license_finder 6.3.0 → 6.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72f85b1c33a4f69a87b10788685debd163e13cc60b428ce9854849ff55567531
-  data.tar.gz: 14b067eae3f53784d3d4a5c4b341c73f604f63b9c4eaf7b68a98e90bdf7728fb
+  metadata.gz: 48bb96da32ab1ac5f0ee5f3a61e35a546c7666794348b6055fafbdcd2afb9067
+  data.tar.gz: c712efcd6787e0747ea1d2975ef719f74ee5e27eb2664dc0f0d1d0f681f62fe2
 SHA512:
-  metadata.gz: '087049b7a0d7b1ada765f6904f66add3048b0a8e0aaef4c75333d139ddde2337f56ac37dc4852a6e23ccd7855d501cacac59c6c97213bbea375282c8300c2355'
-  data.tar.gz: 3d52fc85d19980ff405e25f8f18c1cea20649ed90fa8aad2f236a62e78ec691e60dfa4f9651fa3f77898f7ad5924df75a0ca49c3c692bc9e16dd30a4d9d332e8
+  metadata.gz: 204084155100a9da1d8511db5173bfd138f1247c2fd0ed6a5c967a4da7c01b4a3db7352b8e55d98dd82cc68b4460d48daee400531e8a34605ca54046f66065a6
+  data.tar.gz: 0db4e9e0660b01393a9f142c6f320a526e366cd1e4831097170f954a2496cf2fbb9cbb1fcff9d8f188ca7e5bfccec34ae8c1ab8cfd7c4b3c5815a33b924b61d1

data/.rubocop.yml

@@ -48,6 +48,12 @@ Style/MissingRespondToMissing:
   Enabled: false
 Style/FormatStringToken:
   EnforcedStyle: unannotated
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
 Layout/MultilineMethodCallIndentation:
     Enabled: false
 DoubleNegation:

data/CHANGELOG.md

@@ -1,3 +1,53 @@
+# [6.6.2] / 2020-07-09
+
+### Added
+* support for rebar3 [Removed] support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
+
+### Fixed
+* handle empty case for mix dependencies [#173637843] - [fc34b281](https://github.com/pivotal/LicenseFinder/commit/fc34b2813925a709addde675849e199b05fc4a23) - Jeff Jun
+
+### Removed
+[Added] support for rebar3 * support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
+
+# [6.6.1] / 2020-06-30
+
+### Changed
+* Handle multiple solution files for nuget [#173021333] - [040d9559](https://github.com/pivotal/LicenseFinder/commit/040d9559a4bda07490255cc34c1a7891081bc511) 
+* matches license names from pypi api call with known licenses to avoid returning misformatted licenses [#173421573] - [6b96d746](https://github.com/pivotal/LicenseFinder/commit/6b96d74600034abcacee6ed2b322aa3abfaa0992) - Jeff Jun
+* Update Nuget Package Manager prepare command - [6ac07066](https://github.com/pivotal/LicenseFinder/commit/6ac070668955bc034da1647658440ce5bb0d9bd2) - Jason Smith
+
+# [6.6.0] / 2020-06-22
+
+# [6.5.0] / 2020-06-01
+
+### Added
+* Support legacy nuget projects [#172950097] - [0cccbcf9](https://github.com/pivotal/LicenseFinder/commit/0cccbcf9aa92f4297ef0174242bdb19da1babc65) 
+
+### Changed
+* Upgrade to golang 1.14.3. Update dotnet-sdk to 3.1 - [0969e98f](https://github.com/pivotal/LicenseFinder/commit/0969e98fde4a82f8931601baa4dd96dc01300a14) 
+
+# [6.4.0] / 2020-05-22
+
+Big shout out to @forelabs for introducing many new features and improvements for this release. Thanks again!!
+
+### Added
+* Introducing new inherited_decisions command - [3453feb](https://github.com/pivotal/LicenseFinder/commit/3453feb659a6c3c6e5aa444e3755ddd5d32f3664) - Sven Dunemann
+* Decision Applier: Merge manual and system packages - [c690532](https://github.com/pivotal/LicenseFinder/commit/c690532ec8addab16bef4edd390f05ceb353435f) - Sven Dunemann
+* Introduce package_url to packages - [18972f7](https://github.com/pivotal/LicenseFinder/commit/18972f7b3a04340e1b7bb560780130b68696b8a2) - Sven Dunemann
+* Add --write-headers option for csv exports - [18e01f8](https://github.com/pivotal/LicenseFinder/commit/18e01f8728a9dc525d7567292cc1e2f390ec854d) - Sven Dunemann
+* Yarn: Add authors & install_path - [08a0f67](https://github.com/pivotal/LicenseFinder/commit/08a0f67837a218231217767561f2282c1b3a890a) - Sven Dunemann
+* install path for nuget dependencies [#172251374] - [ad73c946](https://github.com/pivotal/LicenseFinder/commit/ad73c946113846f8f548adfc73542aebb3763175) - Jeff Jun
+* new Rubocop cops - [c4cc6b8b](https://github.com/pivotal/LicenseFinder/commit/c4cc6b8b13273db17b65cecaf24c9053e4989ea1) - Jeff Jun
+
+### Fixed
+* Separate lines in license text with LF when exported to JSON - [baddb976](https://github.com/pivotal/LicenseFinder/commit/baddb976e7a8683c5cc320eddc8c2712dfb16c15) - Robert Huitl
+
+### Changed
+* Go15VendorExperiment: Detect go only if vendor includes go files - [0f8e609](https://github.com/pivotal/LicenseFinder/commit/0f8e609f0921937c6187deccd80e4bc4b7d67ee4) - Sven Dunemann
+* Bump PHP version to 7.4 - [cbe45c5](https://github.com/pivotal/LicenseFinder/commit/cbe45c5cdb3ec200ea215086a3b3eb879e83222a) - Yivan
+* Significantly improve the license text matching file to be more dynamic - [acf5705](https://github.com/pivotal/LicenseFinder/commit/acf570573b4a2414d9c43212dea5d4ecb157319e)
+* Update Ruby version to 2.7.1 [#172295831] - [475e2948](https://github.com/pivotal/LicenseFinder/commit/475e2948ec1ad859aee59e77aa9ce2a51e1a5029) 
+
 # [6.3.0] / 2020-05-06
 
 ### Added
@@ -10,6 +60,11 @@
 * Bump PHP version to 7.3 - [1c3c3271](https://github.com/pivotal/LicenseFinder/commit/1c3c3271b977a6c8d24e4159a6b8098a51086522) 
 * Remove +compatible in Go package versions [#171754392] - [5cba5801](https://github.com/pivotal/LicenseFinder/commit/5cba5801f4f276482f01bfeea46fde0dbbcce7b1) 
 
+### Fixed
+* Fixed Maven Package manager Groups check - [5058d90](https://github.com/pivotal/LicenseFinder/commit/5058d90246a25ca15c72e0eed8e19ebbf7e39998) - Ravi Soni 
+* GoModules: fix compute with vendor mod - [067eb19](https://github.com/pivotal/LicenseFinder/commit/067eb1916ce024039631bdbd4114ababa6c02c3a) - forelabs
+* Do not set Bundle path. Bundler will figure it out. - [6319a7a](https://github.com/pivotal/LicenseFinder/commit/6319a7a281bd9cc997c08c903674ab51fcc6545e) - mvz
+
 # [6.2.0] / 2020-04-07
 
 ### Fixed
@@ -837,3 +892,8 @@ Bugfixes:
 [6.1.2]: https://github.com/pivotal/LicenseFinder/compare/v6.1.0...v6.1.2
 [6.2.0]: https://github.com/pivotal/LicenseFinder/compare/v6.1.2...v6.2.0
 [6.3.0]: https://github.com/pivotal/LicenseFinder/compare/v6.2.0...v6.3.0
+[6.4.0]: https://github.com/pivotal/LicenseFinder/compare/v6.3.0...v6.4.0
+[6.5.0]: https://github.com/pivotal/LicenseFinder/compare/v6.4.0...v6.5.0
+[6.6.0]: https://github.com/pivotal/LicenseFinder/compare/v6.5.0...v6.6.0
+[6.6.1]: https://github.com/pivotal/LicenseFinder/compare/v6.6.0...v6.6.1
+[6.6.2]: https://github.com/pivotal/LicenseFinder/compare/v6.6.1...v6.6.2

data/Dockerfile

@@ -3,11 +3,11 @@ FROM ubuntu:xenial
 # Versioning
 ENV PIP_INSTALL_VERSION 19.0.2
 ENV PIP3_INSTALL_VERSION 8.1.1
-ENV GO_LANG_VERSION 1.13.3
+ENV GO_LANG_VERSION 1.14.3
 ENV MAVEN_VERSION 3.6.0
 ENV SBT_VERSION 1.3.3
 ENV GRADLE_VERSION 5.6.4
-ENV RUBY_VERSION 2.6.5
+ENV RUBY_VERSION 2.7.1
 ENV MIX_VERSION 1.0
 ENV COMPOSER_ALLOW_SUPERUSER 1
 
