bibliothecary 10.2.3 → 11.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.tidelift +1 -0
- data/CHANGELOG.md +16 -0
- data/lib/bibliothecary/dependency.rb +0 -6
- data/lib/bibliothecary/multi_parsers/dependencies_csv.rb +0 -7
- data/lib/bibliothecary/parsers/maven.rb +0 -1
- data/lib/bibliothecary/parsers/npm.rb +0 -2
- data/lib/bibliothecary/version.rb +1 -1
- metadata +4 -4
- data/.tidelift.yml +0 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed25de135032f95b602569a3ad5c1476f36be42599c0cd1b29032ecf7de8a47b
|
|
4
|
+
data.tar.gz: 6401e84f7ce40b499b4da8274f775813fe1dcfa41843e7cbcc761293ff287c0d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8f0cedd4ebe9e4248ac0151b4073fa2671466cb4c4e04b2b1dc7e9a8daecbfca34126fa870cab97d3e95e231dcc8f1e01295a7c3b9b907bf64db1443dfa2ff7e
|
|
7
|
+
data.tar.gz: c44115bb427765889d363e59685dfe3bd7fff63b27bca352f453b74da2ddf269d75a526453eb0bdfcfdb219d073cea5172fbfdc4731f38a1d86d8748a7c030b9
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.2.5
|
data/.tidelift
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
TIDELIFT_EXCLUDED_MANIFESTS=spec/fixtures
|
data/CHANGELOG.md
CHANGED
|
@@ -13,12 +13,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
13
13
|
|
|
14
14
|
### Removed
|
|
15
15
|
|
|
16
|
+
## [11.0.0] - 2024-11-22
|
|
17
|
+
|
|
18
|
+
### Changed
|
|
19
|
+
|
|
20
|
+
- Removed lockfile_requirement from Bibliothecary::Dependency
|
|
21
|
+
|
|
22
|
+
## [10.2.4] - 2024-11-06
|
|
23
|
+
|
|
24
|
+
### Changed
|
|
25
|
+
|
|
26
|
+
- Fixed parsing of pom files where parent properties within the file are required for dependencies
|
|
27
|
+
|
|
16
28
|
## [10.2.2] - 2024-09-25
|
|
17
29
|
|
|
18
30
|
### Added
|
|
19
31
|
|
|
20
32
|
- Support parsing *.spdx.json files
|
|
21
33
|
|
|
34
|
+
### Changed
|
|
35
|
+
- `Bibliothecary::PURL_TYPE_MAPPING` has changed to `Bibliothecary::PurlUtil::PURL_TYPE_MAPPING`
|
|
36
|
+
- `Bibliothecary::MultiParsers::CycloneDX::ManifestEntries.full_name_for_purl` has changed to `Bibliothecary::PurlUtil.full_name`
