bibliothecary 6.8.5 → 6.8.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b00a34285513502c8c94856b5007690cce35559d408ffec8f547f53167aa14ad
-  data.tar.gz: eee3030fc92c68909846803965ba632f0f28fdad103b9c4980016f43befde1b9
+  metadata.gz: 0e741631279743ce1c101374e150651f3e234754a303b988c4c01a14e8ac384e
+  data.tar.gz: 7cd1e774a59ae18e9810340b2da990d973d05c26e0fe1cc0778ffbec9cdb8d24
 SHA512:
-  metadata.gz: e7b10656917256013931bfe3798c479b6eb2e7146d3a55dfb6d7b2227dff5512939026ee28f129f7d803c05155bee26af9490938f142233f2ca9c053be2e6e85
-  data.tar.gz: 5c5f7232d4acd3e502d012e9a48835366dcdfd7af7f2b8ee56e75defdc7731e5a5b67e98c7318769d8d72500e42d0eec2f51feefec94c75b4ef53c387957e6d1
+  metadata.gz: 3a17720851d21d2f9289e9342a750d535c38b55cc4e1c58202855b557d7d52e46adcc768b0f629d6f4ff8104a7b954760a6f966fe48e1bee610efa28645f2cbe
+  data.tar.gz: e11348d1eaf3b9fa87e50ad20c307845e5ece4b51cc09b032dd392927e986ade478a2d5c46b71b94ec005ca4048bedc927389dad5790b4f609aa62749d04547b

data/.ruby-version

@@ -1 +1 @@
-2.5.1
+2.6.6

data/.travis.yml

@@ -1,11 +1,10 @@
 language: ruby
 rvm:
-- 2.5.1
+- 2.6.6
 cache: bundler
 before_install:
 - gem update --system
-- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
-- gem install bundler -v '< 2'
+- gem install bundler
 script:
 - bundle exec rake spec && bundle exec codeclimate-test-reporter
 notifications:

data/bibliothecary.gemspec

@@ -28,7 +28,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "strings-ansi"
   spec.add_dependency "strings"
 
-  spec.add_development_dependency "bundler", "~> 1.11"
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rspec", "~> 3.0"

data/lib/bibliothecary/parsers/conda.rb

@@ -27,12 +27,12 @@ module Bibliothecary
       end
 
       def self.parse_conda(info)
-        dependencies = call_conda_parser_web(info, :manifest)[:manifest]
+        dependencies = call_conda_parser_web(info, "manifest")[:manifest]
         dependencies.map { |dep| dep.merge(type: "runtime") }
       end
 
       def self.parse_conda_lockfile(info)
-        dependencies = call_conda_parser_web(info, :lockfile)[:lockfile]
+        dependencies = call_conda_parser_web(info, "lockfile")[:lockfile]
         dependencies.map { |dep| dep.merge(type: "runtime") }
       end
 

data/lib/bibliothecary/parsers/go.rb

@@ -7,12 +7,13 @@ module Bibliothecary
       include Bibliothecary::Analyser
 
       GPM_REGEXP = /^(.+)\s+(.+)$/
-      GOMOD_REGEX = /^(.+)\s+(.+)$/
-      GOMOD_IGNORABLE_REGEX = /^(module\s|require\s+\(|go\s|\))/m
+      GOMOD_REGEX = /^(require\s+)?(.+)\s+(.+)$/
+      GOMOD_IGNORABLE_REGEX = /^(\/\/|module\s|go\s|exclude\s|replace\s|require\s+\(|\))/m
       GOSUM_REGEX = /^(.+)\s+(.+)\s+(.+)$/
 
