bibliothecary 14.0.0 → 14.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9a3de29330d7e021cacaf0e4533ad7e0f32f3d904b1a3d7972a0b47839fd003
-  data.tar.gz: f69421671f4cd8415fb5dfa19195c903991b3eeb8174dddfe7b6fa33bf4fddd2
+  metadata.gz: bded2f923188e40707913d6539d5e876d2ff0334233985528a1b4caa3e686037
+  data.tar.gz: 49f76a339d1141d4b8f0940ad4dc66eb3533773e37d288825c71685f8f78ca3e
 SHA512:
-  metadata.gz: 7108853a7c073ab5b70d70932ce035d1b789502d86dcae3c797c294ec4ef6493b7684ad4eb4747824f75c040f02a1947027e6402f300f99243aed2c5c20faa7a
-  data.tar.gz: c2d490660288a54ef31c14dff0a8857c86dcc82c6e6cd49c203bfe6b4b66fcf5d029400ab442d8c1267b3cc4cff54dc431af189a17ae47f42a62779ad9acf13d
+  metadata.gz: 3f9e93bbf8341d3a27b22a2661a79225ae64721f3ea63348364d215ca4b73e19bbce6b3a8409cb590851f332fc9c404b1dd18bd0c621418cd139f216e9ed509c
+  data.tar.gz: 8483dc5f0ff491a9259f909e1cc8734a2c159c408733736e50d11c71b07810e0632e00d75bc8f05b5ab342389bfa0f271b430a6ea2ab74e80b3e3fdb9f05a26c

data/CHANGELOG.md

@@ -13,6 +13,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
+## [14.0.2] - 2025-07-29
+
+### Added
+
+- Add support in Pypi parser for PEP-751's newly official "pylock.toml" lockfile
+
+### Changed
+
+- Added a regression test to ensure "file" entries in Pipfile/Pipfile.lock are considered local.
+
+### Removed
+
+## [14.0.1] - 2025-07-24
+
+### Changed
+
+- Bugfix: implement Bibliothecary::ParserResult in SPDX parser too, and add an integration test.
+
 ## [14.0.0] - 2025-07-24
 
 ### Added

data/lib/bibliothecary/analyser/analysis.rb

@@ -41,7 +41,7 @@ module Bibliothecary
         # For example see conda.rb
         kind = determine_kind_from_info(info)
         parser_result = parse_file(info.relative_path, info.contents, options: options)
-        parser_result = ParserResult.new if parser_result.nil? # work around any legacy parsers that return nil
+        parser_result = ParserResult.new(dependencies: []) if parser_result.nil? # work around any legacy parsers that return nil
 
         Bibliothecary::Analyser.create_analysis(platform_name, info.relative_path, kind, parser_result)
       rescue Bibliothecary::FileParsingError => e

data/lib/bibliothecary/multi_parsers/cyclonedx.rb

@@ -106,7 +106,7 @@ module Bibliothecary
           component["purl"]
         end
 
-        ParserResult.new(dependencies: entries[platform_name.to_sym])
+        ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
       end
 
       def parse_cyclonedx_xml(file_contents, options: {})
@@ -131,7 +131,7 @@ module Bibliothecary
           component.locate("purl").first&.text
         end
 
-        ParserResult.new(dependencies: entries[platform_name.to_sym])
+        ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
       end
     end
   end

data/lib/bibliothecary/multi_parsers/spdx.rb

@@ -50,7 +50,7 @@ module Bibliothecary
 
         raise NoEntries if entries.empty?
 
-        entries[platform_name.to_sym]
+        Bibliothecary::ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
       end
 
       def parse_spdx_tag_value_file_contents(file_contents, source = nil)
@@ -104,7 +104,7 @@ module Bibliothecary
 
         raise NoEntries if entries.empty?
 
-        entries[platform_name.to_sym]
+        Bibliothecary::ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
       end
 
       def parse_spdx_json_file_contents(file_contents, source = nil)

data/lib/bibliothecary/parsers/pypi.rb

@@ -20,6 +20,10 @@ module Bibliothecary
       # Adapted from https://peps.python.org/pep-0508/#names
       PEP_508_NAME_REGEXP = /^([A-Z0-9][A-Z0-9._-]*[A-Z0-9]|[A-Z0-9])/i
 
+      # A modified version of the regexp from the docs, to catch all cases:
+      # https://packaging.python.org/en/latest/specifications/pylock-toml/
+      PEP_751_LOCKFILE_REGEXP = /^pylock(\.[^.]+)?\.toml$/
+
       def self.mapping
         {
           match_filenames("requirements-dev.txt", "requirements/dev.txt",
@@ -72,6 +76,11 @@ module Bibliothecary
             kind: "lockfile",
             parser: :parse_poetry_lock,
           },
+          # PEP-751: official python lockfile format (https://peps.python.org/pep-0751/)
+          ->(p) { PEP_751_LOCKFILE_REGEXP.match(p) } => {
+            kind: "lockfile",
+            parser: :parser_pylock,
+          },
         }
       end
 
@@ -79,6 +88,22 @@ module Bibliothecary
       add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
       add_multi_parser(Bibliothecary::MultiParsers::Spdx)
 
+      def self.parser_pylock(file_contents, options: {})
+        lockfile = Tomlrb.parse(file_contents)
+        dependencies = lockfile["packages"].map do |d|
+          is_local = true if d.key?("archive") || d.key?("directory")
+          Dependency.new(
+            platform: platform_name,
+            name: d["name"],
+            type: "runtime",
+            source: options.fetch(:filename, nil),
+            requirement: d["version"] || "*",
+            local: is_local
+          )
+        end
+        ParserResult.new(dependencies: dependencies)
+      end
+
       def self.parse_pipfile(file_contents, options: {})
         manifest = Tomlrb.parse(file_contents)
         dependencies = map_dependencies(manifest["packages"], "runtime", options.fetch(:filename, nil)) +

data/lib/bibliothecary/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bibliothecary
-  VERSION = "14.0.0"
+  VERSION = "14.0.2"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 14.0.0
+  version: 14.0.2
 platform: ruby
 authors:
 - Andrew Nesbitt
 bindir: bin
 cert_chain: []
-date: 2025-07-24 00:00:00.000000000 Z
+date: 2025-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander