Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Your API Key is invalid #4188

Closed
tucked opened this issue Apr 11, 2020 · 27 comments · Fixed by #4196
Closed

Your API Key is invalid #4188

tucked opened this issue Apr 11, 2020 · 27 comments · Fixed by #4196
Labels
Category: CLI Issue relates to the CLI Priority: Critical This issue is critical and affects usability or core functionality. Type: Bug 🐛 This issue is a bug. Type: Regression This issue is a regression of a previous behavior. Type: Release Blocker Must be resolved before the next release can be cut. Type: Vendored Dependencies This issue affects vendored dependencies within pipenv.

Comments

@tucked
Copy link
Contributor

tucked commented Apr 11, 2020

$ pipenv check
Checking PEP 508 requirements…
Passed!
Checking installed package safety…
An error occurred:
Your API Key '1ab8d58f-5122e025-83674263-bc1e79e0' is invalid. See https://goo.gl/O7Y1rS

2020-04-11T10:08:05-0700 exit 1

I can provide pipenv --support if necessary.

@techalchemy
Copy link
Member

Thanks for the report -- We had received the ok from the pyup team to include the API key in pipenv, so I'm not sure why it's been revoked, though I suspect this is going to cause some pain for a lot of users. /cc @pyupio @jayfk (related context: #1651) -- was this intentional? How would you like us to move forward?

@jayfk
Copy link

jayfk commented Apr 13, 2020

@Jwomers is now taking care of pyup.io with the help of @harlekeyn and @rafaelpivato. ccd

@Ochirgarid
Copy link

The same issue is occurring for me. Looking forward for the fix.

@alekpikl
Copy link

I have the same issue. Looking forward to the fix! :)
Thanks!

@kasioumis
Copy link

Is there a way to temporarily ignore this with pipenv check --ignore [something]?

@joaokrabbe
Copy link

I have the same issue. Looking forward to the fix! :)
Thanks!

@cemsbr
Copy link

cemsbr commented Apr 16, 2020

A workaround is to install safety and use safety check instead of pipenv check.

@pgagnon
Copy link

pgagnon commented Apr 16, 2020

A workaround is to install safety and use safety check instead of pipenv check.

pipenv lock --requirements | safety check --stdin

braxtonmckee added a commit to APrioriInvestments/typed_python that referenced this issue Apr 16, 2020
…) instead of pipenv.

Pipenv is borking out because it depends on an expired api key. See

pypa/pipenv#4188
@techalchemy
Copy link
Member

After a brief conversation with the new pyup.io management, (and it seems others have observed this already) we won't need the API key anymore to connect with pyup.io. So we will remove the API key. In the meantime I believe this can be resolved by simply setting the environment variable PIPENV_PYUP_API_KEY="".

@techalchemy techalchemy added Category: CLI Issue relates to the CLI Priority: Critical This issue is critical and affects usability or core functionality. Type: Bug 🐛 This issue is a bug. Type: Regression This issue is a regression of a previous behavior. Type: Release Blocker Must be resolved before the next release can be cut. Type: Vendored Dependencies This issue affects vendored dependencies within pipenv. and removed triage labels Apr 16, 2020
techalchemy added a commit that referenced this issue Apr 17, 2020
- Update vendored safety package
- Swap to blank pyup API key by default (but allow custom key)
- Slightly improve safety revendoring
- Fixes #4188

Signed-off-by: Dan Ryan <[email protected]>
@kristang
Copy link

kristang commented May 4, 2020

I don't want to to tell the maintainers how to handle issues and fixes, but maybe keep issues open until a fix is actually released. This closed issue gives the impression that the problem has been fixed, even though it has only been merged into master, but not yet released.

@frostming
Copy link
Contributor

@kristang @kasioumis Did you try the latest prerelease version?

@pietrodn
Copy link

pietrodn commented May 4, 2020

I confirm the issue. We are using pipenv 2018.11.26 in production and are getting this error today in CI.
cc @ralbertazzi

@kristang
Copy link

kristang commented May 4, 2020

@kristang @kasioumis Did you try the latest prerelease version?

No, but thank you for the suggestion. I'm hesitant to do so, as it concerns our entire production build setup, and we would like to avoid any pre-releases.

@frostming
Copy link
Contributor

Yeah, I mean it would be helpful if you can test the prerelease, you should wait for the formal release for your production setup.

@pietrodn
Copy link

pietrodn commented May 4, 2020

pipenv check works correctly for me when using pipenv-2020.4.1b1, installed through:

pip3 install --upgrade --pre pipenv

on a macOS system.

