New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unreachable pyup.io leads to failing `pipenv check` #2825

Closed
l0b0 opened this Issue Sep 5, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@l0b0

l0b0 commented Sep 5, 2018

I'm working on a project which has been running a lot of pipenv checks (possibly on the order of hundreds of requests per day). I think we've been throttled at the network level, because this command now results in messages like this:

Connection to pyup.io timed out. (connect timeout=5)

curl pyup.io can't reach the site, but torify curl pyup.io (that is, via a proxy) works, and dig pyup.io returns the same IP as SSL Labs detects, so it's definitely restricted to somewhere between this network and that site.

I've changed our process to run pipenv check much less often, but would it be possible to detect or avoid this issue in pipenv? Ideas:

  • Configuring our own API key so we can reliably stay below any limits.
  • Suggesting solutions when the connection times out.
  • Configurable caching of the security issues database. I realize this is probably a very risky move since security issues may have to be fixed within hours, but it could be useful for people who for process reasons end up running a lot of checks.

PS: The recommended forum for these requests returns HTTP 404.

@uranusjr

This comment has been minimized.

Member

uranusjr commented Sep 5, 2018

Allowing user configuration may be the simplest way to go. You can set it to something else (default to our built-in key if not set), or (maybe) a special value to disable pyup checks completely. At least the first part would be fairly straightforward, and contributions would be welcomed :)

@techalchemy

This comment has been minimized.

Member

techalchemy commented Nov 4, 2018

Since we have merged #2835 I believe we can close this one out, thanks for the report / hope the fix works for your use case!

@techalchemy techalchemy closed this Nov 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment