bibliothecary 14.0.1 → 14.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 473d02467e27047374ca2a13db7d60fa63bdb749e043eadbbc455a64b42366d3
-  data.tar.gz: 31e31e7cb80446f4a8e0e8a9ce59c4a7af8eb9d76086168a442e3eac47732495
+  metadata.gz: bded2f923188e40707913d6539d5e876d2ff0334233985528a1b4caa3e686037
+  data.tar.gz: 49f76a339d1141d4b8f0940ad4dc66eb3533773e37d288825c71685f8f78ca3e
 SHA512:
-  metadata.gz: f0de19e738a8b76dd4afdbdacfb7f008bbafe61860cea67367613e3f1eee964a08e0f672b7e7fd3b7e6afd4c05cb1342926ba935ad8928fc12b9eb9ed3006000
-  data.tar.gz: dd653fed08d2c0ca27ab9c9276f547eca550060ecbd85dddfb5bd65fa8757216f7289909a4fa0b3405cb6cf20c05b448cac539fe1668813847e54894fc26525f
+  metadata.gz: 3f9e93bbf8341d3a27b22a2661a79225ae64721f3ea63348364d215ca4b73e19bbce6b3a8409cb590851f332fc9c404b1dd18bd0c621418cd139f216e9ed509c
+  data.tar.gz: 8483dc5f0ff491a9259f909e1cc8734a2c159c408733736e50d11c71b07810e0632e00d75bc8f05b5ab342389bfa0f271b430a6ea2ab74e80b3e3fdb9f05a26c

data/CHANGELOG.md

@@ -13,6 +13,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
+## [14.0.2] - 2025-07-29
+
+### Added
+
+- Add support in Pypi parser for PEP-751's newly official "pylock.toml" lockfile
+
+### Changed
+
+- Added a regression test to ensure "file" entries in Pipfile/Pipfile.lock are considered local.
+
+### Removed
+
 ## [14.0.1] - 2025-07-24
 
 ### Changed

data/lib/bibliothecary/parsers/pypi.rb

@@ -20,6 +20,10 @@ module Bibliothecary
       # Adapted from https://peps.python.org/pep-0508/#names
       PEP_508_NAME_REGEXP = /^([A-Z0-9][A-Z0-9._-]*[A-Z0-9]|[A-Z0-9])/i
 
+      # A modified version of the regexp from the docs, to catch all cases:
+      # https://packaging.python.org/en/latest/specifications/pylock-toml/
+      PEP_751_LOCKFILE_REGEXP = /^pylock(\.[^.]+)?\.toml$/
+
       def self.mapping
         {
           match_filenames("requirements-dev.txt", "requirements/dev.txt",
@@ -72,6 +76,11 @@ module Bibliothecary
             kind: "lockfile",
             parser: :parse_poetry_lock,
           },
+          # PEP-751: official python lockfile format (https://peps.python.org/pep-0751/)
+          ->(p) { PEP_751_LOCKFILE_REGEXP.match(p) } => {
+            kind: "lockfile",
+            parser: :parser_pylock,
+          },
         }
       end
 
@@ -79,6 +88,22 @@ module Bibliothecary
       add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
       add_multi_parser(Bibliothecary::MultiParsers::Spdx)
 
+      def self.parser_pylock(file_contents, options: {})
+        lockfile = Tomlrb.parse(file_contents)
+        dependencies = lockfile["packages"].map do |d|
+          is_local = true if d.key?("archive") || d.key?("directory")
+          Dependency.new(
+            platform: platform_name,
+            name: d["name"],
+            type: "runtime",
+            source: options.fetch(:filename, nil),
+            requirement: d["version"] || "*",
+            local: is_local
+          )
+        end
+        ParserResult.new(dependencies: dependencies)
+      end
+
       def self.parse_pipfile(file_contents, options: {})
         manifest = Tomlrb.parse(file_contents)
         dependencies = map_dependencies(manifest["packages"], "runtime", options.fetch(:filename, nil)) +

data/lib/bibliothecary/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bibliothecary
-  VERSION = "14.0.1"
+  VERSION = "14.0.2"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 14.0.1
+  version: 14.0.2
 platform: ruby
 authors:
 - Andrew Nesbitt
 bindir: bin
 cert_chain: []
-date: 2025-07-24 00:00:00.000000000 Z
+date: 2025-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander