bibliothecary 6.10.6 → 6.12.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b8ae8af99a91ccccfdaaf8a18aa03ff134856f4ff0bd3579ef0955ff28bb6b6
-  data.tar.gz: 7eeb154cbcc23edb621e3a1f332264bac5fe716d4e5026c20c072f14e60156b2
+  metadata.gz: 2069ae9ebc8043003befa27dca84ff27d7fa693a4acb954b3f25989ad0d8bd85
+  data.tar.gz: 624af9ee05fd3c218feae6e97b90413d8f2b18c26c4d22ae5242aee3df4b13aa
 SHA512:
-  metadata.gz: 4fb19ca3ce60f786ee92a013ac6cddd2b29f8400ae7f3dce1258794360f90f3afd4b9bd594e9da34c4da2b2cae5ebc8936cc288ec0341710836ef0d13bffd210
-  data.tar.gz: f9e7a66faa72e61b47dff0b73a6e80af515746a1de3e333eed4930560f2eff9519f785e303412c9774a812080a4926f317f5c8a895c9d568f768f6c78ff9f67f
+  metadata.gz: 95c98a02c2f0791386b442096c3d0d755064ca7260e13c334af1bc37f4c0654331238fc20a9a5195fe2f08f05d3d350df9dbf716d578bdb0e371252fc3f8a4d5
+  data.tar.gz: 50b89d1c78aed8ae87d141f2429e9d9a03b1ddf731524ccb1c90dcefaeb8e3c094a7090e42bfd32250a085a1a133276e1add9b70b13f4fcdcb0a213c397b5807

data/.circleci/config.yml

@@ -0,0 +1,28 @@
+version: 2.1
+orbs:
+  ruby: circleci/ruby@0.1.2
+
+jobs:
+  test:
+    docker:
+      - image: circleci/ruby:2.6.6-stretch-node
+    executor: ruby/default
+    steps:
+    - checkout
+    - run:
+        name: Which bundler?
+        command: bundle -v
+    - ruby/bundle-install
+    - run:
+        name: Run specs
+        command: bundle exec rake spec
+    - run:
+        name: CodeClimate
+        command: bundle exec codeclimate-test-reporter
+
+workflows:
+  version: 2.1
+  test:
+    jobs:
+      - test
+

data/README.md

@@ -88,6 +88,7 @@ All available config options are in: https://github.com/librariesio/bibliothecar
   - *.nuspec
   - paket.lock
   - *.csproj
+  - project.assets.json
 - Bower
   - bower.json
 - CPAN

data/lib/bibliothecary.rb

@@ -21,8 +21,8 @@ module Bibliothecary
     runner.load_file_list(path)
   end
 
-  def self.init_package_manager(info)
-    runner.init_package_manager(info)
+  def self.applicable_package_managers(info)
+    runner.applicable_package_managers(info)
   end
 
   def self.load_file_info_list(path)
@@ -63,6 +63,8 @@ module Bibliothecary
 
   class << self
     attr_writer :configuration
+    alias analyze analyse
+    alias analyze_file analyse_file
   end
 
   def self.runner

data/lib/bibliothecary/analyser.rb

@@ -101,6 +101,7 @@ module Bibliothecary
       def analyse(folder_path, file_list)
         analyse_file_info(file_list.map { |full_path| FileInfo.new(folder_path, full_path) })
       end
+      alias analyze analyse
 
       def analyse_file_info(file_info_list)
         matching_info = file_info_list
@@ -111,10 +112,12 @@ module Bibliothecary
             .merge(related_paths: related_paths(info, matching_info))
         end
       end
+      alias analyze_file_info analyse_file_info
 
       def analyse_contents(filename, contents)
         analyse_contents_from_info(FileInfo.new(nil, filename, contents))
       end
+      alias analyze_contents analyse_contents
 
       def analyse_contents_from_info(info)
         # If your Parser needs to return multiple responses for one file, please override this method
@@ -126,6 +129,7 @@ module Bibliothecary
       rescue Bibliothecary::FileParsingError => e
         Bibliothecary::Analyser::create_error_analysis(platform_name, info.relative_path, kind, e.message)
       end
+      alias analyze_contents_from_info analyse_contents_from_info
 
