spandx 0.13.5 → 0.14.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 01abc42f6e315aee9f35bf60cdad7a4801ee95ae4a186ef3ee001f2617c9891e
4
- data.tar.gz: 78248675cdddbcb197f347239c85016862254a113b17894e4d6ffe7ecd33cddd
3
+ metadata.gz: 7e01f7023f4a164fb867c7d457769d1c9dd2eb2b480cee88c5d4d682c2d6dc4e
4
+ data.tar.gz: f202f85c254d11041b79e1305d12641eb66ea66cec9afea25a38e9724a5636d6
5
5
  SHA512:
6
- metadata.gz: d6d4462c74dc412f9016ff576f55e67bdc9a6b341059d3b372b505f6e7ee730a92da53a4b5d0ab836df298b2cb527d0890c599fdc48f92a848b3d93c6c7d67ab
7
- data.tar.gz: fdc618b97c619aa7d8a99b799dc5b1569d8396e9cfbbee5ee91cf7b994335e7fcbd9a5abac03b87a21615b23eef7913d5b59aabf277cacaa3eeac8497d795f38
6
+ metadata.gz: 926df592dfc76466a7e26bcdfd9fc581957b2c748c9272e30a22180a61f4d6498ebb14e04e8acbbccc813f4aae929ecb8ba82ee54064d642990e5874b05bb0b1
7
+ data.tar.gz: 5dede807761bf9d4fa91f6a0ea9df1bec9531d0a397fedea5c687b7c12860216e41df47c09fc7e94c8951e7dc0f88c99fc74395913002890b199409b700830f0
@@ -1,4 +1,4 @@
1
- Version 0.13.5
1
+ Version 0.14.0
2
2
 
3
3
  # Changelog
4
4
 
@@ -8,6 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
8
8
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
9
9
 
10
10
  ## [Unreleased]
11
+
12
+ ## [0.14.0] - 2020-11-14
13
+ ### Added
14
+ - Parse `/lib/apk/db/installed` file.
15
+
11
16
  ## [0.13.5] - 2020-05-26
12
17
  ### Fixed
13
18
  - Process PyPI package urls with single digit versions.
@@ -198,7 +203,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
198
203
  ### Added
199
204
  - Provide ruby API to the latest SPDX catalogue.
200
205
 
201
- [Unreleased]: https://github.com/spandx/spandx/compare/v0.13.5...HEAD
206
+ [Unreleased]: https://github.com/spandx/spandx/compare/v0.14.0...HEAD
207
+ [0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
202
208
  [0.13.5]: https://github.com/spandx/spandx/compare/v0.13.4...v0.13.5
203
209
  [0.13.4]: https://github.com/spandx/spandx/compare/v0.13.3...v0.13.4
204
210
  [0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
@@ -13,6 +13,7 @@ module Spandx
13
13
  Spandx::Php::Parsers::Composer => :composer,
14
14
  Spandx::Python::Parsers::PipfileLock => :pypi,
15
15
  Spandx::Ruby::Parsers::GemfileLock => :rubygems,
16
+ Spandx::Os::Parsers::Apk => :apk,
16
17
  }.freeze
17
18
  attr_reader :path, :name, :version, :licenses, :meta
18
19
 
@@ -36,12 +36,12 @@ module Spandx
36
36
  end
37
37
 
38
38
  def self.default_driver
39
- @default_driver ||= Net::Hippie::Client.new.tap do |client|
40
- client.logger = Spandx.logger
41
- client.open_timeout = 1
42
- client.read_timeout = 5
43
- client.follow_redirects = 3
44
- end
39
+ @default_driver ||= Net::Hippie::Client.new(
40
+ follow_redirects: 3,
41
+ logger: Spandx.logger,
42
+ open_timeout: 1,
43
+ read_timeout: 5
44
+ )
45
45
  end
46
46
 
47
47
  private
@@ -33,7 +33,7 @@ module Spandx
33
33
  end
34
34
 
35
35
  def known?(package_manager)
36
- %i[nuget maven rubygems npm yarn pypi composer].include?(package_manager)
36
+ %i[nuget maven rubygems npm yarn pypi composer apk].include?(package_manager)
37
37
  end
38
38
 
39
39
  def gateway_for(dependency)
@@ -0,0 +1,51 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Spandx
4
+ module Os
5
+ module Parsers
6
+ class Apk < ::Spandx::Core::Parser
7
+ def match?(path)
8
+ path.basename.fnmatch?('installed')
9
+ end
10
+
11
+ def parse(lockfile)
12
+ path = lockfile.to_s
13
+
14
+ [].tap do |items|
15
+ lockfile.open(mode: 'r') do |io|
16
+ each_package(io) do |data|
17
+ items.push(map_from(data, path))
18
+ end
19
+ end
20
+ end
21
+ end
22
+
23
+ private
24
+
25
+ def each_package(io)
26
+ package = {}
27
+
28
+ until io.eof?
29
+ line = io.readline.chomp
30
+ if line.empty?
31
+ yield package
32
+
33
+ package = {}
34
+ else
35
+ line.split(':').tap { |(key, value)| package[key] = value }
36
+ end
37
+ end
38
+ end
39
+
40
+ def map_from(data, path)
41
+ ::Spandx::Core::Dependency.new(
42
+ path: path,
43
+ name: data['P'],
44
+ version: data['V'],
45
+ meta: data.merge('license' => [data['L']])
46
+ )
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- VERSION = '0.13.5'
4
+ VERSION = '0.14.0'
5
5
  end
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
34
34
 
35
35
  spec.add_dependency 'addressable', '~> 2.7'
36
36
  spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
37
- spec.add_dependency 'net-hippie', '~> 0.3'
37
+ spec.add_dependency 'net-hippie', '~> 1.0'
38
38
  spec.add_dependency 'nokogiri', '~> 1.10'
39
39
  spec.add_dependency 'oj', '~> 3.10'
40
40
  spec.add_dependency 'parslet', '~> 2.0'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spandx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.13.5
4
+ version: 0.14.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Can Eldem
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-06-23 00:00:00.000000000 Z
12
+ date: 2020-11-15 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: addressable
@@ -51,14 +51,14 @@ dependencies:
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0.3'
54
+ version: '1.0'
55
55
  type: :runtime
56
56
  prerelease: false
57
57
  version_requirements: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '0.3'
61
+ version: '1.0'
62
62
  - !ruby/object:Gem::Dependency
63
63
  name: nokogiri
64
64
  requirement: !ruby/object:Gem::Requirement
@@ -404,6 +404,7 @@ files:
404
404
  - lib/spandx/js/parsers/yarn.rb
405
405
  - lib/spandx/js/yarn_lock.rb
406
406
  - lib/spandx/js/yarn_pkg.rb
407
+ - lib/spandx/os/parsers/apk.rb
407
408
  - lib/spandx/php/packagist_gateway.rb
408
409
  - lib/spandx/php/parsers/composer.rb
409
410
  - lib/spandx/python/index.rb
@@ -441,7 +442,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
441
442
  - !ruby/object:Gem::Version
442
443
  version: '0'
443
444
  requirements: []
444
- rubygems_version: 3.1.3
445
+ rubygems_version: 3.1.4
445
446
  signing_key:
446
447
  specification_version: 4
447
448
  summary: A ruby interface to the SPDX catalogue.