dependabot-python 0.108.6 → 0.108.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2301afd625de1dc312e1eed52b1f3b7b4d8d0256fe40d996a83f3ef41ee15b0d
|
4
|
+
data.tar.gz: 03e2ec7472489cd4c47ccaa7e4e0994e0d639b839fe6e01c86bb03d761e491a4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 66dd3472ab41db4135468a8767557de4de969fde5575638085edb8cf06c332f000b9e8109b0e9e5e1a0b8fa175278a9173f259d3f6a01b87f87f87755a9d3ba8
|
7
|
+
data.tar.gz: c5bec5175a3c40325567def38092f9b0b99b62cec65183323d4896dfd0e64eb09c24a1e454d78fec613339425a8424928ff7dde8dd660be76ce1c71fc156e35b
|
data/helpers/requirements.txt
CHANGED
@@ -18,6 +18,9 @@ module Dependabot
|
|
18
18
|
require_relative "setup_file_sanitizer"
|
19
19
|
|
20
20
|
UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
|
21
|
+
WARNINGS = /\s*# WARNING:.*\Z/m.freeze
|
22
|
+
UNSAFE_NOTE =
|
23
|
+
/\s*The following packages are considered to be unsafe.*\Z/m.freeze
|
21
24
|
|
22
25
|
attr_reader :dependencies, :dependency_files, :credentials
|
23
26
|
|
@@ -289,6 +292,7 @@ module Dependabot
|
|
289
292
|
|
290
293
|
def post_process_compiled_file(updated_content, file)
|
291
294
|
content = replace_header_with_original(updated_content, file.content)
|
295
|
+
content = remove_new_warnings(content, file.content)
|
292
296
|
content = update_hashes_if_required(content, file.content)
|
293
297
|
replace_absolute_file_paths(content, file.content)
|
294
298
|
end
|
@@ -324,6 +328,21 @@ module Dependabot
|
|
324
328
|
content
|
325
329
|
end
|
326
330
|
|
331
|
+
def remove_new_warnings(updated_content, original_content)
|
332
|
+
content = updated_content
|
333
|
+
|
334
|
+
if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
|
335
|
+
content = content.sub(WARNINGS, "\n")
|
336
|
+
end
|
337
|
+
|
338
|
+
if content.match?(UNSAFE_NOTE) &&
|
339
|
+
!original_content.match?(UNSAFE_NOTE)
|
340
|
+
content = content.sub(UNSAFE_NOTE, "\n")
|
341
|
+
end
|
342
|
+
|
343
|
+
content
|
344
|
+
end
|
345
|
+
|
327
346
|
def update_hashes_if_required(updated_content, original_content)
|
328
347
|
deps_to_update =
|
329
348
|
deps_to_augment_hashes_for(updated_content, original_content)
|
@@ -346,7 +365,7 @@ module Dependabot
|
|
346
365
|
end
|
347
366
|
|
348
367
|
def deps_to_augment_hashes_for(updated_content, original_content)
|
349
|
-
regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
|
368
|
+
regex = /^#{RequirementParser::INSTALL_REQ_WITH_REQUIREMENT}/
|
350
369
|
|
351
370
|
new_matches = []
|
352
371
|
updated_content.scan(regex) { new_matches << Regexp.last_match }
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-python
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.108.
|
4
|
+
version: 0.108.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.108.
|
19
|
+
version: 0.108.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.108.
|
26
|
+
version: 0.108.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|