fix: restore ability for snyk fix to make network requests [FIX-138] (#…

…4742) * fix: restore ability for snyk fix to make network requests This required an update to the python-fix packages to reset the environment variables provided to the subshell executing the python package managers. * chore: update CODEOWNERS of snyk-fix package * chore: add acceptance test for snyk fix * chore: check for pipenv or skip test * fix: update pipenv install command
snyk · Jul 17, 2023 · ef4b1d7 · ef4b1d7
1 parent de19bca
commit ef4b1d7
Show file tree

Hide file tree

Showing 8 changed files with 769 additions and 74 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -78,6 +78,7 @@ commands:
           name: Installing sdks and tools
           command: |
             brew install go gradle python elixir composer gradle@6 maven sbt
+            python3 -m pip install pipenv --user
 
   install_sdks_linux:
     steps:
@@ -108,6 +109,7 @@ commands:
             jq
 
             pip install awscli --upgrade --user
+            pip install pipenv --user
 
             echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" | sudo tee /etc/apt/sources.list.d/sbt.list
             echo "deb https://repo.scala-sbt.org/scalasbt/debian /" | sudo tee /etc/apt/sources.list.d/sbt_old.list
@@ -249,6 +251,7 @@ jobs:
           name: Installing Node.js + other test dependencies
           command: |
             apk add --update nodejs npm bash maven git go gradle python3 py3-pip elixir composer
+            pip3 install pipenv
       - run:
           name: Configuring artifact
           command: << parameters.test_snyk_command >> config set "api=${SNYK_API_KEY}"

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,7 +1,7 @@
 *  @snyk/hammerhead @snyk/snyk-open-source
 
 # monorepo packages
-packages/snyk-fix/ @snyk/tech-services
+packages/snyk-fix/ @snyk/fix
 packages/snyk-protect/ @snyk/hammerhead
 packages/cli-alert/ @snyk/hammerhead
 packages/iac-cli-alert/ @snyk/cloud-dev-ex

diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/snyk-fix/package.json b/packages/snyk-fix/package.json
@@ -37,8 +37,8 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@snyk/dep-graph": "^1.21.0",
-    "@snyk/fix-pipenv-pipfile": "0.6.0",
-    "@snyk/fix-poetry": "0.8.3",
+    "@snyk/fix-pipenv-pipfile": "^0.7.1",
+    "@snyk/fix-poetry": "^0.9.1",
     "chalk": "4.1.1",
     "debug": "^4.3.1",
     "lodash.groupby": "4.6.0",

diff --git a/test/fixtures/snyk-fix-pipenv/Pipfile b/test/fixtures/snyk-fix-pipenv/Pipfile
@@ -0,0 +1,12 @@
+[[source]]
+url = "https://pypi.org/simple/"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+pylint = "==2.6.0"
+toml = "==0.10.1"
+
+[dev-packages]
+
+[requires]
diff --git a/test/fixtures/snyk-fix-pipenv/Pipfile.lock b/test/fixtures/snyk-fix-pipenv/Pipfile.lock