license_finder 5.11.1 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 229ff47f8f3f1ff07709af3ef3ada8de6ab922721a2cb776edd2bc06536e0541
-  data.tar.gz: e2cc27c79ec7d0b2f26d088ef52f72508ffe62993dd02fe37ab0c0ef21767cc0
+  metadata.gz: f844205631f75e79fa841f51845a3a93691016c21fc0e3abbeb971ea8b8c4108
+  data.tar.gz: 2844a248508124b47ad59556878101b1ee793be082da8af1281bdb69e8478e2e
 SHA512:
-  metadata.gz: a686bb665dcbe6fb7d5381da2e93f510a9818ef3e17794a7a4b8342ef0d576c3f0225487c5222e529d81c1f3e37eeb44dbc2ebf0fbe0269a9fd7538ae6f71cb3
-  data.tar.gz: 6d705dd6c77f0a5289aa38cb218d4cd4b4c2854dcd336ec142272c190a6f33fad30cb53391750876ea89ae9d117959234b80791c9f6cab8696ca066d8ee365da
+  metadata.gz: 4621032a4fdb55cb82c81733fca9d7dbee7d900013e1d74dbf633a6be189892121b2afe975ce93f6c465ba5697de11b7b5ad6a40420bd365083db17c587a4ed5
+  data.tar.gz: c13feb27fdd90a93abc444e0ed7ae08292ac742944e9de35f77b4f838cc2d705ee2c203e0743a0d805f7e070ea19e7cfe8cbea4b02b2d627cfe6ef5cedbcbfc1

data/.rubocop.yml

@@ -9,7 +9,7 @@ AllCops:
     - 'Gemfile'
 
 #Layout Cops
-IndentHeredoc:
+HeredocIndentation:
   Enabled: false
 EmptyLinesAroundArguments:
   Enabled: false

data/CHANGELOG.md

@@ -1,3 +1,27 @@
+# [6.0.0] / 2020-01-22
+
+### Added
+* License Finder now recognizes pip requirement markers - [99fbc184](https://github.com/pivotal/LicenseFinder/commit/99fbc18463ef45f920ad506a72dc0b3a93d0f5bf) - Jason Smith
+
+### Fixed
+* Bundler ignored groups failure - [bf2c03e3](https://github.com/pivotal/LicenseFinder/commit/bf2c03e375e91e8418967a593362313487f2f0d0) 
+* No longer crashes when python package requirement is missing - [80e4b360](https://github.com/pivotal/LicenseFinder/commit/80e4b360b95de126e7dc139c25de56c948a01f1e) - Jason Smith
+
+* Longest common paths returning incorrect single directory [#169276334] - [f1d5423b](https://github.com/pivotal/LicenseFinder/commit/f1d5423b04f892d1d1e0595993c9bebb0a7c1b6d) 
+* python 2 projects using incorrect CLI command - [5655f60e](https://github.com/pivotal/LicenseFinder/commit/5655f60e671dc4c247bb05138ed35b05cda9cdc7) 
+
+### Changed
+* Bump jdk version to 13 - [74c9aca6](https://github.com/pivotal/LicenseFinder/commit/74c9aca6358c9dd9262790edbba2e42e84b58bd9) - Debbie Chen
+* Bump sbt version to 1.3.3 with java 12 - [d825599a](https://github.com/pivotal/LicenseFinder/commit/d825599a9b1ac12d874eda66c17bc877bb9af555) - Debbie Chen
+* Bump to openjdk 11 - [499f8ab3](https://github.com/pivotal/LicenseFinder/commit/499f8ab3af7cd8ca37e429f2ed78323ad796d123) - Debbie Chen
+* Bump to openjdk 12 - [09c781a7](https://github.com/pivotal/LicenseFinder/commit/09c781a70787d9461722d5d03d1bc624b644311a) - Debbie Chen
+* Bundler prepare commands with now exclude dependencies in the ignored groups [#169611326] - [e58b2870](https://github.com/pivotal/LicenseFinder/commit/e58b2870b64d2c88be7027b152a423fdb921baca) 
+
+* Change version to be required for dependency add and updated cli options [#168705017] - [b10383d3](https://github.com/pivotal/LicenseFinder/commit/b10383d3d1990b6ad0d608044511352f13924be3) - Debbie Chen
+
+### Deprecated
+* Remove support for jruby 9.1* [#169590215] - [81e75f8c](https://github.com/pivotal/LicenseFinder/commit/81e75f8cd61ca35e30562352dee2579b1b6c991e) 
+
 # [5.11.1] / 2019-11-05
 
 ### Fixed
@@ -772,3 +796,4 @@ Bugfixes:
 [5.10.2]: https://github.com/pivotal/LicenseFinder/compare/v5.10.1...v5.10.2
 [5.11.0]: https://github.com/pivotal/LicenseFinder/compare/v5.10.2...v5.11.0
 [5.11.1]: https://github.com/pivotal/LicenseFinder/compare/v5.11.0...v5.11.1
+[6.0.0]: https://github.com/pivotal/LicenseFinder/compare/v5.11.1...v6.0.0

data/CONTRIBUTING.md

@@ -6,7 +6,7 @@
 * Create a feature branch.
 * Make your feature addition or bug fix. Please make sure there is appropriate test coverage.
 * Rebase on top of master.
-* Send a pull request.
+* Send a pull request with commit messages tagged with an entry specified here: https://keepachangelog.com/en/1.0.0/.
 
 ## Running Tests
 

data/Dockerfile

@@ -5,11 +5,10 @@ ENV PIP_INSTALL_VERSION 19.0.2
 ENV PIP3_INSTALL_VERSION 8.1.1
 ENV GO_LANG_VERSION 1.11.5
 ENV MAVEN_VERSION 3.6.0
-ENV SBT_VERSION 1.1.1
+ENV SBT_VERSION 1.3.3
 ENV GRADLE_VERSION 5.6.4
 ENV RUBY_VERSION 2.6.5
 ENV MIX_VERSION 1.0
-ENV JDK_VERISON 8u211
 ENV COMPOSER_ALLOW_SUPERUSER 1
 
 # programs needed for building
@@ -39,16 +38,12 @@ RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - && \
 RUN npm install -g bower && \
     echo '{ "allow_root": true }' > /root/.bowerrc
 
-#install java 8
-#http://askubuntu.com/questions/521145/how-to-install-oracle-java-on-ubuntu-14-04
-RUN apt-get install -y openjdk-8-jdk
-RUN JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
-
-ENV J2SDKDIR=/usr/lib/jvm/java-8-openjdk-amd64
-ENV J2REDIR=/usr/lib/jvm/java-8-openjdk-amd64/jre
-ENV PATH=$PATH:/usr/lib/jvm/java-8-openjdk-amd64/bin:/usr/lib/jvm/java-8-openjdk-amd64/jre/bin
-ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
-
+# install jdk 11
+RUN curl -L -o openjdk12.tar.gz https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz && \
+    tar xvf openjdk12.tar.gz && \
+    sudo mv jdk-12.0.2 /opt/
+ENV JAVA_HOME=/opt/jdk-12.0.2
+ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
 
 # install python and rebar
@@ -78,7 +73,7 @@ RUN mkdir -p /usr/local/share/sbt-launcher-packaging && \
 
 # install gradle
 WORKDIR /tmp
-RUN curl -L -o gradle.zip http://services.gradle.org/distributions/gradle-$GRADLE_VERSION-bin.zip && \
+RUN curl -L -o gradle.zip https://services.gradle.org/distributions/gradle-$GRADLE_VERSION-bin.zip && \
     unzip -q gradle.zip && \
     rm gradle.zip && \
     mv gradle-$GRADLE_VERSION /root/gradle
@@ -154,7 +149,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
     apt-get update &&\
     apt-get install -y php7.1-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
-    php -r "if (hash_file('sha384', 'composer-setup.php') === 'a5c698ffe4b8e849a443b120cd5ba38043260d5c4023dbf93e1558871f1f07f58274fc6f4c93bcfd858c6bd0775cd8d1') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
+    php -r "if (hash_file('sha384', 'composer-setup.php') === 'c5b9b6d368201a9db6f74e2611495f369991b72d9c8cbd3ffbc63edff210eb73d46ffbfce88669ad33695ef77dc76976') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
     php -r "unlink('composer-setup.php');" &&\
     mv composer.phar /usr/bin/composer

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright (c) 2012-2017 Pivotal Software, Inc. All Rights Reserved.
+Copyright (c) 2012-2020 Pivotal Software, Inc. All Rights Reserved.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -4,17 +4,17 @@
 
 Build status
 * Ruby 2.3.8 [![Ruby 2.3.8 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.3.8/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.4.5 [![Ruby 2.4.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.5.3 [![Ruby 2.5.3 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.5.3/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.4.9 [![Ruby 2.4.9 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.9/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.5.7 [![Ruby 2.5.7 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.5.7/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.6.5 [![Ruby 2.6.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.6.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* JRuby 9.1.17.0 [![JRuby 9.1.17.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.1.17.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* JRuby 9.2.6.0 [![JRuby 9.2.6.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.2.6.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.7.0 [![Ruby 2.7.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* JRuby 9.2.9.0 [![JRuby 9.2.9.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.2.9.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 
 
 LicenseFinder works with your package managers to find dependencies,
 detect the licenses of the packages in them, compare those licenses
-against a user-defined whitelist, and give you an actionable exception
-report.
+against a user-defined list of permitted licenses,
+and give you an actionable exception report.
 
 * code: https://github.com/pivotal/LicenseFinder
 * ci: https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder
@@ -236,21 +236,21 @@ To record who approved the dependency and why:
 $ license_finder approvals add awesome_gpl_gem --who CTO --why "Go ahead"
 ```
 
-### Whitelisting
+### Permitting Licenses
 
 Approving packages one-by-one can be tedious.  Usually your business has
 blanket policies about which packages are approved.  To tell `license_finder`
 that any package with the MIT license should be approved, run:
 
 ``` sh
-$ license_finder whitelist add MIT
+$ license_finder permitted_licenses add MIT
 ```
 
 Any current or future packages with the MIT license will be excluded from the
 output of `license_finder`.
 
-You can also record `--who` and `--why` when changing the whitelist, or making
-any other decision about your project.
+You can also record `--who` and `--why` when changing permitted licenses,
+or making any other decision about your project.
 
 
 ## Output and Artifacts
@@ -270,7 +270,7 @@ decisions.
 
 You could expect `license_finder`, which is an alias for `license_finder
 action_items` to output something like the following on a Rails project where
-MIT had been whitelisted:
+MIT had been permitted:
 
 ```
 Dependencies that need approval:
@@ -370,14 +370,14 @@ since it is a common dependency whose version changes from machine to
 machine.  Adding it to the `ignored_dependencies` would prevent it
 (and its oscillating versions) from appearing in reports.
 
-### Blacklisting Licenses
+### Restricting Licenses
 
-Some projects will have a list of licenses that cannot be used.  You can add
-these licenses to the blacklist `license_finder blacklist add`.  Any dependency
-that has exclusively blacklisted licenses will always appear in the action
-items, even if someone attempts to manually approve or whitelist it.  However,
-if a dependency has even one license outside of the blacklist, it can still be
-manually approved or whitelisted.
+Some projects will have a list of licenses that cannot be used.  You can
+restrict these licenses with `license_finder restricted_licenses add`.  Any dependency
+that has exclusively restricted licenses will always appear in the action
+items, even if someone attempts to manually approve or permit it.  However,
+if a dependency has even one license that is not restricted, it can still be
+manually approved or permitted.
 
