bibliothecary 6.8.3 → 6.8.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 631db7c6b4d1e299b186bd8491fc99ab0a6fee4b81b7224b70f1548b44d6ed09
-  data.tar.gz: 8c46571d73f5001114e4e2d880c07e03d0d4d8bc44851f1bb9eae667c83f6cc6
+  metadata.gz: 9a942d8a210e009f17a359b9ead9049423c091d9609d6d1770eb79fc47fb16d6
+  data.tar.gz: bd1f6a3f7d3652981ee46002fe3466480c9bf9d08c7dc1dbd5bffab3698e21a0
 SHA512:
-  metadata.gz: 803ac1fcc4ed177c468ab66009153c54c96c1079f397d18ef8361a5453f26cf3e51442cb58e059dcf95b2a908bf0f5d54210d9d1dbd018e1c926cdb18d28efd4
-  data.tar.gz: a288761f1e9db8fb87beca4daa1e08fed93d747192f921e7c38cc81743589f25673bfe805435f8876cadc4a4b0bf68bf948d6bbf0d3b4ea47250f9221c8d8ad4
+  metadata.gz: af583cc0c0dea0e280a3b28c30a9bbda9413331e76d1bfd0eba6908d209b43893cd2677acdb6113d498833514b0656cd57a0014f4949a48d1d276a629838acba
+  data.tar.gz: e8f49049133561c3fdfeb48d692736e407457943f19668251f75c5db93fae1276540754e7f0a6b0986f80f303e81a7df72ecb1dbf03c48f05d81b0e1f2057922

data/.ruby-version

@@ -1 +1 @@
-2.5.1
+2.6.6

data/.travis.yml

@@ -1,11 +1,10 @@
 language: ruby
 rvm:
-- 2.5.1
+- 2.6.6
 cache: bundler
 before_install:
 - gem update --system
-- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
-- gem install bundler -v '< 2'
+- gem install bundler
 script:
 - bundle exec rake spec && bundle exec codeclimate-test-reporter
 notifications:

data/bibliothecary.gemspec

@@ -28,7 +28,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "strings-ansi"
   spec.add_dependency "strings"
 
-  spec.add_development_dependency "bundler", "~> 1.11"
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rspec", "~> 3.0"

data/lib/bibliothecary/parsers/conda.rb

@@ -1,67 +1,53 @@
-require 'json'
+require "json"
 
 module Bibliothecary
   module Parsers
     class Conda
       include Bibliothecary::Analyser
-      FILE_KINDS = %w[manifest lockfile]
 
       def self.mapping
         {
           match_filename("environment.yml") => {
-            kind: FILE_KINDS
+            parser: :parse_conda,
+            kind: "manifest",
           },
           match_filename("environment.yaml") => {
-            kind: FILE_KINDS
-          }
+            parser: :parse_conda,
+            kind: "manifest",
+          },
+          match_filename("environment.yml.lock") => {
+            parser: :parse_conda_lockfile,
+            kind: "lockfile",
+          },
+          match_filename("environment.yaml.lock") => {
+            parser: :parse_conda_lockfile,
+            kind: "lockfile",
+          },
         }
       end
 
-      # Overrides Analyser.analyse_contents_from_info
-      def self.analyse_contents_from_info(info)
-        [parse_conda(info), parse_pip(info)].flatten.compact
-      rescue Bibliothecary::RemoteParsingError => e
-        Bibliothecary::Analyser::create_error_analysis(platform_name, info.relative_path, "runtime", e.message)
-      rescue Psych::SyntaxError => e
-        Bibliothecary::Analyser::create_error_analysis(platform_name, info.relative_path, "runtime", e.message)
-      end
-
-      private
-
       def self.parse_conda(info)
-        results = call_conda_parser_web(info.contents)
-        FILE_KINDS.map do |kind|
-          Bibliothecary::Analyser.create_analysis(
-            "conda",
-            info.relative_path,
-            kind,
-            results[kind.to_sym].map { |dep| dep.slice(:name, :requirement).merge(type: "runtime") }
-          )
-        end
+        dependencies = call_conda_parser_web(info, "manifest")[:manifest]
+        dependencies.map { |dep| dep.merge(type: "runtime") }
       end
 
-      def self.parse_pip(info)
-        dependencies = YAML.safe_load(info.contents)["dependencies"]
-        pip = dependencies.find { |dep| dep.is_a?(Hash) && dep["pip"]}
-        return unless pip
-
-        Bibliothecary::Analyser.create_analysis(
-          "pypi",
-          info.relative_path,
-          "manifest",
-          Pypi.parse_requirements_txt(pip["pip"].join("\n"))
-        )
+      def self.parse_conda_lockfile(info)
+        dependencies = call_conda_parser_web(info, "lockfile")[:lockfile]
+        dependencies.map { |dep| dep.merge(type: "runtime") }
       end
 
