bibliothecary 6.8.4 → 6.8.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +2 -3
- data/bibliothecary.gemspec +0 -1
- data/lib/bibliothecary/parsers/conda.rb +2 -2
- data/lib/bibliothecary/parsers/go.rb +9 -4
- data/lib/bibliothecary/parsers/maven.rb +116 -0
- data/lib/bibliothecary/parsers/nuget.rb +29 -0
- data/lib/bibliothecary/parsers/pypi.rb +4 -0
- data/lib/bibliothecary/version.rb +1 -1
- metadata +3 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c655fc14eb58f419b202c25b3b28d22f041c840ceda3d527aaf21b122d5663fe
|
4
|
+
data.tar.gz: 43b452b2ec6411d409aff5a479fd3d89d2bdf7eeb253b253b5a76849b8990b1a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 921763c07b4ae50a14a905e5eed87a558631495500150ac732763a9456b081007b6e05dac4eabfec13f06ed3d3a6b38cdc30436e828204f389a627ab64fbc38b
|
7
|
+
data.tar.gz: daf4e977c0c46daec88c6e9cfc0dd41b0e4ce842266716bb40aa3da10effcd5d5ee291ca034f1509f8e0233bd4a6e08ed6ab00896f7cfe4dd66ca5bbe2a859d3
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.6.6
|
data/.travis.yml
CHANGED
@@ -1,11 +1,10 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
|
-
- 2.
|
3
|
+
- 2.6.6
|
4
4
|
cache: bundler
|
5
5
|
before_install:
|
6
6
|
- gem update --system
|
7
|
-
- gem
|
8
|
-
- gem install bundler -v '< 2'
|
7
|
+
- gem install bundler
|
9
8
|
script:
|
10
9
|
- bundle exec rake spec && bundle exec codeclimate-test-reporter
|
11
10
|
notifications:
|
data/bibliothecary.gemspec
CHANGED
@@ -28,7 +28,6 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.add_dependency "strings-ansi"
|
29
29
|
spec.add_dependency "strings"
|
30
30
|
|
31
|
-
spec.add_development_dependency "bundler", "~> 1.11"
|
32
31
|
spec.add_development_dependency "pry"
|
33
32
|
spec.add_development_dependency "rake", "~> 12.0"
|
34
33
|
spec.add_development_dependency "rspec", "~> 3.0"
|
@@ -27,12 +27,12 @@ module Bibliothecary
|
|
27
27
|
end
|
28
28
|
|
29
29
|
def self.parse_conda(info)
|
30
|
-
dependencies = call_conda_parser_web(info,
|
30
|
+
dependencies = call_conda_parser_web(info, "manifest")[:manifest]
|
31
31
|
dependencies.map { |dep| dep.merge(type: "runtime") }
|
32
32
|
end
|
33
33
|
|
34
34
|
def self.parse_conda_lockfile(info)
|
35
|
-
dependencies = call_conda_parser_web(info,
|
35
|
+
dependencies = call_conda_parser_web(info, "lockfile")[:lockfile]
|
36
36
|
dependencies.map { |dep| dep.merge(type: "runtime") }
|
37
37
|
end
|
38
38
|
|
@@ -7,12 +7,13 @@ module Bibliothecary
|
|
7
7
|
include Bibliothecary::Analyser
|
8
8
|
|
9
9
|
GPM_REGEXP = /^(.+)\s+(.+)$/
|
10
|
-
GOMOD_REGEX = /^(.+)\s+(.+)$/
|
11
|
-
GOMOD_IGNORABLE_REGEX = /^(module\s|require\s+\(
|
10
|
+
GOMOD_REGEX = /^(require\s+)?(.+)\s+(.+)$/
|
11
|
+
GOMOD_IGNORABLE_REGEX = /^(\/\/|module\s|go\s|exclude\s|replace\s|require\s+\(|\))/m
|
12
12
|
GOSUM_REGEX = /^(.+)\s+(.+)\s+(.+)$/
|
13
13
|
|
14
14
|
def self.mapping
|
15
15
|
{
|
16
|
+
# Go Modules (recommended)
|
16
17
|
match_filename("go.mod") => {
|
17
18
|
kind: 'manifest',
|
18
19
|
parser: :parse_go_mod
|
@@ -21,6 +22,7 @@ module Bibliothecary
|
|
21
22
|
kind: 'lockfile',
|
22
23
|
parser: :parse_go_sum
|
23
24
|
},
|
25
|
+
# Glide (unmaintained: https://github.com/Masterminds/glide#go-modules)
|
24
26
|
match_filename("glide.yaml") => {
|
25
27
|
kind: 'manifest',
|
26
28
|
parser: :parse_glide_yaml
|
@@ -29,6 +31,7 @@ module Bibliothecary
|
|
29
31
|
kind: 'lockfile',
|
30
32
|
parser: :parse_glide_lockfile
|
31
33
|
},
|
34
|
+
# Godep (unmaintained: https://github.com/tools/godep)
|
32
35
|
match_filename("Godeps/Godeps.json") => {
|
33
36
|
kind: 'manifest',
|
34
37
|
parser: :parse_godep_json
|
@@ -37,6 +40,7 @@ module Bibliothecary
|
|
37
40
|
kind: 'manifest',
|
38
41
|
parser: :parse_gpm
|
39
42
|
},
|
43
|
+
# Govendor (unmaintained: https://github.com/kardianos/govendor)
|
40
44
|
match_filename("vendor/manifest") => {
|
41
45
|
kind: 'manifest',
|
42
46
|
parser: :parse_gb_manifest
|
@@ -45,6 +49,7 @@ module Bibliothecary
|
|
45
49
|
kind: 'manifest',
|
46
50
|
parser: :parse_govendor
|
47
51
|
},
|
52
|
+
# Go dep (deprecated: https://github.com/golang/dep#dep)
|
48
53
|
match_filename("Gopkg.toml") => {
|
49
54
|
kind: 'manifest',
|
50
55
|
parser: :parse_dep_toml
|
@@ -112,8 +117,8 @@ module Bibliothecary
|
|
112
117
|
next if line.match(GOMOD_IGNORABLE_REGEX)
|
113
118
|
if match = line.gsub(/(\/\/(.*))/, '').match(GOMOD_REGEX)
|
114
119
|
deps << {
|
115
|
-
name: match[
|
116
|
-
requirement: match[
|
120
|
+
name: match[2].strip,
|
121
|
+
requirement: match[3].strip || '*',
|
117
122
|
type: 'runtime'
|
118
123
|
}
|
119
124
|
end
|
@@ -15,6 +15,21 @@ module Bibliothecary
|
|
15
15
|
MAVEN_PROPERTY_REGEX = /\$\{(.+?)\}/
|
16
16
|
MAX_DEPTH = 5
|
17
17
|
|
18
|
+
# e.g. "[info] test:"
|
19
|
+
SBT_TYPE_REGEX = /^\[info\]\s+([-\w]+):$/
|
20
|
+
|
21
|
+
# e.g. "[info] org.typelevel:spire-util_2.12"
|
22
|
+
SBT_DEP_REGEX = /^\[info\]\s+(.+)$/
|
23
|
+
|
24
|
+
# e.g. "[info] - 1.7.5"
|
25
|
+
SBT_VERSION_REGEX = /^\[info\]\s+-\s+(.+)$/
|
26
|
+
|
27
|
+
# e.g. "[info] homepage: http://www.slf4j.org"
|
28
|
+
SBT_FIELD_REGEX = /^\[info\]\s+([^:]+):\s+(.+)$/
|
29
|
+
|
30
|
+
# e.g. "[info] "
|
31
|
+
SBT_IGNORE_REGEX = /^\[info\]\s*$/
|
32
|
+
|
18
33
|
def self.mapping
|
19
34
|
{
|
20
35
|
match_filename("ivy.xml", case_insensitive: true) => {
|
@@ -41,6 +56,10 @@ module Bibliothecary
|
|
41
56
|
match_filename("maven-resolved-dependencies.txt", case_insensitive: true) => {
|
42
57
|
kind: 'lockfile',
|
43
58
|
parser: :parse_maven_resolved
|
59
|
+
},
|
60
|
+
match_filename("sbt-update-full.txt", case_insensitive: true) => {
|
61
|
+
kind: 'lockfile',
|
62
|
+
parser: :parse_sbt_update_full
|
44
63
|
}
|
45
64
|
}
|
46
65
|
end
|
@@ -227,6 +246,103 @@ module Bibliothecary
|
|
227
246
|
xml.locate("parent/#{non_prop_name}").first.nodes.first
|
228
247
|
end
|
229
248
|
end
|
249
|
+
|
250
|
+
def self.parse_sbt_update_full(file_contents)
|
251
|
+
all_deps = []
|
252
|
+
type = nil
|
253
|
+
lines = file_contents.split("\n")
|
254
|
+
while lines.any?
|
255
|
+
line = lines.shift
|
256
|
+
|
257
|
+
type_match = SBT_TYPE_REGEX.match(line)
|
258
|
+
next unless type_match
|
259
|
+
type = type_match.captures[0]
|
260
|
+
|
261
|
+
deps = parse_sbt_deps(type, lines)
|
262
|
+
all_deps.concat(deps)
|
263
|
+
end
|
264
|
+
|
265
|
+
# strip out evicted dependencies
|
266
|
+
all_deps.select! do |dep|
|
267
|
+
dep[:fields]["evicted"] != "true"
|
268
|
+
end
|
269
|
+
|
270
|
+
# in the future, we could use "callers" in the fields to
|
271
|
+
# decide which deps are direct root deps and which are
|
272
|
+
# pulled in by another dep. The direct deps have the sbt
|
273
|
+
# project name as a caller.
|
274
|
+
|
275
|
+
# clean out any duplicates (I'm pretty sure sbt will have done this for
|
276
|
+
# us so this is paranoia, basically)
|
277
|
+
squished = all_deps.compact.uniq {|item| [item[:name], item[:requirement], item[:type]]}
|
278
|
+
|
279
|
+
# get rid of the fields
|
280
|
+
squished.each do |dep|
|
281
|
+
dep.delete(:fields)
|
282
|
+
end
|
283
|
+
|
284
|
+
return squished
|
285
|
+
end
|
286
|
+
|
287
|
+
def self.parse_sbt_deps(type, lines)
|
288
|
+
deps = []
|
289
|
+
while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
|
290
|
+
line = lines.shift
|
291
|
+
|
292
|
+
next if SBT_IGNORE_REGEX.match(line)
|
293
|
+
|
294
|
+
dep_match = SBT_DEP_REGEX.match(line)
|
295
|
+
if dep_match
|
296
|
+
versions = parse_sbt_versions(type, dep_match.captures[0], lines)
|
297
|
+
deps.concat(versions)
|
298
|
+
else
|
299
|
+
lines.unshift(line)
|
300
|
+
break
|
301
|
+
end
|
302
|
+
end
|
303
|
+
|
304
|
+
deps
|
305
|
+
end
|
306
|
+
|
307
|
+
def self.parse_sbt_versions(type, name, lines)
|
308
|
+
versions = []
|
309
|
+
while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
|
310
|
+
line = lines.shift
|
311
|
+
|
312
|
+
version_match = SBT_VERSION_REGEX.match(line)
|
313
|
+
if version_match
|
314
|
+
versions.push(parse_sbt_version(type, name, version_match.captures[0], lines))
|
315
|
+
else
|
316
|
+
lines.unshift(line)
|
317
|
+
break
|
318
|
+
end
|
319
|
+
end
|
320
|
+
|
321
|
+
versions
|
322
|
+
end
|
323
|
+
|
324
|
+
def self.parse_sbt_version(type, name, version, lines)
|
325
|
+
fields = {}
|
326
|
+
while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
|
327
|
+
line = lines.shift
|
328
|
+
|
329
|
+
field_match = SBT_FIELD_REGEX.match(line)
|
330
|
+
if field_match
|
331
|
+
fields[field_match.captures[0]] = field_match.captures[1]
|
332
|
+
else
|
333
|
+
lines.unshift(line)
|
334
|
+
break
|
335
|
+
end
|
336
|
+
end
|
337
|
+
|
338
|
+
{
|
339
|
+
name: name,
|
340
|
+
requirement: version,
|
341
|
+
type: type,
|
342
|
+
# we post-process using some of these fields and then delete them again
|
343
|
+
fields: fields
|
344
|
+
}
|
345
|
+
end
|
230
346
|
end
|
231
347
|
end
|
232
348
|
end
|
@@ -16,6 +16,10 @@ module Bibliothecary
|
|
16
16
|
kind: 'lockfile',
|
17
17
|
parser: :parse_project_lock_json
|
18
18
|
},
|
19
|
+
match_filename("packages.lock.json") => {
|
20
|
+
kind: 'lockfile',
|
21
|
+
parser: :parse_packages_lock_json
|
22
|
+
},
|
19
23
|
match_filename("packages.config") => {
|
20
24
|
kind: 'manifest',
|
21
25
|
parser: :parse_packages_config
|
@@ -47,6 +51,31 @@ module Bibliothecary
|
|
47
51
|
end
|
48
52
|
end
|
49
53
|
|
54
|
+
def self.parse_packages_lock_json(file_contents)
|
55
|
+
manifest = JSON.parse file_contents
|
56
|
+
|
57
|
+
frameworks = {}
|
58
|
+
manifest.fetch('dependencies',[]).each do |framework, deps|
|
59
|
+
frameworks[framework] = deps.map do |name, details|
|
60
|
+
{
|
61
|
+
name: name,
|
62
|
+
# 'resolved' has been set in all examples so far
|
63
|
+
# so fallback to requested is pure paranoia
|
64
|
+
requirement: details.fetch('resolved', details.fetch('requested', '*')),
|
65
|
+
type: 'runtime'
|
66
|
+
}
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
if frameworks.size > 0
|
71
|
+
# we should really return multiple manifests, but bibliothecary doesn't
|
72
|
+
# do that yet so at least pick deterministically.
|
73
|
+
frameworks[frameworks.keys.sort.last]
|
74
|
+
else
|
75
|
+
[]
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
50
79
|
def self.parse_packages_config(file_contents)
|
51
80
|
manifest = Ox.parse file_contents
|
52
81
|
manifest.packages.locate('package').map do |dependency|
|
@@ -15,6 +15,10 @@ module Bibliothecary
|
|
15
15
|
parser: :parse_requirements_txt,
|
16
16
|
can_have_lockfile: false
|
17
17
|
},
|
18
|
+
match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
|
19
|
+
kind: 'lockfile',
|
20
|
+
parser: :parse_requirements_txt,
|
21
|
+
},
|
18
22
|
match_filename("setup.py") => {
|
19
23
|
kind: 'manifest',
|
20
24
|
parser: :parse_setup_py,
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bibliothecary
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.8.
|
4
|
+
version: 6.8.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Nesbitt
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: toml-rb
|
@@ -136,20 +136,6 @@ dependencies:
|
|
136
136
|
- - ">="
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: '0'
|
139
|
-
- !ruby/object:Gem::Dependency
|
140
|
-
name: bundler
|
141
|
-
requirement: !ruby/object:Gem::Requirement
|
142
|
-
requirements:
|
143
|
-
- - "~>"
|
144
|
-
- !ruby/object:Gem::Version
|
145
|
-
version: '1.11'
|
146
|
-
type: :development
|
147
|
-
prerelease: false
|
148
|
-
version_requirements: !ruby/object:Gem::Requirement
|
149
|
-
requirements:
|
150
|
-
- - "~>"
|
151
|
-
- !ruby/object:Gem::Version
|
152
|
-
version: '1.11'
|
153
139
|
- !ruby/object:Gem::Dependency
|
154
140
|
name: pry
|
155
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -302,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
302
288
|
- !ruby/object:Gem::Version
|
303
289
|
version: '0'
|
304
290
|
requirements: []
|
305
|
-
rubygems_version: 3.0.
|
291
|
+
rubygems_version: 3.0.3
|
306
292
|
signing_key:
|
307
293
|
specification_version: 4
|
308
294
|
summary: Find and parse manifests
|