pipenv check fails to complete, errors with KeyError

[shaneikennedy]

Issue description

Running pipenv check i get the following output

❯ pipenv check
Checking PEP 508 requirements...
Passed!
Checking Pipfile.lock packages for vulnerabilities...
ERROR:pipenv.patched.safety.cli:Unexpected Exception happened: 'idna'
Traceback (most recent call last):
  File "/Users/shane.kennedy/.pyenv/versions/3.11.8/lib/python3.11/site-packages/pipenv/patched/safety/cli.py", line 145, in check
    vulns, db_full = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_vulns=ignore,
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/shane.kennedy/.pyenv/versions/3.11.8/lib/python3.11/site-packages/pipenv/patched/safety/util.py", line 614, in new_func
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "/Users/shane.kennedy/.pyenv/versions/3.11.8/lib/python3.11/site-packages/pipenv/patched/safety/safety.py", line 345, in check
    for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
  File "/Users/shane.kennedy/.pyenv/versions/3.11.8/lib/python3.11/site-packages/pipenv/patched/safety/safety.py", line 231, in get_vulnerabilities
    for entry in db[pkg]:
                 ~~^^^^^
KeyError: 'idna'
Unhandled exception happened: 'idna'

Expected result

I don't know why idna is key-erroring in the first place (I can run pipenv open idna and it puts me in the package directory so I know it's installed properly) BUT i would expect a key error to be handled, for the program to finish executing and for any errors to be reported afterwards

Actual result

Program doesn't finish, KeyError

[th2zz]

same here, I am using Python 3.9 with
pipenv, version 2022.12.19, still getting same key error after upgrading to latest version

[matteius]

Could you check main branch? I recently refactored that code away from pkg_resources and it would be good to understand if this is still an issue for the upcoming release.

[shaneikennedy]

Yeah it's working when I pip uninstall pipenv -y && pip install git+https://github.com/pypa/pipenv.git && pipenv check 👍

[michaelg-baringa]

I'm getting this as well and its blocking our pipelines

[matteius]

@michaelg-baringa if its working on main, you may need to update your pipelines to use the main repository. Unfortunately I am not sure what would have broke in the check DB with the existing integration, and we have some major code changes in the next release but we aren't ready to push the release button yet because there are some additional things to be included.

[michaelg-baringa]

Thanks, it started working again after about 2 hours, quite strange. Then it correctly started flagging the idna vulnerability so we think it was maybe the database missing the record for a bit while the vulnerability was added?

[matteius]

Its possible -- I think I will close this for now because the check db is maintained by pyup and hosted in S3, so probably there was a glitch.