license_finder 2.1.2 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e877c82a3e1401eea4bab220ae192781e8349179
-  data.tar.gz: ddd81a98f53d6f22010822560a0eb9b8b1c0e805
+  metadata.gz: 966af7ae1414671e4b0993c96df55ae99b57993f
+  data.tar.gz: '0319c59b0c751aae09e8822c30e6a27aa7a9d473'
 SHA512:
-  metadata.gz: cdb32ad15e1b0b3a85fdfaa60f8b18842d0c88b178597ccc21339687916da1e369cf5fb3ae32bf97db57487a3b36ae6f1a3c46ad308a6ead80d7f509b31dd68c
-  data.tar.gz: 0fd87c84593f98e17ecf0342adf8cddeff92966e055a2b51216095d9462b7cde35741ca1e0c5c7a58c858a1f8888d9e862d428592668dd9e20433511e2065597
+  metadata.gz: 7fa60bd67436b53b6de9ee386c6301bcc485a8076a5cea9c464a3f7e581ce23820246f0ca4a603875fcda88409632b7bb29973c4c4d8590b8a0bd1c100cf699b
+  data.tar.gz: 5317b4995bbfb33a9d5aaa9364e138eb9723d90aee8bd2cd102380fe078b91d32ee25c565ac4c356d572f9cfcec089c84a46c6a5b7da916c66a78e9b2c919602

data/.gitignore

@@ -6,4 +6,5 @@
 Gemfile.lock
 pkg/*
 tmp/
+features/fixtures/maven-wrapper/target
 *~

data/CHANGELOG.md

@@ -1,3 +1,32 @@
+# 3.0.0 / 2016-03-02
+
+Features:
+
+* Changed dependencies to be unique based on name _and_ version (#241)
+* Enable '--columns' option with text reports (#244, thanks @raimon49!)
+* Flag maven-include-groups adds group to maven depenency information (#219, #258, thanks @dgodd!)
+* Package managers determine their package management command (#250, Thanks @sschuberth!)
+* Support --ignored_groups for maven
+* Support `homepage` column for godeps dependencies, and dependencies from go workspaces using `.envrc`
+* Support `license_links` column for csv option (#281, Thanks @lbalceda!)
+* Added a Dockerfile for [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
+* Switched from Travis to Concourse
+
+Bugfixes:
+
+* Gradle works in CI containers where TERM is not set (revert and fix of c15bdb7, which broke older versions of gradle)
+* Check for the correct Ruby Bundler command: `bundle` (#233. Thanks, @raimon49!)
+* Uses settings.gradle to determine the build file name (#248)
+* Fix detecting the Gradle wrapper if not scanning the current directory (#238, Thanks @sschuberth!)
+* Use maven wrapper if available on maven projects
+* Check golang package lists against standard packages instead of excluding short package paths (#243)
+* Update the project_sha method to return the sha of the dependency, not the parent project
+* Change Maven wrapper to call mvn.cmd and fall back on mvn.bat (#263, Thanks @sschuberth!)
+* Allow bower to run as root
+* Fix packaging errors scanning pip based projects
+* Add JSON lib attribute to handle deeply nested JSON (#269. Thanks, @antongurov!)
+* Use the fully qualified name of the license-maven-plugin (#284)
+
 # 2.1.2 / 2016-06-10
 
 Bugfixes:

data/CONTRIBUTING.md

@@ -44,9 +44,18 @@ If you come up with something useful, consider posting it to the Google Group
 
 
 ## Development Dependencies
-
-To successfully run the test suite, you will need npm, maven, pip, gradle and
-bower installed. If you run `rake check_dependencies`, you'll see exactly what
+To successfully run the test suite, you will need the following installed: 
+- NPM (requires Node)
+- Bower (requires Node and NPM)
+- Maven (requires Java)
+- Gradle (requires Java)
+- Pip (requires python)
+- Rebar (requires erlang)
+- GoDep, GoWorkspace, and GoVendor (requires golang)
+- CocoaPods (requires ruby)
+- Bundler (requires ruby)
+
+If you run `rake check_dependencies`, you'll see exactly which package managers
 you're missing.
 
 ### Python
@@ -71,3 +80,19 @@ JAVA_OPTS='-client -XX:+TieredCompilation -XX:TieredStopAtLevel=1' JRUBY_OPTS='-
 ### Gradle
 
 You'll need a gradle version >= 1.8.
+
+### CocoaPods
+LicenseFinder supports CocoaPods 0.39 and below. If you are using a later version of CocoaPods, you will need to downgrade CocoaPods/Specs repository in order to use LicenseFinder. [This article](http://blog.cocoapods.org/Sharding/) describes the breaking change between CocoaPods 0.39 and 1.0. You will need to use an older, archived CocoaPods/Specs repo. 
+
+If you see the following error, try switching to the archived repo. 
+
+```bash
+[!] The `master` repo requires CocoaPods 1.0.0 -  (currently using 0.34.0)
+ ```
+
+Example of how to switch to the archived repo: 
+
+```bash 
+mv ~/.cocoapods/repos/master ~/.cocoapods/repos/master.bak
+git clone https://github.com/CocoaPods/Old-Specs.git ~/.cocoapods/repos/master
+```

data/Dockerfile

@@ -0,0 +1,82 @@
+FROM ubuntu:trusty
+RUN apt-get update && apt-get install -y curl git-core
+
+#install rvm
+RUN gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 && \
+    curl -sSL https://get.rvm.io | bash -s stable --ruby
+ENV PATH=/usr/local/rvm/bin:$PATH
+
+# install build-essential wget unzip
+RUN apt-get install -y build-essential wget unzip
+
+# nodejs seems to be required for the one of the gems
+RUN curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
+    apt-get -y install nodejs
+
+# install bower
+RUN npm install -g bower && \
+    echo '{ "allow_root": true }' > /root/.bowerrc
+
+# install bundler
+RUN bash -lc "rvm install 2.3.3 && rvm use 2.3.3 && gem install bundler"
+
+#install java 8
+#http://askubuntu.com/questions/521145/how-to-install-oracle-java-on-ubuntu-14-04
+RUN cd /tmp && \
+    wget --quiet --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u66-b17/jdk-8u66-linux-x64.tar.gz -O jdk-8.tgz && \
+    tar xf /tmp/jdk-8.tgz && \
+    mkdir -p /usr/lib/jvm && \
+    mv jdk1.8.0_66 /usr/lib/jvm/oracle_jdk8 && \
+    rm /tmp/jdk-8.tgz
+
+ENV J2SDKDIR=/usr/lib/jvm/oracle_jdk8
+ENV J2REDIR=/usr/lib/jvm/oracle_jdk8/jre
+ENV PATH=$PATH:/usr/lib/jvm/oracle_jdk8/bin:/usr/lib/jvm/oracle_jdk8/db/bin:/usr/lib/jvm/oracle_jdk8/jre/bin
+ENV JAVA_HOME=/usr/lib/jvm/oracle_jdk8
+ENV DERBY_HOME=/usr/lib/jvm/oracle_jdk8/db
+
+RUN java -version
+
+# install python and rebar
+RUN apt-get install -y python rebar
+
+# install and update python-pip
+RUN apt-get install -y python-pip && \
+    pip install --upgrade pip
+
+# install maven
+RUN curl -O http://www-us.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz && \
+    tar -xf apache-maven-3.3.9-bin.tar.gz; rm -rf apache-maven-3.3.9-bin.tar.gz && \
+    mv apache-maven-3.3.9 /usr/local/lib/maven && \
+    ln -s /usr/local/lib/maven/bin/mvn /usr/local/bin/mvn
+
+# install gradle
+WORKDIR /tmp
+RUN curl -L -o gradle.zip http://services.gradle.org/distributions/gradle-2.4-bin.zip && \
+    unzip -q gradle.zip && \
+    rm gradle.zip && \
+    mv gradle-2.4 /root/gradle
+ENV PATH=/root/gradle/bin:$PATH
+
+#install go
+WORKDIR /go
+RUN wget https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz -O go.tar.gz && tar --strip-components=1 -xf go.tar.gz
+ENV GOROOT /go
+ENV PATH=$PATH:/go/bin
+
+# godep is now required for license_finder to work for project that are still managed with GoDep
+ENV GOROOT=/go
+ENV GOPATH=/gopath
+ENV PATH=$PATH:$GOPATH/bin
+RUN mkdir /gopath && go get github.com/tools/godep
+
+# Fix the locale
+RUN locale-gen en_US.UTF-8
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US:en
+ENV LC_ALL=en_US.UTF-8
+
+# install license_finder
+RUN bash -lc "git clone https://github.com/pivotal/LicenseFinder /LicenseFinder && cd /LicenseFinder && bundle install -j4 && rake install"
+
+WORKDIR /

data/README.md

@@ -1,14 +1,22 @@
 # License Finder
 
-[![Build Status](https://secure.travis-ci.org/pivotal/LicenseFinder.png)](http://travis-ci.org/pivotal/LicenseFinder)
 [![Code Climate](https://codeclimate.com/github/pivotal/LicenseFinder.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
 
+Build status
+* Ruby 2.1.5 [![Ruby 2.1.5 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.1.5/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.2.0 [![Ruby 2.2.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.2.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.3.0 [![Ruby 2.3.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.3.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.4.0 [![Ruby 2.4.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+* JRuby 9.0.4.0 [![JRuby 9.0.4.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.0.4.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+
+
 LicenseFinder works with your package managers to find dependencies,
 detect the licenses of the packages in them, compare those licenses
 against a user-defined whitelist, and give you an actionable exception
 report.
 
 * code: https://github.com/pivotal/LicenseFinder
+* ci: https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder
 * support:
   * license-finder@googlegroups.com
   * https://groups.google.com/forum/#!forum/license-finder
@@ -30,7 +38,7 @@ report.
 ### Experimental project types
 
 * Erlang (via `rebar`)
-* Objective-C (+ CocoaPods)
+* Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
 
 ## Installation
 
@@ -112,6 +120,7 @@ languages, as long as that language has a package definition in the project dire
 * `package.json` (for `npm`)
 * `pom.xml` (for `maven`)
 * `build.gradle` (for `gradle`)
+* `settings.gradle` that specifies `rootProject.buildFileName` (for `gradle`)
 * `bower.json` (for `bower`)
 * `Podfile` (for CocoaPods)
 * `rebar.config` (for `rebar`)

data/Rakefile

@@ -31,9 +31,36 @@ task :check_dependencies do
   LicenseFinder::PackageManager.package_managers.each do |package_manager|
     satisfied = false unless package_manager.installed?(LicenseFinder::Logger.new(debug:true))
   end
+  STDOUT.flush
   exit 1 unless satisfied
 end
 
+desc "Configure ci pipeline"
+task :update_pipeline, [:slack_url, :slack_channel, :github_access_token] do |_, args|
+  access_token = args[:github_access_token]
+  slack_url = args[:slack_url]
+  slack_channel = args[:slack_channel]
+
+  unless access_token
+    puts 'Warning: You should provide a Github access token with repo:status permission if you want to avoid rate limiting'
+  end
+
+  if !(slack_url || slack_channel)
+    puts 'Warning: skipping slack notifications setup'
+    puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
+  end
+
+  params = []
+  params << "slack_url=#{slack_url}" if slack_url
+  params << "slack_channel=#{slack_channel}" if slack_channel
+  params << "github_access_token=#{access_token}" if access_token
+
+  vars = params.join(' ')
+  cmd = "bash -c \"fly -t osl set-pipeline -n -p LicenseFinder --config <(erb #{vars} ci/pipelines/pipeline.yml.erb)\""
+
+  system(cmd)
+end
+
 task :spec     => :check_dependencies
 task :features => :check_dependencies
 

data/appveyor.yml

@@ -0,0 +1,21 @@
+environment:
+  HOME: $(HOMEDRIVE)$(HOMEPATH)
+  GOPATH: $(HOME)\go
+  PATH: $(PATH);$(GOPATH)\bin;$(HOME)\rebar;$(HOME)\gradle\bin
+
+install:
+  - bundle install
+
+build_script:
+  - rake build
+
+# Prerequisites for running tests.
