From db597112d1dec577d24dd3a3ef04f45ad5982e08 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 21:00:14 +0000
Subject: [PATCH 1/4] Bump pipenv from 2022.4.8 to 2023.7.23 in /python/helpers

Bumps [pipenv](https://github.com/pypa/pipenv) from 2022.4.8 to 2023.7.23.
- [Release notes](https://github.com/pypa/pipenv/releases)
- [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/pipenv/compare/v2022.4.8...v2023.7.23)

---
updated-dependencies:
- dependency-name: pipenv
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 python/helpers/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt
index 98528c79702..57a31bc433f 100644
--- a/python/helpers/requirements.txt
+++ b/python/helpers/requirements.txt
@@ -1,7 +1,7 @@
 pip==23.2.0
 pip-tools==7.2.0
 hashin==0.17.0
-pipenv==2022.4.8
+pipenv==2023.7.23
 pipfile==0.0.2
 poetry==1.5.1
 

From 8eb9381f9a3d1b10f99720ce99b4b9adb652eef4 Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Wed, 9 Aug 2023 11:59:53 -0700
Subject: [PATCH 2/4] error message changed for git dep unreachable

Old error format:
```
ERROR:pip.subprocessor:Command errored out with exit status 128:\n command: git clone -q https://github.com/user/django.git
```

New format:
```
ERROR:pip.subprocessor:[present-rich] git clone --filter=blob:none https://github.com/user/django.git /tmp/reqlib-src4k0l3qz3/django_56e3fa519acb44ee941b689a515b62fe exited with 128
```

Updated the regex accordingly.
---
 .../dependabot/python/update_checker/pipenv_version_resolver.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
index 634082668c0..54b949f87b8 100644
--- a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
+++ b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
@@ -29,7 +29,7 @@ class UpdateChecker
       # still better than nothing, though.
       class PipenvVersionResolver
         # rubocop:disable Layout/LineLength
-        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?<url>[^\s]+).* /
+        GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
         GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
         PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
                                     " with exit status 1: python setup.py egg_info"

From ce5600a920bb2aad12fa6271bd42c4dae66d5e8b Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Wed, 9 Aug 2023 12:13:59 -0700
Subject: [PATCH 3/4] Match new Git reference not found error message format

The format of this error message changed.

Old message:
```
ERROR:pip.subprocessor:Command errored out with exit status 1:
 command: git checkout -q v15.1.2
      cwd: /tmp/pipenv-4y8m31vy-src/pythonfinder
Complete output (1 lines):
error: pathspec 'v15.1.2' did not match any file(s) known to git
<full traceback>
```

New message:
```
ERROR:pip.subprocessor:[present-rich] git checkout -q v15.1.2 exited with 1
<full traceback>
```

So updated the regex to match the new format.

Unfortunately the dependency name is nowhere to be found in the error
message or full traceback, so we can no longer provide the user with
that helpful information.

I'm planning to reach out to the `pipenv` maintainers to see if they'd
be open to exposing that information again in this error message.
---
 .../python/update_checker/pipenv_version_resolver.rb     | 9 +++++----
 .../update_checker/pipenv_version_resolver_spec.rb       | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
index 54b949f87b8..3c88f403191 100644
--- a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
+++ b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
@@ -30,7 +30,7 @@ class UpdateChecker
       class PipenvVersionResolver
         # rubocop:disable Layout/LineLength
         GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
-        GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?<tag>[^\n"]+)\n?[^\n]*/(?<name>.*?)(\\n'\]|$)}m
+        GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
         PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
                                     " with exit status 1: python setup.py egg_info"
         TRACEBACK = "Traceback (most recent call last):"
@@ -189,9 +189,10 @@ def handle_pipenv_errors(error)
           end
 
           if error.message.match?(GIT_REFERENCE_NOT_FOUND_REGEX)
-            name = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).
-                   named_captures.fetch("name")
-            raise GitDependencyReferenceNotFound, name
+            # Unfortunately the error message doesn't include the package name.
+            # TODO: Talk with pipenv maintainers about exposing the package name, it used to be part of the error output
+            tag = error.message.match(GIT_REFERENCE_NOT_FOUND_REGEX).named_captures.fetch("tag")
+            raise GitDependencyReferenceNotFound, "(unknown package at #{tag})"
           end
 
           raise unless error.message.include?("could not be resolved")
diff --git a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
index 29191d654e2..b5b5a246d42 100644
--- a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
+++ b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
@@ -293,7 +293,7 @@
         it "raises a helpful error" do
           expect { subject }.
             to raise_error(Dependabot::GitDependencyReferenceNotFound) do |err|
-              expect(err.dependency).to eq("pythonfinder")
+              expect(err.dependency).to eq("(unknown package at v15.1.2)")
             end
         end
       end

From 52d620f3dc9611ea6bb4d47e31b76108195611da Mon Sep 17 00:00:00 2001
From: Jeff Widman <jeff@jeffwidman.com>
Date: Wed, 9 Aug 2023 15:19:31 -0700
Subject: [PATCH 4/4] `pipenv` renamed internal `patch.notpip` -> `patch.pip`

Upstream `pipenv` renamed their internal patched version of `pip` folder
to be called `patch.pip`:
* https://github.com/pypa/pipenv/pull/5199

So this updates our code as well.
---
 .../python/update_checker/pipenv_version_resolver.rb        | 6 ++----
 .../python/update_checker/pipenv_version_resolver_spec.rb   | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
index 3c88f403191..e58d683fcfd 100644
--- a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
+++ b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb
@@ -28,10 +28,9 @@ class UpdateChecker
       # just raise if the latest version can't be resolved. Knowing that is
       # still better than nothing, though.
       class PipenvVersionResolver
-        # rubocop:disable Layout/LineLength
         GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none (?<url>[^\s]+).*/
         GIT_REFERENCE_NOT_FOUND_REGEX = /git checkout -q (?<tag>[^\s]+).*/
-        PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \
+        PIPENV_INSTALLATION_ERROR = "pipenv.patched.pip._internal.exceptions.InstallationError: Command errored out" \
                                     " with exit status 1: python setup.py egg_info"
         TRACEBACK = "Traceback (most recent call last):"
         PIPENV_INSTALLATION_ERROR_REGEX =
@@ -41,7 +40,6 @@ class PipenvVersionResolver
         UNSUPPORTED_DEP_REGEX =
           /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/
         PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/
-        # rubocop:enable Layout/LineLength
 
         DEPENDENCY_TYPES = %w(packages dev-packages).freeze
 
@@ -260,7 +258,7 @@ def clean_error_message(message)
                   next false if l.start_with?("CRITICAL:")
                   next false if l.start_with?("ERROR:")
                   next false if l.start_with?("packaging.specifiers")
-                  next false if l.start_with?("pipenv.patched.notpip._internal")
+                  next false if l.start_with?("pipenv.patched.pip._internal")
                   next false if l.include?("Max retries exceeded")
 
                   true
diff --git a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
index b5b5a246d42..079ed09a9aa 100644
--- a/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
+++ b/python/spec/dependabot/python/update_checker/pipenv_version_resolver_spec.rb
@@ -114,7 +114,7 @@
         expect { subject }.
           to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
             expect(error.message).to start_with(
-              "CRITICAL:pipenv.patched.notpip._internal.resolution.resolvelib.factory:" \
+              "CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:" \
               "Could not find a version that satisfies the requirement " \
               "pytest==10.4.0"
             )