       def self.mapping
         {
+          # Go Modules (recommended)
           match_filename("go.mod") => {
             kind: 'manifest',
             parser: :parse_go_mod
@@ -21,6 +22,7 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_go_sum
           },
+          # Glide (unmaintained: https://github.com/Masterminds/glide#go-modules)
           match_filename("glide.yaml") => {
             kind: 'manifest',
             parser: :parse_glide_yaml
@@ -29,6 +31,7 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_glide_lockfile
           },
+          # Godep (unmaintained: https://github.com/tools/godep)
           match_filename("Godeps/Godeps.json") => {
             kind: 'manifest',
             parser: :parse_godep_json
@@ -37,6 +40,7 @@ module Bibliothecary
             kind: 'manifest',
             parser: :parse_gpm
           },
+          # Govendor (unmaintained: https://github.com/kardianos/govendor)
           match_filename("vendor/manifest") => {
             kind: 'manifest',
             parser: :parse_gb_manifest
@@ -45,6 +49,7 @@ module Bibliothecary
             kind: 'manifest',
             parser: :parse_govendor
           },
+          # Go dep (deprecated: https://github.com/golang/dep#dep)
           match_filename("Gopkg.toml") => {
             kind: 'manifest',
             parser: :parse_dep_toml
@@ -112,8 +117,8 @@ module Bibliothecary
           next if line.match(GOMOD_IGNORABLE_REGEX)
           if match = line.gsub(/(\/\/(.*))/, '').match(GOMOD_REGEX)
             deps << {
-              name: match[1].strip,
-              requirement: match[2].strip || '*',
+              name: match[2].strip,
+              requirement: match[3].strip || '*',
               type: 'runtime'
             }
           end

data/lib/bibliothecary/parsers/maven.rb

@@ -15,6 +15,21 @@ module Bibliothecary
       MAVEN_PROPERTY_REGEX = /\$\{(.+?)\}/
       MAX_DEPTH = 5
 
+      # e.g. "[info]  test:"
+      SBT_TYPE_REGEX = /^\[info\]\s+([-\w]+):$/
+
+      # e.g. "[info]  org.typelevel:spire-util_2.12"
+      SBT_DEP_REGEX = /^\[info\]\s+(.+)$/
+
+      # e.g. "[info] 		- 1.7.5"
+      SBT_VERSION_REGEX = /^\[info\]\s+-\s+(.+)$/
+
+      # e.g. "[info] 			homepage: http://www.slf4j.org"
+      SBT_FIELD_REGEX = /^\[info\]\s+([^:]+):\s+(.+)$/
+
+      # e.g. "[info]  "
+      SBT_IGNORE_REGEX = /^\[info\]\s*$/
+
       def self.mapping
         {
           match_filename("ivy.xml", case_insensitive: true) => {
@@ -41,6 +56,10 @@ module Bibliothecary
           match_filename("maven-resolved-dependencies.txt", case_insensitive: true) => {
             kind: 'lockfile',
             parser: :parse_maven_resolved
+          },
+          match_filename("sbt-update-full.txt", case_insensitive: true) => {
+            kind: 'lockfile',
+            parser: :parse_sbt_update_full
           }
         }
       end
@@ -227,6 +246,103 @@ module Bibliothecary
           xml.locate("parent/#{non_prop_name}").first.nodes.first
         end
       end
+
+      def self.parse_sbt_update_full(file_contents)
+        all_deps = []
+        type = nil
+        lines = file_contents.split("\n")
+        while lines.any?
+          line = lines.shift
+
+          type_match = SBT_TYPE_REGEX.match(line)
+          next unless type_match
+          type = type_match.captures[0]
+
+          deps = parse_sbt_deps(type, lines)
+          all_deps.concat(deps)
+        end
+
+        # strip out evicted dependencies
+        all_deps.select! do |dep|
+          dep[:fields]["evicted"] != "true"
+        end
+
+        # in the future, we could use "callers" in the fields to
+        # decide which deps are direct root deps and which are
+        # pulled in by another dep.  The direct deps have the sbt
+        # project name as a caller.
+
+        # clean out any duplicates (I'm pretty sure sbt will have done this for
+        # us so this is paranoia, basically)
+        squished = all_deps.compact.uniq {|item| [item[:name], item[:requirement], item[:type]]}
+
+        # get rid of the fields
+        squished.each do |dep|
+          dep.delete(:fields)
+        end
+
+        return squished
+      end
+
+      def self.parse_sbt_deps(type, lines)
+        deps = []
+        while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
+          line = lines.shift
+
+          next if SBT_IGNORE_REGEX.match(line)
+
+          dep_match = SBT_DEP_REGEX.match(line)
+          if dep_match
+            versions = parse_sbt_versions(type, dep_match.captures[0], lines)
+            deps.concat(versions)
+          else
+            lines.unshift(line)
+            break
+          end
+        end
+
+        deps
+      end
+
+      def self.parse_sbt_versions(type, name, lines)
+        versions = []
+        while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
+          line = lines.shift
+
+          version_match = SBT_VERSION_REGEX.match(line)
+          if version_match
+            versions.push(parse_sbt_version(type, name, version_match.captures[0], lines))
+          else
+            lines.unshift(line)
+            break
+          end
+        end
+
+        versions
+      end
+
+      def self.parse_sbt_version(type, name, version, lines)
+        fields = {}
+        while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
+          line = lines.shift
+
+          field_match = SBT_FIELD_REGEX.match(line)
+          if field_match
+            fields[field_match.captures[0]] = field_match.captures[1]
+          else
+            lines.unshift(line)
+            break
+          end
+        end
+
+        {
+          name: name,
+          requirement: version,
+          type: type,
+          # we post-process using some of these fields and then delete them again
+          fields: fields
+        }
+      end
     end
   end
 end