+before_test:
+  - rake install
+  - bash --login -c "ci/install_godep.sh"
+  - bash --login -c "ci/install_bower.sh"
+  - bash --login -c "ci/install_rebar.sh"
+  - bash --login -c "ci/install_gradle.sh"
+
+test_script:
+  - rake spec

data/bin/license_finder_pip.py

@@ -6,7 +6,7 @@ from pip.download import PipSession
 from pip._vendor import pkg_resources
 from pip._vendor.six import print_
 
-requirements = [req.req for req
+requirements = [pkg_resources.Requirement.parse(str(req.req)) for req
                 in parse_requirements('requirements.txt', session=PipSession())]
 
 transform = lambda dist: {

data/ci/pipelines/pipeline.yml.erb

@@ -0,0 +1,78 @@
+<% setup_slack = defined?(slack_url) && defined?(slack_channel) %>
+
+resource_types:
+- name: pull-request
+  type: docker-image
+  source:
+    repository: jtarchie/pr
+<% if setup_slack %>
+- name: slack-notification
+  type: docker-image
+  source:
+    repository: cfcommunity/slack-notification-resource
+    tag: latest
+<% end %>
+
+resources:
+- name: LicenseFinder
+  type: git
+  source:
+    uri: https://github.com/pivotal/LicenseFinder.git
+    branch: master
+- name: pull-request
+  type: pull-request
+  source:
+    repo: pivotal/LicenseFinder
+    base: master
+    <% if defined?(github_access_token) %>
+    access_token: <%= github_access_token %>
+    <% end %>
+<% if setup_slack %>
+- name: slack-alert
+  type: slack-notification
+  source:
+    url: <%= slack_url %>
+<% end %>
+
+jobs:
+<% ['2.4.0', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
+- name: ruby-<%= ruby_version %>
+  public: true
+  plan:
+  - get: LicenseFinder
+    trigger: true
+  - task: ruby-<%= ruby_version %>
+    file: LicenseFinder/ci/tasks/build.yml
+    params:
+      RUBY_VERSION: <%= ruby_version %>
+<% if setup_slack %>
+  on_failure:
+    put: slack-alert
+    params:
+      channel: '<%= slack_channel %>'
+      icon_emoji: ':crying_cat_face:'
+      text: '<%= "License Finder build failed. Build: https://osl.ci.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
+<% end %>
+<% end %>
+
+<% ['2.4.0', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
+- name: PR-ruby-<%= ruby_version %>
+  public: true
+  plan:
+  - get: pull-request
+    trigger: true
+    version: every
+  - task: ruby-<%= ruby_version %>
+    file: pull-request/ci/tasks/build.yml
+    params:
+      RUBY_VERSION: <%= ruby_version %>
+    input_mapping: { LicenseFinder: pull-request }
+<% if setup_slack %>
+  on_failure:
+    put: slack-alert
+    params:
+      channel: '<%= slack_channel %>'
+      icon_emoji: ':crying_cat_face:'
+      text: '<%= "License Finder build failed. Build: https://osl.ci.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
+<% end %>
+<% end %>

data/ci/scripts/test.sh

@@ -0,0 +1,27 @@
+#!/bin/bash --login
+
+set -e -x
+
+pushd LicenseFinder
+  rvm install $RUBY_VERSION
+  rvm use $RUBY_VERSION
+  ruby --version
+
+  export GOPATH=$HOME/go
+  export RUBYOPT='-E utf-8'
+
+  gem update --system
+  gem install bundler
+  bundle install
+
+  # jruby-9 specific: requires  >= rack 2.x
+  if [ "$RUBY_VERSION" == "jruby-9.0.4.0" ]
+  then
+    bundle update rack
+  fi
+  #
+
+  bundle exec rake install
+  bundle exec rake spec
+  bundle exec rake features
+popd

data/ci/tasks/build.yml

@@ -0,0 +1,16 @@
+platform: linux
+
+image_resource:
+  type: docker-image
+  source:
+    repository: licensefinder/license_finder
+    tag: latest
+
+inputs:
+- name: LicenseFinder
+
+run:
+  path: ./LicenseFinder/ci/scripts/test.sh
+
+params:
+  RUBY_VERSION:

data/features/features/package_managers/gradle_spec.rb

@@ -25,4 +25,10 @@ describe 'Gradle Dependencies' do
     expect(java_developer).to be_seeing_line 'data.json-0.2.3.jar, unknown, unknown'
     expect(java_developer).to be_seeing_line 'guava, 18.0, "Apache 2.0"'
   end
+
+  specify 'are shown in reports for a project with an alternate build.gradle file' do
+    LicenseFinder::TestingDSL::AlternateBuildFileGradleProject.create
+    java_developer.run_license_finder('alternate-build-file-gradle')
+    expect(java_developer).to be_seeing_line 'junit, 4.11, "Common Public License Version 1.0"'
+  end
 end

data/features/features/package_managers/maven_spec.rb

@@ -11,4 +11,13 @@ describe "Maven Dependencies" do
     java_developer.run_license_finder
     expect(java_developer).to be_seeing_line 'junit, 4.11, "Common Public License Version 1.0"'
   end
+
+  context 'when using --maven_include_groups flag' do
+
+    it 'shows the groupid' do
+      LicenseFinder::TestingDSL::MavenProject.create
+      java_developer.run_license_finder nil, '--maven_include_groups'
+      expect(java_developer).to be_seeing_line 'junit:junit, 4.11, "Common Public License Version 1.0"'
+    end
+  end
 end

data/features/features/report/diff_spec.rb

@@ -18,8 +18,8 @@ describe 'Diff report' do
 
       developer.execute_command('license_finder diff report-1.csv report-2.csv')
 
-      expect(developer).to be_seeing('added,bar,2.0.0,,GPLv2')
-      expect(developer).to be_seeing('unchanged,foo,1.0.0,1.0.0,MIT')
+      expect(developer).to be_seeing('added,bar,2.0.0,GPLv2')
+      expect(developer).to be_seeing('unchanged,foo,1.0.0,MIT')
     end
 
     specify 'shows version changes between two csv reports' do
@@ -31,7 +31,8 @@ describe 'Diff report' do
       developer.execute_command('license_finder report --save=report-2.csv --format=csv')
 
       developer.execute_command('license_finder diff report-1.csv report-2.csv')
-      expect(developer).to be_seeing('unchanged,foo,2.0.0,1.0.0,MIT')
+      expect(developer).to be_seeing('added,foo,2.0.0,MIT')
+      expect(developer).to be_seeing('removed,foo,1.0.0,MIT')
     end
 
     specify 'shows license changes between two csv reports' do
@@ -43,8 +44,8 @@ describe 'Diff report' do
       developer.execute_command('license_finder report --save=report-2.csv --format=csv')
 
       developer.execute_command('license_finder diff report-1.csv report-2.csv')
-      expect(developer).to be_seeing('removed,foo,,1.0.0,MIT')
-      expect(developer).to be_seeing('added,foo,2.0.0,,GPLv2')
+      expect(developer).to be_seeing('removed,foo,1.0.0,MIT')
+      expect(developer).to be_seeing('added,foo,2.0.0,GPLv2')
     end
   end
 
@@ -69,9 +70,9 @@ describe 'Diff report' do
       developer.execute_command('license_finder diff report-1.csv report-2.csv --save=diff.csv --format=csv')
 
       diff = IO.read(project.project_dir.join('diff.csv'))
-      expect(diff).to include("unchanged,foo,1.0.0,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
-      expect(diff).to include("unchanged,bar,2.0.0,2.0.0,GPLv2,#{project1.project_dir}")
-      expect(diff).to include("added,baz,3.0.0,,BSD,#{project2.project_dir}")
+      expect(diff).to include("unchanged,foo,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
+      expect(diff).to include("unchanged,bar,2.0.0,GPLv2,#{project1.project_dir}")
+      expect(diff).to include("added,baz,3.0.0,BSD,#{project2.project_dir}")
     end
 
     context 'when change affects only one file' do
@@ -96,9 +97,10 @@ describe 'Diff report' do
         developer.execute_command('license_finder diff report-1.csv report-2.csv --save=diff.csv --format=csv')
 
         diff = IO.read(project.project_dir.join('diff.csv'))
-        expect(diff).to include("unchanged,foo,1.0.0,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
-        expect(diff).to include("unchanged,bar,3.0.0,2.0.0,GPLv2,#{project1.project_dir}")
