cyclonedx-cocoapods 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/cyclonedx/cocoapods/cli_runner.rb +4 -6
- data/lib/cyclonedx/cocoapods/podfile_analyzer.rb +20 -9
- data/lib/cyclonedx/cocoapods/version.rb +1 -1
- metadata +4 -46
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 84ed77501efec7ca77fce507dd1dbc4a29ffb4b8cf45fc6b942eafe3901af95a
|
|
4
|
+
data.tar.gz: 85204bb25786de11c3dc7ec302d016431ebecd7078149081a6b294ba65f756aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7f4b84eb0a11f7f6488fe9fccef7806e786db41ea647806046b729b39952172175df7b8884b17c60e5cac0b246a9bfc6e56d8e53f69b3ad9521c9cde0f19726b
|
|
7
|
+
data.tar.gz: f719564347931af554dbc2705022a548405bbd95320db5c094f5616166a46ecd830d8fddedcaebd9e24fd76ff6e8be2e1917d3a3be8bc6ede3f21e77e763af77
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [1.4.1]
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
- Minimum Ruby version is now v2.6.3 so the [Array.union](https://apidock.com/ruby/v2_6_3/Array/union) function can be used.
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
- Improved performance when analyzing a Podfile with many pods. ([Issue #78](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/78)) [@macblazer](https://github.com/macblazer).
|
|
14
|
+
|
|
7
15
|
## [1.4.0]
|
|
8
16
|
|
|
9
17
|
### Added
|
|
@@ -100,12 +100,10 @@ module CycloneDX
|
|
|
100
100
|
parsed_options[:name] = name
|
|
101
101
|
end
|
|
102
102
|
options.on('-v', '--version version', 'Version of the component for which the BOM is generated') do |version|
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
raise OptionParser::InvalidArgument, e.message
|
|
108
|
-
end
|
|
103
|
+
Gem::Version.new(version)
|
|
104
|
+
parsed_options[:version] = version
|
|
105
|
+
rescue StandardError => e
|
|
106
|
+
raise OptionParser::InvalidArgument, e.message
|
|
109
107
|
end
|
|
110
108
|
options.on('-t', '--type type',
|
|
111
109
|
'Type of the component for which the BOM is generated ' \
|
|
@@ -184,12 +184,18 @@ module CycloneDX
|
|
|
184
184
|
end
|
|
185
185
|
end
|
|
186
186
|
|
|
187
|
-
|
|
188
|
-
|
|
187
|
+
# Calculate simple array of all used pods plus their direct dependencies
|
|
188
|
+
#
|
|
189
|
+
# @param [Array<String>] top_level_pods List of pod names that are directly imported by the Podfile
|
|
190
|
+
# @param [Hash<String,Array<String>>] pods_cache Dependency information directly from the Podfile.lock;
|
|
191
|
+
# keys are string pod names, values are list of direct dependencies of the given pod.
|
|
192
|
+
# @return [Array<String>, Hash<String,Array<String>>] First element is list of all used pod names.
|
|
193
|
+
# Second element is a hash: keys are string pod names, values are the direct dependencies of that pod.
|
|
194
|
+
def append_all_pod_dependencies(top_level_pods, pods_cache)
|
|
195
|
+
result = top_level_pods
|
|
189
196
|
original_number = 0
|
|
190
|
-
dependencies_hash = {}
|
|
191
197
|
|
|
192
|
-
# Loop adding pod dependencies until we are not adding any more dependencies to the result
|
|
198
|
+
# Loop adding pod dependencies until we are not adding any more dependencies to the result.
|
|
193
199
|
# This brings in all the transitive dependencies of every top level pod.
|
|
194
200
|
# Note this also handles two edge cases:
|
|
195
201
|
# 1. Having a Podfile with no pods used.
|
|
@@ -197,15 +203,20 @@ module CycloneDX
|
|
|
197
203
|
while result.length != original_number
|
|
198
204
|
original_number = result.length
|
|
199
205
|
|
|
200
|
-
|
|
206
|
+
top_level_pods.each do |pod_name|
|
|
201
207
|
if pods_cache.key?(pod_name)
|
|
202
|
-
|
|
203
|
-
|
|
208
|
+
# Append all of the dependencies of this pod into the main list, if they aren't already in the list
|
|
209
|
+
result = result.union(pods_cache[pod_name])
|
|
204
210
|
end
|
|
205
211
|
end
|
|
206
212
|
|
|
207
|
-
|
|
208
|
-
|
|
213
|
+
top_level_pods = result
|
|
214
|
+
end
|
|
215
|
+
|
|
216
|
+
# Now that we have the simple list of all unique pods, grab their direct dependencies
|
|
217
|
+
dependencies_hash = {}
|
|
218
|
+
result.each do |pod_name|
|
|
219
|
+
dependencies_hash[pod_name] = pods_cache.key?(pod_name) ? pods_cache[pod_name] : []
|
|
209
220
|
end
|
|
210
221
|
|
|
211
222
|
[result, dependencies_hash]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cyclonedx-cocoapods
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- José González
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2024-
|
|
12
|
+
date: 2024-11-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: cocoapods
|
|
@@ -51,48 +51,6 @@ dependencies:
|
|
|
51
51
|
- - "<"
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
53
|
version: '2.0'
|
|
54
|
-
- !ruby/object:Gem::Dependency
|
|
55
|
-
name: equivalent-xml
|
|
56
|
-
requirement: !ruby/object:Gem::Requirement
|
|
57
|
-
requirements:
|
|
58
|
-
- - "~>"
|
|
59
|
-
- !ruby/object:Gem::Version
|
|
60
|
-
version: 0.6.0
|
|
61
|
-
type: :development
|
|
62
|
-
prerelease: false
|
|
63
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
64
|
-
requirements:
|
|
65
|
-
- - "~>"
|
|
66
|
-
- !ruby/object:Gem::Version
|
|
67
|
-
version: 0.6.0
|
|
68
|
-
- !ruby/object:Gem::Dependency
|
|
69
|
-
name: rake
|
|
70
|
-
requirement: !ruby/object:Gem::Requirement
|
|
71
|
-
requirements:
|
|
72
|
-
- - "~>"
|
|
73
|
-
- !ruby/object:Gem::Version
|
|
74
|
-
version: '13.0'
|
|
75
|
-
type: :development
|
|
76
|
-
prerelease: false
|
|
77
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
78
|
-
requirements:
|
|
79
|
-
- - "~>"
|
|
80
|
-
- !ruby/object:Gem::Version
|
|
81
|
-
version: '13.0'
|
|
82
|
-
- !ruby/object:Gem::Dependency
|
|
83
|
-
name: rspec
|
|
84
|
-
requirement: !ruby/object:Gem::Requirement
|
|
85
|
-
requirements:
|
|
86
|
-
- - "~>"
|
|
87
|
-
- !ruby/object:Gem::Version
|
|
88
|
-
version: '3.0'
|
|
89
|
-
type: :development
|
|
90
|
-
prerelease: false
|
|
91
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
92
|
-
requirements:
|
|
93
|
-
- - "~>"
|
|
94
|
-
- !ruby/object:Gem::Version
|
|
95
|
-
version: '3.0'
|
|
96
54
|
description: CycloneDX is a lightweight software bill-of-material (SBOM) specification
|
|
97
55
|
designed for use in application security contexts and supply chain component analysis.
|
|
98
56
|
This Gem generates CycloneDX BOMs from CocoaPods projects.
|
|
@@ -133,14 +91,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
133
91
|
requirements:
|
|
134
92
|
- - ">="
|
|
135
93
|
- !ruby/object:Gem::Version
|
|
136
|
-
version: 2.
|
|
94
|
+
version: 2.6.3
|
|
137
95
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
138
96
|
requirements:
|
|
139
97
|
- - ">="
|
|
140
98
|
- !ruby/object:Gem::Version
|
|
141
99
|
version: '0'
|
|
142
100
|
requirements: []
|
|
143
|
-
rubygems_version: 3.5.
|
|
101
|
+
rubygems_version: 3.5.23
|
|
144
102
|
signing_key:
|
|
145
103
|
specification_version: 4
|
|
146
104
|
summary: CycloneDX software bill-of-material (SBOM) generation utility
|