license_finder 7.0.1 → 7.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a65abcec91ace2929ab66aa2e364002c4019e8cfd5ffdde361ce0ea4b20147f8
-  data.tar.gz: cfeaa1bf0a57a0480d8193fa10a75597b7421abcaa15d6995adc3a885797f547
+  metadata.gz: ea2f57657f8f3dba53174ad258ba5110faea56db4bc43053d0534758dae68cf6
+  data.tar.gz: b4f8e8a5a1f079f0a0d72cf204136c90146d5e769e39a892b7400ad5df1b5fbd
 SHA512:
-  metadata.gz: c699e9127e4740d8795b5f494525c31251fa4dea297ebdd3c965b3d8bfc129d56d469135f2eb9614d244ed2828798008000116166fd55c1ac6ef5412e7d87313
-  data.tar.gz: e78c9b61fdf161c85c813a9892f02e470bc036f0061720a0fac73120394fb1f9e4161b6a935acb500ae55ac6c03d2ed6df6a320dda5cbc1443be6f62747c4f51
+  metadata.gz: c22e4175e51437d7be9b3a0fda548fe71df5f7620e78ffbfe855eb26c81b6f6add55a9358e845f3d312b51ba077804f951c830339c7364b33426b5aa7658b06d
+  data.tar.gz: 74189994406c098243463a2d2da803453f6ad8550eb0b77df294158add2cd1694051b2e26f224eceb2a6719f6e66d0e7c9b90cf8d5a502404c035fe8677279bf

data/.github/dependabot.yml

@@ -7,3 +7,10 @@ updates:
     time: "20:00"
     timezone: America/Los_Angeles
   open-pull-requests-limit: 10
+- package-ecosystem: docker 
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "20:00"
+    timezone: America/Los_Angeles
+  open-pull-requests-limit: 10

data/.pre-commit-hooks.yaml

@@ -0,0 +1,10 @@
+- id: license-finder
+  name: Audit licenses of dependencies
+  entry: license_finder
+  language: ruby
+  pass_filenames: false
+  description: >
+    LicenseFinder works with your package managers to find dependencies, detect
+    the licenses of the packages in them, compare those licenses against a
+    user-defined list of permitted licenses, and give you an actionable
+    exception report.

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.4.0
+  TargetRubyVersion: 2.6.0
   Exclude:
     - 'lib/license_finder/reports/**/*'
     - 'features/fixtures/**/*'
@@ -78,3 +78,7 @@ FileName:
 ModuleFunction:
   Enabled: false
   EnforcedStyle: extend_self
+# Custom ERB Template needs the to_s
+Lint/RedundantStringCoercion:
+  Exclude:
+    - 'examples/custom_erb_template.rb'

data/CHANGELOG.md

@@ -1,4 +1,43 @@
+# [7.2.0] / 2024-05-07
+
+### Added
+* Add more license detection - [b3dde46e](https://github.com/pivotal/LicenseFinder/commit/b3dde46e2018aef9b6436a04777ec33d40a134e4) - Simon Warren
+* Unlicense - [6fb571ca](https://github.com/pivotal/LicenseFinder/commit/6fb571cad9b5ee856c0984ca79aa7604afdd818b) - Jim Kane
+
+### Fixed
+* Ensure licenses are recognised by `spdx_id` - [b263f500](https://github.com/pivotal/LicenseFinder/commit/b263f500eaaf802e90ee023c4a6c4b6aa068dd7e) - Simon Warren
+* Ensure yarn runs in "current" project dir - [37d52f2b](https://github.com/pivotal/LicenseFinder/commit/37d52f2b4503d799a4c551b573848e9bbbce4848) - Simon Warren
+* Fix CPL1 pretty name - [3ae49861](https://github.com/pivotal/LicenseFinder/commit/3ae49861dbfaf0bbd023d68dabad067f32775f48) - Simon Warren
+* Fix 'unknown' Yarn 2 licenses - [f57745be](https://github.com/pivotal/LicenseFinder/commit/f57745be34bb7774577ea577671ea7b5c3246576) - Simon Warren
+* Print subproject paths when logging - [add2f969](https://github.com/pivotal/LicenseFinder/commit/add2f9698a0f3c02d3148655a4b538e2f557d2be) - Simon Warren
+
+### Deprecated
+* - Remove Dep package manager for jammy release - [42bed10d](https://github.com/pivotal/LicenseFinder/commit/42bed10d80e4b0e6fac1c62dd5eca2097ffc3517) 
+
+# [7.1.0] / 2022-11-28
+
+### Added
+* Missing New BSD alternative name - [64d425d9](https://github.com/pivotal/LicenseFinder/commit/64d425d9210794c6b45c60bf730931e459a1e959) 
+* pre-commit hook - [2fd5ac85](https://github.com/pivotal/LicenseFinder/commit/2fd5ac85fbd4ea03b6f274f2c977448a8a517c2c) - Kurt von Laven
+
+### Fixed
+* - Apache 2 license being too restrictive on matching - [c7fd0399](https://github.com/pivotal/LicenseFinder/commit/c7fd03994592ca97408f5134dd9eac6566e51c48) 
+* - Erlang not installing properly with mix - [74af3885](https://github.com/pivotal/LicenseFinder/commit/74af388579dd2f26b1814ece39c869d684218cd9) 
+* Scan transitive Yarn v2+ dependencies - [0115445e](https://github.com/pivotal/LicenseFinder/commit/0115445eb26de3185518adfb257b0e1911cf2fbd) - Kurt von Laven
+
+* Issue with chaining commands with dlf - [a6af8c3e](https://github.com/pivotal/LicenseFinder/commit/a6af8c3e0abb932ed8d3c0215175f23cf75b5fb2) 
+* Nuget and dotnet not returning proper licenses - [e3452336](https://github.com/pivotal/LicenseFinder/commit/e3452336aa980f26de9a7d44d725bddb0ddd67a0) 
+* Save help documentation for the default file name - [09a93762](https://github.com/pivotal/LicenseFinder/commit/09a93762dc3bd714fdcdebb4aa84af4c7dbefa04) 
+* - Yarn2 output parsing - [395a7f02](https://github.com/pivotal/LicenseFinder/commit/395a7f02b7729243aaf730b6ede71cae8f21cfeb) 
+
+### Changed
+* - Bump docker image golang version to 1.17.13 - [4f3df246](https://github.com/pivotal/LicenseFinder/commit/4f3df246d2f5245681a943a6fb6dee49e3ed3ed1) 
+
 # [7.0.1] / 2022-03-18
+### Fixed
+* Maven Wrapper command path must be relative to working directory - [298a733a](https://github.com/pivotal/LicenseFinder/commit/298a733a67f34341ffabc7dfbf2ee5c27574b979) - jbmgrtn 
+* Support yarn license command for yarn v2+ - [ed3b319b](https://github.com/pivotal/LicenseFinder/commit/ed3b319b64bf9c72c12fd5a365952137cf7f33b6)
+
 
 # [7.0.0] / 2022-03-04
 
@@ -1010,3 +1049,5 @@ Bugfixes:
 [6.15.0]: https://github.com/pivotal/LicenseFinder/compare/v6.14.2...v6.15.0
 [7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
 [7.0.1]: https://github.com/pivotal/LicenseFinder/compare/v7.0.0...v7.0.1
+[7.1.0]: https://github.com/pivotal/LicenseFinder/compare/v7.0.1...v7.1.0
+[7.2.0]: https://github.com/pivotal/LicenseFinder/compare/v7.1.0...v7.2.0

data/CONTRIBUTING.md

@@ -78,6 +78,7 @@ If you come up with something useful, consider posting it to the Google Group
 To successfully run the test suite, you will need the following installed:
 - NPM (requires Node)
 - Yarn (requires Node)
+- PNPM (requires Node)
 - Bower (requires Node and NPM)
 - Maven (requires Java)
 - Gradle (requires Java)

data/Dockerfile

@@ -1,75 +1,74 @@
-FROM ubuntu:bionic
+FROM ubuntu:jammy
 
 WORKDIR /tmp
 
 # Versioning
-ENV PIP_INSTALL_VERSION 19.0.2
 ENV PIP3_INSTALL_VERSION 20.0.2
-ENV GO_LANG_VERSION 1.14.3
-ENV MAVEN_VERSION 3.6.0
+ENV GO_LANG_VERSION 1.17.13
 ENV SBT_VERSION 1.3.3
 ENV GRADLE_VERSION 5.6.4
-ENV RUBY_VERSION 3.1.1
-ENV MIX_VERSION 1.0
+ENV RUBY_VERSION 3.2.3
 ENV COMPOSER_ALLOW_SUPERUSER 1
 
 # programs needed for building
-RUN apt-get update && apt-get install -y \
-  build-essential \
-  curl \
-  sudo \
-  unzip \
-  wget \
-  gnupg2 \
-  apt-utils \
-  software-properties-common \
-  bzr
-
-RUN add-apt-repository ppa:git-core/ppa && apt-get update && apt-get install -y git
-
-# nodejs seems to be required for the one of the gems
-RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
-    apt-get -y install nodejs
+RUN apt -q update && apt install -y \
+    build-essential \
+    curl \
+    unzip \
+    wget \
+    gnupg2 \
+    apt-utils \
+    software-properties-common \
+    bzr && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN add-apt-repository ppa:git-core/ppa && \
+    apt -q update && apt install -y git && rm -rf /var/lib/apt/lists/*
+
+# install nodejs
+RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - && \
+    apt -q update && apt install -y nodejs && rm -rf /var/lib/apt/lists/*
 
 # install yarn
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - && \
-  echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list && \
-  apt-get update && \
-  apt-get install yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    apt -q update && apt install -y yarn && rm -rf /var/lib/apt/lists/*
 
 # install bower
 RUN npm install -g bower && \
     echo '{ "allow_root": true }' > /root/.bowerrc
 
+# install pnpm
+RUN npm install -g pnpm && \
+    pnpm version
+
 # install jdk 12
 RUN curl -L -o openjdk12.tar.gz https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz && \
     tar xvf openjdk12.tar.gz && \
     rm openjdk12.tar.gz && \
-    sudo mv jdk-12.0.2 /opt/ && \
-    sudo rm /opt/jdk-12.0.2/lib/src.zip
+    mv jdk-12.0.2 /opt/ && \
+    rm /opt/jdk-12.0.2/lib/src.zip
 ENV JAVA_HOME=/opt/jdk-12.0.2
 ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
 
 # install rebar3
 RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
-    sudo chmod +x rebar3 && \
-    sudo mv rebar3 /usr/local/bin/rebar3
+    chmod +x rebar3 && \
+    mv rebar3 /usr/local/bin/rebar3
 
 # install and update python and python-pip
-RUN apt-get install -y python python-pip python3-pip && \
-    python3 -m pip install pip==$PIP3_INSTALL_VERSION --upgrade && \
-    python -m pip install pip==$PIP_INSTALL_VERSION --upgrade --force
+RUN apt -q update && apt install -y python3-pip && \
+    rm -rf /var/lib/apt/lists/* && \
+    python3 -m pip install pip==$PIP3_INSTALL_VERSION --upgrade
 
 # install maven
-RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \
-    tar -xf apache-maven-$MAVEN_VERSION-bin.tar.gz; rm -rf apache-maven-$MAVEN_VERSION-bin.tar.gz && \
-    mv apache-maven-$MAVEN_VERSION /usr/local/lib/maven && \
-    ln -s /usr/local/lib/maven/bin/mvn /usr/local/bin/mvn
+RUN apt -q update && apt install -y maven && \
+    rm -rf /var/lib/apt/lists/*
 