@@ -48,11 +48,13 @@ ENV JAVA_HOME=/opt/jdk-12.0.2
 ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
 
-# install python and rebar
-RUN apt-get install -y python rebar
+# install rebar3
+RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
+    sudo chmod +x rebar3 && \
+    sudo mv rebar3 /usr/local/bin/rebar3
 
-# install and update python-pip
-RUN apt-get install -y python-pip python3-pip && \
+# install and update python and python-pip
+RUN apt-get install -y python python-pip python3-pip && \
     pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION  && \
     pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
 
@@ -141,8 +143,8 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
   echo "deb https://download.mono-project.com/repo/ubuntu stable-xenial main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
   apt-get update &&\
   apt-get install -y mono-complete &&\
-  curl -o /usr/local/bin/nuget.exe https://dist.nuget.org/win-x86-commandline/latest/nuget.exe &&\
-  echo "alias nuget=\"mono /usr/local/bin/nuget.exe\"" >> ~/.bash_aliases
+  curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
+  curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
 
 # install dotnet core
 WORKDIR /tmp
@@ -150,14 +152,14 @@ RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsof
   sudo dpkg -i packages-microsoft-prod.deb &&\
   rm packages-microsoft-prod.deb &&\
   sudo apt-get update &&\
-  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
+  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
 
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
     echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
     apt-get update &&\
-    apt-get install -y php7.3-cli &&\
+    apt-get install -y php7.4-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
-    php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
+    php -r "if (hash_file('sha384', 'composer-setup.php') === 'e5325b19b381bfd88ce90a5ddb7823406b2a38cff6bb704b0acc289a09c8128d4a8ce2bbafcd1fcbdc38666422fe2806') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
     php -r "unlink('composer-setup.php');" &&\
     mv composer.phar /usr/bin/composer

data/README.md

@@ -7,7 +7,7 @@ Build status
 * Ruby 2.4.9 [![Ruby 2.4.9 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.9/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.5.7 [![Ruby 2.5.7 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.5.7/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.6.5 [![Ruby 2.6.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.6.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.7.0 [![Ruby 2.7.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.7.1 [![Ruby 2.7.1 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.1/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * JRuby 9.2.9.0 [![JRuby 9.2.9.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.2.9.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 
 
@@ -43,7 +43,7 @@ and give you an actionable exception report.
 
 ### Experimental project types
 
-* Erlang (via `rebar`)
+* Erlang (via `rebar3`)
 * Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
 * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
 * Elixir (via `mix`)
@@ -175,7 +175,7 @@ languages, as long as that language has a package definition in the project dire
 * `bower.json` (for `bower`)
 * `Podfile` (for `pod`)
 * `Cartfile` (for `carthage`)
-* `rebar.config` (for `rebar`)
+* `rebar.config` (for `rebar3`)
 * `mix.exs` (for `mix`)
 * `packages/` directory (for `nuget`)
 * `*.csproj` (for `dotnet`)
@@ -183,7 +183,7 @@ languages, as long as that language has a package definition in the project dire
 * `glide.lock` file (for `glide`)
 * `vendor/vendor.json` file (for `govendor`)
 * `Gopkg.lock` file (for `dep`)
-* `go.sum` file (for `go mod`)
+* `go.mod` file (for `go mod`)
 * `vendor.conf` file (for `trash`)
 * `yarn.lock` file (for `yarn`)
 * `conanfile.txt` file (for `conan`)
@@ -359,7 +359,7 @@ $ license_finder dependencies remove my_js_dep
 Sometimes a project will have development or test dependencies which
 you don't want to track.  You can exclude theses dependencies by running
 `license_finder ignored_groups`.  (Currently this only works for packages
-managed by Bundler, NPM, and Nuget.)
+managed by Bundler, NPM, Yarn, Maven, Pip2, Pip3, and Nuget.)
 