@mcallaghan-bsm
Copy link

mcallaghan-bsm commented May 4, 2020

First; tried to update to pipenv latest ... but stable is still:

# pip3 list | grep pip
pip                    20.1
pipenv                 2018.11.26

# pip3 install --upgrade pipenv
...
Requirement already up-to-date: pipenv in /root/.local/share/virtualenvs/app-4PlAip0Q/lib/python3.7/site-packages (2018.11.26)
...

, systems in prod may not want to upgrade to a pre-release ...

Tried workaround to force API key empty, that works

# export PIPENV_PYUP_API_KEY=""
# pipenv check
Checking PEP 508 requirements…
Passed!
Checking installed package safety…
.... (no error) ...

EDIT: tip, suggestion here is to release a fix into the stable branch

@kristang
Copy link

kristang commented May 5, 2020

Yeah, I mean it would be helpful if you can test the prerelease, you should wait for the formal release for your production setup.

Oh, absolutely. I will give it a run. Is there any information you need besides working/not working?

@kristang
Copy link

kristang commented May 5, 2020

2020.4.1b1 works without the environment variable.

Here's some system info:

Windows 10 Enterprise
10.0.18363 Build 18363

λ python --version
Python 3.6.8

λ pip list
Package          Version
---------------- ----------
certifi          2019.11.28
pip              18.1
pipenv           2020.4.1b1
setuptools       40.6.2
virtualenv       16.7.8
virtualenv-clone 0.5.3

theo-o referenced this issue in tjresearch/research-theo_john May 5, 2020
for `pipenv check` pyup.io safety check.

pyup.io recently removed the requirement for a custom
API key for pipenv's safety check, and, until an
upstream pipenv release can be delivered, this is the
suggested workaround. Previously, an error occured during
`pipenv check` since pipenv was using an API key.

See `https://github.com/pypa/pipenv/issues/4188`
@wontonst
Copy link

wontonst commented May 5, 2020

Is there a timeline for when this fix will be released?

@cemsbr
Copy link

cemsbr commented May 6, 2020

It had been solved for me for days, but I'm having this issue again today.

@rafaelpivato
Copy link
Contributor

WORKAROUND for those who cannot upgrade:

export PIPENV_PYUP_API_KEY=""
pipenv check

jdobes added a commit to jdobes/vulnerability-engine that referenced this issue May 13, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
jdobes added a commit to jdobes/vmaas that referenced this issue May 13, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
jdobes added a commit to RedHatInsights/vulnerability-engine that referenced this issue May 13, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
jdobes added a commit to RedHatInsights/vmaas that referenced this issue May 13, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
bport added a commit to enioka-Haute-Couture/pyoupyou that referenced this issue May 14, 2020
needed until new release of pipenv
jdobes added a commit to RedHatInsights/vmaas that referenced this issue May 18, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
jdobes added a commit to RedHatInsights/vmaas that referenced this issue May 20, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
fwojciak pushed a commit to fwojciak/pipenv that referenced this issue May 29, 2020
2020.5.28 (2020-05-28)
======================

Features & Improvements
-----------------------

-   `pipenv install` and `pipenv sync` will no longer attempt to install satisfied dependencies during installation. pypa#3057, pypa#3506
-   Added support for resolution of direct-url dependencies in `setup.py` files to respect `PEP-508` style URL dependencies. pypa#3148
-   Added full support for resolution of all dependency types including direct URLs, zip archives, tarballs, etc.
    -   Improved error handling and formatting.
    -   Introduced improved cross platform stream wrappers for better `stdout` and `stderr` consistency. pypa#3298
-   For consistency with other commands and the `--dev` option description, `pipenv lock --requirements --dev` now emits both default and development dependencies. The new `--dev-only` option requests the previous behaviour (e.g. to generate a `dev-requirements.txt` file). pypa#3316
-   Pipenv will now successfully recursively lock VCS sub-dependencies. pypa#3328
-   Added support for `--verbose` output to `pipenv run`. pypa#3348
-   Pipenv will now discover and resolve the intrinsic dependencies of **all** VCS dependencies, whether they are editable or not, to prevent resolution conflicts. pypa#3368
-   Added a new environment variable, `PIPENV_RESOLVE_VCS`, to toggle dependency resolution off for non-editable VCS, file, and URL based dependencies. pypa#3577
-   Added the ability for Windows users to enable emojis by setting `PIPENV_HIDE_EMOJIS=0`. pypa#3595
-   Allow overriding `PIPENV_INSTALL_TIMEOUT` environment variable (in seconds). pypa#3652
-   Allow overriding `PIP_EXISTS_ACTION` evironment variable (value is passed to pip install). Possible values here: <https://pip.pypa.io/en/stable/reference/pip/#exists-action-option> Useful when you need to `PIP\_EXISTS\_ACTION=i` (ignore existing packages) - great for CI environments, where you need really fast setup. pypa#3738
-   Pipenv will no longer forcibly override `PIP_NO_DEPS` on all vcs and file dependencies as resolution happens on these in a pre-lock step. pypa#3763
-   Improved verbose logging output during `pipenv lock` will now stream output to the console while maintaining a spinner. pypa#3810
-   Added support for automatic python installs via `asdf` and associated `PIPENV_DONT_USE_ASDF` environment variable. pypa#4018
-   Pyenv/asdf can now be used whether or not they are available on PATH. Setting `PYENV_ROOT`/`ASDF_DIR` in a `.env` file allows Pipenv to install an interpreter without any shell customizations, so long as pyenv/asdf is installed. pypa#4245
-   Added `--key` command line parameter for including personal PyUp.io API tokens when running `pipenv check`. pypa#4257

