RubyGems - dependabot-python - Versions diffs - 0.108.6 → 0.108.7 - Mend

dependabot-python 0.108.6 → 0.108.7

Files changed (4) hide show

checksums.yaml +4 -4
data/helpers/requirements.txt +1 -1
data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +20 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53926cb29d8a52552b371ad1a62cb845a2b17d5fc7f7697700def9ada2f0893b
-  data.tar.gz: 9ccba5b2c3656a0eec06c59ff3b4d0fb1da39fb25cfe3390ede0ffb05622805c
+  metadata.gz: 2301afd625de1dc312e1eed52b1f3b7b4d8d0256fe40d996a83f3ef41ee15b0d
+  data.tar.gz: 03e2ec7472489cd4c47ccaa7e4e0994e0d639b839fe6e01c86bb03d761e491a4
 SHA512:
-  metadata.gz: ab566d8bdb70eadac49184bc84b1fb3db48e25dd90d6372addbd73593351f2c36584826a0b42669ad03b38849ae1747e3d429ce9f60a9b2c102c7ca2ced73f5a
-  data.tar.gz: 003c993e0231b954d7f20e9d79556eb4883ae053a486cc39d2e225fb96a4bb4ae91732cd92d6586147306be28d9eda4708de78c1db4ca5b052ac933daf612bd8
+  metadata.gz: 66dd3472ab41db4135468a8767557de4de969fde5575638085edb8cf06c332f000b9e8109b0e9e5e1a0b8fa175278a9173f259d3f6a01b87f87f87755a9d3ba8
+  data.tar.gz: c5bec5175a3c40325567def38092f9b0b99b62cec65183323d4896dfd0e64eb09c24a1e454d78fec613339425a8424928ff7dde8dd660be76ce1c71fc156e35b

data/helpers/requirements.txt CHANGED Viewed

@@ -1,5 +1,5 @@
 pip==19.1.1
-pip-tools==3.7.0
+pip-tools==3.8.0
 hashin==0.14.5
 pipenv==2018.11.26
 pipfile==0.0.2

data/lib/dependabot/python/file_updater/pip_compile_file_updater.rb CHANGED Viewed

@@ -18,6 +18,9 @@ module Dependabot
         require_relative "setup_file_sanitizer"
         UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze
+        WARNINGS = /\s*# WARNING:.*\Z/m.freeze
+        UNSAFE_NOTE =
+          /\s*The following packages are considered to be unsafe.*\Z/m.freeze
         attr_reader :dependencies, :dependency_files, :credentials
@@ -289,6 +292,7 @@ module Dependabot
         def post_process_compiled_file(updated_content, file)
           content = replace_header_with_original(updated_content, file.content)
+          content = remove_new_warnings(content, file.content)
           content = update_hashes_if_required(content, file.content)
           replace_absolute_file_paths(content, file.content)
         end
@@ -324,6 +328,21 @@ module Dependabot
           content
         end
+        def remove_new_warnings(updated_content, original_content)
+          content = updated_content
+          if content.match?(WARNINGS) && !original_content.match?(WARNINGS)
+            content = content.sub(WARNINGS, "\n")
+          end
+          if content.match?(UNSAFE_NOTE) &&
+             !original_content.match?(UNSAFE_NOTE)
+            content = content.sub(UNSAFE_NOTE, "\n")
+          end
+          content
+        end
         def update_hashes_if_required(updated_content, original_content)
           deps_to_update =
             deps_to_augment_hashes_for(updated_content, original_content)
@@ -346,7 +365,7 @@ module Dependabot
         end
         def deps_to_augment_hashes_for(updated_content, original_content)
-          regex = RequirementParser::INSTALL_REQ_WITH_REQUIREMENT
+          regex = /^#{RequirementParser::INSTALL_REQ_WITH_REQUIREMENT}/
           new_matches = []
           updated_content.scan(regex) { new_matches << Regexp.last_match }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.108.6
+  version: 0.108.7
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.108.6
+        version: 0.108.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.108.6
+        version: 0.108.7
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement