RubyGems - bibliothecary - Versions diffs - 12.1.10 → 12.3.0 - Mend

bibliothecary 12.1.10 → 12.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -39
data/lib/bibliothecary/parsers/maven.rb +46 -6
data/lib/bibliothecary/parsers/nuget.rb +35 -16
data/lib/bibliothecary/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dfc52a5290fe4f0518906698b7dc69cf16b2a7747a130796162d8b8c431b6d9b
-  data.tar.gz: a68f8983ff54598396bf82d02a844ca867bd29a62044bede38ba13354d0a3386
+  metadata.gz: 2789d542e6457ea4e069d4dc2ff4237d8cccc9c8ea018d9418a943188e461316
+  data.tar.gz: 0f5ba9b30929a30690d7d68f41106b1bb36bc41e5703243279de828ee5d0987e
 SHA512:
-  metadata.gz: '08a5bd08b3864366e22eb1baf58b1a35bd819997fc59a51adf412b6e5090b3d7534f045f8793ac79315be49aa151bb1d18b5dba33d53b0a9c5cbe72c7909c190'
-  data.tar.gz: c0574ce28cb9bcb5b3e03bab3e69859eb0e679fb809a0750d5bf7c3ba3efcf2585f61c65dbebf0c2d94edf3cd9b86b14bfea153c242a91a4b057443887c965c2
+  metadata.gz: d889c20a78d617d51f10206e826a7bfcc17ba7723e78c867708fc28e7c8e4592c9c8633187eadb151f9418896cc29705bc2f361d2d26ba71450af0480f4b85b2
+  data.tar.gz: 1b327cb0a9c53b6b711600defd2f6c43bb7740beaa7f381b7e67dcecc17da9effbedc85511685e69f08be4140b35887886a0d01a52f60f8731c5265fe96dd4f4

data/CHANGELOG.md CHANGED Viewed

@@ -13,10 +13,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Removed
-## [12.1.10] - 2025-05-23
+## [12.3.0] - 2025-06-06
+### Added
+- Nuget support for <Reference> tag in \*.csproj manifests.
+## [12.2.0] - 2025-05-30
 ### Added
+- Maven parser support for maven-dependency-tree.dot file.
+## [12.1.10] - 2025-05-23
 ### Changed
 - Normalize package names in Poetry manifests, storing the original in
@@ -24,50 +34,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   names in its lockfile according to PyPa's rules, but doesn't provide the original name.
   Storing the original_name will provide a connection from manifest to lockfile.
-### Removed
 ## [12.1.9] - 2025-05-16
-### Added
 ### Changed
 - Fix 12.1.8 Poetry regression that ignored deps with no category or group.
-### Removed
 ## [12.1.8] - 2025-05-16
 ### Added
 - Support multiple requirements for a single package in poetry.lock.
-### Changed
-### Removed
 ## [12.1.7] - 2025-04-29
-### Added
 ### Changed
 - Include "source" field in Dependency objects from pub files.
 - Include "source" field in Dependency objects from pnpm-lock.yaml files.
-### Removed
 ## [12.1.6] - 2025-04-29
-### Added
 ### Changed
 - Use JSON.parser.parse() in bun.lock parser to work around overriden JSON.parse() method.
 - Don't raise an error in pnpm-lock.yaml v9 parser if devDependencies isn't found.
-### Removed
 ## [12.1.5] - 2025-03-17
 ### Added
@@ -75,10 +67,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Adds alias support for PNPM lockfiles.
 - Add support for bun.lock files
-### Changed
-### Removed
 ## [12.1.4] - 2025-03-14
 ### Added
@@ -86,10 +74,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add support for PNPM lockfiles (lockfile versions 5, 6, and 9).
 - Add 'parser_options' arg to Bilbiothecary::Runner constructor.
-### Changed
-### Removed
 ## [12.1.3] - 2025-02-26
 ### Added
@@ -102,28 +86,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fix a PyPI parser's regex to exclude false positive "require" names.
 - Drop all sub-projects from list of deps in a Maven maven-dependency-tree.txt.
-### Removed
 ## [12.1.2] - 2025-02-26
 ### Added
 - Add 'local' property to dependencies from Pipfile and Pipfile.lock
-### Changed
-### Removed
 ## [12.1.1] - 2025-02-21
 ### Added
 - Add test coverage for Go 1.24's new "tool" directive.
-### Changed
-### Removed
 ## [12.1.0] - 2025-01-30
 ### Added
@@ -135,8 +109,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Improved Rubocop rules to make future spec changes easier via Rubocop auto-correcting formatting violations.
-### Removed
 ## [12.0.0] - 2025-01-27
 ### Removed