 On rare occasions a package manager will report an individual dependency
 that you want to exclude from all reports, even though it is approved.
@@ -379,6 +379,26 @@ items, even if someone attempts to manually approve or permit it.  However,
 if a dependency has even one license that is not restricted, it can still be
 manually approved or permitted.
 
+## Decision inheritance
+
+Add or remove decision files you want to inherit from - see `license_finder inherited_decisions help` for more information.
+
+This allows you to have a centralized decision file for approved/restricted licenses. If you have multiple projects it's way easier to have one single place where you approved or restricted licenses defined.
+
+Add one or more decision files to the inherited decisions
+```bash
+license_finder inherited_decisions add DECISION_FILE
+```
+
+Remove one or more decision files from the inherited decisions
+```bash
+license_finder inherited_decisions remove DECISION_FILE
+```
+
+List all the inherited decision files
+```bash
+license_finder inherited_decisions list
+```
 
 ## Configuration
 
@@ -392,7 +412,7 @@ If you have a gradle project, you can invoke gradle with a custom script by
 passing (for example) `--gradle_command gradlew` to `license_finder` or
 `license_finder report`.
 
-Similarly you can invoke a custom rebar script with `--rebar_command rebar2`.
+Similarly you can invoke a custom rebar script with `--rebar_command rebar`.
 If you store rebar dependencies in a custom directory (by setting `deps_dir` in
 `rebar.config`), set `--rebar_deps_dir`.
 
@@ -467,6 +487,8 @@ licenseConfigurations := Set("compile", "provided")
 
 ## Upgrading
 
+To upgrade to `license_finder` version >= 6.0, you have to replace the terminology `whitelist` with `permit` and  `blacklist` with `restrict` in your `dependency_decisions.yml`. See [Changelog](https://github.com/pivotal/LicenseFinder/blob/master/CHANGELOG.md#600--2020-01-22) for more details.
+
 To upgrade from `license_finder` version 1.2 to 2.0, see
 [`license_finder_upgrade`](https://github.com/mainej/license_finder_upgrade).
 To upgrade to 2.0 from a version lower than 1.2, first upgrade to 1.2, and run

data/Rakefile

@@ -63,7 +63,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
     puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
   end
 
-  ruby_versions = %w[2.7.0 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
+  ruby_versions = %w[2.7.1 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
 
   params = []
   params << "ruby_versions=#{ruby_versions.join(',')}"

data/VERSION

@@ -1 +1 @@
-6.3.0
+6.6.2

data/ci/pipelines/release.yml.erb

@@ -24,7 +24,7 @@ resources:
   source:
     driver: gcs
     bucket: lf-semver-version
-    key: VERSION
+    key: version
     json_key: ((GCPQueuedReportsBucketCredentials))
 
 - name: dockerhub-edge
@@ -123,21 +123,31 @@ jobs:
 
 - name: bump-major
   plan:
-    - put: semver-version
+    - get: semver-version
       tags: ["private-worker"]
       params: {bump: major}
+    - put: semver-version
+      tags: ["private-worker"]
+      params: {file: semver-version/version}
+
 
 - name: bump-minor
   plan:
-    - put: semver-version
+    - get: semver-version
       tags: ["private-worker"]
       params: {bump: minor}
+    - put: semver-version
+      tags: ["private-worker"]
+      params: {file: semver-version/version}
 
 - name: bump-patch
   plan:
-    - put: semver-version
+    - get: semver-version
       tags: ["private-worker"]
       params: {bump: patch}
+    - put: semver-version
+      tags: ["private-worker"]
+      params: {file: semver-version/version}
 
 - name: release
   disable_manual_trigger: true

data/ci/tasks/rubocop.yml

@@ -4,7 +4,7 @@ image_resource:
   type: registry-image
   source:
     repository: ruby
-    tag: 2.6.5
+    tag: 2.7.1
 
 inputs:
 - name: LicenseFinder

data/lib/license_finder/cli.rb

@@ -8,6 +8,7 @@ end
 require 'license_finder/cli/patched_thor'
 require 'license_finder/cli/base'
 require 'license_finder/cli/makes_decisions'
+require 'license_finder/cli/inherited_decisions'
 require 'license_finder/cli/permitted_licenses'
 require 'license_finder/cli/restricted_licenses'
 require 'license_finder/cli/dependencies'