-      def self.call_conda_parser_web(file_contents)
+      private_class_method def self.call_conda_parser_web(file_contents, kind)
         host = Bibliothecary.configuration.conda_parser_host
         response = Typhoeus.post(
           "#{host}/parse",
           headers: {
-              ContentType: 'multipart/form-data'
+            ContentType: "multipart/form-data",
           },
-          # hardcoding `environment.yml` to send to `conda.libraries.io`, downside is logs will always show `environment.yml` there
-          body: {file: file_contents, filename: 'environment.yml'}
+          body: {
+            file: file_contents,
+            # Unfortunately we do not get the filename in the mapping parsers, so hardcoding the file name depending on the kind
+            filename: kind == "manifest" ? "environment.yml" : "environment.yml.lock",
+          }
         )
         raise Bibliothecary::RemoteParsingError.new("Http Error #{response.response_code} when contacting: #{host}/parse", response.response_code) unless response.success?
 

data/lib/bibliothecary/parsers/go.rb

@@ -7,12 +7,13 @@ module Bibliothecary
       include Bibliothecary::Analyser
 
       GPM_REGEXP = /^(.+)\s+(.+)$/
-      GOMOD_REGEX = /^(.+)\s+(.+)$/
-      GOMOD_IGNORABLE_REGEX = /^(module\s|require\s+\(|go\s|\))/m
+      GOMOD_REGEX = /^(require\s+)?(.+)\s+(.+)$/
+      GOMOD_IGNORABLE_REGEX = /^(\/\/|module\s|go\s|exclude\s|replace\s|require\s+\(|\))/m
       GOSUM_REGEX = /^(.+)\s+(.+)\s+(.+)$/
 
       def self.mapping
         {
+          # Go Modules (recommended)
           match_filename("go.mod") => {
             kind: 'manifest',
             parser: :parse_go_mod
@@ -21,6 +22,7 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_go_sum
           },
+          # Glide (unmaintained: https://github.com/Masterminds/glide#go-modules)
           match_filename("glide.yaml") => {
             kind: 'manifest',
             parser: :parse_glide_yaml
@@ -29,6 +31,7 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_glide_lockfile
           },
+          # Godep (unmaintained: https://github.com/tools/godep)
           match_filename("Godeps/Godeps.json") => {
             kind: 'manifest',
             parser: :parse_godep_json
@@ -37,6 +40,7 @@ module Bibliothecary
             kind: 'manifest',
             parser: :parse_gpm
           },
+          # Govendor (unmaintained: https://github.com/kardianos/govendor)
           match_filename("vendor/manifest") => {
             kind: 'manifest',
             parser: :parse_gb_manifest
@@ -45,6 +49,7 @@ module Bibliothecary
             kind: 'manifest',
             parser: :parse_govendor
           },
+          # Go dep (deprecated: https://github.com/golang/dep#dep)
           match_filename("Gopkg.toml") => {
             kind: 'manifest',
             parser: :parse_dep_toml
@@ -112,8 +117,8 @@ module Bibliothecary
           next if line.match(GOMOD_IGNORABLE_REGEX)
           if match = line.gsub(/(\/\/(.*))/, '').match(GOMOD_REGEX)
             deps << {
-              name: match[1].strip,
-              requirement: match[2].strip || '*',
+              name: match[2].strip,
+              requirement: match[3].strip || '*',
               type: 'runtime'
             }
           end

data/lib/bibliothecary/parsers/nuget.rb

@@ -16,6 +16,10 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_project_lock_json
           },
+          match_filename("packages.lock.json") => {
+            kind: 'lockfile',
+            parser: :parse_packages_lock_json
+          },
           match_filename("packages.config") => {
             kind: 'manifest',
             parser: :parse_packages_config
@@ -47,6 +51,31 @@ module Bibliothecary
         end
       end
 
+      def self.parse_packages_lock_json(file_contents)
+        manifest = JSON.parse file_contents
+
+        frameworks = {}
+        manifest.fetch('dependencies',[]).each do |framework, deps|
+          frameworks[framework] = deps.map do |name, details|
+            {
+              name: name,
+              # 'resolved' has been set in all examples so far
+              # so fallback to requested is pure paranoia
+              requirement: details.fetch('resolved', details.fetch('requested', '*')),
+              type: 'runtime'
+            }
+          end
+        end
+
+        if frameworks.size > 0
+          # we should really return multiple manifests, but bibliothecary doesn't
+          # do that yet so at least pick deterministically.
+          frameworks[frameworks.keys.sort.last]
+        else
+          []
+        end
+      end
+
       def self.parse_packages_config(file_contents)
         manifest = Ox.parse file_contents
         manifest.packages.locate('package').map do |dependency|

data/lib/bibliothecary/parsers/pypi.rb

@@ -15,6 +15,10 @@ module Bibliothecary
             parser: :parse_requirements_txt,
             can_have_lockfile: false
           },
+          match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
+            kind: 'lockfile',
+            parser: :parse_requirements_txt,
+          },
           match_filename("setup.py") => {
             kind: 'manifest',
             parser: :parse_setup_py,

data/lib/bibliothecary/version.rb

@@ -1,3 +1,3 @@
 module Bibliothecary
-  VERSION = "6.8.3"
+  VERSION = "6.8.8"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 6.8.3
+  version: 6.8.8
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-09-26 00:00:00.000000000 Z
+date: 2020-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: toml-rb
@@ -136,20 +136,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -302,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Find and parse manifests