 
 ## Configuration

data/Rakefile

@@ -63,7 +63,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
     puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
   end
 
-  ruby_versions = %w[2.6.5 2.5.3 2.4.5 2.3.8 jruby-9.1.17.0 jruby-9.2.6.0]
+  ruby_versions = %w[2.7.0 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
 
   params = []
   params << "ruby_versions=#{ruby_versions.join(',')}"

data/VERSION

@@ -1 +1 @@
-5.11.1
+6.0.0

data/bin/license_finder_pip.py

@@ -15,8 +15,12 @@ except ImportError:
 from pip._vendor import pkg_resources
 from pip._vendor.six import print_
 
-requirements = [pkg_resources.Requirement.parse(str(req.req)) for req
-                in parse_requirements(sys.argv[1], session=PipSession()) if req.req != None]
+reqs = []
+for req in parse_requirements(sys.argv[1], session=PipSession()):
+    if req.req == None or (req.markers != None and not req.markers.evaluate()): continue
+    reqs.append(req)
+
+requirements = [pkg_resources.Requirement.parse(str(req.req)) for req in reqs]
 
 transform = lambda dist: {
         'name': dist.project_name,

data/ci/pipelines/pull-request.yml.erb

@@ -45,19 +45,23 @@ jobs:
   public: true
   plan:
   - get: github-pull-request
+    tags: ["private-worker"]
     version: every
     trigger: true
   - put: dockerhub-pr
+    tags: ["private-worker"]
     params:
       build: github-pull-request
   on_success:
     put: github-pull-request
+    tags: ["private-worker"]
     params:
       path: github-pull-request
       status: success
       context: build-docker-image
   on_failure:
     put: github-pull-request
+    tags: ["private-worker"]
     params:
       path: github-pull-request
       status: failure
@@ -67,12 +71,15 @@ jobs:
   public: true
   plan:
   - get: github-pull-request
+    tags: ["private-worker"]
     passed: [build-docker-image]
     version: every
   - get: dockerhub-pr
+    tags: ["private-worker"]
     passed: [build-docker-image]
     trigger: true
   - task: ruby-<%= ruby_version %>
+    tags: ["private-worker"]
     privileged: true
     image: dockerhub-pr
     file: github-pull-request/ci/tasks/run-tests.yml
@@ -81,12 +88,14 @@ jobs:
     input_mapping: { LicenseFinder: github-pull-request }
     on_success:
       put: github-pull-request
+      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: success
         context: ruby-<%= ruby_version %>
     on_failure:
       put: github-pull-request
+      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: failure
@@ -94,6 +103,7 @@ jobs:
 <% if setup_slack %>
   on_failure:
     put: slack-alert
+    tags: ["private-worker"]
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
@@ -105,20 +115,24 @@ jobs:
   public: true
   plan:
   - get: github-pull-request
+    tags: ["private-worker"]
     trigger: true
     version: every
   - task: run-rubocop
+    tags: ["private-worker"]
     privileged: true
     file: github-pull-request/ci/tasks/rubocop.yml
     input_mapping: { LicenseFinder: github-pull-request }
     on_success:
       put: github-pull-request
+      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: success
         context: run-rubocop
     on_failure:
       put: github-pull-request
+      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: failure

data/ci/pipelines/release.yml.erb

@@ -81,8 +81,10 @@ jobs:
   public: true
   plan:
     - get: git-master-dockerfile
+      tags: ["private-worker"]
       trigger: true
     - put: dockerhub-edge
+      tags: ["private-worker"]
       params:
         build: git-master-dockerfile
 