|
|
37
|
+
|
|
22
38
|
## [10.2.0] - 2024-08-27
|
|
23
39
|
|
|
24
40
|
### Changed
|
|
@@ -16,8 +16,6 @@ module Bibliothecary
|
|
|
16
16
|
# where it did not match the resolved name. This can be used for features like aliasing.
|
|
17
17
|
# @attr_reader [String] original_requirement The original requirement used to require the dependency,
|
|
18
18
|
# for cases where it did not match the resolved name. This can be used for features like aliasing.
|
|
19
|
-
# @attr_reader [String] lockfile_requirement The requirement found in the lockfile, e.g. "1.0.0" or "^1.0.0". This is
|
|
20
|
-
# only returned from the yarn.lock parser and may not be used by downstream users. TODO: should this be deprecated?
|
|
21
19
|
# @source [String] source An optional string to store the location of the manifest that contained this
|
|
22
20
|
# dependency, e.g. "src/package.json".
|
|
23
21
|
class Dependency
|
|
@@ -25,7 +23,6 @@ module Bibliothecary
|
|
|
25
23
|
:name,
|
|
26
24
|
:requirement,
|
|
27
25
|
:original_requirement,
|
|
28
|
-
:lockfile_requirement,
|
|
29
26
|
:platform,
|
|
30
27
|
:type,
|
|
31
28
|
:direct,
|
|
@@ -42,7 +39,6 @@ module Bibliothecary
|
|
|
42
39
|
name:,
|
|
43
40
|
requirement:,
|
|
44
41
|
original_requirement: nil,
|
|
45
|
-
lockfile_requirement: nil,
|
|
46
42
|
platform: nil,
|
|
47
43
|
type: nil,
|
|
48
44
|
direct: nil,
|
|
@@ -56,8 +52,6 @@ module Bibliothecary
|
|
|
56
52
|
@platform = platform
|
|
57
53
|
@requirement = requirement || "*"
|
|
58
54
|
@original_requirement = original_requirement
|
|
59
|
-
# TODO: maybe deprecate this field? Is it possible to replace it with original_requirement?
|
|
60
|
-
@lockfile_requirement = lockfile_requirement
|
|
61
55
|
@type = type
|
|
62
56
|
@direct = direct
|
|
63
57
|
@deprecated = deprecated
|
|
@@ -37,13 +37,6 @@ module Bibliothecary
|
|
|
37
37
|
/^name$/i,
|
|
38
38
|
],
|
|
39
39
|
},
|
|
40
|
-
# Lockfiles have exact versions.
|
|
41
|
-
"lockfile_requirement" => {
|
|
42
|
-
match: [
|
|
43
|
-
/^(lockfile |)requirement$/i,
|
|
44
|
-
/^version$/i,
|
|
45
|
-
],
|
|
46
|
-
},
|
|
47
40
|
# Manifests have versions that can have operators.
|
|
48
41
|
# However, since Bibliothecary only currently supports analyzing a
|
|
49
42
|
# single file as a single thing (either manifest or lockfile)
|
|
@@ -425,7 +425,6 @@ module Bibliothecary
|
|
|
425
425
|
# the xml root is <project> so lookup the non property name in the xml
|
|
426
426
|
# this converts ${project/group.id} -> ${group/id}
|
|
427
427
|
non_prop_name = property_name.gsub(".", "/").gsub("project/", "")
|
|
428
|
-
return "${#{property_name}}" if !xml.respond_to?("properties") && parent_properties.empty? && xml.locate(non_prop_name).empty?
|
|
429
428
|
|
|
430
429
|
prop_field = xml.properties.locate(property_name).first if xml.respond_to?("properties")
|
|
431
430
|
parent_prop = parent_properties[property_name] || # e.g. "${foo}"
|
|
@@ -142,7 +142,6 @@ module Bibliothecary
|
|
|
142
142
|
Dependency.new(
|
|
143
143
|
name: dep[:name],
|
|
144
144
|
requirement: dep[:version],
|
|
145
|
-
lockfile_requirement: dep[:requirement],
|
|
146
145
|
type: dep[:type],
|
|
147
146
|
local: dep[:requirement]&.start_with?("file:"),
|
|
148
147
|
)
|
|
@@ -173,7 +172,6 @@ module Bibliothecary
|
|
|
173
172
|
Dependency.new(
|
|
174
173
|
name: name,
|
|
175
174
|
requirement: metadata["version"],
|
|
176
|
-
lockfile_requirement: metadata.fetch("from", "").split("@").last,
|
|
177
175
|
type: "runtime",
|
|
178
176
|
),
|
|
179
177
|
] + transform_tree_to_array(metadata.fetch("dependencies", {}))
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 11.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|
|
@@ -237,7 +237,7 @@ files:
|
|
|
237
237
|
- ".rspec"
|
|
238
238
|
- ".rubocop.yml"
|
|
239
239
|
- ".ruby-version"
|
|
240
|
-
- ".tidelift
|
|
240
|
+
- ".tidelift"
|
|
241
241
|
- CHANGELOG.md
|
|
242
242
|
- CODE_OF_CONDUCT.md
|
|
243
243
|
- Gemfile
|
|
@@ -313,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
313
313
|
- !ruby/object:Gem::Version
|
|
314
314
|
version: '0'
|
|
315
315
|
requirements: []
|
|
316
|
-
rubygems_version: 3.
|
|
316
|
+
rubygems_version: 3.4.19
|
|
317
317
|
signing_key:
|
|
318
318
|
specification_version: 4
|
|
319
319
|
summary: Find and parse manifests
|
data/.tidelift.yml
DELETED