bibliothecary 12.1.6 → 12.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -2
- data/lib/bibliothecary/parsers/npm.rb +13 -10
- data/lib/bibliothecary/parsers/pub.rb +6 -5
- data/lib/bibliothecary/parsers/pypi.rb +42 -21
- data/lib/bibliothecary/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 77ce2638e657925c2ce0457675ddafea27858758ec53f68f996667eb21ac290c
|
|
4
|
+
data.tar.gz: 7027d2ce73799ee52fdb6665fbaa115d2d630676cf777a740d62fae5ffa90534
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f12ee44667a46ec862d620870f1372755efe70af26243320b785e854c37e6ed7047d0988eadbe9758a9194c32d5f85772f5b2f9d69ee2a9e19e13a9873f937a
|
|
7
|
+
data.tar.gz: 660b68966106543fbc7c8326a77ca5cc89947321dacf8f35a19aa1ee6818e4d077a1f1f0e86f1f8a7d6e52da6d377a7f8c90ac43d1b809158fe65c94dbaeb5c5
|
data/CHANGELOG.md
CHANGED
|
@@ -13,6 +13,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
13
13
|
|
|
14
14
|
### Removed
|
|
15
15
|
|
|
16
|
+
## [12.1.8] - 2025-05-16
|
|
17
|
+
|
|
18
|
+
### Added
|
|
19
|
+
|
|
20
|
+
- Support multiple requirements for a single package in poetry.lock.
|
|
21
|
+
|
|
22
|
+
### Changed
|
|
23
|
+
|
|
24
|
+
### Removed
|
|
25
|
+
|
|
26
|
+
## [12.1.7] - 2025-04-29
|
|
27
|
+
|
|
28
|
+
### Added
|
|
29
|
+
|
|
30
|
+
### Changed
|
|
31
|
+
|
|
32
|
+
- Include "source" field in Dependency objects from pub files.
|
|
33
|
+
- Include "source" field in Dependency objects from pnpm-lock.yaml files.
|
|
34
|
+
|
|
35
|
+
### Removed
|
|
36
|
+
|
|
16
37
|
## [12.1.6] - 2025-04-29
|
|
17
38
|
|
|
18
39
|
### Added
|
|
@@ -84,7 +105,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
84
105
|
|
|
85
106
|
### Added
|
|
86
107
|
|
|
87
|
-
- Populate Bibliothecary::Dependency#source field in all parsers. This makes the source field useful when consuming
|
|
108
|
+
- Populate Bibliothecary::Dependency#source field in all parsers. This makes the source field useful when consuming
|
|
88
109
|
from Bibliothecary, and removes a step from consumers having to populate this field themselves.
|
|
89
110
|
|
|
90
111
|
### Changed
|
|
@@ -127,9 +148,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
127
148
|
|
|
128
149
|
### Added
|
|
129
150
|
|
|
130
|
-
- Support parsing
|
|
151
|
+
- Support parsing \*.spdx.json files
|
|
131
152
|
|
|
132
153
|
### Changed
|
|
154
|
+
|
|
133
155
|
- `Bibliothecary::PURL_TYPE_MAPPING` has changed to `Bibliothecary::PurlUtil::PURL_TYPE_MAPPING`
|
|
134
156
|
- `Bibliothecary::MultiParsers::CycloneDX::ManifestEntries.full_name_for_purl` has changed to `Bibliothecary::PurlUtil.full_name`
|
|
135
157
|
|
|
@@ -256,7 +256,7 @@ module Bibliothecary
|
|
|
256
256
|
end
|
|
257
257
|
end
|
|
258
258
|
|
|
259
|
-
def self.parse_v5_pnpm_lock(parsed_contents,
|
|
259
|
+
def self.parse_v5_pnpm_lock(parsed_contents, source = nil)
|
|
260
260
|
dependency_mapping = parsed_contents.fetch("dependencies", {})
|
|
261
261
|
.merge(parsed_contents.fetch("devDependencies", {}))
|
|
262
262
|
|
|
@@ -283,12 +283,13 @@ module Bibliothecary
|
|
|
283
283
|
requirement: version,
|
|
284
284
|
original_name: original_name,
|
|
285
285
|
original_requirement: original_requirement,
|
|
286
|
-
type: is_dev ? "development" : "runtime"
|
|
286
|
+
type: is_dev ? "development" : "runtime",
|
|
287
|
+
source: source
|
|
287
288
|
)
|
|
288
289
|
end
|
|
289
290
|
end
|
|
290
291
|
|
|
291
|
-
def self.parse_v6_pnpm_lock(parsed_contents,
|
|
292
|
+
def self.parse_v6_pnpm_lock(parsed_contents, source = nil)
|
|
292
293
|
dependency_mapping = parsed_contents.fetch("dependencies", {})
