bibliothecary 8.6.5 → 8.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bibliothecary/parsers/maven.rb +37 -11
  3. data/lib/bibliothecary/parsers/nuget.rb +11 -9
  4. data/lib/bibliothecary/version.rb +1 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 58c0282aec64e81ed313f123670287697f3718e64276e1260030833d70baf892
4
- data.tar.gz: be3e9107d5fb2a0968acca81878d4c0bab062bf5b9d994121af2d682a4e8d278
3
+ metadata.gz: 7f6b75ad41b078c913dc3170bba3fa22d3d885b17e3c27e961f9b5e084d539c7
4
+ data.tar.gz: 8354e96eb6e2473549e4cbae545a6a9d80fbb9dc49965a0cb75cc66a1e5aa5ca
5
5
  SHA512:
6
- metadata.gz: 211d953af085e4495325cdd450816f6747ce42b1d8e9c55852e2a50786190466a885cd70b8c454ec1c5d6872ce55f6d8a8ecddd03be7ca2faa02450216f84242
7
- data.tar.gz: 74ba743b92e5858c8cc6d7341bf2dda8ff9ce7fdabdff58f44e544554fbc538ae9909726cfcb588d222fa9e1b490d0db9e4ff45896f6f13c375fd1e4ea978f95
6
+ metadata.gz: f6ab5428cbf33ca11c0013b1af6b0c0314141af095cef19921ebddbbb2ada7db7d6534768be658ff2408a6cc8ce94b84cdf8038ecd75449a3bdc20860a329d62
7
+ data.tar.gz: 1c5ebfcbf76c589345a818b9a4f2a463a52aca2d2ed3fb0fb90d9b77644ac1b9a0262fb4a38c8f08fabfabb4561c1f2b14d4692e149e3fb0af0092d028b9d117
data/lib/bibliothecary/parsers/maven.rb CHANGED
@@ -1,6 +1,10 @@
1
1
  require 'ox'
2
2
  require 'strings-ansi'
3
3
 
4
+ # Known shortcomings and unimplemented Maven features:
5
+ # pom.xml
6
+ # <exclusions> cannot be taken into account (because it requires knowledge of transitive deps)
7
+ # <properties> are the only thing inherited from parent poms currenly
4
8
  module Bibliothecary
5
9
  module Parsers
6
10
  class Maven
@@ -270,18 +274,40 @@ module Bibliothecary
270
274
  manifest = Ox.parse file_contents
271
275
  xml = manifest.respond_to?('project') ? manifest.project : manifest
272
276
  [].tap do |deps|
273
- ['dependencies/dependency', 'dependencyManagement/dependencies/dependency'].each do |deps_xpath|
274
- xml.locate(deps_xpath).each do |dep|
275
- dep_hash = {
276
- name: "#{extract_pom_dep_info(xml, dep, 'groupId', parent_properties)}:#{extract_pom_dep_info(xml, dep, 'artifactId', parent_properties)}",
277
- requirement: extract_pom_dep_info(xml, dep, 'version', parent_properties),
278
- type: extract_pom_dep_info(xml, dep, 'scope', parent_properties) || 'runtime',
279
- }
280
- # optional field is, itself, optional, and will be either "true" or "false"
281
- optional = extract_pom_dep_info(xml, dep, 'optional', parent_properties)
282
- dep_hash[:optional] = optional == "true" unless optional.nil?
283
- deps.push(dep_hash)
277
+ # <dependencyManagement> is a namespace to specify artifact configuration (e.g. version), but it doesn't
278
+ # actually add dependencies to your project. Grab these and keep them for reference while parsing <dependencies>
279
+ # Ref: https://maven.apache.org/pom.html#Dependency_Management
280
+ # Ref: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#transitive-dependencies
281
+ dependencyManagement = xml.locate("dependencyManagement/dependencies/dependency").map do |dep|
282
+ {
283
+ groupId: extract_pom_dep_info(xml, dep, "groupId", parent_properties),
284
+ artifactId: extract_pom_dep_info(xml, dep, "artifactId", parent_properties),
285
+ version: extract_pom_dep_info(xml, dep, "version", parent_properties),
286
+ scope: extract_pom_dep_info(xml, dep, "scope", parent_properties),
287
+ }
288
+ end
289
+ # <dependencies> is the namespace that will add dependencies to your project.
290
+ xml.locate("dependencies/dependency").each do |dep|
291
+ groupId = extract_pom_dep_info(xml, dep, 'groupId', parent_properties)
292
+ artifactId = extract_pom_dep_info(xml, dep, 'artifactId', parent_properties)
293
+ version = extract_pom_dep_info(xml, dep, 'version', parent_properties)
294
+ scope = extract_pom_dep_info(xml, dep, 'scope', parent_properties)
295
+
296
+ # Use any dep configurations from <dependencyManagement> as fallbacks
297
+ if (depConfig = dependencyManagement.find { |d| d[:groupId] == groupId && d[:artifactId] == artifactId })
298
+ version ||= depConfig[:version]
299
+ scope ||= depConfig[:scope]
284
300
  end
301
+
302
+ dep_hash = {
303
+ name: "#{groupId}:#{artifactId}",
304
+ requirement: version,
305
+ type: scope || 'runtime',
306
+ }
307
+ # optional field is, itself, optional, and will be either "true" or "false"
308
+ optional = extract_pom_dep_info(xml, dep, 'optional', parent_properties)
309
+ dep_hash[:optional] = optional == "true" unless optional.nil?
310
+ deps.push(dep_hash)
285
311
  end
286
312
  end
287
313
  end
data/lib/bibliothecary/parsers/nuget.rb CHANGED
@@ -65,15 +65,17 @@ module Bibliothecary
65
65
 
66
66
  frameworks = {}
67
67
  manifest.fetch('dependencies',[]).each do |framework, deps|
68
- frameworks[framework] = deps.map do |name, details|
69
- {
70
- name: name,
71
- # 'resolved' has been set in all examples so far
72
- # so fallback to requested is pure paranoia
73
- requirement: details.fetch('resolved', details.fetch('requested', '*')),
74
- type: 'runtime'
75
- }
76
- end
68
+ frameworks[framework] = deps
69
+ .reject { |_name, details| details["type"] == "Project" } # Projects do not have versions
70
+ .map do |name, details|
71
+ {
72
+ name: name,
73
+ # 'resolved' has been set in all examples so far
74
+ # so fallback to requested is pure paranoia
75
+ requirement: details.fetch('resolved', details.fetch('requested', '*')),
76
+ type: 'runtime'
77
+ }
78
+ end
77
79
  end
78
80
 
79
81
  if frameworks.size > 0
data/lib/bibliothecary/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "8.6.5"
2
+ VERSION = "8.7.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.6.5
4
+ version: 8.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-10 00:00:00.000000000 Z
11
+ date: 2023-10-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb
@@ -248,7 +248,7 @@ dependencies:
248
248
  - - ">="
249
249
  - !ruby/object:Gem::Version
250
250
  version: '0'
251
- description:
251
+ description:
252
252
  email:
253
253
  - andrewnez@gmail.com
254
254
  executables:
@@ -326,7 +326,7 @@ homepage: https://github.com/librariesio/bibliothecary
326
326
  licenses:
327
327
  - AGPL-3.0
328
328
  metadata: {}
329
- post_install_message:
329
+ post_install_message:
330
330
  rdoc_options: []
331
331
  require_paths:
332
332
  - lib
@@ -341,8 +341,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
341
341
  - !ruby/object:Gem::Version
342
342
  version: '0'
343
343
  requirements: []
344
- rubygems_version: 3.1.6
345
- signing_key:
344
+ rubygems_version: 3.3.22
345
+ signing_key:
346
346
  specification_version: 4
347
347
  summary: Find and parse manifests
348
348
  test_files: []