@@ -91,13 +93,16 @@ jobs:
   public: true
   plan:
   - get: dockerhub-edge
+    tags: ["private-worker"]
     passed: [build-docker-image]
     trigger: true
   - get: LicenseFinder
+    tags: ["private-worker"]
     resource: lf-git
     trigger: true
     version: every
   - task: ruby-<%= ruby_version %>
+    tags: ["private-worker"]
     privileged: true
     image: dockerhub-edge
     file: LicenseFinder/ci/tasks/run-tests.yml
@@ -106,6 +111,7 @@ jobs:
 <% if setup_slack %>
   on_failure:
     put: slack-alert
+    tags: ["private-worker"]
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
@@ -117,13 +123,16 @@ jobs:
   public: true
   plan:
   - get: dockerhub-edge
+    tags: ["private-worker"]
     passed: [build-docker-image]
     trigger: true
   - get: LicenseFinder
+    tags: ["private-worker"]
     resource: lf-git
     trigger: true
     version: every
   - task: run-rubocop
+    tags: ["private-worker"]
     privileged: true
     file: LicenseFinder/ci/tasks/rubocop.yml
     input_mapping: { LicenseFinder: LicenseFinder }
@@ -131,49 +140,63 @@ jobs:
 - name: bump-major
   plan:
     - get: lf-git
+      tags: ["private-worker"]
       passed: [<%= ruby_versions.map{ |version| "ruby-#{version}"}.join(', ') %>]
     - put: semver-version
+      tags: ["private-worker"]
       params: {bump: major}
 
 - name: bump-minor
   plan:
     - get: lf-git
+      tags: ["private-worker"]
       passed: [<%= ruby_versions.map{ |version| "ruby-#{version}"}.join(', ') %>]
     - put: semver-version
+      tags: ["private-worker"]
       params: {bump: minor}
 
 - name: bump-patch
   plan:
     - get: lf-git
+      tags: ["private-worker"]
       passed: [<%= ruby_versions.map{ |version| "ruby-#{version}"}.join(', ') %>]
     - put: semver-version
+      tags: ["private-worker"]
       params: {bump: patch}
 
 - name: release
   plan:
   - get: lf-git-version
+    tags: ["private-worker"]
   - get: semver-version
+    tags: ["private-worker"]
     trigger: true
     passed: [bump-major, bump-minor, bump-patch]
   - get: dockerhub
+    tags: ["private-worker"]
     params:
       save: true
   - get: lf-release
+    tags: ["private-worker"]
   - task: update-changelog
+    tags: ["private-worker"]
     image: dockerhub
     params:
       GIT_USERNAME: ((GithubApiUser))
       GIT_EMAIL: ((GithubApiEmail))
     file: lf-git-version/ci/tasks/update-changelog.yml
   - put: dockerhub
+    tags: ["private-worker"]
     params:
       build: lf-git-version
       tag: version/version.txt
       tag_as_latest: true
   - put: lf-git-version
+    tags: ["private-worker"]
     params:
       repository: lf-git-changed
   - task: build-and-push-gem
+    tags: ["private-worker"]
     image: dockerhub
     params:
       GIT_USERNAME: ((GithubApiUser))
@@ -182,6 +205,7 @@ jobs:
       GEM_API_KEY: ((LicenseFinderGemApiKey))
     file: lf-git-version/ci/tasks/build-and-push-gem.yml
   - put: lf-release
+    tags: ["private-worker"]
     params:
       name: version/tag.txt
       tag: version/tag.txt

data/lib/license_finder/cli.rb

@@ -8,8 +8,8 @@ end
 require 'license_finder/cli/patched_thor'
 require 'license_finder/cli/base'
 require 'license_finder/cli/makes_decisions'
-require 'license_finder/cli/whitelist'
-require 'license_finder/cli/blacklist'
+require 'license_finder/cli/permitted_licenses'
+require 'license_finder/cli/restricted_licenses'
 require 'license_finder/cli/dependencies'
 require 'license_finder/cli/licenses'
 require 'license_finder/cli/approvals'