Behavior Changes
----------------

-   Make conservative checks of known exceptions when subprocess returns output, so user won\'t see the whole traceback - just the error. pypa#2553
-   Do not touch Pipfile early and rely on it so that one can do `pipenv sync` without a Pipfile. pypa#3386
-   Re-enable `--help` option for `pipenv run` command. pypa#3844
-   Make sure `pipenv lock -r --pypi-mirror {MIRROR_URL}` will respect the pypi-mirror in requirements output. pypa#4199

Bug Fixes
---------

-   Raise `PipenvUsageError` when \[\[source\]\] does not contain url field. pypa#2373
-   Fixed a bug which caused editable package resolution to sometimes fail with an unhelpful setuptools-related error message. pypa#2722
-   Fixed an issue which caused errors due to reliance on the system utilities `which` and `where` which may not always exist on some
    systems.
-   Fixed a bug which caused periodic failures in python discovery when executables named `python` were not present on the target `$PATH`. pypa#2783
-   Dependency resolution now writes hashes for local and remote files to the lockfile. pypa#3053
-   Fixed a bug which prevented `pipenv graph` from correctly showing all dependencies when running from within `pipenv shell`. pypa#3071
-   Fixed resolution of direct-url dependencies in `setup.py` files to respect `PEP-508` style URL dependencies. pypa#3148
-   Fixed a bug which caused failures in warning reporting when running pipenv inside a virtualenv under some circumstances.
-   Fixed a bug with package discovery when running `pipenv clean`. pypa#3298
-   Quote command arguments with carets (`^`) on Windows to work around unintended shell escapes. pypa#3307
-   Handle alternate names for UTF-8 encoding. pypa#3313
-   Abort pipenv before adding the non-exist package to Pipfile. pypa#3318
-   Don\'t normalize the package name user passes in. pypa#3324
-   Fix a bug where custom virtualenv can not be activated with pipenv shell pypa#3339
-   Fix a bug that `--site-packages` flag is not recognized. pypa#3351
-   Fix a bug where `pipenv --clear` is not working pypa#3353
-   Fix unhashable type error during `$ pipenv install --selective-upgrade` pypa#3384
-   Dependencies with direct `PEP508` compliant VCS URLs specified in their `install_requires` will now be successfully locked during the resolution process. pypa#3396
-   Fixed a keyerror which could occur when locking VCS dependencies in
    some cases. pypa#3404
-   Fixed a bug that `ValidationError` is thrown when some fields are missing in source section. pypa#3427
-   Updated the index names in lock file when source name in Pipfile is changed. pypa#3449
-   Fixed an issue which caused `pipenv install --help` to show duplicate entries for `--pre`. pypa#3479
-   Fix bug causing `[SSL: CERTIFICATE_VERIFY_FAILED]` when Pipfile `[[source]]` has `verify_ssl=false` and url with custom port. pypa#3502
-   Fix `sync --sequential` ignoring `pip install` errors and logs. pypa#3537
-   Fix the issue that lock file can\'t be created when `PIPENV_PIPFILE` is not under working directory. pypa#3584
-   Pipenv will no longer inadvertently set `editable=True` on all vcs dependencies. pypa#3647
-   The `--keep-outdated` argument to `pipenv install` and `pipenv lock` will now drop specifier constraints when encountering editable dependencies.
    -   In addition, `--keep-outdated` will retain specifiers that would otherwise be dropped from any entries that have not been updated. pypa#3656
-   Fixed a bug which sometimes caused pipenv to fail to respect the `--site-packages` flag when passed with `pipenv install`. pypa#3718
-   Normalize the package names to lowercase when comparing used and in-Pipfile packages. pypa#3745
-   `pipenv update --outdated` will now correctly handle comparisons between pre/post-releases and normal releases. pypa#3766
-   Fixed a `KeyError` which could occur when pinning outdated VCS dependencies via `pipenv lock --keep-outdated`. pypa#3768
-   Resolved an issue which caused resolution to fail when encountering poorly formatted `python_version` markers in `setup.py` and `setup.cfg` files. pypa#3786
-   Fix a bug that installation errors are displayed as a list. pypa#3794
-   Update `pythonfinder` to fix a problem that `python.exe` will be mistakenly chosen for virtualenv creation under WSL. pypa#3807
-   Fixed several bugs which could prevent editable VCS dependencies from being installed into target environments, even when reporting
    successful installation. pypa#3809
-   `pipenv check --system` should find the correct Python interpreter when `python` does not exist on the system. pypa#3819
-   Resolve the symlinks when the path is absolute. pypa#3842
-   Pass `--pre` and `--clear` options to `pipenv update --outdated`. pypa#3879
-   Fixed a bug which prevented resolution of direct URL dependencies which have PEP508 style direct url VCS sub-dependencies with
    subdirectories. pypa#3976
-   Honor `PIPENV_SPINNER` environment variable pypa#4045
-   Fixed an issue with `pipenv check` failing due to an invalid API key from `pyup.io`. pypa#4188
-   Fixed a bug which caused versions from VCS dependencies to be included in `Pipfile.lock` inadvertently. pypa#4217
-   Fixed a bug which caused pipenv to search non-existent virtual environments for `pip` when installing using `--system`. pypa#4220
-   `Requires-Python` values specifying constraint versions of python starting from `1.x` will now be parsed successfully. pypa#4226
-   Fix a bug of `pipenv update --outdated` that can\'t print output correctly. pypa#4229
-   Fixed a bug which caused pipenv to prefer source distributions over wheels from `PyPI` during the dependency resolution phase. Fixed an issue which prevented proper build isolation using `pep517` based builders during dependency resolution. pypa#4231
-   Don\'t fallback to system Python when no matching Python version is found. pypa#4232

