license_finder 7.0.0 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7009be357d27cb0bcadbff341eea7276b7a9012491f1ff2ebc7c2964d3d6305
-  data.tar.gz: d4a521addc00cf39c7203f667c41dcd9423a8fddb5e7584cf394de47ca249bfd
+  metadata.gz: a74ac8d4dd390c9608445a97a27c1b6b1a3398b33c95d28eff8eb0e1cfff63e7
+  data.tar.gz: 6944369b76103e35729350d5508445ad72f91bb79b2d32e6241b552cd53bf3cd
 SHA512:
-  metadata.gz: e4a29a2ec4bd2022a96382c9a650e536af8881803302a2c60cecb832e49512184e13df28dd666b53bec7c0c7ef3f8fff66df26c589224134d495f621aba71a64
-  data.tar.gz: 6c255bd53fe29179580a920724b0be2e733aa187381e272254fa7d18e682b0bfe1c0ecf80450b5101dfd857aec0428d0e20bb5813f2b476a2bf37572a4486b04
+  metadata.gz: db5512b1f7c9f5c317fb4d9a0efe09fc6d4b88461b3c599ca0ab7b679ef9fdf07cb86eebe3d0ef87cefcfa5a531d9bd1e2b583f7e938ac9c3a64766f21a7f012
+  data.tar.gz: 75f9994268a1a7ef36145bd757cfa8c02e1fcb3d2debdd8301b9f26326bf4afc04771a8b9a2d4e8922398560e9df68c075df240144d6972a62c5613c4f6261c5

data/.github/dependabot.yml

@@ -7,3 +7,10 @@ updates:
     time: "20:00"
     timezone: America/Los_Angeles
   open-pull-requests-limit: 10
+- package-ecosystem: docker 
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "20:00"
+    timezone: America/Los_Angeles
+  open-pull-requests-limit: 10

data/.pre-commit-hooks.yaml

@@ -0,0 +1,10 @@
+- id: license-finder
+  name: Audit licenses of dependencies
+  entry: license_finder
+  language: ruby
+  pass_filenames: false
+  description: >
+    LicenseFinder works with your package managers to find dependencies, detect
+    the licenses of the packages in them, compare those licenses against a
+    user-defined list of permitted licenses, and give you an actionable
+    exception report.

data/CHANGELOG.md

@@ -1,19 +1,50 @@
+# [7.1.0] / 2022-11-28
+
+### Added
+* Missing New BSD alternative name - [64d425d9](https://github.com/pivotal/LicenseFinder/commit/64d425d9210794c6b45c60bf730931e459a1e959) 
+* pre-commit hook - [2fd5ac85](https://github.com/pivotal/LicenseFinder/commit/2fd5ac85fbd4ea03b6f274f2c977448a8a517c2c) - Kurt von Laven
+
+### Fixed
+* - Apache 2 license being too restrictive on matching - [c7fd0399](https://github.com/pivotal/LicenseFinder/commit/c7fd03994592ca97408f5134dd9eac6566e51c48) 
+* - Erlang not installing properly with mix - [74af3885](https://github.com/pivotal/LicenseFinder/commit/74af388579dd2f26b1814ece39c869d684218cd9) 
+* Scan transitive Yarn v2+ dependencies - [0115445e](https://github.com/pivotal/LicenseFinder/commit/0115445eb26de3185518adfb257b0e1911cf2fbd) - Kurt von Laven
+
+* Issue with chaining commands with dlf - [a6af8c3e](https://github.com/pivotal/LicenseFinder/commit/a6af8c3e0abb932ed8d3c0215175f23cf75b5fb2) 
+* Nuget and dotnet not returning proper licenses - [e3452336](https://github.com/pivotal/LicenseFinder/commit/e3452336aa980f26de9a7d44d725bddb0ddd67a0) 
+* Save help documentation for the default file name - [09a93762](https://github.com/pivotal/LicenseFinder/commit/09a93762dc3bd714fdcdebb4aa84af4c7dbefa04) 
+* - Yarn2 output parsing - [395a7f02](https://github.com/pivotal/LicenseFinder/commit/395a7f02b7729243aaf730b6ede71cae8f21cfeb) 
+
+### Changed
+* - Bump docker image golang version to 1.17.13 - [4f3df246](https://github.com/pivotal/LicenseFinder/commit/4f3df246d2f5245681a943a6fb6dee49e3ed3ed1) 
+
+# [7.0.1] / 2022-03-18
+### Fixed
+* Maven Wrapper command path must be relative to working directory - [298a733a](https://github.com/pivotal/LicenseFinder/commit/298a733a67f34341ffabc7dfbf2ee5c27574b979) - jbmgrtn 
+* Support yarn license command for yarn v2+ - [ed3b319b](https://github.com/pivotal/LicenseFinder/commit/ed3b319b64bf9c72c12fd5a365952137cf7f33b6)
+
+
 # [7.0.0] / 2022-03-04
 
 ### Added
-* Ruby 3.x Support - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af) 
+* Ruby 3.x Support - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
+* Provide Flutter project scanning support - [e739f281](https://github.com/pivotal/LicenseFinder/commit/e739f2180c88504152c0e19477489177012f5631) - etiennecadicidean
+* Add a new option to use spdx identifier in reports - [a71763bb](https://github.com/pivotal/LicenseFinder/commit/a71763bb132ed39e57f8071e72cb2450733bf8db) - etiennecadicidean
+* Allow to specify cocoadpods acknowledgment through ENV - [67bd3fb5](https://github.com/pivotal/LicenseFinder/commit/67bd3fb5569afa54abc16035fd7804bc2d65b7c0) - etiennecadicidean
 
 ### Changed
-* Raise an error if the yarn licenses list command fails - [8f9ab6bd](https://github.com/pivotal/LicenseFinder/commit/8f9ab6bd681866aee888410672f3babab7aab383) - AJ Esler
-* Updated code to support newest Thor gem - [b118772c](https://github.com/pivotal/LicenseFinder/commit/b118772c3f634dacc56795eebb7c3ba4c89ef639) 
+* Updated code to support newest Thor gem - [b118772c](https://github.com/pivotal/LicenseFinder/commit/b118772c3f634dacc56795eebb7c3ba4c89ef639)
+* Raise an error if the yarn licenses list command fails - [8f9ab6bd](https://github.com/pivotal/LicenseFinder/commit/8f9ab6bd681866aee888410672f3babab7aab383) - ajesler
+
+### Deprecated
+* Remove support for Ruby 2.3 - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
 
 # [6.15.0] / 2021-12-17
 
 ### Added
-* Add Yarn2 support [7f08790](https://github.com/pivotal/LicenseFinder/commit/7f08790ce1d7cd12ccd0aa9de114ca3366ab408c)
+* Add Yarn2 support - [7f08790c](https://github.com/pivotal/LicenseFinder/commit/7f08790ce1d7cd12ccd0aa9de114ca3366ab408c)
 
 ###Changed
-* Upgrade conan and use https://center.conan.io instead of conan.bintray.com [eea1292](https://github.com/pivotal/LicenseFinder/commit/eea1292bf2613f603a8a0ae42747857acf77e361)
+* Upgrade conan and use https://center.conan.io instead of conan.bintray.com - [eea1292b](https://github.com/pivotal/LicenseFinder/commit/eea1292bf2613f603a8a0ae42747857acf77e361)
 
 ### Fixed
 * Fix docker Conan and swift - [66031df9](https://github.com/pivotal/LicenseFinder/commit/66031df912c2e1e21aa794a4b897fc61c9ec6b02) 
@@ -28,15 +59,15 @@
 First two commit were supposed to show up in v6.14.0, but GPG bug prevented a correct build. Therefore, a follow up patch build was made to include the GPG fix.
 
 ### Changed
-* Upgrade Docker image to use Ubuntu Bionic [#178471230] [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
+* Upgrade Docker image to use Ubuntu Bionic [#178471230] - [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
 * Update the default timezone to GMT [#178471230] - [9fcab84](https://github.com/pivotal/LicenseFinder/commit/9fcab84605cda81e7f276d3c567d14409e371333)
 * Use local copy of Swift puglic GPG keys [#178674224] - [4db4b3e](https://github.com/pivotal/LicenseFinder/commit/4db4b3e5980ca52019549d74da574a2342a7846e)
 
 ### Added 
-* Added --npm_options option to customize npm behavior. [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott 
+* Added --npm_options option to customize npm behavior - [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott 
 
 ### Security
-* Fix issue where commands could be injected running on Cocoapods projects. [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
+* Fix issue where commands could be injected running on Cocoapods projects - [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
 
   Thanks to Joern Schneeweisz Staff Security Engineer, Security Research | GitLab for raising the issue
 
@@ -1001,4 +1032,5 @@ Bugfixes:
 [6.14.2]: https://github.com/pivotal/LicenseFinder/compare/v6.14.1...v6.14.2
 [6.15.0]: https://github.com/pivotal/LicenseFinder/compare/v6.14.2...v6.15.0
 [7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
-[7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
+[7.0.1]: https://github.com/pivotal/LicenseFinder/compare/v7.0.0...v7.0.1
+[7.1.0]: https://github.com/pivotal/LicenseFinder/compare/v7.0.1...v7.1.0

data/CONTRIBUTING.md

@@ -78,6 +78,7 @@ If you come up with something useful, consider posting it to the Google Group
 To successfully run the test suite, you will need the following installed:
 - NPM (requires Node)
 - Yarn (requires Node)
+- PNPM (requires Node)
 - Bower (requires Node and NPM)
 - Maven (requires Java)
 - Gradle (requires Java)

data/Dockerfile

@@ -5,25 +5,25 @@ WORKDIR /tmp
 # Versioning
 ENV PIP_INSTALL_VERSION 19.0.2
 ENV PIP3_INSTALL_VERSION 20.0.2
-ENV GO_LANG_VERSION 1.14.3
+ENV GO_LANG_VERSION 1.17.13
 ENV MAVEN_VERSION 3.6.0
 ENV SBT_VERSION 1.3.3
 ENV GRADLE_VERSION 5.6.4
 ENV RUBY_VERSION 3.1.1
-ENV MIX_VERSION 1.0
+ENV MIX_VERSION 2.0
 ENV COMPOSER_ALLOW_SUPERUSER 1
 
 # programs needed for building
 RUN apt-get update && apt-get install -y \
-  build-essential \
-  curl \
-  sudo \
-  unzip \
-  wget \
-  gnupg2 \
-  apt-utils \
-  software-properties-common \
-  bzr
+    build-essential \
+    curl \
+    sudo \
+    unzip \
+    wget \
+    gnupg2 \
+    apt-utils \
+    software-properties-common \
+    bzr
 
 RUN add-apt-repository ppa:git-core/ppa && apt-get update && apt-get install -y git
 
@@ -33,14 +33,18 @@ RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
 
 # install yarn
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - && \
-  echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list && \
-  apt-get update && \
-  apt-get install yarn
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list && \
+    apt-get update && \
+    apt-get install yarn
 
 # install bower
 RUN npm install -g bower && \
     echo '{ "allow_root": true }' > /root/.bowerrc
 
+# install pnpm
+RUN npm install -g pnpm && \
+    pnpm version
+
 # install jdk 12
 RUN curl -L -o openjdk12.tar.gz https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz && \
     tar xvf openjdk12.tar.gz && \
@@ -95,14 +99,29 @@ ENV PATH=$PATH:/go/bin
 ENV GOROOT=/go
 ENV GOPATH=/gopath
 ENV PATH=$PATH:$GOPATH/bin
+
 RUN mkdir /gopath && \
-  go get github.com/tools/godep && \
-  go get github.com/FiloSottile/gvt && \
-  go get github.com/Masterminds/glide && \
-  go get github.com/kardianos/govendor && \
-  go get github.com/golang/dep/cmd/dep && \
-  go get -u github.com/rancher/trash && \
-  go clean -cache
+    go install github.com/tools/godep@latest && \
+    go install github.com/FiloSottile/gvt@latest && \
+    go install github.com/kardianos/govendor@latest && \
+    go clean -cache
+
+#install rvm and glide and godep
+RUN apt-add-repository -y ppa:rael-gc/rvm && \
+    add-apt-repository -y ppa:masterminds/glide  && \
+    apt update && apt install -y rvm && \
+    /usr/share/rvm/bin/rvm install --default $RUBY_VERSION &&\
+    apt-get install -y glide && \
+    apt-get install -y go-dep
+
+# install trash
+RUN curl -Lo trash.tar.gz https://github.com/rancher/trash/releases/download/v0.2.7/trash-linux_amd64.tar.gz && \
+    tar xvf trash.tar.gz && \
+    rm trash.tar.gz && \
+    sudo mv trash /usr/local/bin/
+
+# install bundler
+RUN bash -lc "gem update --system && gem install bundler"
 
 WORKDIR /tmp
 # Fix the locale
@@ -115,47 +134,44 @@ ENV LC_ALL=en_US.UTF-8
 # install Cargo
 RUN curl https://sh.rustup.rs -sSf | bash -ls -- -y --profile minimal
 
-#install rvm
-RUN apt-add-repository -y ppa:rael-gc/rvm && \
-    apt update && apt install -y rvm && \
-    /usr/share/rvm/bin/rvm install --default $RUBY_VERSION
-
-# install bundler
-RUN bash -lc "gem update --system && gem install bundler"
-
 #install mix
 RUN wget https://packages.erlang-solutions.com/erlang-solutions_${MIX_VERSION}_all.deb && \
     sudo dpkg -i erlang-solutions_${MIX_VERSION}_all.deb && \
     sudo rm -f erlang-solutions_${MIX_VERSION}_all.deb && \
     sudo apt-get update && \
-    sudo apt-get install -y esl-erlang && \
-    sudo apt-get install -y elixir
+    sudo apt-get install -y esl-erlang
+# Install Elixir
+WORKDIR /tmp/elixir-build
+RUN git clone https://github.com/elixir-lang/elixir.git
+WORKDIR elixir
+RUN make && make install
+WORKDIR /
 
 # install conan
 RUN apt-get install -y python-dev && \
-	pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
-	    --ignore-installed requests --ignore-installed chardet \
-	    --ignore-installed urllib3 \
-	    --upgrade setuptools && \
-    pip install --no-cache-dir -Iv conan==1.43.0 && \
+    pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
+    --ignore-installed requests --ignore-installed chardet \
+    --ignore-installed urllib3 \
+    --upgrade setuptools && \
+    pip3 install --no-cache-dir -Iv conan==1.51.3 && \
     conan config install https://github.com/conan-io/conanclientcert.git
 
 
 # install NuGet (w. mono)
 # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF &&\
-  echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
-  apt-get update &&\
-  apt-get install -y mono-complete &&\
-  curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
-  curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
+    echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
+    apt-get update &&\
+    apt-get install -y mono-complete &&\
+    curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
+    curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
 
 # install dotnet core
 RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb &&\
-  sudo dpkg -i packages-microsoft-prod.deb &&\
-  rm packages-microsoft-prod.deb &&\
-  sudo apt-get update &&\
-  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
+    sudo dpkg -i packages-microsoft-prod.deb &&\
+    rm packages-microsoft-prod.deb &&\
+    sudo apt-get update &&\
+    sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
 
 # install Composer
 # The ARG and ENV are for installing tzdata which is part of this installaion.
@@ -178,12 +194,12 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
 # See https://docs.conda.io/en/latest/miniconda_hashes.html
 # for latest versions and SHAs.
 RUN  \
-  conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
-  ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
-  wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
-  sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
-  ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
-  (echo; echo "yes") | sh "${conda_installer}"
+    conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
+    ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
+    wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
+    sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
+    ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
+    (echo; echo "yes") | sh "${conda_installer}"
 
 # install Swift Package Manager
 # Based on https://github.com/apple/swift-docker/blob/main/5.3/ubuntu/18.04/Dockerfile
@@ -208,11 +224,12 @@ RUN apt-get -q install -y \
 
 #install flutter
 ENV FLUTTER_HOME=/root/flutter
+RUN git config --global --add safe.directory /root/flutter
 RUN curl -o flutter_linux_2.8.1-stable.tar.xz https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.8.1-stable.tar.xz \
     && tar xf flutter_linux_2.8.1-stable.tar.xz \
     && mv flutter ${FLUTTER_HOME} \
     && rm flutter_linux_2.8.1-stable.tar.xz
-        
+
 ENV PATH=$PATH:${FLUTTER_HOME}/bin:${FLUTTER_HOME}/bin/cache/dart-sdk/bin
 RUN flutter doctor -v \
     && flutter update-packages \

data/README.md

@@ -20,46 +20,56 @@ and give you an actionable exception report.
 * docker: [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
   * the docker image contains all the package managers needed to run `license_finder`
 * support:
+  * The primary form of communication for support is through github issues. The google groups are not actively
+    monitored
   * license-finder@googlegroups.com
   * https://groups.google.com/forum/#!forum/license-finder
-* backlog: https://www.pivotaltracker.com/n/projects/234851
 
 ### Supported project types
 
 | Project Type | Package Manager | Tested on Version |
-| ------------ | --------------- | -------:|
-| Ruby Gems    | bundler         | 1.16.6  |
-| Python 2.7 Eggs  | pip2             | 19.0.2  |
-| Python 3.5 Eggs  | pip3             | 19.0.2  |
-| Node.js      | npm             | 6.4.1   |
-| Bower        | bower           | 1.8.4   |
-| Nuget (without license discovery) | nuget | 4.7.1.5393 |
-| Godep        | Godep           | 80      |
-| Go workspace (via a `.envrc` file) | Go lang | 1.11.5 |
-| Go modules   | Go lang         | 1.11.5  |
-| Java         | maven           | 3.6.0   |
-| Java         | gradle          | 4.10.3  |
+| ------------ |-----------------|------------------:|
+| Ruby Gems    | bundler         | 2.3.7 |
+| Python 2.7 Eggs  | pip2            | 19.0.2 |
+| Python 3.5 Eggs  | pip3            | 20.0.2 |
+| Node.js      | npm             | 6.4.1 |
+| Bower        | bower           | 1.8.4 |
+| Nuget (without license discovery) | nuget           | 4.7.1.5393 |
+| Godep        | Godep           | 80 |
+| Go workspace | Go lang         | 1.11.5 |
+| Go modules   | Go lang         | 1.14.3 |
+| Java         | maven           | 3.6.0 |
+| Java         | gradle          | 5.6.4 |
 
 ### Experimental project types
 
 * Erlang (via `rebar` and `Erlang.mk`)
-* Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager)
-* Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
+* Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager(SPM)
 * Elixir (via `mix`)
 * Golang (via `gvt`, `glide`,`dep`, `trash` and `govendor`)
 * JavaScript (via `yarn`)
 * C++/C (via `conan`)
 * Scala (via `sbt`)
 * Rust (via `cargo`)
-* Go Modules (via `go mod`)
 * PHP (via `composer`)
-* Python (via Conda [Conda 4.8.3, Python 3.7, Bash; requires an `environment.yml` or `environment.yaml`])
-* Flutter (via `flutter pub, requires pubspec.yaml & .pub cache locaton through ENV variable`)
+* Python (via `Conda`, `pipenv`)
+* Flutter (via `flutter pub`)
 
 ## Installation
 
-License Finder requires Ruby 2.4.0 or greater to run. If you have an older
-version of Ruby installed, you can update via Homebrew:
+License Finder may be run as a [pre-commit](https://pre-commit.com) hook by
+adding the following to your `.pre-commit-config.yaml`:
+
+```yaml
+repos:
+  - repo: https://github.com/pivotal/LicenseFinder
+    rev: v7.1.0 # You probably want the latest tag.
+    hooks:
+      - id: license-finder
+```
+
+Running License Finder directly requires Ruby 2.4.0 or greater. If you have an
+older version of Ruby installed, you can update via Homebrew:
 
 ```sh
 $ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
@@ -71,7 +81,7 @@ then:
 $ brew install ruby
 ```
 
-The easiest way to use `license_finder` is to install it as a command
+The easiest way to use `license_finder` directly is to install it as a command
 line tool, like brew, awk, gem or bundler:
 
 ```sh
@@ -155,10 +165,11 @@ $ dlf "bundle install && license_finder"
 
 You can better understand the way this script works by looking at its source, but for
 reference it will mount your current directory at the path `/scan` and run any commands
-passed to it from that directory.
+passed to it from that directory. If your command has `&&`, ensure you quote the command. 
+If it does not, ensure the command is not quoted.
 
 Note that the docker image will run the gem which is installed within it.
-So the docker image tagged `4.0.2` will run *License Finder Version 4.0.2*
+So the docker image tagged `7.0.0` will run *License Finder Version 7.0.0*
 
 See the [contributing guide](https://github.com/pivotal/LicenseFinder/blob/master/CONTRIBUTING.md) for information on development. 
 
@@ -169,9 +180,10 @@ languages, as long as that language has a package definition in the project dire
 
 * `Gemfile` (for `bundler`)
 * `requirements.txt` (for `pip`)
+* `Pipfile.lock` (for `pipenv`)
 * `package.json` (for `npm`)
 * `pom.xml` (for `maven`)
-* `build.gradle` (for `gradle`)
+* `build.gradle` or `build.gradle.kts` (for `gradle`)
 * `settings.gradle` that specifies `rootProject.buildFileName` (for `gradle`)
 * `bower.json` (for `bower`)
 * `Podfile` (for `pod`) (set `ACKNOWLEDGEMENTS_PATH` variable if you want to target a particular `Pods-acknowledgements-<TARGET>.plist`. Can be useful in multi-target pods projects.)
@@ -186,6 +198,8 @@ languages, as long as that language has a package definition in the project dire
 * `glide.lock` file (for `glide`)
 * `vendor/vendor.json` file (for `govendor`)
 * `Gopkg.lock` file (for `dep`)
+* `Godeps/Godeps.json` (for `godep`)
+* `*.envrc` file (for `go`) 
 * `go.mod` file (for `go mod`)
 * `vendor.conf` file (for `trash`)
 * `yarn.lock` file (for `yarn`)
@@ -193,7 +207,8 @@ languages, as long as that language has a package definition in the project dire
 * `build.sbt` file (for `sbt`)
 * `Cargo.lock` file (for `cargo`)
 * `composer.lock` file (for `composer`)
-
+* `environment.yml` file (for `conda`)
+* `pubspec.yaml & .pub cache locaton through ENV variable` (for `flutter`)
 
 ### Continuous Integration
 
@@ -330,12 +345,40 @@ you should manually research what the actual license is.  When you
 have established the real license, you can record it with:
 
 ```sh
-$ license_finder licenses add my_unknown_dependency MIT --homepage="www.unknown-code.org"
+$ license_finder licenses add my_unknown_dependency MIT
 ```
 
-This command would assign the MIT license to the dependency
-`my_unknown_dependency`. It will also set its homepage to `www.unknown-code.org`.
+This command would assign the MIT license to all versions of the dependency
+`my_unknown_dependency`. If you prefer, you could instead assign the license
+to only a specific version of the dependency:
+
+```sh
+$ license_finder licenses add my_unknown_dependency MIT --version=1.0.0
+```
 
+Please note that adding a license to a specific version of a dependency will 
+cause any licenses previously added to all versions of that dependency to be 
+forgotten. Similarly, adding a license to all versions of a dependency will 
+override any licenses previously added to specific versions of that dependency.
+
+There are several ways in which you can remove licenses that were previously
+added through the `licenses add` command:
+
+```sh
+# Removes all licenses from any version of the dependency
+$ license_finder licenses remove my_unknown_dependency
+
+# Removes just the MIT license from any version of the dependency
+$ license_finder licenses remove my_unknown_dependency MIT
+
+# Removes all licenses from only version 1.0.0 of the dependency
+# This has no effect if you had last added a license to all versions of the dependency
+$ license_finder licenses remove my_unknown_dependency --version=1.0.0
+
+# Removes just the MIT license from only version 1.0.0 of the dependency
+# This has no effect if you had last added a license to all versions of the dependency
+$ license_finder licenses remove my_unknown_dependency MIT --version=1.0.0
+```
 
 ### Adding Hidden Dependencies
 
@@ -499,7 +542,7 @@ licenseConfigurations := Set("compile", "provided")
 
 ## Requirements
 
-`license_finder` requires ruby >= 1.9.3, or jruby.
+`license_finder` requires ruby >= 2.4.0. We will be dropping 2.4.x support soon.
 
 
 ## Upgrading

data/VERSION

@@ -1 +1 @@
-7.0.0
+7.1.0

data/dlf

@@ -7,7 +7,12 @@ if `which docker > /dev/null`; then
     for p in "$@"; do
       escaped_params="$escaped_params \"$p\""
     done
-    docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $escaped_params"
+    if [[ $escaped_params =~ "&&" ]]; then
+      command=${escaped_params:2:${#escaped_params}-3}
+    else
+      command=$escaped_params
+    fi
+    docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $command"
   fi
 else
   echo "You do not have docker installed. Please install it:"

data/lib/license_finder/cli/base.rb

@@ -46,6 +46,8 @@ module LicenseFinder
           :maven_include_groups,
           :maven_options,
           :npm_options,
+          :yarn_options,
+          :pnpm_options,
           :pip_requirements_path,
           :python_version,
           :rebar_command,

data/lib/license_finder/cli/licenses.rb

@@ -7,19 +7,24 @@ module LicenseFinder
       include MakesDecisions
 
       auditable
+      method_option :version, desc: 'The version associated with the license'
       desc 'add DEPENDENCY LICENSE', "Set a dependency's licenses, overwriting any license_finder has found"
       def add(name, license)
         modifying { decisions.license(name, license, txn) }
 
-        printer.say "The #{name} dependency has been marked as using #{license} license!", :green
+        version_info = options[:version] ? " with version #{options[:version]}" : ''
+        printer.say "The #{name} dependency#{version_info} has been marked as using #{license} license!", :green
       end
 
       auditable
+      method_option :version, desc: 'The version associated with the license'
       desc 'remove DEPENDENCY LICENSE', 'Remove a manually set license'
-      def remove(dep, lic)
+      def remove(dep, lic = nil)
         modifying { decisions.unlicense(dep, lic, txn) }
 
-        printer.say "The dependency #{dep} no longer has a manual license"
+        version_info = options[:version] ? " with version #{options[:version]}" : ''
+        suffix = lic ? " of #{lic}" : ''
+        printer.say "The dependency #{dep}#{version_info} no longer has a manual license#{suffix}"
       end
     end
   end

data/lib/license_finder/cli/main.rb

@@ -32,6 +32,8 @@ module LicenseFinder
       class_option :maven_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false.'
       class_option :maven_options, desc: 'Maven options to append to command. Defaults to empty.'
       class_option :npm_options, desc: 'npm options to append to command. Defaults to empty.'
+      class_option :yarn_options, desc: 'yarn options to append to command. Defaults to empty.'
+      class_option :pnpm_options, desc: 'pnpm options to append to command. Defaults to empty.'
       class_option :pip_requirements_path, desc: 'Path to python requirements file. Defaults to requirements.txt.'
       class_option :python_version, desc: 'Python version to invoke pip with. Valid versions: 2 or 3. Default: 2'
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
@@ -152,7 +154,7 @@ module LicenseFinder
       shared_options
       format_option
       method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
-      method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
+      method_option :save, desc: "Save report to a file. Default: 'license_report' in project root.", lazy_default: 'license_report'
 
       def report
         finder = LicenseAggregator.new(config, aggregate_paths)

data/lib/license_finder/configuration.rb

@@ -97,6 +97,14 @@ module LicenseFinder
       get(:npm_options)
     end
 
+    def yarn_options
+      get(:yarn_options)
+    end
+
+    def pnpm_options
+      get(:pnpm_options)
+    end
+
     def pip_requirements_path
       get(:pip_requirements_path)
     end

data/lib/license_finder/core.rb

@@ -101,6 +101,8 @@ module LicenseFinder
         maven_include_groups: config.maven_include_groups,
         maven_options: config.maven_options,
         npm_options: config.npm_options,
+        yarn_options: config.yarn_options,
+        pnpm_options: config.pnpm_options,
         pip_requirements_path: config.pip_requirements_path,
         python_version: config.python_version,
         rebar_command: config.rebar_command,

data/lib/license_finder/decision_applier.rb

@@ -44,7 +44,7 @@ module LicenseFinder
     end
 
     def with_decided_licenses(package)
-      decisions.licenses_of(package.name).each do |license|
+      decisions.licenses_of(package.name, package.version).each do |license|
         package.decide_on_license license
       end
       package