bibliothecary 7.1.5 → 7.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/bibliothecary/parsers/maven.rb +6 -4
- data/lib/bibliothecary/parsers/npm.rb +16 -14
- data/lib/bibliothecary/parsers/pypi.rb +4 -0
- data/lib/bibliothecary/related_files_info.rb +2 -2
- data/lib/bibliothecary/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0663db5989fda63b06b68549a29bcd58976f96b7f7fd35b4063738fac6fbf8ff
|
|
4
|
+
data.tar.gz: 16e3caf672f0d34b19e2cbd80acfec45b7b65f559cf152d3d23003b4282a7933
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d3041468f12d9080d2d06cad3a5a3e2a316727207e0bc6d1ec263a6dd5f7da25be3ce5901fed3f9b0e362cdf02892c1e9e6bcf93f133264e8de42ccad08a1f81
|
|
7
|
+
data.tar.gz: '08d43bb3e8a35463162ee0379ca0c5563a81a2665c236f256c4613e1d825e25cf16899c690ffff9f4fa8fc55ef09fe9d8a9acdcb5b5f8f51bc0df76a49b38be4'
|
data/README.md
CHANGED
|
@@ -53,8 +53,6 @@ All available config options are in: https://github.com/librariesio/bibliothecar
|
|
|
53
53
|
|
|
54
54
|
## Supported package manager file formats
|
|
55
55
|
|
|
56
|
-
- Hackage
|
|
57
|
-
- \*.cabal
|
|
58
56
|
- npm
|
|
59
57
|
- package.json
|
|
60
58
|
- package-lock.json
|
|
@@ -81,6 +79,8 @@ All available config options are in: https://github.com/librariesio/bibliothecar
|
|
|
81
79
|
- requirements/*.pip
|
|
82
80
|
- Pipfile
|
|
83
81
|
- Pipfile.lock
|
|
82
|
+
- pyproject.toml
|
|
83
|
+
- poetry.lock
|
|
84
84
|
- Nuget
|
|
85
85
|
- packages.config
|
|
86
86
|
- Project.json
|
|
@@ -149,7 +149,7 @@ All available config options are in: https://github.com/librariesio/bibliothecar
|
|
|
149
149
|
- Haxelib
|
|
150
150
|
- haxelib.json
|
|
151
151
|
- Hackage
|
|
152
|
-
-
|
|
152
|
+
- \*.cabal
|
|
153
153
|
- cabal.config
|
|
154
154
|
|
|
155
155
|
## Development
|
|
@@ -127,10 +127,12 @@ module Bibliothecary
|
|
|
127
127
|
|
|
128
128
|
split = gradle_dep_match.captures[0]
|
|
129
129
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
130
|
+
|
|
131
|
+
dep = line
|
|
132
|
+
.split(split)[1].sub(/(\((c|n|\*)\))$/, "") # line ending legend: (c) means a dependency constraint, (n) means not resolved, or (*) means resolved previously, e.g. org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
|
|
133
|
+
.sub(/ FAILED$/, "") # dependency could not be resolved (but still may have a version)
|
|
134
|
+
.sub(" -> ", ":") # handle version arrow syntax
|
|
135
|
+
.strip.split(":")
|
|
134
136
|
|
|
135
137
|
# A testImplementation line can look like this so just skip those
|
|
136
138
|
# \--- org.springframework.security:spring-security-test (n)
|
|
@@ -5,6 +5,9 @@ module Bibliothecary
|
|
|
5
5
|
class NPM
|
|
6
6
|
include Bibliothecary::Analyser
|
|
7
7
|
|
|
8
|
+
# Max depth to recurse into the "dependencies" property of package-lock.json
|
|
9
|
+
PACKAGE_LOCK_JSON_MAX_DEPTH = 10
|
|
10
|
+
|
|
8
11
|
def self.mapping
|
|
9
12
|
{
|
|
10
13
|
match_filename("package.json") => {
|
|
@@ -43,26 +46,25 @@ module Bibliothecary
|
|
|
43
46
|
|
|
44
47
|
def self.parse_package_lock(file_contents)
|
|
45
48
|
manifest = JSON.parse(file_contents)
|
|
46
|
-
manifest.fetch('dependencies',[])
|
|
47
|
-
|
|
48
|
-
type = 'development'
|
|
49
|
-
else
|
|
50
|
-
type = 'runtime'
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
