bibliothecary 8.2.2 → 8.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/bibliothecary/analyser/determinations.rb +6 -0
- data/lib/bibliothecary/file_info.rb +4 -0
- data/lib/bibliothecary/multi_parsers/cyclonedx.rb +4 -2
- data/lib/bibliothecary/multi_parsers/dependencies_csv.rb +7 -4
- data/lib/bibliothecary/parsers/pypi.rb +42 -7
- data/lib/bibliothecary/related_files_info.rb +8 -1
- data/lib/bibliothecary/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6f7fbf7ad34eaff5fc178a7befb091ec010341f3d5ad2a2b468c84c7fa3c3741
|
|
4
|
+
data.tar.gz: 7fd04a9d3d2e28e79cec97b15cd7983f558a8fa4351bc0d1819cdce74ad65a8c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5a6488a468d0369e391329359622334d177fd7bcb6694efee45b25f8b5c0cd77145fd517606a7550744b5d17725440b98dc5b8b2f00801183498ac7dbfb9bfc4
|
|
7
|
+
data.tar.gz: 627e705c0201a891941bce2e2765cc9cd651473c49368270db4d0360fba6f15e3b645909bbe1052aebd2c5e24472ebfb07c7c90e68e87bf1558c40840c595c1d
|
|
@@ -22,6 +22,12 @@ module Bibliothecary
|
|
|
22
22
|
first_matching_mapping_details(info)
|
|
23
23
|
.fetch(:can_have_lockfile, true)
|
|
24
24
|
end
|
|
25
|
+
|
|
26
|
+
def groupable?(info)
|
|
27
|
+
# More package managers are groupable than ungroupable, but the methods
|
|
28
|
+
# to get this information should be positive.
|
|
29
|
+
!first_matching_mapping_details(info).fetch(:ungroupable, false)
