license_finder 6.14.1 → 6.14.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e02cf849bb28047c74646f496dd4ba63f68675103d13d4da53e12c3f5e28de4f
4
- data.tar.gz: 0ca411b29afeda504a4eddd6b03c81b46e35a2b9eb553d4bb69ef99f085864c1
3
+ metadata.gz: 34d77567442f9c47fcc7b150b7ffc32d2c7db0a76841ac3732f6e2af4887bc37
4
+ data.tar.gz: 1ae0dec6f2a8902bddfbfc3f0e466a7f26e9b19d304b40eef4d1a7a76a56cd5a
5
5
  SHA512:
6
- metadata.gz: 7bd4b732e9ce6edee1e3352cd8ead5545fce8a8f047ef7a6b6006084aadbed01effc369d0ccd9ede81bd6889e32f0e1e0360cd76e9b80cf7f9c7cb483818c3cf
7
- data.tar.gz: 226f2bf83e75441f72ca5dff09430cc49821eb83bd41af2964e6c1f19df2ce40946437fb4a8b32242653e82379ceadad5d3984961abf295ce81306d857c2ec1d
6
+ metadata.gz: 5a6e40dca9d5f3a91ab6cfba5e002ef14b3974fd6caeb6e3489d4bfc17b16897d0126e6c9f7edc35b28a0ec087bf9b68c3eb739ae583ccc6dcffb29b0d901ae5
7
+ data.tar.gz: 06d1bf8e227ce2db790f7ced5d53e507f384cdc7d582037bcb8be4574e7a483a550a34ba10c589c53b3513b24809900ba554da778de9b6cdb5437896c51a7b12
data/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
+ # [6.14.2] / 2021-10-27
2
+
3
+ ### Added
4
+ * Zlib License - [0f004b52](https://github.com/pivotal/LicenseFinder/commit/0f004b528d436b4d53db8bd373ede0594c07d9e8) - blooper05
5
+
1
6
  # [6.14.1] / 2021-06-25
2
7
 
8
+ First two commit were supposed to show up in v6.14.0, but GPG bug prevented a correct build. Therefore, a follow up patch build was made to include the GPG fix.
9
+
10
+ ### Changed
11
+ * Upgrade Docker image to use Ubuntu Bionic [#178471230] [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
12
+ * Update the default timezone to GMT [#178471230] - [9fcab84](https://github.com/pivotal/LicenseFinder/commit/9fcab84605cda81e7f276d3c567d14409e371333)
13
+ * Use local copy of Swift puglic GPG keys [#178674224] - [4db4b3e](https://github.com/pivotal/LicenseFinder/commit/4db4b3e5980ca52019549d74da574a2342a7846e)
14
+
15
+ ### Added
16
+ * Added --npm_options option to customize npm behavior. [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott
17
+
18
+ ### Security
19
+ * Fix issue where commands could be injected running on Cocoapods projects. [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
20
+
21
+ Thanks to Joern SchneeweiszStaff Security Engineer, Security Research | GitLab for raising the issue
22
+
23
+
3
24
  # [6.13.0] / 2021-04-27
4
25
 
5
26
  ### Fixed
@@ -957,3 +978,4 @@ Bugfixes:
957
978
  [6.12.2]: https://github.com/pivotal/LicenseFinder/compare/v6.12.1...v6.12.2
958
979
  [6.13.0]: https://github.com/pivotal/LicenseFinder/compare/v6.12.2...v6.13.0
959
980
  [6.14.1]: https://github.com/pivotal/LicenseFinder/compare/v6.13.0...v6.14.1
981
+ [6.14.2]: https://github.com/pivotal/LicenseFinder/compare/v6.14.1...v6.14.2
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.14.1
1
+ 6.14.2
@@ -1,5 +1,4 @@
1
1
  #!/usr/bin/env python
2
-
3
2
  import json
4
3
  import sys
5
4
 
@@ -21,12 +20,16 @@ except ImportError:
21
20
  from pip._vendor import pkg_resources
22
21
  from pip._vendor.six import print_
23
22
 
23
+
24
24
  reqs = []
25
25
  for req in parse_requirements(sys.argv[1], session=PipSession()):
26
- if req.req == None or (req.markers != None and not req.markers.evaluate()): continue
27
- reqs.append(req)
28
-
29
- requirements = [pkg_resources.Requirement.parse(str(req.req)) for req in reqs]
26
+ try:
27
+ if req.req is not None and (req.markers is None or req.markers.evaluate()):
28
+ reqs.append(pkg_resources.Requirement.parse(str(req.req)))
29
+ except AttributeError:
30
+ # Since pip 20.1 (pip now takes care of markers at the resolve step)
31
+ if req.requirement is not None:
32
+ reqs.append(pkg_resources.Requirement.parse(str(req.requirement)))
30
33
 
31
34
  transform = lambda dist: {
32
35
  'name': dist.project_name,
@@ -35,7 +38,6 @@ transform = lambda dist: {
35
38
  'dependencies': list(map(lambda dependency: dependency.project_name, dist.requires())),
36
39
  }
37
40
 
