bibliothecary 6.8.7 → 6.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b57d105d77f298ae9422bf7b707a60f8d19665de761fa75945d1970d0b822772
-  data.tar.gz: c50de4684a5a94f5b5cc384767bc010649b9c2343c66096a1b372802ffafc730
+  metadata.gz: 7c5d41a3a8c73b6836a0cfaface97b412a72de93d0656bd1b81fa55c3059cafc
+  data.tar.gz: f2b1b0004f91c259e11c339df4680e8f24688b792e44fd943d340309373006b8
 SHA512:
-  metadata.gz: e60f8a2e31b858dd28c9ea21b21385d0eb461116af15933d3efa94613385c359158ef1da431de3b28005bcc9b25701a942b3a347c862c440fc0d1b398e3501ac
-  data.tar.gz: 5a2d8a89194ef61b59c1dc3ec9735a53cf12eccc74b312433d7cef78897d47cde1799aa203e6f89d184da0fb5388d87117f95b87a0e6d8f2ebcec6ddc4aa715d
+  metadata.gz: 5065fcc1955f4143f6a6e3a5d25f4f84ac44b1d6cf9b9c1733b3a009ab396ec45a4748a6777d2d5e6be5640d971878fceaa474c72abe41e14e73a41b693f666d
+  data.tar.gz: 48720bf216d9893a970480bb2961b5c33aeae8fecaf17c261d6b4322e54b7c9e8f7fa86977e42ce83746655bb3b9f3098bc0674589a2455260ccd13087f182c2

data/.ruby-version

@@ -1 +1 @@
-2.5.1
+2.6.6

data/.travis.yml

@@ -1,11 +1,10 @@
 language: ruby
 rvm:
-- 2.5.1
+- 2.6.6
 cache: bundler
 before_install:
 - gem update --system
-- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
-- gem install bundler -v '< 2'
+- gem install bundler
 script:
 - bundle exec rake spec && bundle exec codeclimate-test-reporter
 notifications:

data/bibliothecary.gemspec

@@ -28,7 +28,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "strings-ansi"
   spec.add_dependency "strings"
 
-  spec.add_development_dependency "bundler", "~> 1.11"
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rspec", "~> 3.0"

data/lib/bibliothecary/parsers/go.rb

@@ -7,12 +7,13 @@ module Bibliothecary
       include Bibliothecary::Analyser
 
       GPM_REGEXP = /^(.+)\s+(.+)$/
-      GOMOD_REGEX = /^(.+)\s+(.+)$/
-      GOMOD_IGNORABLE_REGEX = /^(module\s|require\s+\(|go\s|\))/m
+      GOMOD_REGEX = /^(require\s+)?(.+)\s+(.+)$/
+      GOMOD_IGNORABLE_REGEX = /^(\/\/|module\s|go\s|exclude\s|replace\s|require\s+\(|\))/m
       GOSUM_REGEX = /^(.+)\s+(.+)\s+(.+)$/
 
       def self.mapping
         {
+          # Go Modules (recommended)
           match_filename("go.mod") => {
             kind: 'manifest',
             parser: :parse_go_mod
@@ -21,6 +22,7 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_go_sum
           },
+          # Glide (unmaintained: https://github.com/Masterminds/glide#go-modules)
           match_filename("glide.yaml") => {
             kind: 'manifest',
             parser: :parse_glide_yaml
@@ -29,6 +31,7 @@ module Bibliothecary
             kind: 'lockfile',
             parser: :parse_glide_lockfile
           },
+          # Godep (unmaintained: https://github.com/tools/godep)
           match_filename("Godeps/Godeps.json") => {
             kind: 'manifest',
             parser: :parse_godep_json
@@ -37,6 +40,7 @@ module Bibliothecary
             kind: 'manifest',
             parser: :parse_gpm
           },
+          # Govendor (unmaintained: https://github.com/kardianos/govendor)
           match_filename("vendor/manifest") => {
             kind: 'manifest',
             parser: :parse_gb_manifest
@@ -45,6 +49,7 @@ module Bibliothecary
             kind: 'manifest',
             parser: :parse_govendor
           },
+          # Go dep (deprecated: https://github.com/golang/dep#dep)
           match_filename("Gopkg.toml") => {
             kind: 'manifest',
             parser: :parse_dep_toml
@@ -112,8 +117,8 @@ module Bibliothecary
           next if line.match(GOMOD_IGNORABLE_REGEX)
           if match = line.gsub(/(\/\/(.*))/, '').match(GOMOD_REGEX)
             deps << {
-              name: match[1].strip,
-              requirement: match[2].strip || '*',
+              name: match[2].strip,
+              requirement: match[3].strip || '*',
               type: 'runtime'
             }
           end

