bibliothecary 6.8.8 → 6.9.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/bibliothecary/parsers/maven.rb +120 -3
- data/lib/bibliothecary/parsers/npm.rb +1 -0
- data/lib/bibliothecary/parsers/pypi.rb +34 -0
- data/lib/bibliothecary/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b3778cb5e39ff53dd380c730271d2c834242776a0536b3bfd480d9b82143745c
|
|
4
|
+
data.tar.gz: ef099f4e867aaf12bce84b09192ac1b4b0c7a1cd7fcbe578717435df22fab643
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 908961fc7d4b816951c79cef1610dc5976a75e7d18f344a7d08c0495e2b72ed68be4e7e642946bd764b551b11427f6b259f23dd36ee565ab0fde1122cb0bbbb2
|
|
7
|
+
data.tar.gz: 97f3090baea9dbe5f614fd607ecbbf15305e5480ca28670fb735b2e81cdb0fc87834bafeac425e14db2061a5fb3a03d0e17af27a8305a03fdcf4bb9b5bbda263
|
|
@@ -15,6 +15,21 @@ module Bibliothecary
|
|
|
15
15
|
MAVEN_PROPERTY_REGEX = /\$\{(.+?)\}/
|
|
16
16
|
MAX_DEPTH = 5
|
|
17
17
|
|
|
18
|
+
# e.g. "[info] test:"
|
|
19
|
+
SBT_TYPE_REGEX = /^\[info\]\s+([-\w]+):$/
|
|
20
|
+
|
|
21
|
+
# e.g. "[info] org.typelevel:spire-util_2.12"
|
|
22
|
+
SBT_DEP_REGEX = /^\[info\]\s+(.+)$/
|
|
23
|
+
|
|
24
|
+
# e.g. "[info] - 1.7.5"
|
|
25
|
+
SBT_VERSION_REGEX = /^\[info\]\s+-\s+(.+)$/
|
|
26
|
+
|
|
27
|
+
# e.g. "[info] homepage: http://www.slf4j.org"
|
|
28
|
+
SBT_FIELD_REGEX = /^\[info\]\s+([^:]+):\s+(.+)$/
|
|
29
|
+
|
|
30
|
+
# e.g. "[info] "
|
|
31
|
+
SBT_IGNORE_REGEX = /^\[info\]\s*$/
|
|
32
|
+
|
|
18
33
|
def self.mapping
|
|
19
34
|
{
|
|
20
35
|
match_filename("ivy.xml", case_insensitive: true) => {
|
|
@@ -41,6 +56,10 @@ module Bibliothecary
|
|
|
41
56
|
match_filename("maven-resolved-dependencies.txt", case_insensitive: true) => {
|
|
42
57
|
kind: 'lockfile',
|
|
43
58
|
parser: :parse_maven_resolved
|
|
59
|
+
},
|
|
60
|
+
match_filename("sbt-update-full.txt", case_insensitive: true) => {
|
|
61
|
+
kind: 'lockfile',
|
|
62
|
+
parser: :parse_sbt_update_full
|
|
44
63
|
}
|
|
45
64
|
}
|
|
46
65
|
end
|
|
@@ -105,8 +124,9 @@ module Bibliothecary
|
|
|
105
124
|
split = gradle_dep_match.captures[0]
|
|
106
125
|
|
|
107
126
|
# org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
|
|
108
|
-
# Lines can end with (
|
|
109
|
-
|
|
127
|
+
# Lines can end with (c), (n), or (*)
|
|
128
|
+
# to indicate that something was a dependency constraint (c), not resolved (n), or resolved previously (*).
|
|
129
|
+
dep = line.split(split)[1].sub(/(\((c|n|\*)\))$/, "").strip.split(":")
|
|
110
130
|
version = dep[-1]
|
|
111
131
|
version = version.split("->")[-1].strip if line.include?("->")
|
|
112
132
|
{
|
|
@@ -209,7 +229,7 @@ module Bibliothecary
|
|
|
209
229
|
# the xml root is <project> so lookup the non property name in the xml
|
|
210
230
|
# this converts ${project/group.id} -> ${group/id}
|
|
211
231
|
non_prop_name = property_name.gsub(".", "/").gsub("project/", "")
|
|
212
|
-
return
|
|
232
|
+
return "${#{property_name}}" if !xml.respond_to?("properties") && parent_properties.empty? && xml.locate(non_prop_name).empty?