38
- packages = [transform(dist) for dist
39
- in pkg_resources.working_set.resolve(requirements)]
40
41
 
42
+ packages = [transform(dist) for dist in pkg_resources.working_set.resolve(reqs)]
41
43
  print_(json.dumps(packages))
@@ -27,7 +27,8 @@ module LicenseFinder
27
27
  ruby,
28
28
  simplifiedbsd,
29
29
  wtfpl,
30
- zerobsd
30
+ zerobsd,
31
+ zlib
31
32
  ]
32
33
  end
33
34
 
@@ -349,6 +350,17 @@ module LicenseFinder
349
350
  matcher: matcher
350
351
  )
351
352
  end
353
+
354
+ def zlib
355
+ License.new(
356
+ short_name: 'Zlib',
357
+ pretty_name: 'zlib/libpng license',
358
+ other_names: [
359
+ 'zlib License'
360
+ ],
361
+ url: 'https://opensource.org/licenses/Zlib'
362
+ )
363
+ end
352
364
  end
353
365
  end
354
366
  end
@@ -0,0 +1,17 @@
1
+ Copyright (c) <year> <copyright holders>
2
+
3
+ This software is provided 'as-is', without any express or implied
4
+ warranty. In no event will the authors be held liable for any damages
5
+ arising from the use of this software.
6
+
7
+ Permission is granted to anyone to use this software for any purpose,
8
+ including commercial applications, and to alter it and redistribute it
9
+ freely, subject to the following restrictions:
10
+
11
+ 1. The origin of this software must not be misrepresented; you must not
12
+ claim that you wrote the original software. If you use this software
13
+ in a product, an acknowledgment in the product documentation would be
14
+ appreciated but is not required.
15
+ 2. Altered source versions must be plainly marked as such, and must not be
16
+ misrepresented as being the original software.
17
+ 3. This notice may not be removed or altered from any source distribution.
@@ -53,7 +53,9 @@ module LicenseFinder
53
53
  end
54
54
 
55
55
  def read_plist(pathname)
56
- JSON.parse(`plutil -convert json -o - '#{pathname.gsub!(/[^0-9A-Za-z.\-]/, '')}'`)
56
+ transformed_pathname = pathname.gsub!(%r{[^0-9A-Za-z. \-'/]}, '')
57
+ transformed_pathname = pathname if transformed_pathname.nil?
58
+ JSON.parse(`plutil -convert json -o - '#{transformed_pathname}'`)
57
59
  end
58
60
  end
59
61
  end
@@ -50,7 +50,7 @@ Gem::Specification.new do |s|
50
50
  s.add_dependency 'with_env', '1.1.0'
51
51
  s.add_dependency 'xml-simple', '~> 1.1.5'
52
52
 
53
- s.add_development_dependency 'addressable', '2.7.0'
53
+ s.add_development_dependency 'addressable', '2.8.0'
54
54
  s.add_development_dependency 'capybara', '~> 3.15.0'
55
55
  s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM =~ /darwin/
56
56
  s.add_development_dependency 'fakefs', '~> 1.2.0'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_finder
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.14.1
4
+ version: 6.14.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Collins
@@ -27,7 +27,7 @@ authors:
27
27
  autorequire:
28
28
  bindir: bin
29
29
  cert_chain: []
30
- date: 2021-06-25 00:00:00.000000000 Z
30
+ date: 2021-10-27 00:00:00.000000000 Z
31
31
  dependencies:
32
32
  - !ruby/object:Gem::Dependency
33
33
  name: bundler
@@ -131,14 +131,14 @@ dependencies:
131
131
  requirements:
132
132
  - - '='
133
133
  - !ruby/object:Gem::Version
134
- version: 2.7.0
134
+ version: 2.8.0
135
135
  type: :development
136
136
  prerelease: false
137
137
  version_requirements: !ruby/object:Gem::Requirement
138
138
  requirements:
139
139
  - - '='
140
140
  - !ruby/object:Gem::Version
141
- version: 2.7.0
141
+ version: 2.8.0
142
142
  - !ruby/object:Gem::Dependency
143
143
  name: capybara
144
144
  requirement: !ruby/object:Gem::Requirement
@@ -424,6 +424,7 @@ files:
424
424
  - lib/license_finder/license/templates/Ruby.txt
425
425
  - lib/license_finder/license/templates/SimplifiedBSD.txt
426
426
  - lib/license_finder/license/templates/WTFPL.txt
427
+ - lib/license_finder/license/templates/Zlib.txt
427
428
  - lib/license_finder/license/text.rb
428
429
  - lib/license_finder/license_aggregator.rb
429
430
  - lib/license_finder/logger.rb
@@ -536,7 +537,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
536
537
  - !ruby/object:Gem::Version
537
538
  version: '0'
538
539
  requirements: []
539
- rubygems_version: 3.2.21
540
+ rubygems_version: 3.2.30
540
541
  signing_key:
541
542
  specification_version: 4
542
543
  summary: Audit the OSS licenses of your application's dependencies.