       # calling this with contents=nil can produce less-informed
       # results, but kept for back compat

data/lib/bibliothecary/parsers/conda.rb

@@ -26,14 +26,13 @@ module Bibliothecary
         }
       end
 
-      def self.parse_conda(info)
-        dependencies = call_conda_parser_web(info, "manifest")[:manifest]
+      def self.parse_conda(info, kind = "manifest")
+        dependencies = call_conda_parser_web(info, kind)[kind.to_sym]
         dependencies.map { |dep| dep.merge(type: "runtime") }
       end
 
       def self.parse_conda_lockfile(info)
-        dependencies = call_conda_parser_web(info, "lockfile")[:lockfile]
-        dependencies.map { |dep| dep.merge(type: "runtime") }
+        parse_conda(info, "lockfile")
       end
 
       private_class_method def self.call_conda_parser_web(file_contents, kind)

data/lib/bibliothecary/parsers/maven.rb

@@ -205,8 +205,8 @@ module Bibliothecary
         json = JSON.parse(response.body)
         return [] unless json['dependencies']
         json['dependencies'].map do |dependency|
-          name = [dependency["group"], dependency["name"]].join(':')
-          next unless name =~ (/[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+(\.[A-Za-z0-9_-])?\:[A-Za-z0-9_-]/)
+          name = gradle_dependency_name(dependency["group"], dependency["name"])
+          next unless name =~ /[\w-]+\.[\w_-]+(\.[\w-])?\:[\w-]/
           {
             name: name,
             requirement: dependency["version"],
@@ -215,6 +215,20 @@ module Bibliothecary
         end.compact
       end
 
+      def self.gradle_dependency_name(group, name)
+        if group.empty? && name.include?(":")
+          group, name = name.split(":", 2)
+        end
+
+        # Strip comments, and single/doublequotes
+        [group, name].map do |part|
+          part
+            .gsub(/\s*\/\/.*$/, "") # Comments
+            .gsub(/^["']/, "") # Beginning single/doublequotes
+            .gsub(/["']$/, "") # Ending single/doublequotes
+        end.join(":")
+      end
+
       def self.extract_pom_info(xml, location, parent_properties = {})
         extract_pom_dep_info(xml, xml, location, parent_properties)
       end
@@ -224,6 +238,7 @@ module Bibliothecary
         return nil if field.nil?
 
         value = field.nodes.first
+        value = value.value if value.is_a?(Ox::CData)
         match = value&.match(MAVEN_PROPERTY_REGEX)
         if match
           return extract_property(xml, match[1], value, parent_properties)

data/lib/bibliothecary/parsers/nuget.rb

@@ -35,7 +35,11 @@ module Bibliothecary
           match_filename("paket.lock") => {
             kind: 'lockfile',
             parser: :parse_paket_lock
-          }
+          },
+          match_filename("project.assets.json") => {
+            kind: 'lockfile',
+            parser: :parse_project_assets_json
+          },
         }
       end
 
@@ -137,6 +141,34 @@ module Bibliothecary
         # we only have to enforce uniqueness by name because paket ensures that there is only the single version globally in the project
         packages.uniq {|package| package[:name] }
       end
+
+      def self.parse_project_assets_json(file_contents)
+        manifest = JSON.parse file_contents
+
+        frameworks = {}
+        manifest.fetch("targets",[]).each do |framework, deps|
+          frameworks[framework] = deps
+                                    .select { |name, details| details["type"] == "package" }
+                                    .map do |name, details|
+            name_split = name.split("/")
+            {
+              name: name_split[0],
+              requirement: name_split[1],
+              type: "runtime"
+            }
+          end
+        end
+
+        if frameworks.size > 0
+          # we should really return multiple manifests, but bibliothecary doesn't
+          # do that yet so at least pick deterministically.
+
+          # Note, frameworks can be empty, so remove empty ones and then return the last sorted item if any
+          frameworks = frameworks.delete_if { |k, v| v.empty? }
+          return frameworks[frameworks.keys.sort.last] unless frameworks.empty?
+        end
+        []
+      end
     end
   end
 end