version = nil
|
|
54
|
-
|
|
55
|
-
if requirement.key?("from")
|
|
56
|
-
version = requirement["from"][/#(?:semver:)?v?(.*)/, 1]
|
|
57
|
-
end
|
|
49
|
+
parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
|
|
50
|
+
end
|
|
58
51
|
|
|
52
|
+
def self.parse_package_lock_deps_recursively(dependencies, depth=1)
|
|
53
|
+
dependencies.flat_map do |name, requirement|
|
|
54
|
+
type = requirement.fetch("dev", false) ? 'development' : 'runtime'
|
|
55
|
+
version = requirement.key?("from") ? requirement["from"][/#(?:semver:)?v?(.*)/, 1] : nil
|
|
59
56
|
version ||= requirement["version"].split("#").last
|
|
57
|
+
child_dependencies = if depth >= PACKAGE_LOCK_JSON_MAX_DEPTH
|
|
58
|
+
[]
|
|
59
|
+
else
|
|
60
|
+
parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
|
|
61
|
+
end
|
|
60
62
|
|
|
61
|
-
{
|
|
63
|
+
[{
|
|
62
64
|
name: name,
|
|
63
65
|
requirement: version,
|
|
64
66
|
type: type
|
|
65
|
-
}
|
|
67
|
+
}] + child_dependencies
|
|
66
68
|
end
|
|
67
69
|
end
|
|
68
70
|
|
|
@@ -26,6 +26,10 @@ module Bibliothecary
|
|
|
26
26
|
parser: :parse_requirements_txt,
|
|
27
27
|
can_have_lockfile: false
|
|
28
28
|
},
|
|
29
|
+
match_filename('requirements.frozen') => { # pattern exists to store frozen deps in requirements.frozen
|
|
30
|
+
parser: :parse_requirements_txt,
|
|
31
|
+
kind: 'lockfile',
|
|
32
|
+
},
|
|
29
33
|
match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
|
|
30
34
|
kind: 'lockfile',
|
|
31
35
|
parser: :parse_requirements_txt,
|
|
@@ -22,8 +22,8 @@ module Bibliothecary
|
|
|
22
22
|
@platform = package_manager.platform_name
|
|
23
23
|
@path = Pathname.new(File.dirname(file_infos.first.relative_path)).cleanpath.to_path
|
|
24
24
|
# `package_manager.determine_kind_from_info(info)` can be an Array, so use include? which also works for string
|
|
25
|
-
@manifests = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "manifest" }.map
|
|
26
|
-
@lockfiles = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "lockfile" }.map
|
|
25
|
+
@manifests = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "manifest" }.map(&:relative_path)
|
|
26
|
+
@lockfiles = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "lockfile" }.map(&:relative_path)
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.1
|
|
4
|
+
version: 7.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|
|
@@ -206,7 +206,7 @@ dependencies:
|
|
|
206
206
|
- - ">="
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0'
|
|
209
|
-
description:
|
|
209
|
+
description:
|
|
210
210
|
email:
|
|
211
211
|
- andrewnez@gmail.com
|
|
212
212
|
executables:
|
|
@@ -274,7 +274,7 @@ homepage: https://github.com/librariesio/bibliothecary
|
|
|
274
274
|
licenses:
|
|
275
275
|
- AGPL-3.0
|
|
276
276
|
metadata: {}
|
|
277
|
-
post_install_message:
|
|
277
|
+
post_install_message:
|
|
278
278
|
rdoc_options: []
|
|
279
279
|
require_paths:
|
|
280
280
|
- lib
|
|
@@ -290,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
290
290
|
version: '0'
|
|
291
291
|
requirements: []
|
|
292
292
|
rubygems_version: 3.1.2
|
|
293
|
-
signing_key:
|
|
293
|
+
signing_key:
|
|
294
294
|
specification_version: 4
|
|
295
295
|
summary: Find and parse manifests
|
|
296
296
|
test_files: []
|