spandx 0.13.5 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -2
- data/lib/spandx/core/dependency.rb +1 -0
- data/lib/spandx/core/http.rb +6 -6
- data/lib/spandx/core/license_plugin.rb +1 -1
- data/lib/spandx/os/parsers/apk.rb +51 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7e01f7023f4a164fb867c7d457769d1c9dd2eb2b480cee88c5d4d682c2d6dc4e
|
|
4
|
+
data.tar.gz: f202f85c254d11041b79e1305d12641eb66ea66cec9afea25a38e9724a5636d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 926df592dfc76466a7e26bcdfd9fc581957b2c748c9272e30a22180a61f4d6498ebb14e04e8acbbccc813f4aae929ecb8ba82ee54064d642990e5874b05bb0b1
|
|
7
|
+
data.tar.gz: 5dede807761bf9d4fa91f6a0ea9df1bec9531d0a397fedea5c687b7c12860216e41df47c09fc7e94c8951e7dc0f88c99fc74395913002890b199409b700830f0
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Version 0.
|
|
1
|
+
Version 0.14.0
|
|
2
2
|
|
|
3
3
|
# Changelog
|
|
4
4
|
|
|
@@ -8,6 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
9
9
|
|
|
10
10
|
## [Unreleased]
|
|
11
|
+
|
|
12
|
+
## [0.14.0] - 2020-11-14
|
|
13
|
+
### Added
|
|
14
|
+
- Parse `/lib/apk/db/installed` file.
|
|
15
|
+
|
|
11
16
|
## [0.13.5] - 2020-05-26
|
|
12
17
|
### Fixed
|
|
13
18
|
- Process PyPI package urls with single digit versions.
|
|
@@ -198,7 +203,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
198
203
|
### Added
|
|
199
204
|
- Provide ruby API to the latest SPDX catalogue.
|
|
200
205
|
|
|
201
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.
|
|
206
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.14.0...HEAD
|
|
207
|
+
[0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
|
|
202
208
|
[0.13.5]: https://github.com/spandx/spandx/compare/v0.13.4...v0.13.5
|
|
203
209
|
[0.13.4]: https://github.com/spandx/spandx/compare/v0.13.3...v0.13.4
|
|
204
210
|
[0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
|
|
@@ -13,6 +13,7 @@ module Spandx
|
|
|
13
13
|
Spandx::Php::Parsers::Composer => :composer,
|
|
14
14
|
Spandx::Python::Parsers::PipfileLock => :pypi,
|
|
15
15
|
Spandx::Ruby::Parsers::GemfileLock => :rubygems,
|
|
16
|
+
Spandx::Os::Parsers::Apk => :apk,
|
|
16
17
|
}.freeze
|
|
17
18
|
attr_reader :path, :name, :version, :licenses, :meta
|
|
18
19
|
|
data/lib/spandx/core/http.rb
CHANGED
|
@@ -36,12 +36,12 @@ module Spandx
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def self.default_driver
|
|
39
|
-
@default_driver ||= Net::Hippie::Client.new
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
39
|
+
@default_driver ||= Net::Hippie::Client.new(
|
|
40
|
+
follow_redirects: 3,
|
|
41
|
+
logger: Spandx.logger,
|
|
42
|
+
open_timeout: 1,
|
|
43
|
+
read_timeout: 5
|
|
44
|
+
)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
private
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spandx
|
|
4
|
+
module Os
|
|
5
|
+
module Parsers
|
|
6
|
+
class Apk < ::Spandx::Core::Parser
|
|
7
|
+
def match?(path)
|
|
8
|
+
path.basename.fnmatch?('installed')
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def parse(lockfile)
|
|
12
|
+
path = lockfile.to_s
|
|
13
|
+
|
|
14
|
+
[].tap do |items|
|
|
15
|
+
lockfile.open(mode: 'r') do |io|
|
|
16
|
+
each_package(io) do |data|
|
|
17
|
+
items.push(map_from(data, path))
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def each_package(io)
|
|
26
|
+
package = {}
|
|
27
|
+
|
|
28
|
+
until io.eof?
|
|
29
|
+
line = io.readline.chomp
|
|
30
|
+
if line.empty?
|
|
31
|
+
yield package
|
|
32
|
+
|
|
33
|
+
package = {}
|
|
34
|
+
else
|
|
35
|
+
line.split(':').tap { |(key, value)| package[key] = value }
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def map_from(data, path)
|
|
41
|
+
::Spandx::Core::Dependency.new(
|
|
42
|
+
path: path,
|
|
43
|
+
name: data['P'],
|
|
44
|
+
version: data['V'],
|
|
45
|
+
meta: data.merge('license' => [data['L']])
|
|
46
|
+
)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
|
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
|
|
|
34
34
|
|
|
35
35
|
spec.add_dependency 'addressable', '~> 2.7'
|
|
36
36
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
|
37
|
-
spec.add_dependency 'net-hippie', '~> 0
|
|
37
|
+
spec.add_dependency 'net-hippie', '~> 1.0'
|
|
38
38
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
|
39
39
|
spec.add_dependency 'oj', '~> 3.10'
|
|
40
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spandx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Can Eldem
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-
|
|
12
|
+
date: 2020-11-15 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -51,14 +51,14 @@ dependencies:
|
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0
|
|
54
|
+
version: '1.0'
|
|
55
55
|
type: :runtime
|
|
56
56
|
prerelease: false
|
|
57
57
|
version_requirements: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '0
|
|
61
|
+
version: '1.0'
|
|
62
62
|
- !ruby/object:Gem::Dependency
|
|
63
63
|
name: nokogiri
|
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -404,6 +404,7 @@ files:
|
|
|
404
404
|
- lib/spandx/js/parsers/yarn.rb
|
|
405
405
|
- lib/spandx/js/yarn_lock.rb
|
|
406
406
|
- lib/spandx/js/yarn_pkg.rb
|
|
407
|
+
- lib/spandx/os/parsers/apk.rb
|
|
407
408
|
- lib/spandx/php/packagist_gateway.rb
|
|
408
409
|
- lib/spandx/php/parsers/composer.rb
|
|
409
410
|
- lib/spandx/python/index.rb
|
|
@@ -441,7 +442,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
441
442
|
- !ruby/object:Gem::Version
|
|
442
443
|
version: '0'
|
|
443
444
|
requirements: []
|
|
444
|
-
rubygems_version: 3.1.
|
|
445
|
+
rubygems_version: 3.1.4
|
|
445
446
|
signing_key:
|
|
446
447
|
specification_version: 4
|
|
447
448
|
summary: A ruby interface to the SPDX catalogue.
|