|
|
293
294
|
.merge(parsed_contents.fetch("devDependencies", {}))
|
|
294
295
|
|
|
@@ -318,12 +319,13 @@ module Bibliothecary
|
|
|
318
319
|
requirement: version,
|
|
319
320
|
original_name: original_name,
|
|
320
321
|
original_requirement: original_requirement,
|
|
321
|
-
type: is_dev ? "development" : "runtime"
|
|
322
|
+
type: is_dev ? "development" : "runtime",
|
|
323
|
+
source: source
|
|
322
324
|
)
|
|
323
325
|
end
|
|
324
326
|
end
|
|
325
327
|
|
|
326
|
-
def self.parse_v9_pnpm_lock(parsed_contents,
|
|
328
|
+
def self.parse_v9_pnpm_lock(parsed_contents, source = nil)
|
|
327
329
|
dependencies = parsed_contents.fetch("importers", {}).fetch(".", {}).fetch("dependencies", {})
|
|
328
330
|
dev_dependencies = parsed_contents.fetch("importers", {}).fetch(".", {}).fetch("devDependencies", {})
|
|
329
331
|
dependency_mapping = dependencies.merge(dev_dependencies)
|
|
@@ -365,7 +367,8 @@ module Bibliothecary
|
|
|
365
367
|
requirement: version,
|
|
366
368
|
original_name: original_name,
|
|
367
369
|
original_requirement: original_requirement,
|
|
368
|
-
type: is_dev ? "development" : "runtime"
|
|
370
|
+
type: is_dev ? "development" : "runtime",
|
|
371
|
+
source: source
|
|
369
372
|
)
|
|
370
373
|
end
|
|
371
374
|
end
|
|
@@ -374,17 +377,17 @@ module Bibliothecary
|
|
|
374
377
|
# lockfileVersion: '9.0'
|
|
375
378
|
# lockfileVersion: '6.0'
|
|
376
379
|
# lockfileVersion: '5.4'
|
|
377
|
-
def self.parse_pnpm_lock(contents,
|
|
380
|
+
def self.parse_pnpm_lock(contents, options: {})
|
|
378
381
|
parsed = YAML.load(contents)
|
|
379
382
|
lockfile_version = parsed["lockfileVersion"].to_i
|
|
380
383
|
|
|
381
384
|
case lockfile_version
|
|
382
385
|
when 5
|
|
383
|
-
parse_v5_pnpm_lock(parsed)
|
|
386
|
+
parse_v5_pnpm_lock(parsed, options.fetch(:filename, nil))
|
|
384
387
|
when 6
|
|
385
|
-
parse_v6_pnpm_lock(parsed)
|
|
388
|
+
parse_v6_pnpm_lock(parsed, options.fetch(:filename, nil))
|
|
386
389
|
else # v9+
|
|
387
|
-
parse_v9_pnpm_lock(parsed)
|
|
390
|
+
parse_v9_pnpm_lock(parsed, options.fetch(:filename, nil))
|
|
388
391
|
end
|
|
389
392
|
end
|
|
390
393
|
|
|
@@ -22,19 +22,20 @@ module Bibliothecary
|
|
|
22
22
|
|
|
23
23
|
add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
|
|
24
24
|
|
|
25
|
-
def self.parse_yaml_manifest(file_contents, options: {})
|
|
25
|
+
def self.parse_yaml_manifest(file_contents, options: {})
|
|
26
26
|
manifest = YAML.load file_contents
|
|
27
|
-
map_dependencies(manifest, "dependencies", "runtime") +
|
|
28
|
-
map_dependencies(manifest, "dev_dependencies", "development")
|
|
27
|
+
map_dependencies(manifest, "dependencies", "runtime", options.fetch(:filename, nil)) +
|
|
28
|
+
map_dependencies(manifest, "dev_dependencies", "development", options.fetch(:filename, nil))
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
def self.parse_yaml_lockfile(file_contents, options: {})
|
|
31
|
+
def self.parse_yaml_lockfile(file_contents, options: {})
|
|
32
32
|
manifest = YAML.load file_contents
|
|
33
33
|
manifest.fetch("packages", []).map do |name, dep|
|
|
34
34
|
Dependency.new(
|
|
35
35
|
name: name,
|
|
36
36
|
requirement: dep["version"],
|
|
37
|
-
type: "runtime"
|
|
37
|
+
type: "runtime",
|
|
38
|
+
source: options.fetch(:filename, nil)
|
|
38
39
|
)
|
|
39
40
|
end
|
|
40
41
|
end
|
|
@@ -142,16 +142,31 @@ module Bibliothecary
|
|
|
142
142
|
def self.map_dependencies(packages, type, source = nil)
|
|
143
143
|
return [] unless packages
|
|
144
144
|
|
|
145
|
-
packages.