data/lib/bibliothecary/parsers/pypi.rb

@@ -15,6 +15,10 @@ module Bibliothecary
             parser: :parse_requirements_txt,
             can_have_lockfile: false
           },
+          match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
+            kind: 'lockfile',
+            parser: :parse_requirements_txt,
+          },
           match_filename("setup.py") => {
             kind: 'manifest',
             parser: :parse_setup_py,
@@ -27,6 +31,14 @@ module Bibliothecary
           match_filename("Pipfile.lock") => {
             kind: 'lockfile',
             parser: :parse_pipfile_lock
+          },
+          match_filename("pyproject.toml") => {
+            kind: 'manifest',
+            parser: :parse_poetry
+          },
+          match_filename("poetry.lock") => {
+            kind: 'lockfile',
+            parser: :parse_poetry_lock
           }
         }
       end
@@ -36,6 +48,11 @@ module Bibliothecary
         map_dependencies(manifest['packages'], 'runtime') + map_dependencies(manifest['dev-packages'], 'develop')
       end
 
+      def self.parse_poetry(file_contents)
+        manifest = TomlRB.parse(file_contents)['tool']['poetry']
+        map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
+      end
+
       def self.map_dependencies(packages, type)
         return [] unless packages
         packages.map do |name, info|
@@ -78,6 +95,27 @@ module Bibliothecary
         deps
       end
 
+      def self.parse_poetry_lock(file_contents)
+        manifest = TomlRB.parse(file_contents)
+        deps = []
+        manifest["package"].each do |package|
+          # next if group == "_meta"
+          group = case package['category']
+                  when 'main'
+                    'runtime'
+                  when 'dev'
+                    'develop'
+                  end
+
+          deps << {
+            name: package['name'],
+            requirement: map_requirements(package),
+            type: group
+          }
+        end
+        deps
+      end
+
       def self.parse_setup_py(manifest)
         match = manifest.match(INSTALL_REGEXP)
         return [] unless match

data/lib/bibliothecary/version.rb

@@ -1,3 +1,3 @@
 module Bibliothecary
-  VERSION = "6.8.5"
+  VERSION = "6.8.10"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 6.8.5
+  version: 6.8.10
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-25 00:00:00.000000000 Z
+date: 2020-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: toml-rb
@@ -136,20 +136,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -302,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Find and parse manifests