bibliothecary 8.4.6 → 8.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/bibliothecary/parsers/maven.rb +7 -1
- data/lib/bibliothecary/parsers/npm.rb +28 -2
- data/lib/bibliothecary/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 28eee333f0558f68657092d126ca5465eddbba371f1ad189a3007d4b43915063
|
|
4
|
+
data.tar.gz: 91cb04d35a821cd7a8af93688a7db430d445f37f805493f379c2eeccddca5f74
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8286430aba8f90efd0fc73b63f1fe31f57a7aa3759f88613fdecced517ad98a12a2ce62032bab0919c94f125c84953a71ba3862533a4a2e410ec11d1e4cf4a99
|
|
7
|
+
data.tar.gz: 310fa03c90fca4ee65fb46b2fb78b9f9276b082adeada8a4536cd9357441c7f33c54cbf016cd087a7b7c5f0b6517664ed8107d92cbe730e57538888e2e778fe6
|
|
@@ -322,6 +322,9 @@ module Bibliothecary
|
|
|
322
322
|
extract_pom_dep_info(xml, xml, location, parent_properties)
|
|
323
323
|
end
|
|
324
324
|
|
|
325
|
+
# TODO: it might be worth renaming parent_properties to parent_elements
|
|
326
|
+
# so that more can be inherited from the parent pom than just <properties>
|
|
327
|
+
# here (see https://maven.apache.org/pom.html#inheritance)
|
|
325
328
|
def self.extract_pom_dep_info(xml, dependency, name, parent_properties = {})
|
|
326
329
|
field = dependency.locate(name).first
|
|
327
330
|
return nil if field.nil?
|
|
@@ -363,7 +366,10 @@ module Bibliothecary
|
|
|
363
366
|
return "${#{property_name}}" if !xml.respond_to?("properties") && parent_properties.empty? && xml.locate(non_prop_name).empty?
|
|
364
367
|
|
|
365
368
|
prop_field = xml.properties.locate(property_name).first if xml.respond_to?("properties")
|
|
366
|
-
parent_prop = parent_properties[property_name]
|
|
369
|
+
parent_prop = parent_properties[property_name] || # e.g. "${foo}"
|
|
370
|
+
parent_properties[property_name.sub(/^project\./, '')] || # e.g. "${project.foo}"
|
|
371
|
+
parent_properties[property_name.sub(/^project\.parent\./, '')] # e.g. "${project.parent.foo}"
|
|
372
|
+
|
|
367
373
|
if prop_field
|
|
368
374
|
prop_field.nodes.first
|
|
369
375
|
elsif parent_prop
|
|
@@ -38,7 +38,15 @@ module Bibliothecary
|
|
|
38
38
|
|
|
39
39
|
def self.parse_package_lock(file_contents, options: {})
|
|
40
40
|
manifest = JSON.parse(file_contents)
|
|
41
|
-
|
|
41
|
+
# https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion
|
|
42
|
+
if manifest["lockfileVersion"].to_i <= 1
|
|
43
|
+
# lockfileVersion 1 uses the "dependencies" object
|
|
44
|
+
parse_package_lock_v1(manifest)
|
|
45
|
+
else
|
|
46
|
+
# lockfileVersion 2 has backwards-compatability by including both "packages" and the legacy "dependencies" object
|
|
47
|
+
# lockfileVersion 3 has no backwards-compatibility and only includes the "packages" object
|
|
48
|
+
parse_package_lock_v2(manifest)
|
|
49
|
+
end
|
|
42
50
|
end
|
|
43
51
|
|
|
44
52
|
class << self
|
|
@@ -46,6 +54,24 @@ module Bibliothecary
|
|
|
46
54
|
alias_method :parse_shrinkwrap, :parse_package_lock
|
|
47
55
|
end
|
|
48
56
|
|
|
57
|
+
def self.parse_package_lock_v1(manifest)
|
|
58
|
+
parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def self.parse_package_lock_v2(manifest)
|
|
62
|
+
# "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
|
|
63
|
+
manifest
|
|
64
|
+
.fetch("packages")
|
|
65
|
+
.reject { |name, dep| name == "" } # this is the lockfile's package itself
|
|
66
|
+
.map do |name, dep|
|
|
67
|
+
{
|
|
68
|
+
name: name.split("node_modules/").last,
|
|
69
|
+
requirement: dep["version"],
|
|
70
|
+
type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime"
|
|
71
|
+
}
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
|
|
49
75
|
def self.parse_package_lock_deps_recursively(dependencies, depth=1)
|
|
50
76
|
dependencies.flat_map do |name, requirement|
|
|
51
77
|
type = requirement.fetch("dev", false) ? 'development' : 'runtime'
|
|
@@ -55,7 +81,7 @@ module Bibliothecary
|
|
|
55
81
|
[]
|
|
56
82
|
else
|
|
57
83
|
parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
|
|
58
|
-
|
|
84
|
+
end
|
|
59
85
|
|
|
60
86
|
[{
|
|
61
87
|
name: name,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.
|
|
4
|
+
version: 8.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|