|
|
145
|
+
packages.flat_map do |name, package_info|
|
|
146
146
|
local = true if package_info.is_a?(Hash) && (package_info.key?("path") || package_info.key?("file"))
|
|
147
147
|
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
requirement
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
148
|
+
if package_info.is_a?(Array)
|
|
149
|
+
# Poetry supports multiple requirements with differing specifiers for the same
|
|
150
|
+
# package. Break these out into a separate dep per requirement.
|
|
151
|
+
# https://python-poetry.org/docs/dependency-specification/#multiple-constraints-dependencies
|
|
152
|
+
package_info.map do |info|
|
|
153
|
+
Dependency.new(
|
|
154
|
+
name: name,
|
|
155
|
+
requirement: map_requirements(info),
|
|
156
|
+
type: type,
|
|
157
|
+
source: source,
|
|
158
|
+
local: local
|
|
159
|
+
)
|
|
160
|
+
end
|
|
161
|
+
else
|
|
162
|
+
Dependency.new(
|
|
163
|
+
name: name,
|
|
164
|
+
requirement: map_requirements(package_info),
|
|
165
|
+
type: type,
|
|
166
|
+
source: source,
|
|
167
|
+
local: local
|
|
168
|
+
)
|
|
169
|
+
end
|
|
155
170
|
end
|
|
156
171
|
end
|
|
157
172
|
|
|
@@ -160,7 +175,7 @@ module Bibliothecary
|
|
|
160
175
|
if info["version"]
|
|
161
176
|
info["version"]
|
|
162
177
|
elsif info["git"]
|
|
163
|
-
"#{info['git']}##{info['ref']}"
|
|
178
|
+
"#{info['git']}##{info['ref'] || info['tag']}"
|
|
164
179
|
else
|
|
165
180
|
"*"
|
|
166
181
|
end
|
|
@@ -186,19 +201,25 @@ module Bibliothecary
|
|
|
186
201
|
deps = []
|
|
187
202
|
manifest["package"].each do |package|
|
|
188
203
|
# next if group == "_meta"
|
|
189
|
-
group = case package["category"]
|
|
190
|
-
when "dev"
|
|
191
|
-
"develop"
|
|
192
|
-
else
|
|
193
|
-
"runtime"
|
|
194
|
-
end
|
|
195
204
|
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
205
|
+
# Poetry <1.2.0 used singular "category" for kind
|
|
206
|
+
# Poetry >=1.2.0 uses plural "groups" field for kind(s)
|
|
207
|
+
package.values_at("category", "groups").flatten.compact
|
|
208
|
+
.map do |g|
|
|
209
|
+
if g == "dev"
|
|
210
|
+
"develop"
|
|
211
|
+
else
|
|
212
|
+
(g == "main" ? "runtime" : g)
|
|
213
|
+
end
|
|
214
|
+
end
|
|
215
|
+
.each do |group|
|
|
216
|
+
deps << Dependency.new(
|
|
217
|
+
name: package["name"],
|
|
218
|
+
requirement: map_requirements(package),
|
|
219
|
+
type: group,
|
|
220
|
+
source: options.fetch(:filename, nil)
|
|
221
|
+
)
|
|
222
|
+
end
|
|
202
223
|
end
|
|
203
224
|
deps
|
|
204
225
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 12.1.
|
|
4
|
+
version: 12.1.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-
|
|
10
|
+
date: 2025-05-16 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: commander
|