 # install sbt
 RUN mkdir -p /usr/local/share/sbt-launcher-packaging && \
-    curl --progress \
+    curl \
     --retry 3 \
     --retry-delay 15 \
     --location "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" \
@@ -95,18 +94,32 @@ ENV PATH=$PATH:/go/bin
 ENV GOROOT=/go
 ENV GOPATH=/gopath
 ENV PATH=$PATH:$GOPATH/bin
+
 RUN mkdir /gopath && \
-  go get github.com/tools/godep && \
-  go get github.com/FiloSottile/gvt && \
-  go get github.com/Masterminds/glide && \
-  go get github.com/kardianos/govendor && \
-  go get github.com/golang/dep/cmd/dep && \
-  go get -u github.com/rancher/trash && \
-  go clean -cache
+    go install github.com/tools/godep@latest && \
+    go install github.com/FiloSottile/gvt@latest && \
+    go install github.com/kardianos/govendor@latest && \
+    go clean -cache
+
+#install rvm and glide
+RUN apt-add-repository -y ppa:rael-gc/rvm && \
+    apt -q update && apt install -y rvm && \
+    /usr/share/rvm/bin/rvm install --default $RUBY_VERSION && \
+    apt install -y golang-glide && \
+    rm -rf /var/lib/apt/lists/*
+
+# install trash
+RUN curl -Lo trash.tar.gz https://github.com/rancher/trash/releases/download/v0.2.7/trash-linux_amd64.tar.gz && \
+    tar xvf trash.tar.gz && \
+    rm trash.tar.gz && \
+    mv trash /usr/local/bin/
+
+# install bundler
+RUN bash -lc "gem update --system && gem install bundler"
 
 WORKDIR /tmp
 # Fix the locale
-RUN apt-get install -y locales
+RUN apt -q update && apt install -y locales && rm -rf /var/lib/apt/lists/*
 RUN locale-gen en_US.UTF-8
 ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
@@ -115,57 +128,49 @@ ENV LC_ALL=en_US.UTF-8
 # install Cargo
 RUN curl https://sh.rustup.rs -sSf | bash -ls -- -y --profile minimal
 
-#install rvm
-RUN apt-add-repository -y ppa:rael-gc/rvm && \
-    apt update && apt install -y rvm && \
-    /usr/share/rvm/bin/rvm install --default $RUBY_VERSION
-
-# install bundler
-RUN bash -lc "gem update --system && gem install bundler"
-
 #install mix
-RUN wget https://packages.erlang-solutions.com/erlang-solutions_${MIX_VERSION}_all.deb && \
-    sudo dpkg -i erlang-solutions_${MIX_VERSION}_all.deb && \
-    sudo rm -f erlang-solutions_${MIX_VERSION}_all.deb && \
-    sudo apt-get update && \
-    sudo apt-get install -y esl-erlang && \
-    sudo apt-get install -y elixir
+RUN curl -1sLf 'https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/setup.deb.sh' | bash
+RUN apt -q update && apt install -y erlang && rm -rf /var/lib/apt/lists/*
+# Install Elixir
+WORKDIR /tmp/elixir-build
+RUN git clone https://github.com/elixir-lang/elixir.git
+WORKDIR elixir
+RUN make && make install
+WORKDIR /
 
 # install conan
-RUN apt-get install -y python-dev && \
-	pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
-	    --ignore-installed requests --ignore-installed chardet \
-	    --ignore-installed urllib3 \
-	    --upgrade setuptools && \
-    pip install --no-cache-dir -Iv conan==1.43.0 && \
+RUN apt -q update && apt install -y python3-dev && rm -rf /var/lib/apt/lists/* && \
+    pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
+    --ignore-installed requests --ignore-installed chardet \
+    --ignore-installed urllib3 \
+    --upgrade setuptools && \
+    pip3 install --no-cache-dir -Iv conan==1.51.3 && \
     conan config install https://github.com/conan-io/conanclientcert.git
 
-
 # install NuGet (w. mono)
 # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF &&\
-  echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
-  apt-get update &&\
-  apt-get install -y mono-complete &&\
-  curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
-  curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
+    echo "deb https://download.mono-project.com/repo/ubuntu stable-focal main" | tee /etc/apt/sources.list.d/mono-official-stable.list &&\
+    apt -q update && apt install -y mono-complete && rm -rf /var/lib/apt/lists/* &&\
+    curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
+    curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
 
 # install dotnet core
-RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb &&\
-  sudo dpkg -i packages-microsoft-prod.deb &&\
-  rm packages-microsoft-prod.deb &&\
-  sudo apt-get update &&\
-  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
+RUN wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb &&\
+    dpkg -i packages-microsoft-prod.deb &&\
+    rm packages-microsoft-prod.deb &&\
+    apt -q update &&\
+    apt install -y dotnet-sdk-6.0 dotnet-sdk-7.0 &&\
+    rm -rf /var/lib/apt/lists/*
 
 # install Composer
 # The ARG and ENV are for installing tzdata which is part of this installaion.
 # https://serverfault.com/questions/949991/how-to-install-tzdata-on-a-ubuntu-docker-image
 ENV TZ=GMT
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
-    echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu bionic main" | sudo tee /etc/apt/sources.list.d/php.list &&\
-    apt-get update &&\
+    echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu jammy main" | tee /etc/apt/sources.list.d/php.list &&\
     export DEBIAN_FRONTEND=noninteractive &&\
-    apt-get install -y php7.4-cli &&\
+    apt -q update && apt install -y php7.4-cli && rm -rf /var/lib/apt/lists/* &&\
     EXPECTED_COMPOSER_INSTALLER_CHECKSUM="$(curl --silent https://composer.github.io/installer.sig)" &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
     ACTUAL_COMPOSER_INSTALLER_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" &&\
@@ -178,60 +183,43 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
 # See https://docs.conda.io/en/latest/miniconda_hashes.html
 # for latest versions and SHAs.
 RUN  \
-  conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
-  ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
-  wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
-  sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
-  ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
-  (echo; echo "yes") | sh "${conda_installer}"
+    conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
+    ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
+    wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
+    sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
+    ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
+    (echo; echo "yes") | sh "${conda_installer}"
 
 # install Swift Package Manager
-# Based on https://github.com/apple/swift-docker/blob/main/5.3/ubuntu/18.04/Dockerfile
+# Based on https://github.com/apple/swift-docker/blob/main/5.8/ubuntu/22.04/Dockerfile
 # The GPG download steps has been modified. Keys are now on LF repo and copied instaad of downloaded.
 # Refer to https://swift.org/download/#using-downloads in the Linux section on how to download the keys
-RUN apt-get -q install -y \
-    libatomic1 \
-    libcurl4 \
-    libxml2 \
-    libedit2 \
-    libsqlite3-0 \
-    libc6-dev \
+RUN apt -q update && apt -q install -y \
     binutils \
-    libgcc-5-dev \
-    libstdc++-5-dev \
-    zlib1g-dev \
-    libpython2.7 \
-    tzdata \
     git \
+    gnupg2 \
+    libc6-dev \
+    libedit2 \
+    libgcc-9-dev \
+    libcurl4-openssl-dev \
+    libpython3-dev \
+    libsqlite3-0 \
+    libstdc++-9-dev \
+    libxml2-dev \
+    libz3-dev \
     pkg-config \
+    python3-lldb-13 \
+    tzdata \
+    zlib1g-dev \
     && rm -r /var/lib/apt/lists/*
 
-#install flutter
-ENV FLUTTER_HOME=/root/flutter
-RUN curl -o flutter_linux_2.8.1-stable.tar.xz https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.8.1-stable.tar.xz \
-    && tar xf flutter_linux_2.8.1-stable.tar.xz \
-    && mv flutter ${FLUTTER_HOME} \
-    && rm flutter_linux_2.8.1-stable.tar.xz
-        
-ENV PATH=$PATH:${FLUTTER_HOME}/bin:${FLUTTER_HOME}/bin/cache/dart-sdk/bin
-RUN flutter doctor -v \
-    && flutter update-packages \
-    && flutter precache
-# Accepting all licences
-RUN yes | flutter doctor --android-licenses -v
-# Creating Flutter sample projects to put binaries in cache fore each template type
-RUN flutter create --template=app ${TEMP}/app_sample \
-    && flutter create --template=package ${TEMP}/package_sample \
-    && flutter create --template=plugin ${TEMP}/plugin_sample
-
-
 # pub   4096R/ED3D1561 2019-03-22 [SC] [expires: 2023-03-23]
 #       Key fingerprint = A62A E125 BBBF BB96 A6E0  42EC 925C C1CC ED3D 1561
 # uid                  Swift 5.x Release Signing Key <swift-infrastructure@swift.org
 ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561
-ARG SWIFT_PLATFORM=ubuntu18.04
-ARG SWIFT_BRANCH=swift-5.3.3-release
-ARG SWIFT_VERSION=swift-5.3.3-RELEASE
+ARG SWIFT_PLATFORM=ubuntu22.04
+ARG SWIFT_BRANCH=swift-5.8-release
+ARG SWIFT_VERSION=swift-5.8-RELEASE
 ARG SWIFT_WEBROOT=https://download.swift.org
 
 ENV SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \
@@ -247,7 +235,7 @@ RUN set -e; \
     && SWIFT_SIG_URL="$SWIFT_BIN_URL.sig" \
     # - Grab curl here so we cache better up above
     && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -q update && apt-get -q install -y curl && rm -rf /var/lib/apt/lists/* \
+    && apt -q update && apt -q install -y curl && rm -rf /var/lib/apt/lists/* \
     # - Download the GPG keys, Swift toolchain, and toolchain signature, and verify.
     && export GNUPGHOME="$(mktemp -d)" \
     && curl -fsSL "$SWIFT_BIN_URL" -o swift.tar.gz "$SWIFT_SIG_URL" -o swift.tar.gz.sig \
@@ -259,6 +247,25 @@ RUN set -e; \
     && rm -rf "$GNUPGHOME" swift.tar.gz.sig swift.tar.gz \
     set +e
 
+# install flutter
+ENV FLUTTER_HOME=/root/flutter
+RUN git config --global --add safe.directory /root/flutter
+RUN curl -o flutter_linux_2.8.1-stable.tar.xz https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.8.1-stable.tar.xz \
+    && tar xf flutter_linux_2.8.1-stable.tar.xz \
+    && mv flutter ${FLUTTER_HOME} \
+    && rm flutter_linux_2.8.1-stable.tar.xz
+
+ENV PATH=$PATH:${FLUTTER_HOME}/bin:${FLUTTER_HOME}/bin/cache/dart-sdk/bin
+RUN flutter doctor -v \
+    && flutter update-packages \
+    && flutter precache
+# Accepting all licences
+RUN yes | flutter doctor --android-licenses -v
+# Creating Flutter sample projects to put binaries in cache fore each template type
+RUN flutter create --template=app ${TEMP}/app_sample \
+    && flutter create --template=package ${TEMP}/package_sample \
+    && flutter create --template=plugin ${TEMP}/plugin_sample
+
 # install license_finder
 COPY . /LicenseFinder
 RUN bash -lc "cd /LicenseFinder && bundle config set no-cache 'true' && bundle install -j4 && bundle pristine && rake install"

data/README.md

@@ -3,11 +3,10 @@
 [![Code Climate](https://codeclimate.com/github/pivotal/LicenseFinder.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
 
 Build status
-* Ruby 2.4.9 [![Ruby 2.4.9 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.9/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.5.7 [![Ruby 2.5.7 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.5.7/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.6.9 [![Ruby 2.6.9 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.6.9/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.7.5 [![Ruby 2.7.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 3.1.1 [![Ruby 3.1.1 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-3.1.1/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.7.8 [![Ruby 2.7.8 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.8/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 3.1.4 [![Ruby 3.1.4 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-3.1.4/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 3.2.3 [![Ruby 3.2.3 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-3.2.3/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 3.3.0 [![Ruby 3.3.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-3.3.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 
 
 LicenseFinder works with your package managers to find dependencies,
@@ -57,8 +56,19 @@ and give you an actionable exception report.
 
 ## Installation
 
-License Finder requires Ruby 2.4.0 or greater to run. If you have an older
-version of Ruby installed, you can update via Homebrew:
+License Finder may be run as a [pre-commit](https://pre-commit.com) hook by
+adding the following to your `.pre-commit-config.yaml`:
+
+```yaml
+repos:
+  - repo: https://github.com/pivotal/LicenseFinder
+    rev: v7.1.0 # You probably want the latest tag.
+    hooks:
+      - id: license-finder
+```
+
+Running License Finder directly requires Ruby 2.6.0 or greater. If you have an
+older version of Ruby installed, you can update via Homebrew:
 
 ```sh
 $ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
@@ -70,7 +80,7 @@ then:
 $ brew install ruby
 ```
 
-The easiest way to use `license_finder` is to install it as a command
+The easiest way to use `license_finder` directly is to install it as a command
 line tool, like brew, awk, gem or bundler:
 
 ```sh
@@ -154,7 +164,8 @@ $ dlf "bundle install && license_finder"
 
 You can better understand the way this script works by looking at its source, but for
 reference it will mount your current directory at the path `/scan` and run any commands
-passed to it from that directory.
+passed to it from that directory. If your command has `&&`, ensure you quote the command. 
+If it does not, ensure the command is not quoted.
 
 Note that the docker image will run the gem which is installed within it.
 So the docker image tagged `7.0.0` will run *License Finder Version 7.0.0*
@@ -195,7 +206,7 @@ languages, as long as that language has a package definition in the project dire
 * `build.sbt` file (for `sbt`)
 * `Cargo.lock` file (for `cargo`)
 * `composer.lock` file (for `composer`)
-* `environment,yml` file (for `conda`)
+* `environment.yml` file (for `conda`)
 * `pubspec.yaml & .pub cache locaton through ENV variable` (for `flutter`)
 
 ### Continuous Integration
@@ -333,12 +344,40 @@ you should manually research what the actual license is.  When you
 have established the real license, you can record it with:
 
 ```sh
-$ license_finder licenses add my_unknown_dependency MIT --homepage="www.unknown-code.org"
+$ license_finder licenses add my_unknown_dependency MIT
+```
+
+This command would assign the MIT license to all versions of the dependency
+`my_unknown_dependency`. If you prefer, you could instead assign the license
+to only a specific version of the dependency:
+
+```sh
+$ license_finder licenses add my_unknown_dependency MIT --version=1.0.0
 ```
 
-This command would assign the MIT license to the dependency
-`my_unknown_dependency`. It will also set its homepage to `www.unknown-code.org`.
+Please note that adding a license to a specific version of a dependency will 
+cause any licenses previously added to all versions of that dependency to be 
+forgotten. Similarly, adding a license to all versions of a dependency will 
+override any licenses previously added to specific versions of that dependency.
+
+There are several ways in which you can remove licenses that were previously
+added through the `licenses add` command:
+
+```sh
+# Removes all licenses from any version of the dependency
+$ license_finder licenses remove my_unknown_dependency
 
+# Removes just the MIT license from any version of the dependency
+$ license_finder licenses remove my_unknown_dependency MIT
+
+# Removes all licenses from only version 1.0.0 of the dependency
+# This has no effect if you had last added a license to all versions of the dependency
+$ license_finder licenses remove my_unknown_dependency --version=1.0.0
+
+# Removes just the MIT license from only version 1.0.0 of the dependency
+# This has no effect if you had last added a license to all versions of the dependency
+$ license_finder licenses remove my_unknown_dependency MIT --version=1.0.0
+```
 
 ### Adding Hidden Dependencies
 
@@ -502,7 +541,7 @@ licenseConfigurations := Set("compile", "provided")
 
 ## Requirements
 
-`license_finder` requires ruby >= 2.4.0. We will be dropping 2.4.x support soon.
+`license_finder` requires ruby >= 2.6.0.
 
 
 ## Upgrading

data/Rakefile

@@ -54,7 +54,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
     puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
   end
 
-  ruby_versions = %w[3.1.1 2.7.5 2.6.9 2.5.7 2.4.9]
+  ruby_versions = %w[3.3.0 3.2.3 3.1.4 2.7.8]
 
   params = []
   params << "ruby_versions=#{ruby_versions.join(',')}"

data/VERSION

@@ -1 +1 @@
-7.0.1
+7.2.0