pip fails to resolve multiple dependencies

[mluypaert]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

pip

Package manager version

pip-compile 7.4.1

Language version

Python 3.12(.3)

Manifest location and content before the Dependabot update

https://github.com/alliance-genome/agr_pavi/blob/856e6bb5933c00ad475db0023746445a66b24b4f/api/tests/requirements.txt
https://github.com/alliance-genome/agr_pavi/blob/main/api/pyproject.toml

dependabot.yml content

https://github.com/alliance-genome/agr_pavi/blob/856e6bb5933c00ad475db0023746445a66b24b4f/.github/dependabot.yml

Updated dependency

mypy from 1.13.0 to 1.14.1
smart-open[s3] from 7.0.5 to 7.1.0

What you expected to see, versus what you actually saw

Dependabot should be able to propose a PR to update mypy from 1.13(.0) to 1.14(.1), and to update smart-open from 7.0(.5) to 7.1(.0). Dependabot config has not been updated and dependabot used to be able to propose updates for both packages in the past.

Native package manager behavior

Successful updates.

Images of the diff or a link to the PR, issue, or logs

Likely related to changes introduced in merged dependabot PR https://github.com/dependabot/dependabot-core/pull/11305/files#diff-e97dac51f6d0eb39115b1c017916def375cd4cfe8743bea989f9b1d8e04ff791, released as dependabot v0.293.0.

Dependabot run mypy update error:

updater | 2025/01/20 09:23:45 INFO <job_950382875> Updating mypy from 1.13.0 to 1.14.1
updater | 2025/01/20 09:23:45 INFO <job_950382875> Started process PID: 1940 with command: pyenv exec python3 /opt/python/run.py
  proxy | 2025/01/20 09:23:47 [075] WARN: Cannot handshake client pypi.org:443 local error: tls: bad record MAC
updater | 2025/01/20 09:23:47 INFO <job_950382875> Process PID: 1940 completed with status: pid 1940 exit 1
2025/01/20 09:23:47 INFO <job_950382875> Total execution time: 1.23 seconds
updater | 2025/01/20 09:23:47 WARN <job_950382875> Traceback (most recent call last):
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 1319, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
    ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
              encode_chunked=req.has_header('Transfer-encoding'))
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1336, in request
    self._send_request(method, url, body, headers, encode_chunked)
    ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1382, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
    ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1331, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
    ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1091, in _send_output
    self.send(msg)
    ~~~~~~~~~^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1035, in send
    self.connect()
    ~~~~~~~~~~~~^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1477, in connect
    self.sock = self._context.wrap_socket(self.sock,
                ~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^
                                          server_hostname=server_hostname)
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        sock=sock,
        ^^^^^^^^^^
    ...<5 lines>...
        session=session
        ^^^^^^^^^^^^^^^
    )
    ^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/ssl.py", line 1076, in _create
    self.do_handshake()
    ~~~~~~~~~~~~~~~~~^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/ssl.py", line 1372, in do_handshake
    self._sslobj.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1018)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/python/run.py", line 18, in <module>
    print(hasher.get_dependency_hash(*args["args"]))
          ~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
  File "/opt/python/lib/hasher.py", line 11, in get_dependency_hash
    hashes = hashin.get_package_hashes(
        dependency_name,
    ...<2 lines>...
        index_url=index_url
    )
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/site-packages/hashin.py", line 654, in get_package_hashes
    data = get_package_data(package, index_url, verbose)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/site-packages/hashin.py", line 582, in get_package_data
    content = json.loads(_download(url))
                         ~~~~~~~~~^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/site-packages/hashin.py", line 60, in _download
    r = urlopen(url)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 189, in urlopen
    return opener.open(url, data, timeout)
           ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 489, in open
    response = self._open(req, data)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 506, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
                              '_open', req)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 466, in _call_chain
    result = func(*args)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 1367, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
           ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                        context=self._context)
                        ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 1322, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1018)>