|
|
30
|
+
end
|
|
25
31
|
end
|
|
26
32
|
end
|
|
27
33
|
end
|
|
@@ -98,11 +98,13 @@ module Bibliothecary
|
|
|
98
98
|
{
|
|
99
99
|
match_filename('cyclonedx.json') => {
|
|
100
100
|
kind: 'lockfile',
|
|
101
|
-
parser: :parse_cyclonedx_json
|
|
101
|
+
parser: :parse_cyclonedx_json,
|
|
102
|
+
ungroupable: true
|
|
102
103
|
},
|
|
103
104
|
match_filename('cyclonedx.xml') => {
|
|
104
105
|
kind: 'lockfile',
|
|
105
|
-
parser: :parse_cyclonedx_xml
|
|
106
|
+
parser: :parse_cyclonedx_xml,
|
|
107
|
+
ungroupable: true
|
|
106
108
|
}
|
|
107
109
|
}
|
|
108
110
|
end
|
|
@@ -10,6 +10,7 @@ module Bibliothecary
|
|
|
10
10
|
{
|
|
11
11
|
match_filename('dependencies.csv') => {
|
|
12
12
|
kind: 'lockfile',
|
|
13
|
+
ungroupable: true,
|
|
13
14
|
parser: :parse_dependencies_csv
|
|
14
15
|
}
|
|
15
16
|
}
|
|
@@ -39,18 +40,20 @@ module Bibliothecary
|
|
|
39
40
|
# Lockfiles have exact versions.
|
|
40
41
|
"lockfile_requirement" => {
|
|
41
42
|
match: [
|
|
42
|
-
/^version$/i,
|
|
43
43
|
/^(lockfile |)requirement$/i,
|
|
44
|
+
/^version$/i,
|
|
44
45
|
],
|
|
45
46
|
},
|
|
46
47
|
# Manifests have versions that can have operators.
|
|
48
|
+
# However, since Bibliothecary only currently supports analyzing a
|
|
49
|
+
# single file as a single thing (either manifest or lockfile)
|
|
50
|
+
# we can't return manifest-y data. Only take the lockfile requirement
|
|
51
|
+
# when processing dependencies.csv for now.
|
|
47
52
|
"requirement" => {
|
|
48
53
|
match: [
|
|
49
|
-
/^manifest requirement$/i,
|
|
50
|
-
/^version$/i,
|
|
51
54
|
/^(lockfile |)requirement$/i,
|
|
55
|
+
/^version$/i,
|
|
52
56
|
],
|
|
53
|
-
default: nil
|
|
54
57
|
},
|
|
55
58
|
"type" => {
|
|
56
59
|
default: "runtime",
|
|
@@ -179,20 +179,55 @@ module Bibliothecary
|
|
|
179
179
|
deps
|
|
180
180
|
end
|
|
181
181
|
|
|
182
|
+
# While the thing in the repo that PyPI is using might be either in
|
|
183
|
+
# egg format or wheel format, PyPI uses "egg" in the fragment of the
|
|
184
|
+
# VCS URL to specify what package in the PyPI index the VCS URL
|
|
185
|
+
# should be treated as.
|
|
186
|
+
NoEggSpecified = Class.new(ArgumentError)
|
|
187
|
+
|
|
188
|
+
# Parses a requirements.txt file, following the
|
|
189
|
+
# https://pip.pypa.io/en/stable/cli/pip_install/#requirement-specifiers
|
|
190
|
+
# and https://pip.pypa.io/en/stable/topics/vcs-support/#git.
|
|
191
|
+
# Invalid lines in requirements.txt are skipped.
|
|
182
192
|
def self.parse_requirements_txt(file_contents, options: {})
|
|
183
193
|
deps = []
|
|
184
194
|
file_contents.split("\n").each do |line|
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
195
|
+
if line['://']
|
|
196
|
+
begin
|
|
197
|
+
result = parse_requirements_txt_url(line)
|
|
198
|
+
rescue URI::Error, NoEggSpecified => e
|
|
199
|
+
next
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
deps << result.merge(
|
|
203
|
+
type: 'runtime'
|
|
204
|
+
)
|
|
205
|
+
else
|
|
206
|
+
match = line.delete(' ').match(REQUIREMENTS_REGEXP)
|
|
207
|
+
next unless match
|
|
208
|
+
|
|
209
|
+
deps << {
|
|
210
|
+
name: match[1],
|
|
211
|
+
requirement: match[-1] || '*',
|
|
212
|
+
type: 'runtime'
|
|
213
|
+
}
|
|
214
|
+
end
|
|
192
215
|
end
|
|
193
216
|
deps
|
|
194
217
|
end
|
|
195
218
|
|
|
219
|
+
def self.parse_requirements_txt_url(url)
|
|
220
|
+
uri = URI.parse(url)
|
|
221
|
+
raise NoEggSpecified, "No egg specified in #{url}" unless uri.fragment
|
|
222
|
+
|
|
223
|
+
name = uri.fragment[/^egg=([^&]+)([&]|$)/, 1]
|
|
224
|
+
raise NoEggSpecified, "No egg specified in #{url}" unless name
|
|
225
|
+
|
|
226
|
+
requirement = uri.path[/@(.+)$/, 1]
|
|
227
|
+
|
|
228
|
+
{ name: name, requirement: requirement || "*" }
|
|
229
|
+
end
|
|
230
|
+
|
|
196
231
|
def self.pip_compile?(file_contents)
|
|
197
232
|
return file_contents.include?("This file is autogenerated by pip-compile")
|
|
198
233
|
rescue Exception # rubocop:disable Lint/RescueException
|
|
@@ -12,7 +12,14 @@ module Bibliothecary
|
|
|
12
12
|
|
|
13
13
|
file_infos_by_directory = file_infos.group_by { |info| File.dirname(info.relative_path) }
|
|
14
14
|
file_infos_by_directory.values.each do |file_infos_for_path|
|
|
15
|
-
|
|
15
|
+
groupable, ungroupable = file_infos_for_path.partition(&:groupable?)
|
|
16
|
+
|
|
17
|
+
# add ungroupable ones as separate RFIs
|
|
18
|
+
ungroupable.each do |file_info|
|
|
19
|
+
returns.append(RelatedFilesInfo.new([file_info]))
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
file_infos_by_directory_by_package_manager = groupable.group_by { |info| info.package_manager}
|
|
16
23
|
|
|
17
24
|
file_infos_by_directory_by_package_manager.values.each do |file_infos_in_directory_for_package_manager|
|
|
18
25
|
returns.append(RelatedFilesInfo.new(file_infos_in_directory_for_package_manager))
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.2.
|
|
4
|
+
version: 8.2.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|