data/lib/bibliothecary/parsers/maven.rb CHANGED Viewed

@@ -11,6 +11,10 @@ module Bibliothecary
     class Maven
       include Bibliothecary::Analyser
+      # Matches digraph contents from the Maven dependency tree .dot file format.
+      MAVEN_DOT_PROJECT_REGEXP = /digraph\s+"([^\"]+)"\s+{/
+      MAVEN_DOT_RELATIONSHIP_REGEXP = /"([^\"]+)"\s+->\s+"([^\"]+)"/
       # e.g. "annotationProcessor - Annotation processors and their dependencies for source set 'main'."
       GRADLE_TYPE_REGEXP = /^(\w+)/
@@ -113,10 +117,19 @@ module Bibliothecary
             kind: "lockfile",
             parser: :parse_sbt_update_full,
           },
+          # maven-dependency-tree.txt is the output of `mvn dependency:tree` as a single command.
+          # The tree lines contain "[INFO]" prefix and uses 2-space indentation.
           match_filename("maven-dependency-tree.txt", case_insensitive: true) => {
             kind: "lockfile",
             parser: :parse_maven_tree,
           },
+          # maven-dependency-tree.dot is the output of this command:
+          # `mvn dependency:tree -DoutputType=dot -DoutputFile=maven-dependency-tree.dot`
+          # It doesn't have the "[INFO]" prefix, and is in graphviz .dot format.
+          match_filename("maven-dependency-tree.dot", case_insensitive: true) => {
+            kind: "lockfile",
+            parser: :parse_maven_tree_dot,
+          },
         }
       end
@@ -303,23 +316,24 @@ module Bibliothecary
         raise "found no lines with deps in maven-dependency-tree.txt" if items.empty?
-        projects = {}
+        projects_to_exclude = {}
         if keep_subprojects
           # traditional behavior: we only exclude the root project, and only if we parsed multiple lines
           (root_name, root_version, _root_type) = parse_maven_tree_dependency(items.shift[1])
           unless items.empty?
-            projects[root_name] = Set.new
-            projects[root_name].add(root_version)
+            projects_to_exclude[root_name] = Set.new
+            projects_to_exclude[root_name].add(root_version)
           end
         end
         unique_items = items.map do |(depth, item)|
+          # new behavior: we exclude root and subprojects (depth 0 items)
           (name, version, type) = parse_maven_tree_dependency(item)
           if depth == 0 && !keep_subprojects
             # record and then remove the depth 0
-            projects[name] ||= Set.new
-            projects[name].add(version)
+            projects_to_exclude[name] ||= Set.new
+            projects_to_exclude[name].add(version)
             nil
           else
             [name, version, type]
@@ -328,7 +342,7 @@ module Bibliothecary
         unique_items
           # drop the projects and subprojects
-          .reject { |(name, version, _type)| projects[name]&.include?(version) }
+          .reject { |(name, version, _type)| projects_to_exclude[name]&.include?(version) }
           .map do |(name, version, type)|
             Bibliothecary::Dependency.new(
               name: name,
@@ -339,6 +353,32 @@ module Bibliothecary
           end
       end
+      def self.parse_maven_tree_dot(file_contents, options: {})
+        # Project could be either the root project or a sub-module.
+        project = file_contents.match(MAVEN_DOT_PROJECT_REGEXP)[1]
+        relationships = file_contents.scan(MAVEN_DOT_RELATIONSHIP_REGEXP)
+        direct_names_to_versions = relationships.each.with_object({}) do |(parent, child), obj|
+          next unless parent == project
+          name, version, _type = parse_maven_tree_dependency(child)
+          obj[name] ||= Set.new
+          obj[name].add(version)
+        end
+        relationships.map do |(_parent, child)|
+          child_name, child_version, child_type = parse_maven_tree_dependency(child)
+          Dependency.new(
+            name: child_name,
+            requirement: child_version,
+            type: child_type,
+            direct: direct_names_to_versions[child_name]&.include?(child_version) || false,
+            source: options.fetch(:filename, nil)
+          )
+        end.uniq
+      end
       def self.parse_resolved_dep_line(line, options: {})
         # filter out anything that doesn't look like a
         # resolved dep line

data/lib/bibliothecary/parsers/nuget.rb CHANGED Viewed

@@ -109,26 +109,45 @@ module Bibliothecary
       def self.parse_csproj(file_contents, options: {})
         manifest = Ox.parse file_contents
+        packages = manifest
+          .locate("ItemGroup/PackageReference")
+          .select { |dep| dep.respond_to? "Include" }
+          .map do |dependency|
+            requirement = (dependency.Version if dependency.respond_to? "Version")
+            if requirement.is_a?(Ox::Element)
+              requirement = dependency.nodes.detect { |n| n.value == "Version" }&.text
+            end
-        packages = manifest.locate("ItemGroup/PackageReference").select { |dep| dep.respond_to? "Include" }.map do |dependency|
-          requirement = (dependency.Version if dependency.respond_to? "Version")
-          if requirement.is_a?(Ox::Element)
-            requirement = dependency.nodes.detect { |n| n.value == "Version" }&.text
+            type = if (dependency.nodes.first&.nodes&.include?("all") && dependency.nodes.first.value.include?("PrivateAssets")) || dependency.attributes[:PrivateAssets] == "All"
+                     "development"
+                   else
+                     "runtime"
+                   end
+            Dependency.new(
+              name: dependency.Include,
+              requirement: requirement,
+              type: type,
+              source: options.fetch(:filename, nil)
+            )
           end
-          type = if (dependency.nodes.first&.nodes&.include?("all") && dependency.nodes.first.value.include?("PrivateAssets")) || dependency.attributes[:PrivateAssets] == "All"
-                   "development"
-                 else
-                   "runtime"
-                 end
+        packages += manifest
+          .locate("ItemGroup/Reference")
+          .select { |dep| dep.respond_to? "Include" }
+          .map do |dependency|
+            vals = *dependency.Include.split(",").map(&:strip)
+            name = vals.shift
+            vals = vals.to_h { |r| r.split("=", 2) }
+            Dependency.new(
+              name: name,
+              requirement: vals["Version"] || "*",
+              type: "runtime",
+              source: options.fetch(:filename, nil)
+            )
+          end
-          Dependency.new(
-            name: dependency.Include,
-            requirement: requirement,
-            type: type,
-            source: options.fetch(:filename, nil)
-          )
-        end
         packages.uniq(&:name)
       rescue StandardError
         []

data/lib/bibliothecary/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Bibliothecary
-  VERSION = "12.1.10"
+  VERSION = "12.3.0"
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 12.1.10
+  version: 12.3.0
 platform: ruby
 authors:
 - Andrew Nesbitt
 bindir: bin
 cert_chain: []
-date: 2025-05-23 00:00:00.000000000 Z
+date: 2025-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander