bibliothecary 7.0.1 → 7.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b444856f899510d260c076ddbfd10543e3592db2ede8ca618d99b9aeb9e033fe
4
- data.tar.gz: f7da7041fa22140cafe5a9e84b4ab607688066fbf2d8f382ea85b6c01ab76e33
3
+ metadata.gz: 901e953500cd1880a638a6555c5dfc82dd8d8521be5b7bf85fc0d6dff981dfe0
4
+ data.tar.gz: 2c1d2c23f53bdea2a91b418bdee9ecc0becb8cbb651f94b53f76b8974b0a765e
5
5
  SHA512:
6
- metadata.gz: e5d8cf6f14f6623c0d3d8d0e5cfd02e1f0a07cb5fafc87a66b206022238817e4e9bab204ac546d4c6200e181579eedead8e9bd4dfbcd48613d85e48af0017a15
7
- data.tar.gz: 1ca3f3e2d5a1207cece4de5b62c386e9b98b1892e6e08024057fcbcc520f7f88444d62e5fa3bd66cafd086636f5a40f5a6a3fda3ceb4a5fda2d83b7e951039bb
6
+ metadata.gz: c1883bdfe4f28f284c4ef661f443b2e23830910368fbe63d8bf4e491e46278aaee12d8014c7181094933d7e3a6f33b6553318b016616ac27af00153ae763d65e
7
+ data.tar.gz: 59c5d53bffaeeb8c59df649370ff85c91245d8d7c3762dc97e21dc2663f02a10bd4a65e5c6f8dbf90bc8e2782b7420d3521623bb343e8b44985f396b019649a6
@@ -156,9 +156,8 @@ module Bibliothecary
156
156
  def self.parse_maven_tree(file_contents)
157
157
  file_contents = file_contents.gsub(/\r\n?/, "\n")
158
158
  captures = file_contents.scan(/^\[INFO\](?:(?:\+-)|\||(?:\\-)|\s)+((?:[\w\.-]+:)+[\w\.\-${}]+)/).flatten.uniq
159
- captures.shift if captures.size > 1 # first dep line will be the package itself (unless we're only analyzing a single line)
160
159
 
161
- captures.map do |item|
160
+ deps = captures.map do |item|
162
161
  parts = item.split(":")
163
162
  case parts.count
164
163
  when 4
@@ -173,6 +172,10 @@ module Bibliothecary
173
172
  type: type
174
173
  }
175
174
  end
175
+
176
+ # First dep line will be the package itself (unless we're only analyzing a single line)
177
+ package = deps[0]
178
+ deps.size < 2 ? deps : deps[1..-1].reject { |d| d[:name] == package[:name] && d[:requirement] == package[:requirement] }
176
179
  end
177
180
 
178
181
  def self.parse_resolved_dep_line(line)
@@ -24,14 +24,20 @@ module Bibliothecary
24
24
  {
25
25
  name: dependency["name"],
26
26
  requirement: dependency["version"],
27
- type: 'runtime'
28
- }
27
+ type: "runtime"
28
+ }.tap do |result|
29
+ # Store Drupal version if Drupal, but include the original manifest version for reference
30
+ result[:original_requirement], result[:requirement] = result[:requirement], dependency.dig("source", "reference") if is_drupal_module(dependency)
31
+ end
29
32
  end + manifest.fetch('packages-dev',[]).map do |dependency|
30
33
  {
31
34
  name: dependency["name"],
32
35
  requirement: dependency["version"],
33
- type: 'development'
34
- }
36
+ type: "development"
37
+ }.tap do |result|
38
+ # Store Drupal version if Drupal, but include the original manifest version for reference
39
+ result[:original_requirement], result[:requirement] = result[:requirement], dependency.dig("source", "reference") if is_drupal_module(dependency)
40
+ end
35
41
  end
36
42
  end
37
43
 
@@ -40,6 +46,18 @@ module Bibliothecary
40
46
  map_dependencies(manifest, 'require', 'runtime') +
41
47
  map_dependencies(manifest, 'require-dev', 'development')
42
48
  end
49
+
50
+ # Drupal hosts its own Composer repository, where its "modules" are indexed and searchable. The best way to
51
+ # confirm that Drupal's repo is being used is if its in the "repositories" in composer.json
52
+ # (https://support.acquia.com/hc/en-us/articles/360048081273-Using-Composer-to-manage-dependencies-in-Drupal-8-and-9),
53
+ # but you may only have composer.lock, so we test if the type is "drupal-*" (e.g. "drupal-module" or "drupal-theme")
54
+ # The Drupal team also setup its own mapper of Composer semver -> Drupal tool-specfic versions
55
+ # (https://www.drupal.org/project/project_composer/issues/2622450),
56
+ # so we return the Drupal requirement instead of semver requirement if it's here
57
+ # (https://www.drupal.org/docs/develop/using-composer/using-composer-to-install-drupal-and-manage-dependencies#s-about-semantic-versioning)
58
+ private_class_method def self.is_drupal_module(dependency)
59
+ dependency["type"] =~ /drupal/ && dependency.dig("source", "reference")
60
+ end
43
61
  end
44
62
  end
45
63
  end
@@ -7,9 +7,15 @@ module Bibliothecary
7
7
  REQUIRE_REGEXP = /([a-zA-Z0-9]+[a-zA-Z0-9\-_\.]+)([><=\w\.,]+)?/
8
8
  REQUIREMENTS_REGEXP = /^#{REQUIRE_REGEXP}/
9
9
  MANIFEST_REGEXP = /.*require[^\/]*(\/)?[^\/]*\.(txt|pip)$/
10
+ PIP_COMPILE_REGEXP = /.*require.*$/
10
11
 
11
12
  def self.mapping
12
13
  {
14
+ lambda { |p| PIP_COMPILE_REGEXP.match(p) } => {
15
+ content_matcher: :pip_compile?,
16
+ kind: 'lockfile',
17
+ parser: :parse_requirements_txt
18
+ },
13
19
  lambda { |p| MANIFEST_REGEXP.match(p) } => {
14
20
  kind: 'manifest',
15
21
  parser: :parse_requirements_txt,
@@ -174,6 +180,15 @@ module Bibliothecary
174
180
  end
175
181
  deps
176
182
  end
183
+
184
+ def self.pip_compile?(file_contents)
185
+ return file_contents.include?("This file is autogenerated by pip-compile")
186
+ rescue Exception # rubocop:disable Lint/RescueException
187
+ # We rescue exception here since native libs can throw a non-StandardError
188
+ # We don't want to throw errors during the matching phase, only during
189
+ # parsing after we match.
190
+ false
191
+ end
177
192
  end
178
193
  end
179
194
  end
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "7.0.1"
2
+ VERSION = "7.1.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.1
4
+ version: 7.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-21 00:00:00.000000000 Z
11
+ date: 2021-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb
@@ -206,7 +206,7 @@ dependencies:
206
206
  - - ">="
207
207
  - !ruby/object:Gem::Version
208
208
  version: '0'
209
- description:
209
+ description:
210
210
  email:
211
211
  - andrewnez@gmail.com
212
212
  executables:
@@ -274,7 +274,7 @@ homepage: https://github.com/librariesio/bibliothecary
274
274
  licenses:
275
275
  - AGPL-3.0
276
276
  metadata: {}
277
- post_install_message:
277
+ post_install_message:
278
278
  rdoc_options: []
279
279
  require_paths:
280
280
  - lib
@@ -290,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
290
290
  version: '0'
291
291
  requirements: []
292
292
  rubygems_version: 3.1.2
293
- signing_key:
293
+ signing_key:
294
294
  specification_version: 4
295
295
  summary: Find and parse manifests
296
296
  test_files: []