dependabot-python 0.108.6 → 0.108.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53926cb29d8a52552b371ad1a62cb845a2b17d5fc7f7697700def9ada2f0893b
4
- data.tar.gz: 9ccba5b2c3656a0eec06c59ff3b4d0fb1da39fb25cfe3390ede0ffb05622805c
3
+ metadata.gz: 2301afd625de1dc312e1eed52b1f3b7b4d8d0256fe40d996a83f3ef41ee15b0d
4
+ data.tar.gz: 03e2ec7472489cd4c47ccaa7e4e0994e0d639b839fe6e01c86bb03d761e491a4
5
5
  SHA512:
6
- metadata.gz: ab566d8bdb70eadac49184bc84b1fb3db48e25dd90d6372addbd73593351f2c36584826a0b42669ad03b38849ae1747e3d429ce9f60a9b2c102c7ca2ced73f5a
7
- data.tar.gz: 003c993e0231b954d7f20e9d79556eb4883ae053a486cc39d2e225fb96a4bb4ae91732cd92d6586147306be28d9eda4708de78c1db4ca5b052ac933daf612bd8
6
+ metadata.gz: 66dd3472ab41db4135468a8767557de4de969fde5575638085edb8cf06c332f000b9e8109b0e9e5e1a0b8fa175278a9173f259d3f6a01b87f87f87755a9d3ba8
7
+ data.tar.gz: c5bec5175a3c40325567def38092f9b0b99b62cec65183323d4896dfd0e64eb09c24a1e454d78fec613339425a8424928ff7dde8dd660be76ce1c71fc156e35b
@@ -1,5 +1,5 @@
1
1
  pip==19.1.1
2
- pip-tools==3.7.0
2
+ pip-tools==3.8.0
3
3
  hashin==0.14.5
4
4
  pipenv==2018.11.26
5
5
  pipfile==0.0.2
@@ -18,6 +18,9 @@ module Dependabot
18
18
  require_relative "setup_file_sanitizer"
19
19
 
20
20
  UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
21
+ WARNINGS = /\s*# WARNING:.*\Z/m.freeze
22
+ UNSAFE_NOTE =
23
+ /\s*The following packages are considered to be unsafe.*\Z/m.freeze
21
24
 
22
25
  attr_reader :dependencies, :dependency_files, :credentials
23
26
 
@@ -289,6 +292,7 @@ module Dependabot
289
292
 
290
293
  def post_process_compiled_file(updated_content, file)
291
294
  content = replace_header_with_original(updated_content, file.content)
295
+ content = remove_new_warnings(content, file.content)
292
296
  content = update_hashes_if_required(content, file.content)
293
297
  replace_absolute_file_paths(content, file.content)
294
298
  end
@@ -324,6 +328,21 @@ module Dependabot
324
328
  content
325
329
  end
326
330
 
331
+ def remove_new_warnings(updated_content, original_content)
332
+ content = updated_content
333
+
334
+ if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
335
+ content = content.sub(WARNINGS, "\n")
336
+ end
337
+
338
+ if content.match?(UNSAFE_NOTE) &&
339
+ !original_content.match?(UNSAFE_NOTE)
340
+ content = content.sub(UNSAFE_NOTE, "\n")
341
+ end
342
+
343
+ content
344
+ end
345
+
327
346
  def update_hashes_if_required(updated_content, original_content)
328
347
  deps_to_update =
329
348
  deps_to_augment_hashes_for(updated_content, original_content)
@@ -346,7 +365,7 @@ module Dependabot
346
365
  end
347
366
 
348
367
  def deps_to_augment_hashes_for(updated_content, original_content)
349
- regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
368
+ regex = /^#{RequirementParser::INSTALL_REQ_WITH_REQUIREMENT}/
350
369
 
351
370
  new_matches = []
352
371
  updated_content.scan(regex) { new_matches << Regexp.last_match }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.108.6
4
+ version: 0.108.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.108.6
19
+ version: 0.108.7
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.108.6
26
+ version: 0.108.7
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement