bibliothecary 8.7.6 → 8.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 57b89f5321f44b47f940c8fe8be9e50e2007ad4176fd002744f1f44a2bd9cbe7
4
- data.tar.gz: 742a28fbf8a17708e64736bf49039347af391db3b1ad4c62355df83f45459d5f
3
+ metadata.gz: d1780d8940244ee5e96aab6ad08266b28f1bfac65eabb9ae2fc811712ddbbb3a
4
+ data.tar.gz: ac03558d5e3f9f127664c8420f31273b3eacfefccc4c193c1aa6830f2b54f749
5
5
  SHA512:
6
- metadata.gz: 7a86455347539c89417c398c19e99ff8cd4ea84d52057c4e67f991f6ac518083db567a733b83cc4044dbb326d4a7322dde9514b3a486ed1c7825bc6cf2fdad7c
7
- data.tar.gz: a3c33ebc60114b4c9627d8dfd205d0579e32efd706c01fc84f00606d378db05c103f50655eb68c8b2f6383d0b50c9fcf7370a65d16d18c0dd1a9dd74241bbf45
6
+ metadata.gz: 0ba1a48525ff6a464715b4d8210d5edf6269a31a785d2038f9228e5b591e83c128ff9adb33bc12d427da134afafb5e1b3808092f272105a7896e1db8895e67f6
7
+ data.tar.gz: 3737f2812866ea2d79f94d5c1dfecfcfb822ec2496d8eb013319d72d3218e8e4deb988232b046886ee616688f9cebd6c5c131186f8db2289bd3b372eb3dd8a67
@@ -81,11 +81,21 @@ module Bibliothecary
81
81
  parser: :parse_cyclonedx_json,
82
82
  ungroupable: true,
83
83
  },
84
+ match_extension("cdx.json") => {
85
+ kind: "lockfile",
86
+ parser: :parse_cyclonedx_json,
87
+ ungroupable: true,
88
+ },
84
89
  match_filename("cyclonedx.xml") => {
85
90
  kind: "lockfile",
86
91
  parser: :parse_cyclonedx_xml,
87
92
  ungroupable: true,
88
93
  },
94
+ match_extension(".cdx.xml") => {
95
+ kind: "lockfile",
96
+ parser: :parse_cyclonedx_xml,
97
+ ungroupable: true,
98
+ },
89
99
  }
90
100
  end
91
101
 
@@ -63,12 +63,18 @@ module Bibliothecary
63
63
  # "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
64
64
  manifest
65
65
  .fetch("packages")
66
- .reject { |name, _dep| name == "" } # this is the lockfile's package itself
66
+ # there are a couple of scenarios where a package's name won't start with node_modules
67
+ # 1. name == "", this is the lockfile's package itself
68
+ # 2. when a package is a local path dependency, it will appear in package-lock.json twice.
69
+ # * One occurrence has the node_modules/ prefix in the name (which we keep)
70
+ # * The other occurrence's name is the path to the local dependency (which has less information, and is duplicative, so we discard)
71
+ .select { |name, _dep| name.start_with?("node_modules") }
67
72
  .map do |name, dep|
68
73
  {
69
74
  name: name.split("node_modules/").last,
70
- requirement: dep["version"],
75
+ requirement: dep["version"] || "*",
71
76
  type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime",
77
+ local: dep.fetch("link", false),
72
78
  }
73
79
  end
74
80
  end
@@ -101,6 +107,9 @@ module Bibliothecary
101
107
  map_dependencies(manifest, "devDependencies", "development")
102
108
  )
103
109
  .reject { |dep| dep[:name].start_with?("//") } # Omit comment keys. They are valid in package.json: https://groups.google.com/g/nodejs/c/NmL7jdeuw0M/m/yTqI05DRQrIJ
110
+ .each do |dep|
111
+ dep[:local] = dep[:requirement].start_with?("file:")
112
+ end
104
113
  end
105
114
 
106
115
  def self.parse_yarn_lock(file_contents, options: {}) # rubocop:disable Lint/UnusedMethodArgument
@@ -115,6 +124,7 @@ module Bibliothecary
115
124
  requirement: dep[:version],
116
125
  lockfile_requirement: dep[:requirement],
117
126
  type: dep[:type],
127
+ local: dep[:requirement]&.start_with?("file:"),
118
128
  }
119
129
  end
120
130
  end
@@ -12,6 +12,7 @@ module Bibliothecary
12
12
 
13
13
  REQUIREMENTS_REGEXP = /^#{REQUIRE_REGEXP}/
14
14
  MANIFEST_REGEXP = /.*require[^\/]*(\/)?[^\/]*\.(txt|pip|in)$/
15
+ # TODO: can this be a more specific regexp so it doesn't match something like ".yarn/cache/create-require-npm-1.0.0.zip"?
15
16
  PIP_COMPILE_REGEXP = /.*require.*$/
16
17
 
17
18
  # Adapted from https://peps.python.org/pep-0508/#names
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "8.7.6"
2
+ VERSION = "8.8.0"
3
3
  end
data/lib/bibliothecary.rb CHANGED
@@ -17,7 +17,8 @@ Dir[File.expand_path("../bibliothecary/parsers/*.rb", __FILE__)].each do |file|
17
17
  end
18
18
 
19
19
  module Bibliothecary
20
- VERSION_OPERATORS = /[~^<>*"]/
20
+ VERSION_OPERATORS = /[~^<>*"]/.freeze
21
+ INVALID_UTF8_ERROR_REGEXP = /invalid byte sequence/.freeze
21
22
 
22
23
  def self.analyse(path, ignore_unparseable_files: true)
23
24
  runner.analyse(path, ignore_unparseable_files: ignore_unparseable_files)
@@ -81,6 +82,10 @@ module Bibliothecary
81
82
  .dup # ensure we don't have a frozen string
82
83
  .force_encoding("UTF-8") # treat all strings as utf8
83
84
  .sub(/^\xEF\xBB\xBF/, "") # remove any Byte Order Marks so JSON, etc don't fail while parsing them.
85
+ rescue ArgumentError => e
86
+ # Bibliothecary doesn't need to analyze non-UTF8 files like binary files, so just return blank.
87
+ return "" if e.message.match?(INVALID_UTF8_ERROR_REGEXP)
88
+ raise e
84
89
  end
85
90
 
86
91
  class << self
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.7.6
4
+ version: 8.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-11 00:00:00.000000000 Z
11
+ date: 2024-05-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb
@@ -248,7 +248,7 @@ dependencies:
248
248
  - - ">="
249
249
  - !ruby/object:Gem::Version
250
250
  version: '0'
251
- description:
251
+ description:
252
252
  email:
253
253
  - andrewnez@gmail.com
254
254
  executables:
@@ -326,7 +326,7 @@ homepage: https://github.com/librariesio/bibliothecary
326
326
  licenses:
327
327
  - AGPL-3.0
328
328
  metadata: {}
329
- post_install_message:
329
+ post_install_message:
330
330
  rdoc_options: []
331
331
  require_paths:
332
332
  - lib
@@ -341,8 +341,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
341
341
  - !ruby/object:Gem::Version
342
342
  version: '0'
343
343
  requirements: []
344
- rubygems_version: 3.3.22
345
- signing_key:
344
+ rubygems_version: 3.1.6
345
+ signing_key:
346
346
  specification_version: 4
347
347
  summary: Find and parse manifests
348
348
  test_files: []