From 3ec744b401b4486522a9d1857b5ed392ea9edc41 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 8 Mar 2021 05:55:38 +0100
Subject: [PATCH] fix: pypi vulnerabilities mapping (#9026)

* fix: pypi vulnerabilities mapping

* fix: correct pypi vulnerable requirements

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
---
 .../repository/init/__snapshots__/vulnerability.spec.ts.snap | 4 ++--
 lib/workers/repository/init/vulnerability.ts                 | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
index 805bb0fb6e..b96003fda5 100644
--- a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
+++ b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
@@ -16,7 +16,7 @@ Array [
     ],
   },
   Object {
-    "allowedVersions": "==2.2.0",
+    "allowedVersions": "==2.2.1.0",
     "force": Object {
       "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
       "commitMessageSuffix": "[SECURITY]",
@@ -27,7 +27,7 @@ Array [
       "schedule": Array [],
     },
     "isVulnerabilityAlert": true,
-    "matchCurrentVersion": "= 1.6.7",
+    "matchCurrentVersion": "== 1.6.7",
     "matchDatasources": Array [
       "pypi",
     ],
diff --git a/lib/workers/repository/init/vulnerability.ts b/lib/workers/repository/init/vulnerability.ts
index 666ce7c5c9..6e63c73e13 100644
--- a/lib/workers/repository/init/vulnerability.ts
+++ b/lib/workers/repository/init/vulnerability.ts
@@ -62,7 +62,7 @@ export async function detectVulnerabilityAlerts(
     maven: mavenVersioning.id,
     npm: npmVersioning.id,
     nuget: semverVersioning.id,
-    pip_requirements: pep440Versioning.id,
+    pypi: pep440Versioning.id,
     rubygems: rubyVersioning.id,
   };
   const combinedAlerts: CombinedAlert = {};
@@ -102,6 +102,9 @@ export async function detectVulnerabilityAlerts(
           vulnerableRequirements = `< ${firstPatchedVersion}`;
         }
       }
+      if (datasource === datasourcePypi.id) {
+        vulnerableRequirements = vulnerableRequirements.replace(/^= /, '== ');
+      }
       combinedAlerts[fileName] ||= {};
       combinedAlerts[fileName][datasource] ||= {};
       combinedAlerts[fileName][datasource][depName] ||= {};
-- 
GitLab