bibliothecary 7.1.5 → 7.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c9b98a74ca8714750a835ebe600e5a031edcad43bfffa82b475f47aaf1356d2b
4
- data.tar.gz: a8a74dbbfdac38ad7da70258e080c9f61aad16c4f19002b8d1d53290873ba6d0
3
+ metadata.gz: 0663db5989fda63b06b68549a29bcd58976f96b7f7fd35b4063738fac6fbf8ff
4
+ data.tar.gz: 16e3caf672f0d34b19e2cbd80acfec45b7b65f559cf152d3d23003b4282a7933
5
5
  SHA512:
6
- metadata.gz: 25f3208793295ee459d4a9995f38a877d48132fa31469091695e60597c09547f345a0f554539a4bfe065b8a307ba17a8e9fecc3d30d08cce22ef35cf7e5430e0
7
- data.tar.gz: 8b38ae3f49162807dcf04f3e07c81d69501b1aa041b4e1239bc8bf477067e485266b15ad99a090f649dd826cf2f055a24ef3bf39e8fbcda071f2d087f0dea2a2
6
+ metadata.gz: d3041468f12d9080d2d06cad3a5a3e2a316727207e0bc6d1ec263a6dd5f7da25be3ce5901fed3f9b0e362cdf02892c1e9e6bcf93f133264e8de42ccad08a1f81
7
+ data.tar.gz: '08d43bb3e8a35463162ee0379ca0c5563a81a2665c236f256c4613e1d825e25cf16899c690ffff9f4fa8fc55ef09fe9d8a9acdcb5b5f8f51bc0df76a49b38be4'
data/README.md CHANGED
@@ -53,8 +53,6 @@ All available config options are in: https://github.com/librariesio/bibliothecar
53
53
 
54
54
  ## Supported package manager file formats
55
55
 
56
- - Hackage
57
- - \*.cabal
58
56
  - npm
59
57
  - package.json
60
58
  - package-lock.json
@@ -81,6 +79,8 @@ All available config options are in: https://github.com/librariesio/bibliothecar
81
79
  - requirements/*.pip
82
80
  - Pipfile
83
81
  - Pipfile.lock
82
+ - pyproject.toml
83
+ - poetry.lock
84
84
  - Nuget
85
85
  - packages.config
86
86
  - Project.json
@@ -149,7 +149,7 @@ All available config options are in: https://github.com/librariesio/bibliothecar
149
149
  - Haxelib
150
150
  - haxelib.json
151
151
  - Hackage
152
- - *.cabal
152
+ - \*.cabal
153
153
  - cabal.config
154
154
 
155
155
  ## Development
@@ -127,10 +127,12 @@ module Bibliothecary
127
127
 
128
128
  split = gradle_dep_match.captures[0]
129
129
 
130
- # org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
131
- # Lines can end with (c), (n), or (*)
132
- # to indicate that something was a dependency constraint (c), not resolved (n), or resolved previously (*).
133
- dep = line.split(split)[1].sub(/(\((c|n|\*)\))$/, "").sub(" -> ", ":").strip.split(":")
130
+
131
+ dep = line
132
+ .split(split)[1].sub(/(\((c|n|\*)\))$/, "") # line ending legend: (c) means a dependency constraint, (n) means not resolved, or (*) means resolved previously, e.g. org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
133
+ .sub(/ FAILED$/, "") # dependency could not be resolved (but still may have a version)
134
+ .sub(" -> ", ":") # handle version arrow syntax
135
+ .strip.split(":")
134
136
 
135
137
  # A testImplementation line can look like this so just skip those
136
138
  # \--- org.springframework.security:spring-security-test (n)
@@ -5,6 +5,9 @@ module Bibliothecary
5
5
  class NPM
6
6
  include Bibliothecary::Analyser
7
7
 