data/lib/bibliothecary/parsers/maven.rb

@@ -15,6 +15,21 @@ module Bibliothecary
       MAVEN_PROPERTY_REGEX = /\$\{(.+?)\}/
       MAX_DEPTH = 5
 
+      # e.g. "[info]  test:"
+      SBT_TYPE_REGEX = /^\[info\]\s+([-\w]+):$/
+
+      # e.g. "[info]  org.typelevel:spire-util_2.12"
+      SBT_DEP_REGEX = /^\[info\]\s+(.+)$/
+
+      # e.g. "[info] 		- 1.7.5"
+      SBT_VERSION_REGEX = /^\[info\]\s+-\s+(.+)$/
+
+      # e.g. "[info] 			homepage: http://www.slf4j.org"
+      SBT_FIELD_REGEX = /^\[info\]\s+([^:]+):\s+(.+)$/
+
+      # e.g. "[info]  "
+      SBT_IGNORE_REGEX = /^\[info\]\s*$/
+
       def self.mapping
         {
           match_filename("ivy.xml", case_insensitive: true) => {
@@ -41,6 +56,10 @@ module Bibliothecary
           match_filename("maven-resolved-dependencies.txt", case_insensitive: true) => {
             kind: 'lockfile',
             parser: :parse_maven_resolved
+          },
+          match_filename("sbt-update-full.txt", case_insensitive: true) => {
+            kind: 'lockfile',
+            parser: :parse_sbt_update_full
           }
         }
       end
@@ -209,7 +228,7 @@ module Bibliothecary
         # the xml root is <project> so lookup the non property name in the xml
         # this converts ${project/group.id} -> ${group/id}
         non_prop_name = property_name.gsub(".", "/").gsub("project/", "")
-        return value if !xml.respond_to?("properties") && parent_properties.empty? && !xml.locate(non_prop_name)
+        return "${#{property_name}}" if !xml.respond_to?("properties") && parent_properties.empty? && xml.locate(non_prop_name).empty?
 