-        expect(diff).to include("added,baz,3.0.0,,BSD,#{project2.project_dir}")
+        expect(diff).to include("unchanged,foo,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
+        expect(diff).to include("added,bar,3.0.0,GPLv2,#{project1.project_dir}")
+        expect(diff).to include("removed,bar,2.0.0,GPLv2,#{project1.project_dir}")
+        expect(diff).to include("added,baz,3.0.0,BSD,#{project2.project_dir}")
       end
 
       specify 'shows license changes' do
@@ -122,10 +124,10 @@ describe 'Diff report' do
         developer.execute_command('license_finder diff report-1.csv report-2.csv --save=diff.csv --format=csv')
 
         diff = IO.read(project.project_dir.join('diff.csv'))
-        expect(diff).to include("unchanged,foo,1.0.0,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
-        expect(diff).to include("removed,bar,,2.0.0,GPLv2,#{project1.project_dir}")
-        expect(diff).to include("added,bar,3.0.0,,MIT,#{project1.project_dir}")
-        expect(diff).to include("added,baz,3.0.0,,BSD,#{project2.project_dir}")
+        expect(diff).to include("unchanged,foo,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
+        expect(diff).to include("removed,bar,2.0.0,GPLv2,#{project1.project_dir}")
+        expect(diff).to include("added,bar,3.0.0,MIT,#{project1.project_dir}")
+        expect(diff).to include("added,baz,3.0.0,BSD,#{project2.project_dir}")
       end
     end
 
@@ -151,10 +153,10 @@ describe 'Diff report' do
         developer.execute_command('license_finder diff report-1.csv report-2.csv --save=diff.csv --format=csv')
 
         diff = IO.read(project.project_dir.join('diff.csv'))
-        expect(diff).to include("unchanged,bar,2.0.0,2.0.0,GPLv2,#{project1.project_dir}")
-        expect(diff).to include("removed,foo,,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
-        expect(diff).to include("added,foo,2.0.0,,BSD,\"#{project1.project_dir},#{project2.project_dir}\"")
-        expect(diff).to include("added,baz,3.0.0,,BSD,#{project2.project_dir}")
+        expect(diff).to include("unchanged,bar,2.0.0,GPLv2,#{project1.project_dir}")
+        expect(diff).to include("removed,foo,1.0.0,MIT,\"#{project1.project_dir},#{project2.project_dir}\"")
+        expect(diff).to include("added,foo,2.0.0,BSD,\"#{project1.project_dir},#{project2.project_dir}\"")
+        expect(diff).to include("added,baz,3.0.0,BSD,#{project2.project_dir}")
       end
 
       xspecify 'show licenses change when files do not contain exact copies of a dep' do
@@ -178,12 +180,13 @@ describe 'Diff report' do
         developer.execute_command('license_finder diff report-1.csv report-2.csv --save=diff.csv --format=csv')
 
         diff = IO.read(project.project_dir.join('diff.csv'))
-        expect(diff).to include("removed,foo,,1.0.0,MIT,#{project1.project_dir}")
+        expect(diff).to include("removed,foo,1.0.0,MIT,#{project1.project_dir}")
         # expect(diff).to include("removed,foo,,2.0.0,BSD,#{project2.project_dir}")
-        expect(diff).to include("unchanged,foo,2.0.0,1.0.0,BSD,\"#{project1.project_dir},#{project2.project_dir}\"")
+        expect(diff).to include("added,foo,2.0.0,BSD,\"#{project1.project_dir},#{project2.project_dir}\"")
+        expect(diff).to include("removed,foo,1.0.0,BSD,\"#{project1.project_dir},#{project2.project_dir}\"")
 
-        expect(diff).to include("unchanged,bar,2.0.0,2.0.0,GPLv2,#{project1.project_dir}")
-        expect(diff).to include("added,baz,3.0.0,,BSD,#{project2.project_dir}")
+        expect(diff).to include("unchanged,bar,2.0.0,GPLv2,#{project1.project_dir}")
+        expect(diff).to include("added,baz,3.0.0,BSD,#{project2.project_dir}")
       end
     end
   end