data/lib/bibliothecary/parsers/pypi.rb

@@ -39,7 +39,24 @@ module Bibliothecary
           match_filename("poetry.lock") => {
             kind: 'lockfile',
             parser: :parse_poetry_lock
-          }
+          },
+          # Pip dependencies can be embedded in conda environment files
+          match_filename("environment.yml") => {
+            parser: :parse_conda,
+            kind: "manifest",
+          },
+          match_filename("environment.yaml") => {
+            parser: :parse_conda,
+            kind: "manifest",
+          },
+          match_filename("environment.yml.lock") => {
+            parser: :parse_conda,
+            kind: "lockfile",
+          },
+          match_filename("environment.yaml.lock") => {
+            parser: :parse_conda,
+            kind: "lockfile",
+          },
         }
       end
 
@@ -53,6 +70,17 @@ module Bibliothecary
         map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
       end
 
+      def self.parse_conda(file_contents)
+        contents = YAML.safe_load(file_contents)
+        return [] unless contents
+
+        dependencies = contents["dependencies"]
+        pip = dependencies.find { |dep| dep.is_a?(Hash) && dep["pip"]}
+        return [] unless pip
+
+        Pypi.parse_requirements_txt(pip["pip"].join("\n"))
+      end
+
       def self.map_dependencies(packages, type)
         return [] unless packages
         packages.map do |name, info|

data/lib/bibliothecary/runner.rb

@@ -26,20 +26,16 @@ module Bibliothecary
 
       analyses
     end
+    alias analyze analyse
 
     # deprecated; use load_file_info_list.
     def load_file_list(path)
       load_file_info_list(path).map { |info| info.full_path }
     end
 
-    def init_package_manager(info)
-      # set the package manager on each info
-      matches = package_managers.select { |pm| pm.match_info?(info) }
-
-      info.package_manager = matches[0] if matches.length == 1
-
-      # this is a bug at the moment if it's raised (we don't handle it sensibly)
-      raise "Multiple package managers fighting over #{info.relative_path}: #{matches.map(&:to_s)}" if matches.length > 1
+    def applicable_package_managers(info)
+      managers = package_managers.select { |pm| pm.match_info?(info) }
+      managers.length > 0 ? managers : [nil]
     end
 
     def package_managers
@@ -48,29 +44,41 @@ module Bibliothecary
 
     def load_file_info_list_from_paths(paths)
       file_list = []
+
       paths.each do |path|
         info = FileInfo.new(nil, path)
 
         next if ignored_files.include?(info.relative_path)
 
-        init_package_manager(info)
-        file_list.push(info)
+        applicable_package_managers(info).each do |package_manager|
+          file = info.dup
+          file.package_manager = package_manager
+
+          file_list.push(file)
+        end
       end
+
       file_list
     end
 
     def load_file_info_list(path)
       file_list = []
+
       Find.find(path) do |subpath|
         info = FileInfo.new(path, subpath)
+
         Find.prune if FileTest.directory?(subpath) && ignored_dirs.include?(info.relative_path)
         next unless FileTest.file?(subpath)
         next if ignored_files.include?(info.relative_path)
 
-        init_package_manager(info)
+        applicable_package_managers(info).each do |package_manager|
+          file = info.dup
+          file.package_manager = package_manager
 
-        file_list.push(info)
+          file_list.push(file)
+        end
       end
+
       file_list
     end
 
@@ -87,6 +95,7 @@ module Bibliothecary
         pm.analyse_contents(file_path, contents)
       end.flatten.uniq.compact
     end
+    alias analyze_file analyse_file
 
     # this skips manifests sometimes because it doesn't look at file
     # contents and can't establish from only regexes that the thing

data/lib/bibliothecary/version.rb

@@ -1,3 +1,3 @@
 module Bibliothecary
-  VERSION = "6.10.6"
+  VERSION = "6.12.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 6.10.6
+  version: 6.12.2
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-06 00:00:00.000000000 Z
+date: 2021-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: toml-rb
@@ -216,6 +216,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".codeclimate.yml"
 - ".github/CONTRIBUTING.md"
 - ".gitignore"