From 42321376c954e219494d33d5bb17c9688674ebc0 Mon Sep 17 00:00:00 2001
From: Dan Ryan <dan.ryan@canonical.com>
Date: Sun, 26 Apr 2020 02:50:40 -0400
Subject: [PATCH 1/4] Update documentation to reflect accurate pyup use

- Remove bits about CC-BY-SA licensing
- Remove bits about using an embedded API key
- Add a little flair to the readme to acknowledge pyup

Signed-off-by: Dan Ryan <dan.ryan@canonical.com>
---
 README.md             |  2 ++
 docs/advanced.rst     | 16 ++++++----------
 news/4210.trivial.rst |  1 +
 3 files changed, 9 insertions(+), 10 deletions(-)
 create mode 100644 news/4210.trivial.rst

diff --git a/README.md b/README.md
index f22c6776e8..21b5b3b3ef 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,9 @@ Pipenv: Python Development Workflow for Humans
 [![Azure Pipelines Build Status](https://dev.azure.com/pypa/pipenv/_apis/build/status/Pipenv%20CI?branchName=master)](https://dev.azure.com/pypa/pipenv/_build/latest?definitionId=16&branchName=master)
 [![image](https://img.shields.io/pypi/pyversions/pipenv.svg)](https://python.org/pypi/pipenv)
 
+
 ------------------------------------------------------------------------
+[[ ~ Dependency Scanning by PyUp.io ~ ]](https://pyup.io)
 
 **Pipenv** is a tool that aims to bring the best of all packaging worlds
 (bundler, composer, npm, cargo, yarn, etc.) to the Python world.
diff --git a/docs/advanced.rst b/docs/advanced.rst
index e6e31f62a5..bdbfafbb8c 100644
--- a/docs/advanced.rst
+++ b/docs/advanced.rst
@@ -237,16 +237,12 @@ Example::
 
 .. note::
 
-   In order to enable this functionality while maintaining its permissive
-   copyright license, `pipenv` embeds an API client key for the backend
-   Safety API operated by pyup.io rather than including a full copy of the
-   CC-BY-NC-SA licensed Safety-DB database. This embedded client key is
-   shared across all `pipenv check` users, and hence will be subject to
-   API access throttling based on overall usage rather than individual
-   client usage.
-
-   You can also use your own safety API key by setting the
-   environment variable ``PIPENV_PYUP_API_KEY``.
+   Access to the ``safety`` database happens via an API call which retrieves
+   results which are updated on a monthly basis and made available to the
+   community for free by `pyup.io`.
+
+   For more up-to-date vulnerability data, you may also use your own safety
+   API key by setting the environment variable ``PIPENV_PYUP_API_KEY``.
 
 
 ☤ Community Integrations
diff --git a/news/4210.trivial.rst b/news/4210.trivial.rst
new file mode 100644
index 0000000000..3116af9ed1
--- /dev/null
+++ b/news/4210.trivial.rst
@@ -0,0 +1 @@
+Updated PyUp.io information to reflect current situation.

From f20c9dc688948db2b4dfd0a6a68398c4bf0c6254 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20B=C5=82a=C5=BCejewicz?=
 <peterblazejewicz@users.noreply.github.com>
Date: Sun, 26 Apr 2020 15:44:45 +0200
Subject: [PATCH 2/4] fix(pep425tags): missing package import added

This fixes errors at runtime on Linux ARM:

```py
if platform == "linux_armv7l" and not is_linux_armhf()
```
this triggers a check using `os`, which was not imported, resulting
in runtime error.

Thanks!
---
 pipenv/patched/notpip/_internal/pep425tags.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pipenv/patched/notpip/_internal/pep425tags.py b/pipenv/patched/notpip/_internal/pep425tags.py
index c2a1e346bc..16d041d95d 100644
--- a/pipenv/patched/notpip/_internal/pep425tags.py
+++ b/pipenv/patched/notpip/_internal/pep425tags.py
@@ -3,6 +3,7 @@
 
 import distutils.util
 import logging
+import os
 import platform
 import re
 import sys

From d8be5350060f5d44d50266855a7071d77e33678f Mon Sep 17 00:00:00 2001
From: Dan Ryan <dan.ryan@canonical.com>
Date: Sun, 26 Apr 2020 15:55:20 -0400
Subject: [PATCH 3/4] Update patch for pep425tags to include os import

Signed-off-by: Dan Ryan <dan.ryan@canonical.com>
---
 .../patched/_post-pip-update-pep425tags.patch  | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch b/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch
index 792a94faf3..b552a7b06e 100644
--- a/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch
+++ b/tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch
@@ -1,8 +1,16 @@
 diff --git a/pipenv/patched/notpip/_internal/pep425tags.py b/pipenv/patched/notpip/_internal/pep425tags.py
-index 042ba34b..58decc23 100644
+index 369275a8..16d041d9 100644
 --- a/pipenv/patched/notpip/_internal/pep425tags.py
 +++ b/pipenv/patched/notpip/_internal/pep425tags.py
-@@ -170,8 +170,9 @@ def is_linux_armhf():
+@@ -3,6 +3,7 @@ from __future__ import absolute_import
+ 
+ import distutils.util
+ import logging
++import os
+ import platform
+ import re
+ import sys
+@@ -170,8 +171,9 @@ def is_linux_armhf():
          return False
      # hard-float ABI can be detected from the ELF header of the running
      # process
@@ -13,7 +21,7 @@ index 042ba34b..58decc23 100644
              elf_header_raw = f.read(40)  # read 40 first bytes of ELF header
      except (IOError, OSError, TypeError):
          return False
-@@ -205,7 +206,7 @@ def is_manylinux1_compatible():
+@@ -205,7 +207,7 @@ def is_manylinux1_compatible():
          pass
  
      # Check glibc version. CentOS 5 uses glibc 2.5.
@@ -22,7 +30,7 @@ index 042ba34b..58decc23 100644
  
  
  def is_manylinux2010_compatible():
-@@ -223,7 +224,7 @@ def is_manylinux2010_compatible():
+@@ -223,7 +225,7 @@ def is_manylinux2010_compatible():
          pass
  
      # Check glibc version. CentOS 6 uses glibc 2.12.
@@ -31,7 +39,7 @@ index 042ba34b..58decc23 100644
  
  
  def is_manylinux2014_compatible():
-@@ -249,7 +250,7 @@ def is_manylinux2014_compatible():
+@@ -249,7 +251,7 @@ def is_manylinux2014_compatible():
          pass
  
      # Check glibc version. CentOS 7 uses glibc 2.17.

From a68166af55e885dc097053180137ad9e6ff28c28 Mon Sep 17 00:00:00 2001
From: Dan Ryan <dan@danryan.co>
Date: Tue, 28 Apr 2020 12:19:19 -0400
Subject: [PATCH 4/4] Reword note about pyup

Reword `pipenv check` note in docs

Co-Authored-By: Sumana Harihareswara <sh@changeset.nyc>
---
 docs/advanced.rst | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/advanced.rst b/docs/advanced.rst
index bdbfafbb8c..25bbdf6d60 100644
--- a/docs/advanced.rst
+++ b/docs/advanced.rst
@@ -237,9 +237,12 @@ Example::
 
 .. note::
 
-   Access to the ``safety`` database happens via an API call which retrieves
-   results which are updated on a monthly basis and made available to the
-   community for free by `pyup.io`.
+   Each month, `PyUp.io` updates the ``safety`` database of
+   insecure Python packages and `makes it available to the
+   community for free <https://pyup.io/safety/>`__. Pipenv
+   makes an API call to retrieve those results and use them
+   each time you run ``pipenv check`` to show you vulnerable
+   dependencies.
 
    For more up-to-date vulnerability data, you may also use your own safety
    API key by setting the environment variable ``PIPENV_PYUP_API_KEY``.