         prop_field = xml.properties.locate(property_name).first
         parent_prop = parent_properties[property_name]
@@ -227,6 +246,103 @@ module Bibliothecary
           xml.locate("parent/#{non_prop_name}").first.nodes.first
         end
       end
+
+      def self.parse_sbt_update_full(file_contents)
+        all_deps = []
+        type = nil
+        lines = file_contents.split("\n")
+        while lines.any?
+          line = lines.shift
+
+          type_match = SBT_TYPE_REGEX.match(line)
+          next unless type_match
+          type = type_match.captures[0]
+
+          deps = parse_sbt_deps(type, lines)
+          all_deps.concat(deps)
+        end
+
+        # strip out evicted dependencies
+        all_deps.select! do |dep|
+          dep[:fields]["evicted"] != "true"
+        end
+
+        # in the future, we could use "callers" in the fields to
+        # decide which deps are direct root deps and which are
+        # pulled in by another dep.  The direct deps have the sbt
+        # project name as a caller.
+
+        # clean out any duplicates (I'm pretty sure sbt will have done this for
+        # us so this is paranoia, basically)
+        squished = all_deps.compact.uniq {|item| [item[:name], item[:requirement], item[:type]]}
+
+        # get rid of the fields
+        squished.each do |dep|
+          dep.delete(:fields)
+        end
+
+        return squished
+      end
+
+      def self.parse_sbt_deps(type, lines)
+        deps = []
+        while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
+          line = lines.shift
+
+          next if SBT_IGNORE_REGEX.match(line)
+
+          dep_match = SBT_DEP_REGEX.match(line)
+          if dep_match
+            versions = parse_sbt_versions(type, dep_match.captures[0], lines)
+            deps.concat(versions)
+          else
+            lines.unshift(line)
+            break
+          end
+        end
+
+        deps
+      end
+
+      def self.parse_sbt_versions(type, name, lines)
+        versions = []
+        while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
+          line = lines.shift
+
+          version_match = SBT_VERSION_REGEX.match(line)
+          if version_match
+            versions.push(parse_sbt_version(type, name, version_match.captures[0], lines))
+          else
+            lines.unshift(line)
+            break
+          end
+        end
+
+        versions
+      end
+
+      def self.parse_sbt_version(type, name, version, lines)
+        fields = {}
+        while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
+          line = lines.shift
+
+          field_match = SBT_FIELD_REGEX.match(line)
+          if field_match
+            fields[field_match.captures[0]] = field_match.captures[1]
+          else
+            lines.unshift(line)
+            break
+          end
+        end
+
+        {
+          name: name,
+          requirement: version,
+          type: type,
+          # we post-process using some of these fields and then delete them again
+          fields: fields
+        }
+      end
     end
   end
 end

data/lib/bibliothecary/parsers/npm.rb

@@ -70,6 +70,7 @@ module Bibliothecary
           {
             name: dep[:name],
             requirement: dep[:version],
+            lockfile_requirement: dep[:requirement],
             type: dep[:type]
           }
         end

data/lib/bibliothecary/parsers/pypi.rb

@@ -31,6 +31,14 @@ module Bibliothecary
           match_filename("Pipfile.lock") => {
             kind: 'lockfile',
             parser: :parse_pipfile_lock
+          },
+          match_filename("pyproject.toml") => {
+            kind: 'manifest',
+            parser: :parse_poetry
+          },
+          match_filename("poetry.lock") => {
+            kind: 'lockfile',
+            parser: :parse_poetry_lock
           }
         }
       end
@@ -40,6 +48,11 @@ module Bibliothecary
         map_dependencies(manifest['packages'], 'runtime') + map_dependencies(manifest['dev-packages'], 'develop')
       end
 
+      def self.parse_poetry(file_contents)
+        manifest = TomlRB.parse(file_contents)['tool']['poetry']
+        map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
+      end
+
       def self.map_dependencies(packages, type)
         return [] unless packages
         packages.map do |name, info|
@@ -82,6 +95,27 @@ module Bibliothecary
         deps
       end
 
+      def self.parse_poetry_lock(file_contents)
+        manifest = TomlRB.parse(file_contents)
+        deps = []
+        manifest["package"].each do |package|
+          # next if group == "_meta"
+          group = case package['category']
+                  when 'main'
+                    'runtime'
+                  when 'dev'
+                    'develop'
+                  end
+
+          deps << {
+            name: package['name'],
+            requirement: map_requirements(package),
+            type: group
+          }
+        end
+        deps
+      end
+
       def self.parse_setup_py(manifest)
         match = manifest.match(INSTALL_REGEXP)
         return [] unless match

data/lib/bibliothecary/version.rb

@@ -1,3 +1,3 @@
 module Bibliothecary
-  VERSION = "6.8.7"
+  VERSION = "6.9.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 6.8.7
+  version: 6.9.1
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-13 00:00:00.000000000 Z
+date: 2020-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: toml-rb
@@ -136,20 +136,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -302,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Find and parse manifests