8
+ # Max depth to recurse into the "dependencies" property of package-lock.json
9
+ PACKAGE_LOCK_JSON_MAX_DEPTH = 10
10
+
8
11
  def self.mapping
9
12
  {
10
13
  match_filename("package.json") => {
@@ -43,26 +46,25 @@ module Bibliothecary
43
46
 
44
47
  def self.parse_package_lock(file_contents)
45
48
  manifest = JSON.parse(file_contents)
46
- manifest.fetch('dependencies',[]).map do |name, requirement|
47
- if requirement.fetch("dev", false)
48
- type = 'development'
49
- else
50
- type = 'runtime'
51
- end
52
-
53
- version = nil
54
-
55
- if requirement.key?("from")
56
- version = requirement["from"][/#(?:semver:)?v?(.*)/, 1]
57
- end
49
+ parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
50
+ end
58
51
 
52
+ def self.parse_package_lock_deps_recursively(dependencies, depth=1)
53
+ dependencies.flat_map do |name, requirement|
54
+ type = requirement.fetch("dev", false) ? 'development' : 'runtime'
55
+ version = requirement.key?("from") ? requirement["from"][/#(?:semver:)?v?(.*)/, 1] : nil
59
56
  version ||= requirement["version"].split("#").last
57
+ child_dependencies = if depth >= PACKAGE_LOCK_JSON_MAX_DEPTH
58
+ []
59
+ else
60
+ parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
61
+ end
60
62
 
61
- {
63
+ [{
62
64
  name: name,
63
65
  requirement: version,
64
66
  type: type
65
- }
67
+ }] + child_dependencies
66
68
  end
67
69
  end
68
70
 
@@ -26,6 +26,10 @@ module Bibliothecary
26
26
  parser: :parse_requirements_txt,
27
27
  can_have_lockfile: false
28
28
  },
29
+ match_filename('requirements.frozen') => { # pattern exists to store frozen deps in requirements.frozen
30
+ parser: :parse_requirements_txt,
31
+ kind: 'lockfile',
32
+ },
29
33
  match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
30
34
  kind: 'lockfile',
31
35
  parser: :parse_requirements_txt,
@@ -22,8 +22,8 @@ module Bibliothecary
22
22
  @platform = package_manager.platform_name
23
23
  @path = Pathname.new(File.dirname(file_infos.first.relative_path)).cleanpath.to_path
24
24
  # `package_manager.determine_kind_from_info(info)` can be an Array, so use include? which also works for string
25
- @manifests = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "manifest" }.map { |info| File.basename(info.relative_path) }
26
- @lockfiles = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "lockfile" }.map { |info| File.basename(info.relative_path) }
25
+ @manifests = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "manifest" }.map(&:relative_path)
26
+ @lockfiles = file_infos.select { |info| package_manager.determine_kind_from_info(info).include? "lockfile" }.map(&:relative_path)
27
27
  end
28
28
  end
29
29
  end
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "7.1.5"
2
+ VERSION = "7.3.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.1.5
4
+ version: 7.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-27 00:00:00.000000000 Z
11
+ date: 2021-11-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb
@@ -206,7 +206,7 @@ dependencies:
206
206
  - - ">="
207
207
  - !ruby/object:Gem::Version
208
208
  version: '0'
209
- description:
209
+ description:
210
210
  email:
211
211
  - andrewnez@gmail.com
212
212
  executables:
@@ -274,7 +274,7 @@ homepage: https://github.com/librariesio/bibliothecary
274
274
  licenses:
275
275
  - AGPL-3.0
276
276
  metadata: {}
277
- post_install_message:
277
+ post_install_message:
278
278
  rdoc_options: []
279
279
  require_paths:
280
280
  - lib
@@ -290,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
290
290
  version: '0'
291
291
  requirements: []
292
292
  rubygems_version: 3.1.2
293
- signing_key:
293
+ signing_key:
294
294
  specification_version: 4
295
295
  summary: Find and parse manifests
296
296
  test_files: []