dependabot-python 0.108.6 → 0.108.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53926cb29d8a52552b371ad1a62cb845a2b17d5fc7f7697700def9ada2f0893b
4
- data.tar.gz: 9ccba5b2c3656a0eec06c59ff3b4d0fb1da39fb25cfe3390ede0ffb05622805c
3
+ metadata.gz: 2301afd625de1dc312e1eed52b1f3b7b4d8d0256fe40d996a83f3ef41ee15b0d
4
+ data.tar.gz: 03e2ec7472489cd4c47ccaa7e4e0994e0d639b839fe6e01c86bb03d761e491a4
5
5
  SHA512:
6
- metadata.gz: ab566d8bdb70eadac49184bc84b1fb3db48e25dd90d6372addbd73593351f2c36584826a0b42669ad03b38849ae1747e3d429ce9f60a9b2c102c7ca2ced73f5a
7
- data.tar.gz: 003c993e0231b954d7f20e9d79556eb4883ae053a486cc39d2e225fb96a4bb4ae91732cd92d6586147306be28d9eda4708de78c1db4ca5b052ac933daf612bd8
6
+ metadata.gz: 66dd3472ab41db4135468a8767557de4de969fde5575638085edb8cf06c332f000b9e8109b0e9e5e1a0b8fa175278a9173f259d3f6a01b87f87f87755a9d3ba8
7
+ data.tar.gz: c5bec5175a3c40325567def38092f9b0b99b62cec65183323d4896dfd0e64eb09c24a1e454d78fec613339425a8424928ff7dde8dd660be76ce1c71fc156e35b
@@ -1,5 +1,5 @@
1
1
  pip==19.1.1
2
- pip-tools==3.7.0
2
+ pip-tools==3.8.0
3
3
  hashin==0.14.5
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
@@ -18,6 +18,9 @@ module Dependabot
18
18
  require_relative "setup_file_sanitizer"
19
19
 
20
20
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
21
+ WARNINGS = /\s*# WARNING:.*\Z/m.freeze
22
+ UNSAFE_NOTE =
23
+ /\s*The following packages are considered to be unsafe.*\Z/m.freeze
21
24
 
22
25
  attr_reader :dependencies, :dependency_files, :credentials
23
26
 
@@ -289,6 +292,7 @@ module Dependabot
289
292
 
290
293
  def post_process_compiled_file(updated_content, file)
291
294
  content = replace_header_with_original(updated_content, file.content)
295
+ content = remove_new_warnings(content, file.content)
292
296
  content = update_hashes_if_required(content, file.content)
293
297
  replace_absolute_file_paths(content, file.content)
294
298
  end
@@ -324,6 +328,21 @@ module Dependabot
324
328
  content
325
329
  end
326
330
 
331
+ def remove_new_warnings(updated_content, original_content)
332
+ content = updated_content
333
+
334
+ if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
335
+ content = content.sub(WARNINGS, "\n")
336
+ end
337
+
338
+ if content.match?(UNSAFE_NOTE) &&
339
+ !original_content.match?(UNSAFE_NOTE)
340
+ content = content.sub(UNSAFE_NOTE, "\n")
341
+ end
342
+
343
+ content
344
+ end
345
+
327
346
  def update_hashes_if_required(updated_content, original_content)
328
347
  deps_to_update =
329
348
  deps_to_augment_hashes_for(updated_content, original_content)
@@ -346,7 +365,7 @@ module Dependabot
346
365
  end
347
366
 
348
367
  def deps_to_augment_hashes_for(updated_content, original_content)
349
- regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
368
+ regex = /^#{RequirementParser::INSTALL_REQ_WITH_REQUIREMENT}/
350
369
 
351
370
  new_matches = []
352
371
  updated_content.scan(regex) { new_matches << Regexp.last_match }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.108.6
4
+ version: 0.108.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.108.6
19
+ version: 0.108.7
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.108.6
26
+ version: 0.108.7
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement