Merge pull request #218 from DerwenAI/snyk-fix-303e93eedc9dc2abf4ebc8…

…efe2c62c27 [Snyk] Security upgrade mistune from 0.8.4 to 2.0.1
DerwenAI · Jan 1, 2022 · 938a2cc · 938a2cc
2 parents b53e260 + 78cbff7
commit 938a2cc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -4,6 +4,7 @@ coverage
 flask
 grayskull
 jupyterlab >= 3.1.4
+mistune >= 2.0.1 # not directly required, pinned by Snyk to avoid a vulnerability
 mkdocs-git-revision-date-plugin
 mkdocs-material
 mknotebooks
@@ -20,3 +21,4 @@ pytest
 selenium
 twine
 wheel
+
diff --git a/setup.py b/setup.py
@@ -38,8 +38,13 @@
 
 def parse_requirements_file (filename: str) -> typing.List:
     """read and parse a Python `requirements.txt` file, returning as a list of str"""
+    results: list = []
+
     with pathlib.Path(filename).open() as f:
-        return [ l.strip().replace(" ", "") for l in f.readlines() ]
+        for l in f.readlines():
+            results.append(l.strip().replace(" ", "").split("#")[0])
+
+    return results
 
 
 if __name__ == "__main__":