "sha256:8ed6d5c1ff9d6ba84677310060d6a3a78ca3072ce0684cb3c645023009c114b1",
+                "sha256:b14486978518ca0901a76ba973d7821047409d7f726f22156b24e83fd71382a5"
+            ],
+            "version": "==1.21.1"
+        }
+    },
+    "develop": {
+        "attrs": {
+            "hashes": [
+                "sha256:a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450",
+                "sha256:1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9"
+            ],
+            "version": "==17.4.0"
+        },
+        "pluggy": {
+            "hashes": [
+                "sha256:7f8ae7f5bdf75671a718d2daf0a64b7885f74510bcd98b1a0bb420eb9a9d0cff"
+            ],
+            "version": "==0.6.0"
+        },
+        "py": {
+            "hashes": [
+                "sha256:8cca5c229d225f8c1e3085be4fcf306090b00850fefad892f9d96c7b6e2f310f",
+                "sha256:ca18943e28235417756316bfada6cd96b23ce60dd532642690dcfdaba988a76d"
+            ],
+            "version": "==1.5.2"
+        },
+        "pytest": {
+            "hashes": [
+                "sha256:95fa025cd6deb5d937e04e368a00552332b58cae23f63b76c8c540ff1733ab6d",
+                "sha256:6074ea3b9c999bd6d0df5fa9d12dd95ccd23550df2a582f5f5b848331d2e82ca"
+            ],
+            "version": "==3.4.0"
+        },
+        "six": {
+            "hashes": [
+                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb",
+                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9"
+            ],
+            "version": "==1.11.0"
+        }
+    }
+}