pip-audit icon indicating copy to clipboard operation
pip-audit copied to clipboard

Published 20 hours ago verified publisher icon pypa

Preserve pip-tools comment indents

Open q0w opened this issue 2 years ago • 1 comments

Bug description

pip-audit with --fix strips indents for pip-tools comments.

Reproduction steps

echo "sentry-sdk==1.12.1" > a.in
pip-compile -q --allow-unsafe --generate-hashes --resolver=backtracking --strip-extras a.in
cat a.txt

#
# This file is autogenerated by pip-compile with Python 3.10
# by the following command:
#
#    pip-compile --allow-unsafe --generate-hashes --resolver=backtracking --strip-extras a.in
#
certifi==2022.12.7 \
    --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \
    --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18
    # via sentry-sdk
sentry-sdk==1.12.1 \
    --hash=sha256:5bbe4b72de22f9ac1e67f2a4e6efe8fbd595bb59b7b223443f50fe5802a5551c \
    --hash=sha256:9f0b960694e2d8bb04db4ba6ac2a645040caef4e762c65937998ff06064f10d6
    # via -r a.in
urllib3==1.26.15 \
    --hash=sha256:8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305 \
    --hash=sha256:aa751d169e23c7479ce47a0cb0da579e3ede798f994f5816a74e4f4500dcea42
    # via sentry-sdk
    

pip-audit -r a.txt --require-hashes --fix 
cat a.txt

#
# This file is autogenerated by pip-compile with Python 3.10
# by the following command:
#
#    pip-compile --allow-unsafe --generate-hashes --resolver=backtracking --strip-extras a.in
#
certifi==2022.12.7 \
    --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \
    --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18
# via sentry-sdk
sentry-sdk==1.14.0 \
    --hash=sha256:5bbe4b72de22f9ac1e67f2a4e6efe8fbd595bb59b7b223443f50fe5802a5551c \
    --hash=sha256:9f0b960694e2d8bb04db4ba6ac2a645040caef4e762c65937998ff06064f10d6
# via -r a.in
urllib3==1.26.15 \
    --hash=sha256:8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305 \
    --hash=sha256:aa751d169e23c7479ce47a0cb0da579e3ede798f994f5816a74e4f4500dcea42
# via sentry-sdk

Expected behavior

pip-audit does not strip indents for comments

Screenshots and logs

Platform information

  • OS name and version: Arch Linux
  • pip-audit version (pip-audit -V): pip-audit 2.5.2
  • Python version (python -V or python3 -V): Python 3.10.10
  • pip version (pip -V or pip3 -V): pip 23.0.1

Additional context

q0w avatar Mar 22 '23 10:03 q0w

Thanks for reporting this @q0w!

I believe this is caused by https://github.com/nexB/pip-requirements-parser/issues/4 and will require a fix there. Unfortunately, I haven't gotten around to fixing this yet.

tetsuo-cpp avatar Mar 22 '23 11:03 tetsuo-cpp