All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Populate Bibliothecary::Dependency#source field in all parsers. This makes the source field useful when consuming from Bibliothecary, and removes a step from consumers having to populate this field themselves.
- Improved Rubocop rules to make future spec changes easier via Rubocop auto-correcting formatting violations.
- This is a MAJOR release in that it removes support for hackage, carthage, hex, clojar, and swiftpm from Bibliothecary. We are no longer doing any network calls when using Bibliothecary and reimplementing parsing for those file types natively is non-trivial. Patches welcome :-)
- Rewrote conda and yarn parsers to be in process vs calling out over the network
- Alow retrieving maven versions from parent poms
- Removed lockfile_requirement from Bibliothecary::Dependency
- Fixed parsing of pom files where parent properties within the file are required for dependencies
- Support parsing *.spdx.json files
Bibliothecary::PURL_TYPE_MAPPINGhas changed toBibliothecary::PurlUtil::PURL_TYPE_MAPPINGBibliothecary::MultiParsers::CycloneDX::ManifestEntries.full_name_for_purlhas changed toBibliothecary::PurlUtil.full_name
Bibliothecary::Dependency#requirementnow defaults to all versions ("*") instead ofnilif no version range is specified for the dependency.
- Skip self referencing package entries in yarn v4+ lockfiles.
- Added
CHANGELOG.md, based on https://keepachangelog.com/en/1.1.0/. - New
Bibliothecary::Dependencyclass.
- Breaking:
Bibliothecary::Parsersclasses now return lists ofBibliothecary::Dependencyinstances instead ofHashinstances.