Vendored Libraries
------------------

- Updated `pip_shims` to support `--outdated` with new pip versions. pypa#3766
- Update vendored dependencies and invocations
  - Update vendored and patched dependencies
  - Update patches on `piptools`, `pip`, `pip-shims`, `tomlkit`
  - Fix invocations of dependencies
  - Fix custom `InstallCommand` instantiation
  - Update `PackageFinder` usage
  - Fix `Bool` stringify attempts from `tomlkit`
  - Updated vendored dependencies:
    -   **attrs**: `18.2.0 => `19.1.0`
    -   **certifi**: `2018.10.15 => `2019.3.9`
    -   **cached\_property**: `1.4.3 => `1.5.1`
    -   **cerberus**: `1.2.0 => `1.3.1`
    -   **click**: `7.0.0 => `7.1.1`
    -   **click-completion**: `0.5.0 => `0.5.1`
    -   **colorama**: `0.3.9 => `0.4.3`
    -   **contextlib2**: `(new) => `0.6.0.post1`
    -   **distlib**: `0.2.8 => `0.2.9`
    -   **funcsigs**: `(new) => `1.0.2`
    -   **importlib\_metadata** `1.3.0 => `1.5.1`
    -   **importlib-resources**: `(new) => `1.4.0`
    -   **idna**: `2.7 => `2.9`
    -   **jinja2**: `2.10.0 => `2.11.1`
    -   **markupsafe**: `1.0 => `1.1.1`
    -   **more-itertools**: `(new) => `5.0.0`
    -   **orderedmultidict**: `(new) => `1.0`
    -   **packaging**: `18.0 => `19.0`
    -   **parse**: `1.9.0 => `1.15.0`
    -   **pathlib2**: `2.3.2 => `2.3.3`
    -   **pep517**: `(new) => `0.5.0`
    -   **pexpect**: `4.6.0 => `4.8.0`
    -   **pip-shims**: `0.2.0 => `0.5.1`
    -   **pipdeptree**: `0.13.0 => `0.13.2`
    -   **pyparsing**: `2.2.2 => `2.4.6`
    -   **python-dotenv**: `0.9.1 => `0.10.2`
    -   **pythonfinder**: `1.1.10 => `1.2.2`
    -   **pytoml**: `(new) => `0.1.20`
    -   **requests**: `2.20.1 => `2.23.0`
    -   **requirementslib**: `1.3.3 => `1.5.4`
    -   **scandir**: `1.9.0 => `1.10.0`
    -   **shellingham**: `1.2.7 => `1.3.2`
    -   **six**: `1.11.0 => `1.14.0`
    -   **tomlkit**: `0.5.2 => `0.5.11`
    -   **urllib3**: `1.24 => `1.25.8`
    -   **vistir**: `0.3.0 => `0.5.0`
    -   **yaspin**: `0.14.0 => `0.14.3`
    -   **zipp**: `0.6.0`
    - Removed vendored dependency **cursor**. pypa#4169

