Add name key to sources

Newer versions of `pipenv` require any specified `sources` to be
explicitly `name`'d.

More context here: pypa/pipenv#5370 (comment)

This has been true since at least Sept 2022. Our version of `pipenv` was
from April of 2022, so it didn't complain. But that means most of our
active users of `pipenv` are unlikely to see this error if they're
running a newer version of `pipenv`.

Nevertheless, we may want to add custom error handling to flag this
missing key as a `Dependabot::DependencyFileNotResolvable` error.

For now, this commit merely adds the missing key to try to get CI green
again. If we see this error happening routinely in production, then we
can add additional handling for it.

python/lib/dependabot/python/file_updater/pipfile_preparer.rb

@@ -132,9 +132,17 @@ def sub_auth_url(source, credentials)
 
         def config_variable_sources(credentials)
           @config_variable_sources ||=
-            credentials.
-            select { |cred| cred["type"] == "python_index" }.
-            map { |c| { "url" => AuthedUrlBuilder.authed_url(credential: c) } }
+            credentials.select { |cred| cred["type"] == "python_index" }.
+            map do |c|
+              {
+                "url" => AuthedUrlBuilder.authed_url(credential: c),
+                # TODO: There may be multiple sources, so they have to be unique.
+                # However, this will also show up in the Pipfile.lock, so if that gets included in the PR
+                # then it'll need to be deterministic to prevent changing on every PR.
+                # Regardless, need to update `pipfile_preparer_spec` tests to ensure this "name" key is present
+                "name" => "dependabot-inserted-index-#{SecureRandom.alphanumeric(5)}"
+              }
+            end
         end
       end
     end

python/spec/dependabot/python/file_updater/pipfile_preparer_spec.rb

@@ -178,7 +178,7 @@
       it "keeps source config" do
         expect(updated_content).to include(
           "[[source]]\n" \
-          "name = \"pypi\"\n" \
+          "name = \"internal-pypi\"\n" \
           "url = \"https://username:password@pypi.posrip.com/pypi/\"\n" \
           "verify_ssl = true\n"
         )

python/spec/fixtures/pipfile_files/arbitrary_equality

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/conflict_at_current

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/conflict_at_latest

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/environment_variable_source

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/${ENV_VAR}"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/exact_version

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/extra_subdependency

@@ -1,7 +1,7 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
-name = "pypi"
 
 [packages]
 flask = "==1.0.*"

python/spec/fixtures/pipfile_files/git_source

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/git_source_bad_ref

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/git_source_no_ref

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/git_source_unreachable

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/hard_names

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/not_in_lockfile

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/only_dev

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/path_dependency

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/path_dependency_not_self

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/private_source

@@ -1,4 +1,5 @@
 [[source]]
+name = "internal-pypi"
 url = "https://some.internal.registry.com/pypi/"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/private_source_auth

@@ -1,7 +1,7 @@
 [[source]]
+name = "internal-pypi"
 url = "https://${ENV_USER}:${ENV_PASSWORD}@pypi.posrip.com/pypi/"
 verify_ssl = true
-name = "pypi"
 
 [dev-packages]
 pytest = "==3.4.0"

python/spec/fixtures/pipfile_files/prod_and_dev

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/prod_and_dev_different

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/required_python

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/required_python_implicit

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/required_python_invalid

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/required_python_unsupported

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/unparseable

@@ -1,8 +1,7 @@
 [[source]]
-
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
-name = "pypi"
 
 [dev-packages]
 

python/spec/fixtures/pipfile_files/unsupported_dep

@@ -1,7 +1,7 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
-name = "pypi"
 
 [packages]
 requests = "==2.18.0"

python/spec/fixtures/pipfile_files/version_hash

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/version_not_specified

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/version_not_specified.lock

@@ -1,12 +1,13 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "c402ea48092e9d467af51a483bb8dd8ad0620e11c94f009dcd433f97a99d45db"
+            "sha256": "e76ae491d793d659f05c7f7eab261fd6167dc062efcba08f17be68e73eb87665"
         },
         "pipfile-spec": 6,
         "requires": {},
         "sources": [
             {
+                "name": "this-key-probably-will-show-up-if-regenerating-lockfiles",
                 "url": "https://pypi.org/simple",
                 "verify_ssl": true
             }

python/spec/fixtures/pipfile_files/version_table

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/wildcard

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/with_quotes

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
 

python/spec/fixtures/pipfile_files/yanked

@@ -1,4 +1,5 @@
 [[source]]
+name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true