license_finder 7.0.0 → 7.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e7009be357d27cb0bcadbff341eea7276b7a9012491f1ff2ebc7c2964d3d6305
4
- data.tar.gz: d4a521addc00cf39c7203f667c41dcd9423a8fddb5e7584cf394de47ca249bfd
3
+ metadata.gz: a65abcec91ace2929ab66aa2e364002c4019e8cfd5ffdde361ce0ea4b20147f8
4
+ data.tar.gz: cfeaa1bf0a57a0480d8193fa10a75597b7421abcaa15d6995adc3a885797f547
5
5
  SHA512:
6
- metadata.gz: e4a29a2ec4bd2022a96382c9a650e536af8881803302a2c60cecb832e49512184e13df28dd666b53bec7c0c7ef3f8fff66df26c589224134d495f621aba71a64
7
- data.tar.gz: 6c255bd53fe29179580a920724b0be2e733aa187381e272254fa7d18e682b0bfe1c0ecf80450b5101dfd857aec0428d0e20bb5813f2b476a2bf37572a4486b04
6
+ metadata.gz: c699e9127e4740d8795b5f494525c31251fa4dea297ebdd3c965b3d8bfc129d56d469135f2eb9614d244ed2828798008000116166fd55c1ac6ef5412e7d87313
7
+ data.tar.gz: e78c9b61fdf161c85c813a9892f02e470bc036f0061720a0fac73120394fb1f9e4161b6a935acb500ae55ac6c03d2ed6df6a320dda5cbc1443be6f62747c4f51
data/CHANGELOG.md CHANGED
@@ -1,19 +1,27 @@
1
+ # [7.0.1] / 2022-03-18
2
+
1
3
  # [7.0.0] / 2022-03-04
2
4
 
3
5
  ### Added
4
- * Ruby 3.x Support - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
6
+ * Ruby 3.x Support - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
7
+ * Provide Flutter project scanning support - [e739f281](https://github.com/pivotal/LicenseFinder/commit/e739f2180c88504152c0e19477489177012f5631) - etiennecadicidean
8
+ * Add a new option to use spdx identifier in reports - [a71763bb](https://github.com/pivotal/LicenseFinder/commit/a71763bb132ed39e57f8071e72cb2450733bf8db) - etiennecadicidean
9
+ * Allow to specify cocoadpods acknowledgment through ENV - [67bd3fb5](https://github.com/pivotal/LicenseFinder/commit/67bd3fb5569afa54abc16035fd7804bc2d65b7c0) - etiennecadicidean
5
10
 
6
11
  ### Changed
7
- * Raise an error if the yarn licenses list command fails - [8f9ab6bd](https://github.com/pivotal/LicenseFinder/commit/8f9ab6bd681866aee888410672f3babab7aab383) - AJ Esler
8
- * Updated code to support newest Thor gem - [b118772c](https://github.com/pivotal/LicenseFinder/commit/b118772c3f634dacc56795eebb7c3ba4c89ef639)
12
+ * Updated code to support newest Thor gem - [b118772c](https://github.com/pivotal/LicenseFinder/commit/b118772c3f634dacc56795eebb7c3ba4c89ef639)
13
+ * Raise an error if the yarn licenses list command fails - [8f9ab6bd](https://github.com/pivotal/LicenseFinder/commit/8f9ab6bd681866aee888410672f3babab7aab383) - ajesler
14
+
15
+ ### Deprecated
16
+ * Remove support for Ruby 2.3 - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
9
17
 
10
18
  # [6.15.0] / 2021-12-17
11
19
 
12
20
  ### Added
13
- * Add Yarn2 support [7f08790](https://github.com/pivotal/LicenseFinder/commit/7f08790ce1d7cd12ccd0aa9de114ca3366ab408c)
21
+ * Add Yarn2 support - [7f08790c](https://github.com/pivotal/LicenseFinder/commit/7f08790ce1d7cd12ccd0aa9de114ca3366ab408c)
14
22
 
15
23
  ###Changed
16
- * Upgrade conan and use https://center.conan.io instead of conan.bintray.com [eea1292](https://github.com/pivotal/LicenseFinder/commit/eea1292bf2613f603a8a0ae42747857acf77e361)
24
+ * Upgrade conan and use https://center.conan.io instead of conan.bintray.com - [eea1292b](https://github.com/pivotal/LicenseFinder/commit/eea1292bf2613f603a8a0ae42747857acf77e361)
17
25
 
18
26
  ### Fixed
19
27
  * Fix docker Conan and swift - [66031df9](https://github.com/pivotal/LicenseFinder/commit/66031df912c2e1e21aa794a4b897fc61c9ec6b02)
@@ -28,15 +36,15 @@
28
36
  First two commit were supposed to show up in v6.14.0, but GPG bug prevented a correct build. Therefore, a follow up patch build was made to include the GPG fix.
29
37
 
30
38
  ### Changed
31
- * Upgrade Docker image to use Ubuntu Bionic [#178471230] [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
39
+ * Upgrade Docker image to use Ubuntu Bionic [#178471230] - [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
32
40
  * Update the default timezone to GMT [#178471230] - [9fcab84](https://github.com/pivotal/LicenseFinder/commit/9fcab84605cda81e7f276d3c567d14409e371333)
33
41
  * Use local copy of Swift puglic GPG keys [#178674224] - [4db4b3e](https://github.com/pivotal/LicenseFinder/commit/4db4b3e5980ca52019549d74da574a2342a7846e)
34
42
 
35
43
  ### Added
36
- * Added --npm_options option to customize npm behavior. [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott
44
+ * Added --npm_options option to customize npm behavior - [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott
37
45
 
38
46
  ### Security
39
- * Fix issue where commands could be injected running on Cocoapods projects. [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
47
+ * Fix issue where commands could be injected running on Cocoapods projects - [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
40
48
 
41
49
  Thanks to Joern Schneeweisz Staff Security Engineer, Security Research | GitLab for raising the issue
42
50
 
@@ -1001,4 +1009,4 @@ Bugfixes:
1001
1009
  [6.14.2]: https://github.com/pivotal/LicenseFinder/compare/v6.14.1...v6.14.2
1002
1010
  [6.15.0]: https://github.com/pivotal/LicenseFinder/compare/v6.14.2...v6.15.0
1003
1011
  [7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
1004
- [7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
1012
+ [7.0.1]: https://github.com/pivotal/LicenseFinder/compare/v7.0.0...v7.0.1
data/README.md CHANGED
@@ -20,41 +20,40 @@ and give you an actionable exception report.
20
20
  * docker: [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
21
21
  * the docker image contains all the package managers needed to run `license_finder`
22
22
  * support:
23
+ * The primary form of communication for support is through github issues. The google groups are not actively
24
+ monitored
23
25
  * license-finder@googlegroups.com
24
26
  * https://groups.google.com/forum/#!forum/license-finder
25
- * backlog: https://www.pivotaltracker.com/n/projects/234851
26
27
 
27
28
  ### Supported project types
28
29
 
29
30
  | Project Type | Package Manager | Tested on Version |
30
- | ------------ | --------------- | -------:|
31
- | Ruby Gems | bundler | 1.16.6 |
32
- | Python 2.7 Eggs | pip2 | 19.0.2 |
33
- | Python 3.5 Eggs | pip3 | 19.0.2 |
34
- | Node.js | npm | 6.4.1 |
35
- | Bower | bower | 1.8.4 |
36
- | Nuget (without license discovery) | nuget | 4.7.1.5393 |
37
- | Godep | Godep | 80 |
38
- | Go workspace (via a `.envrc` file) | Go lang | 1.11.5 |
39
- | Go modules | Go lang | 1.11.5 |
40
- | Java | maven | 3.6.0 |
41
- | Java | gradle | 4.10.3 |
31
+ | ------------ |-----------------|------------------:|
32
+ | Ruby Gems | bundler | 2.3.7 |
33
+ | Python 2.7 Eggs | pip2 | 19.0.2 |
34
+ | Python 3.5 Eggs | pip3 | 20.0.2 |
35
+ | Node.js | npm | 6.4.1 |
36
+ | Bower | bower | 1.8.4 |
37
+ | Nuget (without license discovery) | nuget | 4.7.1.5393 |
38
+ | Godep | Godep | 80 |
39
+ | Go workspace | Go lang | 1.11.5 |
40
+ | Go modules | Go lang | 1.14.3 |
41
+ | Java | maven | 3.6.0 |
42
+ | Java | gradle | 5.6.4 |
42
43
 
43
44
  ### Experimental project types
44
45
 
45
46
  * Erlang (via `rebar` and `Erlang.mk`)
46
- * Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager)
47
- * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
47
+ * Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager(SPM)
48
48
  * Elixir (via `mix`)
49
49
  * Golang (via `gvt`, `glide`,`dep`, `trash` and `govendor`)
50
50
  * JavaScript (via `yarn`)
51
51
  * C++/C (via `conan`)
52
52
  * Scala (via `sbt`)
53
53
  * Rust (via `cargo`)
54
- * Go Modules (via `go mod`)
55
54
  * PHP (via `composer`)
56
- * Python (via Conda [Conda 4.8.3, Python 3.7, Bash; requires an `environment.yml` or `environment.yaml`])
57
- * Flutter (via `flutter pub, requires pubspec.yaml & .pub cache locaton through ENV variable`)
55
+ * Python (via `Conda`, `pipenv`)
56
+ * Flutter (via `flutter pub`)
58
57
 
59
58
  ## Installation
60
59
 
@@ -158,7 +157,7 @@ reference it will mount your current directory at the path `/scan` and run any c
158
157
  passed to it from that directory.
159
158
 
160
159
  Note that the docker image will run the gem which is installed within it.
161
- So the docker image tagged `4.0.2` will run *License Finder Version 4.0.2*
160
+ So the docker image tagged `7.0.0` will run *License Finder Version 7.0.0*
162
161
 
163
162
  See the [contributing guide](https://github.com/pivotal/LicenseFinder/blob/master/CONTRIBUTING.md) for information on development.
164
163
 
@@ -169,9 +168,10 @@ languages, as long as that language has a package definition in the project dire
169
168
 
170
169
  * `Gemfile` (for `bundler`)
171
170
  * `requirements.txt` (for `pip`)
171
+ * `Pipfile.lock` (for `pipenv`)
172
172
  * `package.json` (for `npm`)
173
173
  * `pom.xml` (for `maven`)
174
- * `build.gradle` (for `gradle`)
174
+ * `build.gradle` or `build.gradle.kts` (for `gradle`)
175
175
  * `settings.gradle` that specifies `rootProject.buildFileName` (for `gradle`)
176
176
  * `bower.json` (for `bower`)
177
177
  * `Podfile` (for `pod`) (set `ACKNOWLEDGEMENTS_PATH` variable if you want to target a particular `Pods-acknowledgements-<TARGET>.plist`. Can be useful in multi-target pods projects.)
@@ -186,6 +186,8 @@ languages, as long as that language has a package definition in the project dire
186
186
  * `glide.lock` file (for `glide`)
187
187
  * `vendor/vendor.json` file (for `govendor`)
188
188
  * `Gopkg.lock` file (for `dep`)
189
+ * `Godeps/Godeps.json` (for `godep`)
190
+ * `*.envrc` file (for `go`)
189
191
  * `go.mod` file (for `go mod`)
190
192
  * `vendor.conf` file (for `trash`)
191
193
  * `yarn.lock` file (for `yarn`)
@@ -193,7 +195,8 @@ languages, as long as that language has a package definition in the project dire
193
195
  * `build.sbt` file (for `sbt`)
194
196
  * `Cargo.lock` file (for `cargo`)
195
197
  * `composer.lock` file (for `composer`)
196
-
198
+ * `environment,yml` file (for `conda`)
199
+ * `pubspec.yaml & .pub cache locaton through ENV variable` (for `flutter`)
197
200
 
198
201
  ### Continuous Integration
199
202
 
@@ -499,7 +502,7 @@ licenseConfigurations := Set("compile", "provided")
499
502
 
500
503
  ## Requirements
501
504
 
502
- `license_finder` requires ruby >= 1.9.3, or jruby.
505
+ `license_finder` requires ruby >= 2.4.0. We will be dropping 2.4.x support soon.
503
506
 
504
507
 
505
508
  ## Upgrading
data/VERSION CHANGED
@@ -1 +1 @@
1
- 7.0.0
1
+ 7.0.1
@@ -34,14 +34,10 @@ module LicenseFinder
34
34
  end
35
35
 
36
36
  def package_management_command
37
- wrapper = if Platform.windows?
38
- 'mvnw.cmd'
39
- else
40
- './mvnw'
41
- end
37
+ wrapper = File.join(project_path, Platform.windows? ? 'mvnw.cmd' : 'mvnw')
42
38
  maven = 'mvn'
43
39
 
44
- File.exist?(File.join(project_path, wrapper)) ? wrapper : maven
40
+ File.exist?(wrapper) ? wrapper : maven
45
41
  end
46
42
 
47
43
  def possible_package_paths
@@ -2,16 +2,19 @@
2
2
 
3
3
  module LicenseFinder
4
4
  class Yarn < PackageManager
5
- SHELL_COMMAND = 'yarn licenses list --no-progress --json'
5
+ SHELL_COMMAND = 'yarn licenses list --json'
6
6
 
7
7
  def possible_package_paths
8
8
  [project_path.join('yarn.lock')]
9
9
  end
10
10
 
11
11
  def current_packages
12
- cmd = "#{Yarn::SHELL_COMMAND}#{yarn1_production_flag}"
13
- suffix = " --cwd #{project_path}" unless project_path.nil?
14
- cmd += suffix unless suffix.nil?
12
+ # the licenses plugin supports the classic production flag
13
+ cmd = "#{Yarn::SHELL_COMMAND}#{classic_yarn_production_flag}"
14
+ if yarn_version == 1
15
+ cmd += ' --no-progress'
16
+ cmd += " --cwd #{project_path}" unless project_path.nil?
17
+ end
15
18
 
16
19
  stdout, stderr, status = Cmd.run(cmd)
17
20
  raise "Command '#{cmd}' failed to execute: #{stderr}" unless status.success?
@@ -56,30 +59,38 @@ module LicenseFinder
56
59
  end
57
60
 
58
61
  def prepare_command
59
- if yarn2_project?
60
- yarn2_prepare_command
62
+ if yarn_version == 1
63
+ classic_yarn_prepare_command
61
64
  else
62
- yarn1_prepare_command
65
+ yarn_prepare_command
63
66
  end
64
67
  end
65
68
 
66
69
  private
67
70
 
68
- def yarn2_prepare_command
69
- "#{yarn2_production_flag}yarn install"
71
+ def yarn_prepare_command
72
+ "#{yarn_plugin_production_command}yarn install && yarn plugin import https://raw.githubusercontent.com/mhassan1/yarn-plugin-licenses/#{yarn_licenses_plugin_version}/bundles/@yarnpkg/plugin-licenses.js"
73
+ end
74
+
75
+ def classic_yarn_prepare_command
76
+ "yarn install --ignore-engines --ignore-scripts#{classic_yarn_production_flag}"
70
77
  end
71
78
 
72
- def yarn1_prepare_command
73
- "yarn install --ignore-engines --ignore-scripts#{yarn1_production_flag}"
79
+ def yarn_licenses_plugin_version
80
+ if yarn_version == 2
81
+ 'v0.6.0'
82
+ else
83
+ 'v0.7.2'
84
+ end
74
85
  end
75
86
 
76
- def yarn2_project?
87
+ def yarn_version
77
88
  Dir.chdir(project_path) do
78
89
  version_string, stderr_str, status = Cmd.run('yarn -v')
79
90
  raise "Command 'yarn -v' failed to execute: #{stderr_str}" unless status.success?
80
91
 
81
92
  version = version_string.split('.').map(&:to_i)
82
- return version[0] >= 2
93
+ return version[0]
83
94
  end
84
95
  end
85
96
 
@@ -120,13 +131,13 @@ module LicenseFinder
120
131
  all_packages - [yarn_internal_package]
121
132
  end
122
133
 
123
- def yarn1_production_flag
134
+ def classic_yarn_production_flag
124
135
  return '' if @ignored_groups.nil?
125
136
 
126
137
  @ignored_groups.include?('devDependencies') ? ' --production' : ''
127
138
  end
128
139
 
129
- def yarn2_production_flag
140
+ def yarn_plugin_production_command
130
141
  return '' if @ignored_groups.nil?
131
142
 
132
143
  @ignored_groups.include?('devDependencies') ? 'yarn plugin import workspace-tools && yarn workspaces focus --all --production && ' : ''
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_finder
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.0
4
+ version: 7.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Collins
@@ -27,7 +27,7 @@ authors:
27
27
  autorequire:
28
28
  bindir: bin
29
29
  cert_chain: []
30
- date: 2022-03-04 00:00:00.000000000 Z
30
+ date: 2022-03-18 00:00:00.000000000 Z
31
31
  dependencies:
32
32
  - !ruby/object:Gem::Dependency
33
33
  name: bundler
@@ -569,7 +569,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
569
569
  - !ruby/object:Gem::Version
570
570
  version: '0'
571
571
  requirements: []
572
- rubygems_version: 3.3.8
572
+ rubygems_version: 3.3.9
573
573
  signing_key:
574
574
  specification_version: 4
575
575
  summary: Audit the OSS licenses of your application's dependencies.