|
|
213
233
|
|
|
214
234
|
prop_field = xml.properties.locate(property_name).first
|
|
215
235
|
parent_prop = parent_properties[property_name]
|
|
@@ -227,6 +247,103 @@ module Bibliothecary
|
|
|
227
247
|
xml.locate("parent/#{non_prop_name}").first.nodes.first
|
|
228
248
|
end
|
|
229
249
|
end
|
|
250
|
+
|
|
251
|
+
def self.parse_sbt_update_full(file_contents)
|
|
252
|
+
all_deps = []
|
|
253
|
+
type = nil
|
|
254
|
+
lines = file_contents.split("\n")
|
|
255
|
+
while lines.any?
|
|
256
|
+
line = lines.shift
|
|
257
|
+
|
|
258
|
+
type_match = SBT_TYPE_REGEX.match(line)
|
|
259
|
+
next unless type_match
|
|
260
|
+
type = type_match.captures[0]
|
|
261
|
+
|
|
262
|
+
deps = parse_sbt_deps(type, lines)
|
|
263
|
+
all_deps.concat(deps)
|
|
264
|
+
end
|
|
265
|
+
|
|
266
|
+
# strip out evicted dependencies
|
|
267
|
+
all_deps.select! do |dep|
|
|
268
|
+
dep[:fields]["evicted"] != "true"
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
# in the future, we could use "callers" in the fields to
|
|
272
|
+
# decide which deps are direct root deps and which are
|
|
273
|
+
# pulled in by another dep. The direct deps have the sbt
|
|
274
|
+
# project name as a caller.
|
|
275
|
+
|
|
276
|
+
# clean out any duplicates (I'm pretty sure sbt will have done this for
|
|
277
|
+
# us so this is paranoia, basically)
|
|
278
|
+
squished = all_deps.compact.uniq {|item| [item[:name], item[:requirement], item[:type]]}
|
|
279
|
+
|
|
280
|
+
# get rid of the fields
|
|
281
|
+
squished.each do |dep|
|
|
282
|
+
dep.delete(:fields)
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
return squished
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
def self.parse_sbt_deps(type, lines)
|
|
289
|
+
deps = []
|
|
290
|
+
while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
|
|
291
|
+
line = lines.shift
|
|
292
|
+
|
|
293
|
+
next if SBT_IGNORE_REGEX.match(line)
|
|
294
|
+
|
|
295
|
+
dep_match = SBT_DEP_REGEX.match(line)
|
|
296
|
+
if dep_match
|
|
297
|
+
versions = parse_sbt_versions(type, dep_match.captures[0], lines)
|
|
298
|
+
deps.concat(versions)
|
|
299
|
+
else
|
|
300
|
+
lines.unshift(line)
|
|
301
|
+
break
|
|
302
|
+
end
|
|
303
|
+
end
|
|
304
|
+
|
|
305
|
+
deps
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
def self.parse_sbt_versions(type, name, lines)
|
|
309
|
+
versions = []
|
|
310
|
+
while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
|
|
311
|
+
line = lines.shift
|
|
312
|
+
|
|
313
|
+
version_match = SBT_VERSION_REGEX.match(line)
|
|
314
|
+
if version_match
|
|
315
|
+
versions.push(parse_sbt_version(type, name, version_match.captures[0], lines))
|
|
316
|
+
else
|
|
317
|
+
lines.unshift(line)
|
|
318
|
+
break
|
|
319
|
+
end
|
|
320
|
+
end
|
|
321
|
+
|
|
322
|
+
versions
|
|
323
|
+
end
|
|
324
|
+
|
|
325
|
+
def self.parse_sbt_version(type, name, version, lines)
|
|
326
|
+
fields = {}
|
|
327
|
+
while lines.any? and not SBT_TYPE_REGEX.match(lines[0])