data/lib/license_finder/cli/base.rb

@@ -44,6 +44,7 @@ module LicenseFinder
           :elixir_command,
           :mix_command,
           :mix_deps_dir,
+          :write_headers,
           :save,
           :prepare,
           :prepare_no_fail,

data/lib/license_finder/cli/inherited_decisions.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module CLI
+    class InheritedDecisions < Base
+      extend Subcommand
+      include MakesDecisions
+
+      desc 'list', 'List all the inherited decision files'
+      def list
+        say 'Inherited Decision Files:', :blue
+        say_each(decisions.inherited_decisions)
+      end
+
+      auditable
+      desc 'add DECISION_FILE...', 'Add one or more decision files to the inherited decisions'
+      def add(*decision_files)
+        assert_some decision_files
+        modifying { decision_files.each { |filepath| decisions.inherit_from(filepath) } }
+        say "Added #{decision_files.join(', ')} to the inherited decisions"
+      end
+
+      auditable
+      desc 'add_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
+      def add_with_auth(*params)
+        url, auth_type, token_or_env = params
+        auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
+        modifying { decisions.add_decision [:inherit_from, auth_info] }
+        say "Added #{url} to the inherited decisions"
+      end
+
+      auditable
+      desc 'remove DECISION_FILE...', 'Remove one or more decision files from the inherited decisions'
+      def remove(*decision_files)
+        assert_some decision_files
+        modifying { decision_files.each { |filepath| decisions.remove_inheritance(filepath) } }
+        say "Removed #{decision_files.join(', ')} from the inherited decisions"
+      end
+
+      auditable
+      desc 'remove_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
+      def remove_with_auth(*params)
+        url, auth_type, token_or_env = params
+        auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
+        modifying { decisions.remove_inheritance(auth_info) }
+        say "Removed #{url} from the inherited decisions"
+      end
+    end
+  end
+end

data/lib/license_finder/cli/main.rb

@@ -140,6 +140,7 @@ module LicenseFinder
       desc 'report', "Print a report of the project's dependencies to stdout"
       shared_options
       format_option
+      method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
       method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
 
       def report
@@ -171,6 +172,7 @@ module LicenseFinder
       subcommand 'permitted_licenses', PermittedLicenses, 'Automatically approve any dependency that has a permitted license'
       subcommand 'restricted_licenses', RestrictedLicenses, 'Forbid approval of any dependency whose licenses are all restricted'
       subcommand 'project_name', ProjectName, 'Set the project name, for display in reports'
+      subcommand 'inherited_decisions', InheritedDecisions, 'Add or remove decision files you want to inherit from'
 
       private
 
@@ -203,7 +205,7 @@ module LicenseFinder
       def report_of(content)
         report = FORMATS[config.format] || FORMATS['text']
         report = MergedReport if report == CsvReport && config.aggregate_paths
-        report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s)
+        report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s, write_headers: config.write_headers)
       end
 
       def save?

data/lib/license_finder/configuration.rb

@@ -35,7 +35,7 @@ module LicenseFinder
     end
 
     def rebar_deps_dir
-      path = get(:rebar_deps_dir) || 'deps'
+      path = get(:rebar_deps_dir) || '_build/default/lib'
       project_path.join(path).expand_path
     end
 
@@ -109,6 +109,10 @@ module LicenseFinder
       get(:prepare_no_fail)
     end
 
+    def write_headers
+      get(:write_headers)
+    end
+
     def save_file
       get(:save)
     end

data/lib/license_finder/decision_applier.rb

@@ -4,7 +4,7 @@ module LicenseFinder
   class DecisionApplier
     def initialize(options)
       @decisions = options.fetch(:decisions)
-      @all_packages = decisions.packages + options.fetch(:packages)
+      @all_packages = options.fetch(:packages).to_set + @decisions.packages.to_set
       @acknowledged = apply_decisions
     end
 
@@ -28,10 +28,14 @@ module LicenseFinder
 
     def apply_decisions
       all_packages
-        .map { |package| with_decided_licenses(package) }
-        .map { |package| with_approval(package) }
-        .map { |package| with_homepage(package) }
         .reject { |package| ignored?(package) }
+        .map do |package|
+          with_homepage(
+            with_approval(
+              with_decided_licenses(package)
+            )
+          )
+        end
     end
 
     def ignored?(package)