Unreachable pyup.io leads to failing `pipenv check`
See original GitHub issueI’m working on a project which has been running a lot of pipenv check
s (possibly on the order of hundreds of requests per day). I think we’ve been throttled at the network level, because this command now results in messages like this:
Connection to pyup.io timed out. (connect timeout=5)
curl pyup.io
can’t reach the site, but torify curl pyup.io
(that is, via a proxy) works, and dig pyup.io
returns the same IP as SSL Labs detects, so it’s definitely restricted to somewhere between this network and that site.
I’ve changed our process to run pipenv check
much less often, but would it be possible to detect or avoid this issue in pipenv
? Ideas:
- Configuring our own API key so we can reliably stay below any limits.
- Suggesting solutions when the connection times out.
- Configurable caching of the security issues database. I realize this is probably a very risky move since security issues may have to be fixed within hours, but it could be useful for people who for process reasons end up running a lot of checks.
PS: The recommended forum for these requests returns HTTP 404.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:7 (2 by maintainers)
Top Results From Across the Web
pipenv Changelog - PyUp.io
PyUp actively tracks 474,740 Python packages for vulnerabilities to keep your ... Fixed an issue with ``pipenv check`` failing due to an invalid...
Read more >Advanced Usage of Pipenv - Read the Docs
This will fail a build if the Pipfile.lock is out–of–date, instead of generating a new one. Or you can install packages exactly as...
Read more >pipenv Documentation - Read the Docs
Fixed an issue with pipenv check failing due to an invalid API key from pyup.io. #4188. • Fixed a bug which caused versions...
Read more >pipenv check - Fig
Checks for PyUp Safety security vulnerabilities and against PEP 508 markers provided in Pipfile.
Read more >How to fix locking failed in pipenv? - Stack Overflow
Here are my debugging notes. Still not sure which package is causing the problem, but this does seem to fix it.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hmm… I couldn’t really figure out what’s wrong. But when running
pipenv check
it fails butsafety check
succeedsIs this really a good workaround? You don’t want your pipeline security checks “false passing”.
(of note, our workaround is that we have our CI jobs “allow fail = true” which converts the gitlab job into a WARNING instead, therefore not blocking the entirety of the pipeline – this way the TRUTH is reported still, but does not block development during outages)