license_finder 6.14.1 → 6.14.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e02cf849bb28047c74646f496dd4ba63f68675103d13d4da53e12c3f5e28de4f
-  data.tar.gz: 0ca411b29afeda504a4eddd6b03c81b46e35a2b9eb553d4bb69ef99f085864c1
+  metadata.gz: 34d77567442f9c47fcc7b150b7ffc32d2c7db0a76841ac3732f6e2af4887bc37
+  data.tar.gz: 1ae0dec6f2a8902bddfbfc3f0e466a7f26e9b19d304b40eef4d1a7a76a56cd5a
 SHA512:
-  metadata.gz: 7bd4b732e9ce6edee1e3352cd8ead5545fce8a8f047ef7a6b6006084aadbed01effc369d0ccd9ede81bd6889e32f0e1e0360cd76e9b80cf7f9c7cb483818c3cf
-  data.tar.gz: 226f2bf83e75441f72ca5dff09430cc49821eb83bd41af2964e6c1f19df2ce40946437fb4a8b32242653e82379ceadad5d3984961abf295ce81306d857c2ec1d
+  metadata.gz: 5a6e40dca9d5f3a91ab6cfba5e002ef14b3974fd6caeb6e3489d4bfc17b16897d0126e6c9f7edc35b28a0ec087bf9b68c3eb739ae583ccc6dcffb29b0d901ae5
+  data.tar.gz: 06d1bf8e227ce2db790f7ced5d53e507f384cdc7d582037bcb8be4574e7a483a550a34ba10c589c53b3513b24809900ba554da778de9b6cdb5437896c51a7b12

data/CHANGELOG.md

@@ -1,5 +1,26 @@
+# [6.14.2] / 2021-10-27
+
+### Added
+* Zlib License - [0f004b52](https://github.com/pivotal/LicenseFinder/commit/0f004b528d436b4d53db8bd373ede0594c07d9e8) - blooper05
+
 # [6.14.1] / 2021-06-25
 
+First two commit were supposed to show up in v6.14.0, but GPG bug prevented a correct build. Therefore, a follow up patch build was made to include the GPG fix.
+
+### Changed
+* Upgrade Docker image to use Ubuntu Bionic [#178471230] [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
+* Update the default timezone to GMT [#178471230] - [9fcab84](https://github.com/pivotal/LicenseFinder/commit/9fcab84605cda81e7f276d3c567d14409e371333)
+* Use local copy of Swift puglic GPG keys [#178674224] - [4db4b3e](https://github.com/pivotal/LicenseFinder/commit/4db4b3e5980ca52019549d74da574a2342a7846e)
+
+### Added 
+* Added --npm_options option to customize npm behavior. [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott 
+
+### Security
+* Fix issue where commands could be injected running on Cocoapods projects. [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
+
+  Thanks to Joern SchneeweiszStaff Security Engineer, Security Research | GitLab for raising the issue
+
+
 # [6.13.0] / 2021-04-27
 
 ### Fixed
@@ -957,3 +978,4 @@ Bugfixes:
 [6.12.2]: https://github.com/pivotal/LicenseFinder/compare/v6.12.1...v6.12.2
 [6.13.0]: https://github.com/pivotal/LicenseFinder/compare/v6.12.2...v6.13.0
 [6.14.1]: https://github.com/pivotal/LicenseFinder/compare/v6.13.0...v6.14.1
+[6.14.2]: https://github.com/pivotal/LicenseFinder/compare/v6.14.1...v6.14.2

data/VERSION

@@ -1 +1 @@
-6.14.1
+6.14.2

data/bin/license_finder_pip.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-
 import json
 import sys
 
@@ -21,12 +20,16 @@ except ImportError:
 from pip._vendor import pkg_resources
 from pip._vendor.six import print_
 
+
 reqs = []
 for req in parse_requirements(sys.argv[1], session=PipSession()):
-    if req.req == None or (req.markers != None and not req.markers.evaluate()): continue
-    reqs.append(req)
-
-requirements = [pkg_resources.Requirement.parse(str(req.req)) for req in reqs]
+    try:
+        if req.req is not None and (req.markers is None or req.markers.evaluate()):
+            reqs.append(pkg_resources.Requirement.parse(str(req.req)))
+    except AttributeError:
+        # Since pip 20.1 (pip now takes care of markers at the resolve step)
+        if req.requirement is not None:
+            reqs.append(pkg_resources.Requirement.parse(str(req.requirement)))
 
 transform = lambda dist: {
         'name': dist.project_name,
@@ -35,7 +38,6 @@ transform = lambda dist: {
         'dependencies': list(map(lambda dependency: dependency.project_name, dist.requires())),
         }
 
-packages = [transform(dist) for dist
-            in pkg_resources.working_set.resolve(requirements)]
 
+packages = [transform(dist) for dist in pkg_resources.working_set.resolve(reqs)]
 print_(json.dumps(packages))

data/lib/license_finder/license/definitions.rb

@@ -27,7 +27,8 @@ module LicenseFinder
           ruby,
           simplifiedbsd,
           wtfpl,
-          zerobsd
+          zerobsd,
+          zlib
         ]
       end
 
@@ -349,6 +350,17 @@ module LicenseFinder
           matcher: matcher
         )
       end
+
+      def zlib
+        License.new(
+          short_name: 'Zlib',
+          pretty_name: 'zlib/libpng license',
+          other_names: [
+            'zlib License'
+          ],
+          url: 'https://opensource.org/licenses/Zlib'
+        )
+      end
     end
   end
 end

data/lib/license_finder/license/templates/Zlib.txt

@@ -0,0 +1,17 @@
+Copyright (c) <year> <copyright holders>
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; you must not
+   claim that you wrote the original software. If you use this software
+   in a product, an acknowledgment in the product documentation would be
+   appreciated but is not required.
+2. Altered source versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+3. This notice may not be removed or altered from any source distribution.

data/lib/license_finder/package_managers/cocoa_pods.rb

@@ -53,7 +53,9 @@ module LicenseFinder
     end
 
     def read_plist(pathname)
-      JSON.parse(`plutil -convert json -o - '#{pathname.gsub!(/[^0-9A-Za-z.\-]/, '')}'`)
+      transformed_pathname = pathname.gsub!(%r{[^0-9A-Za-z. \-'/]}, '')
+      transformed_pathname = pathname if transformed_pathname.nil?
+      JSON.parse(`plutil -convert json -o - '#{transformed_pathname}'`)
     end
   end
 end

data/license_finder.gemspec

@@ -50,7 +50,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'with_env', '1.1.0'
   s.add_dependency 'xml-simple', '~> 1.1.5'
 
-  s.add_development_dependency 'addressable', '2.7.0'
+  s.add_development_dependency 'addressable', '2.8.0'
   s.add_development_dependency 'capybara', '~> 3.15.0'
   s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM =~ /darwin/
   s.add_development_dependency 'fakefs', '~> 1.2.0'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.14.1
+  version: 6.14.2
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-25 00:00:00.000000000 Z
+date: 2021-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -131,14 +131,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.8.0
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -424,6 +424,7 @@ files:
 - lib/license_finder/license/templates/Ruby.txt
 - lib/license_finder/license/templates/SimplifiedBSD.txt
 - lib/license_finder/license/templates/WTFPL.txt
+- lib/license_finder/license/templates/Zlib.txt
 - lib/license_finder/license/text.rb
 - lib/license_finder/license_aggregator.rb
 - lib/license_finder/logger.rb
@@ -536,7 +537,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.21
+rubygems_version: 3.2.30
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.