bibliothecary 8.2.4 → 8.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 631a4574650b4e69a1aec283acf4c0d1fb8338a1c4b767500b3b613c51357d7c
-  data.tar.gz: 1f280d94aacce63d88302f767561d9e9f05e8d3381cd4a618cff5f04cc73511f
+  metadata.gz: c551b8910bf1a2244fddcde8a12ab29d88816b61237b10c992a53d049b2ad661
+  data.tar.gz: 55254294ffec08398bc658b117673ea2697d31ddc8ad9592d24225313b9803bb
 SHA512:
-  metadata.gz: d5e68b0a9fe18880ce752f45e66ba68a31834ce35356e025f892eadb409c613c3d3d57b19fedb65362e0977393757c8a0d7fa521f5e8c3ebbe90dd1aa96b1f86
-  data.tar.gz: 0ce08bdc863f9e82ed831d99b6132c043d6da012c297f81f5a0a801e847143b5a60a4545d2ce177a1deeaa7e62ed3a50010268b396d34c3f9794d04dccfbd365
+  metadata.gz: 52966b0a1fa300c8115f413ebdc991b3856bb77f8098e5b19ed996b1f9bf3c46b54cc41ed2998f0a157f3544c54296b99437596b2666e8345c6285208f0bd46c
+  data.tar.gz: e0c980d9065bfbc3c98100c0ebd92f7c0e16ab93f5e0a3f4a8178d8fb4a89ff032225737951486bf704d337d2bf9f2d18d60074e545ee6852297293c5e952b5b

data/lib/bibliothecary/analyser/determinations.rb

@@ -22,6 +22,12 @@ module Bibliothecary
         first_matching_mapping_details(info)
           .fetch(:can_have_lockfile, true)
       end
+
+      def groupable?(info)
+        # More package managers are groupable than ungroupable, but the methods
+        # to get this information should be positive.
+        !first_matching_mapping_details(info).fetch(:ungroupable, false)
+      end
     end
   end
 end

data/lib/bibliothecary/configuration.rb

@@ -5,7 +5,6 @@ module Bibliothecary
     attr_accessor :carthage_parser_host
     attr_accessor :clojars_parser_host
     attr_accessor :mix_parser_host
-    attr_accessor :gradle_parser_host
     attr_accessor :yarn_parser_host
     attr_accessor :conda_parser_host
     attr_accessor :swift_parser_host
@@ -17,7 +16,6 @@ module Bibliothecary
       @carthage_parser_host = 'https://carthage.libraries.io'
       @clojars_parser_host  = 'https://clojars.libraries.io'
       @mix_parser_host      = 'https://mix.libraries.io'
-      @gradle_parser_host   = 'https://gradle-parser.libraries.io'
       @yarn_parser_host     = 'https://yarn-parser.libraries.io'
       @conda_parser_host    = 'https://conda-parser.libraries.io'
       @swift_parser_host    = 'http://swift.libraries.io'

data/lib/bibliothecary/file_info.rb

@@ -49,5 +49,9 @@ module Bibliothecary
 
       @package_manager = nil
     end
+
+    def groupable?
+      @package_manager&.groupable?(self)
+    end
   end
 end

data/lib/bibliothecary/multi_parsers/cyclonedx.rb

@@ -98,11 +98,13 @@ module Bibliothecary
         {
           match_filename('cyclonedx.json') => {
             kind: 'lockfile',
-            parser: :parse_cyclonedx_json
+            parser: :parse_cyclonedx_json,
+            ungroupable: true
           },
           match_filename('cyclonedx.xml') => {
             kind: 'lockfile',
-            parser: :parse_cyclonedx_xml
+            parser: :parse_cyclonedx_xml,
+            ungroupable: true
           }
         }
       end

data/lib/bibliothecary/multi_parsers/dependencies_csv.rb

@@ -10,6 +10,7 @@ module Bibliothecary
         {
           match_filename('dependencies.csv') => {
             kind: 'lockfile',
+            ungroupable: true,
             parser: :parse_dependencies_csv
           }
         }

data/lib/bibliothecary/parsers/maven.rb

@@ -13,16 +13,19 @@ module Bibliothecary
       GRADLE_DEP_REGEX = /(\+---|\\---){1}/
 
       # Builtin methods: https://docs.gradle.org/current/userguide/java_plugin.html#tab:configurations
-      GRADLE_KTS_DEPENDENCY_METHODS = %w(api compile compileOnlyApi implementation runtimeOnly testCompileOnly testImplementation testRuntimeOnly)
-      
-      # An intentionally overly-simplified regex to scrape deps from build.gradle.kts files. 
-      # To be truly useful bibliothecary would need a full Kotlin parser that speaks Gradle, 
-      # because the Kotlin DSL has many dynamic ways of declaring dependencies.
-      
-      GRADLE_KTS_VERSION_REGEX = /[\w.-]+/ # e.g. '1.2.3'
-      GRADLE_KTS_INTERPOLATED_VERSION_REGEX = /\$\{.*\}/ # e.g. '${my-project-settings["version"]}'
-      GRADLE_KTS_GAV_REGEX = /([\w.-]+)\:([\w.-]+)(?:\:(#{GRADLE_KTS_VERSION_REGEX}|#{GRADLE_KTS_INTERPOLATED_VERSION_REGEX}))?/
-      GRADLE_KTS_SIMPLE_REGEX = /(#{GRADLE_KTS_DEPENDENCY_METHODS.join('|')})\s*\(\s*"#{GRADLE_KTS_GAV_REGEX}"\s*\)\s*$/m # e.g. "group:artifactId:1.2.3"
+      # Deprecated methods: https://docs.gradle.org/current/userguide/upgrading_version_6.html#sec:configuration_removal
+      GRADLE_DEPENDENCY_METHODS = %w(api compile compileClasspath compileOnly compileOnlyApi implementation runtime runtimeClasspath runtimeOnly testCompile testCompileOnly testImplementation testRuntime testRuntimeOnly)
+
+      # Intentionally overly-simplified regexes to scrape deps from build.gradle (Groovy) and build.gradle.kts (Kotlin) files. 
+      # To be truly useful bibliothecary would need full Groovy / Kotlin parsers that speaks Gradle, 
+      # because the Groovy and Kotlin DSLs have many dynamic ways of declaring dependencies.
+      GRADLE_VERSION_REGEX = /[\w.-]+/ # e.g. '1.2.3'
+      GRADLE_VAR_INTERPOLATION_REGEX = /\$\w+/ # e.g. '$myVersion'
+      GRADLE_CODE_INTERPOLATION_REGEX = /\$\{.*\}/ # e.g. '${my-project-settings["version"]}'
+      GRADLE_GAV_REGEX = /([\w.-]+)\:([\w.-]+)(?:\:(#{GRADLE_VERSION_REGEX}|#{GRADLE_VAR_INTERPOLATION_REGEX}|#{GRADLE_CODE_INTERPOLATION_REGEX}))?/ # e.g. "group:artifactId:1.2.3"
+      GRADLE_COMMENT_REGEX = /\/\/.*|\/\*.*\*\// # '// hello' or '/* hello */'
+      GRADLE_GROOVY_SIMPLE_REGEX = /(#{GRADLE_DEPENDENCY_METHODS.join('|')})\s+['"]#{GRADLE_GAV_REGEX}['"]\s*(?:#{GRADLE_COMMENT_REGEX})*$/m 
+      GRADLE_KOTLIN_SIMPLE_REGEX = /(#{GRADLE_DEPENDENCY_METHODS.join('|')})\s*\(\s*"#{GRADLE_GAV_REGEX}"\s*\)\s*(?:#{GRADLE_COMMENT_REGEX})*$/m 
 
       MAVEN_PROPERTY_REGEX = /\$\{(.+?)\}/
       MAX_DEPTH = 5
@@ -233,24 +236,21 @@ module Bibliothecary
       end
 
       def self.parse_gradle(file_contents, options: {})
-        response = Typhoeus.post("#{Bibliothecary.configuration.gradle_parser_host}/parse", body: file_contents)
-        raise Bibliothecary::RemoteParsingError.new("Http Error #{response.response_code} when contacting: #{Bibliothecary.configuration.gradle_parser_host}/parse", response.response_code) unless response.success?
-        json = JSON.parse(response.body)
-        return [] unless json['dependencies']
-        json['dependencies'].map do |dependency|
-          name = gradle_dependency_name(dependency["group"], dependency["name"])
-          next unless name =~ /[\w-]+\.[\w_-]+(\.[\w-])?\:[\w-]/
+        file_contents
+        .scan(GRADLE_GROOVY_SIMPLE_REGEX)                                                # match 'implementation "group:artifactId:version"'
+        .reject { |(_type, group, artifactId, _version)| group.nil? || artifactId.nil? } # remove any matches with missing group/artifactId
+        .map { |(type, group, artifactId, version)|
           {
-            name: name,
-            requirement: dependency["version"],
-            type: dependency["type"]
+            name: [group, artifactId].join(":"),
+            requirement: version || "*",
+            type: type
           }
-        end.compact
+        }
       end
 
       def self.parse_gradle_kts(file_contents, options: {})
         file_contents
-          .scan(GRADLE_KTS_SIMPLE_REGEX)                                                  # match 'implementation("group:artifactId:version")'
+          .scan(GRADLE_KOTLIN_SIMPLE_REGEX)                                                # match 'implementation("group:artifactId:version")'
           .reject { |(_type, group, artifactId, _version)| group.nil? || artifactId.nil? } # remove any matches with missing group/artifactId
           .map { |(type, group, artifactId, version)|
             {

data/lib/bibliothecary/parsers/pypi.rb

@@ -84,7 +84,7 @@ module Bibliothecary
       end
 
       def self.parse_poetry(file_contents, options: {})
-        manifest = Tomlrb.parse(file_contents)['tool']['poetry']
+        manifest = Tomlrb.parse(file_contents).fetch('tool', {}).fetch('poetry', {})
         map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
       end
 

data/lib/bibliothecary/related_files_info.rb

@@ -12,7 +12,14 @@ module Bibliothecary
 
       file_infos_by_directory = file_infos.group_by { |info| File.dirname(info.relative_path) }
       file_infos_by_directory.values.each do |file_infos_for_path|
-        file_infos_by_directory_by_package_manager = file_infos_for_path.group_by { |info| info.package_manager}
+        groupable, ungroupable = file_infos_for_path.partition(&:groupable?)
+
+        # add ungroupable ones as separate RFIs
+        ungroupable.each do |file_info|
+          returns.append(RelatedFilesInfo.new([file_info]))
+        end
+
+        file_infos_by_directory_by_package_manager = groupable.group_by { |info| info.package_manager}
 
         file_infos_by_directory_by_package_manager.values.each do |file_infos_in_directory_for_package_manager|
           returns.append(RelatedFilesInfo.new(file_infos_in_directory_for_package_manager))

data/lib/bibliothecary/version.rb

@@ -1,3 +1,3 @@
 module Bibliothecary
-  VERSION = "8.2.4"
+  VERSION = "8.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 8.2.4
+  version: 8.3.0
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-05-06 00:00:00.000000000 Z
+date: 2022-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tomlrb