-   Add and update vendored dependencies to accommodate `safety` vendoring:
    -   **safety** `(none)` => `1.8.7`
    -   **dparse** `(none)` => `0.5.0`
    -   **pyyaml** `(none)` => `5.3.1`
    -   **urllib3** `1.25.8` => `1.25.9`
    -   **certifi** `2019.11.28` => `2020.4.5.1`
    -   **pyparsing** `2.4.6` => `2.4.7`
    -   **resolvelib** `0.2.2` => `0.3.0`
    -   **importlib-metadata** `1.5.1` => `1.6.0`
    -   **pip-shims** `0.5.1` => `0.5.2`
    -   **requirementslib** `1.5.5` => `1.5.6` pypa#4188

-   Updated vendored `pip` => `20.0.2` and `pip-tools` => `5.0.0`. pypa#4215
-   Updated vendored dependencies to latest versions for security and bug fixes:
    -   **requirementslib** `1.5.8` => `1.5.9`
    -   **vistir** `0.5.0` => `0.5.1`
    -   **jinja2** `2.11.1` => `2.11.2`
    -   **click** `7.1.1` => `7.1.2`
    -   **dateutil** `(none)` => `2.8.1`
    -   **backports.functools\_lru\_cache** `1.5.0` => `1.6.1`
    -   **enum34** `1.1.6` => `1.1.10`
    -   **toml** `0.10.0` => `0.10.1`
    -   **importlib\_resources** `1.4.0` => `1.5.0` pypa#4226
-   Changed attrs import path in vendored dependencies to always import from `pipenv.vendor`. pypa#4267

Improved Documentation
----------------------

-   Added documenation about variable expansion in `Pipfile` entries. pypa#2317
-   Consolidate all contributing docs in the rst file pypa#3120
-   Update the out-dated manual page. pypa#3246
-   Move CLI docs to its own page. pypa#3346
-   Replace (non-existant) video on docs index.rst with equivalent gif. pypa#3499
-   Clarify wording in Basic Usage example on using double quotes to escape shell redirection pypa#3522
-   Ensure docs show navigation on small-screen devices pypa#3527
-   Added a link to the TOML Spec under General Recommendations & Version Control to clarify how Pipfiles should be written. pypa#3629
-   Updated the documentation with the new `pytest` entrypoint. pypa#3759
-   Fix link to GIF in README.md demonstrating Pipenv\'s usage, and add descriptive alt text. pypa#3911
-   Added a line describing potential issues in fancy extension. pypa#3912
-   Documental description of how Pipfile works and association with Pipenv. pypa#3913
-   Clarify the proper value of `python_version` and `python_full_version`. pypa#3914
-   Write description for `--deploy` extension and few extensions differences. pypa#3915
-   More documentation for `.env` files pypa#4100
-   Updated documentation to point to working links. pypa#4137
-   Replace docs.pipenv.org with pipenv.pypa.io pypa#4167
-   Added functionality to check spelling in documentation and cleaned up existing typographical issues. pypa#4209
jdobes added a commit to jdobes/vulnerability-engine that referenced this issue Jun 2, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
jdobes added a commit to jdobes/vulnerability-engine that referenced this issue Jun 8, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
jdobes added a commit to RedHatInsights/vulnerability-engine that referenced this issue Jun 8, 2020
pypa/pipenv#4188

PIPENV_PYUP_API_KEY= can be removed when pipenv-2020.X.X is released
@SPH73
Copy link

SPH73 commented Jul 14, 2020

If anyone is still struggling I ran:

pip3 install pipenv

I already had pipenv 2020.6.2-py2.py3 installed so returned that it was 'already satisfied' but after that, when I launched the environment again and ran
pipenv check Checking PEP508 requirements returned Passed! and Checking installed package safety returned All good!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Category: CLI Issue relates to the CLI Priority: Critical This issue is critical and affects usability or core functionality. Type: Bug 🐛 This issue is a bug. Type: Regression This issue is a regression of a previous behavior. Type: Release Blocker Must be resolved before the next release can be cut. Type: Vendored Dependencies This issue affects vendored dependencies within pipenv.
Projects
None yet
Development

Successfully merging a pull request may close this issue.