|
|
328
|
+
line = lines.shift
|
|
329
|
+
|
|
330
|
+
field_match = SBT_FIELD_REGEX.match(line)
|
|
331
|
+
if field_match
|
|
332
|
+
fields[field_match.captures[0]] = field_match.captures[1]
|
|
333
|
+
else
|
|
334
|
+
lines.unshift(line)
|
|
335
|
+
break
|
|
336
|
+
end
|
|
337
|
+
end
|
|
338
|
+
|
|
339
|
+
{
|
|
340
|
+
name: name,
|
|
341
|
+
requirement: version,
|
|
342
|
+
type: type,
|
|
343
|
+
# we post-process using some of these fields and then delete them again
|
|
344
|
+
fields: fields
|
|
345
|
+
}
|
|
346
|
+
end
|
|
230
347
|
end
|
|
231
348
|
end
|
|
232
349
|
end
|
|
@@ -31,6 +31,14 @@ module Bibliothecary
|
|
|
31
31
|
match_filename("Pipfile.lock") => {
|
|
32
32
|
kind: 'lockfile',
|
|
33
33
|
parser: :parse_pipfile_lock
|
|
34
|
+
},
|
|
35
|
+
match_filename("pyproject.toml") => {
|
|
36
|
+
kind: 'manifest',
|
|
37
|
+
parser: :parse_poetry
|
|
38
|
+
},
|
|
39
|
+
match_filename("poetry.lock") => {
|
|
40
|
+
kind: 'lockfile',
|
|
41
|
+
parser: :parse_poetry_lock
|
|
34
42
|
}
|
|
35
43
|
}
|
|
36
44
|
end
|
|
@@ -40,6 +48,11 @@ module Bibliothecary
|
|
|
40
48
|
map_dependencies(manifest['packages'], 'runtime') + map_dependencies(manifest['dev-packages'], 'develop')
|
|
41
49
|
end
|
|
42
50
|
|
|
51
|
+
def self.parse_poetry(file_contents)
|
|
52
|
+
manifest = TomlRB.parse(file_contents)['tool']['poetry']
|
|
53
|
+
map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
|
|
54
|
+
end
|
|
55
|
+
|
|
43
56
|
def self.map_dependencies(packages, type)
|
|
44
57
|
return [] unless packages
|
|
45
58
|
packages.map do |name, info|
|
|
@@ -82,6 +95,27 @@ module Bibliothecary
|
|
|
82
95
|
deps
|
|
83
96
|
end
|
|
84
97
|
|
|
98
|
+
def self.parse_poetry_lock(file_contents)
|
|
99
|
+
manifest = TomlRB.parse(file_contents)
|
|
100
|
+
deps = []
|
|
101
|
+
manifest["package"].each do |package|
|
|
102
|
+
# next if group == "_meta"
|
|
103
|
+
group = case package['category']
|
|
104
|
+
when 'main'
|
|
105
|
+
'runtime'
|
|
106
|
+
when 'dev'
|
|
107
|
+
'develop'
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
deps << {
|
|
111
|
+
name: package['name'],
|
|
112
|
+
requirement: map_requirements(package),
|
|
113
|
+
type: group
|
|
114
|
+
}
|
|
115
|
+
end
|
|
116
|
+
deps
|
|
117
|
+
end
|
|
118
|
+
|
|
85
119
|
def self.parse_setup_py(manifest)
|
|
86
120
|
match = manifest.match(INSTALL_REGEXP)
|
|
87
121
|
return [] unless match
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.9.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-06
|
|
11
|
+
date: 2020-11-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: toml-rb
|
|
@@ -288,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
288
288
|
- !ruby/object:Gem::Version
|
|
289
289
|
version: '0'
|
|
290
290
|
requirements: []
|
|
291
|
-
rubygems_version: 3.0.
|
|
291
|
+
rubygems_version: 3.0.8
|
|
292
292
|
signing_key:
|
|
293
293
|
specification_version: 4
|
|
294
294
|
summary: Find and parse manifests
|