Dependabot smart-open update error:

updater | 2025/01/20 09:23:52 INFO <job_950382875> Updating smart-open[s3] from 7.0.5 to 7.1.0
updater | 2025/01/20 09:23:52 INFO <job_950382875> Started process PID: 2076 with command: pyenv exec python3 /opt/python/run.py
  proxy | 2025/01/20 09:23:53 [201] WARN: Cannot handshake client pypi.org:443 local error: tls: bad record MAC
updater | 2025/01/20 09:23:53 INFO <job_950382875> Process PID: 2076 completed with status: pid 2076 exit 1
2025/01/20 09:23:53 INFO <job_950382875> Total execution time: 1.26 seconds
updater | 2025/01/20 09:23:53 WARN <job_950382875> Traceback (most recent call last):
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 1319, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
    ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
              encode_chunked=req.has_header('Transfer-encoding'))
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1336, in request
    self._send_request(method, url, body, headers, encode_chunked)
    ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1382, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
    ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1331, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
    ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1091, in _send_output
    self.send(msg)
    ~~~~~~~~~^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1035, in send
    self.connect()
    ~~~~~~~~~~~~^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/http/client.py", line 1477, in connect
    self.sock = self._context.wrap_socket(self.sock,
                ~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^
                                          server_hostname=server_hostname)
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        sock=sock,
        ^^^^^^^^^^
    ...<5 lines>...
        session=session
        ^^^^^^^^^^^^^^^
    )
    ^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/ssl.py", line 1076, in _create
    self.do_handshake()
    ~~~~~~~~~~~~~~~~~^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/ssl.py", line 1372, in do_handshake
    self._sslobj.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1018)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/python/run.py", line 18, in <module>
    print(hasher.get_dependency_hash(*args["args"]))
          ~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
  File "/opt/python/lib/hasher.py", line 11, in get_dependency_hash
    hashes = hashin.get_package_hashes(
        dependency_name,
    ...<2 lines>...
        index_url=index_url
    )
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/site-packages/hashin.py", line 654, in get_package_hashes
    data = get_package_data(package, index_url, verbose)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/site-packages/hashin.py", line 582, in get_package_data
    content = json.loads(_download(url))
                         ~~~~~~~~~^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/site-packages/hashin.py", line 60, in _download
    r = urlopen(url)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 189, in urlopen
    return opener.open(url, data, timeout)
           ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 489, in open
    response = self._open(req, data)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 506, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
                              '_open', req)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 466, in _call_chain
    result = func(*args)
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 1367, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
           ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                        context=self._context)
                        ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/.pyenv/versions/3.13.1/lib/python3.13/urllib/request.py", line 1322, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1018)>
  proxy | 2025/01/20 09:23:53 [203] POST /update_jobs/950382875/record_update_job_error
2025/01/20 09:23:53 [203] 204 /update_jobs/950382875/record_update_job_error
updater | 2025/01/20 09:23:53 INFO <job_950382875> Handled error whilst updating smart-open[s3]: dependency_file_not_resolvable {:message=>"Error resolving dependency."}
  proxy | 2025/01/20 09:23:53 [205] POST /update_jobs/950382875/record_ecosystem_meta
2025/01/20 09:23:53 [205] 204 /update_jobs/950382875/record_ecosystem_meta

Smallest manifest that reproduces the issue

https://github.com/alliance-genome/agr_pavi/blob/856e6bb5933c00ad475db0023746445a66b24b4f/api/aws_infra/tests/requirements.txt

[hartwork]

I think it's worth repeating error "Error resolving dependency." verbatim here, maybe even worth putting that into the title.

An what's particularly important to mention is that this issue blocks (or delays) Django security updates, at least the part where Dependabot would normally help out with a pull request.

Here's how users see the issue (if helpful):

Would be great to have that fixed. Thanks for all the time Dependabot was working well, it's an invaluable tool 🙏

---

PS: The issue affects (at least) two repositories of mine:

GitHub Repository: https://github.com/hartwork/jawanndenn/

• Version Update Job: https://github.com/hartwork/jawanndenn/network/updates/951421641
• Actions Run: https://github.com/hartwork/jawanndenn/actions/runs/12892921378/job/35948222890
• Log (attached): dependabot-jawanndenn-log.txt

GitHub Repository: https://github.com/hartwork/wnpp.debian.net/

• Version Update Job: https://github.com/hartwork/wnpp.debian.net/network/updates/951421763
• Actions Run: https://github.com/hartwork/wnpp.debian.net/actions/runs/12892926582/job/35948241563
• Log (attached): dependabot-wnpp-debian-net-log.txt

[hartwork]

PS: I'm also just noticing that Dependabot was already failing for two weeks without notifying anyone:

(from https://github.com/hartwork/wnpp.debian.net/network/updates/8399467/jobs)