license_finder 7.0.0 → 7.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7009be357d27cb0bcadbff341eea7276b7a9012491f1ff2ebc7c2964d3d6305
-  data.tar.gz: d4a521addc00cf39c7203f667c41dcd9423a8fddb5e7584cf394de47ca249bfd
+  metadata.gz: a65abcec91ace2929ab66aa2e364002c4019e8cfd5ffdde361ce0ea4b20147f8
+  data.tar.gz: cfeaa1bf0a57a0480d8193fa10a75597b7421abcaa15d6995adc3a885797f547
 SHA512:
-  metadata.gz: e4a29a2ec4bd2022a96382c9a650e536af8881803302a2c60cecb832e49512184e13df28dd666b53bec7c0c7ef3f8fff66df26c589224134d495f621aba71a64
-  data.tar.gz: 6c255bd53fe29179580a920724b0be2e733aa187381e272254fa7d18e682b0bfe1c0ecf80450b5101dfd857aec0428d0e20bb5813f2b476a2bf37572a4486b04
+  metadata.gz: c699e9127e4740d8795b5f494525c31251fa4dea297ebdd3c965b3d8bfc129d56d469135f2eb9614d244ed2828798008000116166fd55c1ac6ef5412e7d87313
+  data.tar.gz: e78c9b61fdf161c85c813a9892f02e470bc036f0061720a0fac73120394fb1f9e4161b6a935acb500ae55ac6c03d2ed6df6a320dda5cbc1443be6f62747c4f51

data/CHANGELOG.md

@@ -1,19 +1,27 @@
+# [7.0.1] / 2022-03-18
+
 # [7.0.0] / 2022-03-04
 
 ### Added
-* Ruby 3.x Support - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af) 
+* Ruby 3.x Support - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
+* Provide Flutter project scanning support - [e739f281](https://github.com/pivotal/LicenseFinder/commit/e739f2180c88504152c0e19477489177012f5631) - etiennecadicidean
+* Add a new option to use spdx identifier in reports - [a71763bb](https://github.com/pivotal/LicenseFinder/commit/a71763bb132ed39e57f8071e72cb2450733bf8db) - etiennecadicidean
+* Allow to specify cocoadpods acknowledgment through ENV - [67bd3fb5](https://github.com/pivotal/LicenseFinder/commit/67bd3fb5569afa54abc16035fd7804bc2d65b7c0) - etiennecadicidean
 
 ### Changed
-* Raise an error if the yarn licenses list command fails - [8f9ab6bd](https://github.com/pivotal/LicenseFinder/commit/8f9ab6bd681866aee888410672f3babab7aab383) - AJ Esler
-* Updated code to support newest Thor gem - [b118772c](https://github.com/pivotal/LicenseFinder/commit/b118772c3f634dacc56795eebb7c3ba4c89ef639) 
+* Updated code to support newest Thor gem - [b118772c](https://github.com/pivotal/LicenseFinder/commit/b118772c3f634dacc56795eebb7c3ba4c89ef639)
+* Raise an error if the yarn licenses list command fails - [8f9ab6bd](https://github.com/pivotal/LicenseFinder/commit/8f9ab6bd681866aee888410672f3babab7aab383) - ajesler
+
+### Deprecated
+* Remove support for Ruby 2.3 - [02497dfb](https://github.com/pivotal/LicenseFinder/commit/02497dfb60d458e51a43ef26568389b5fcf302af)
 
 # [6.15.0] / 2021-12-17
 
 ### Added
-* Add Yarn2 support [7f08790](https://github.com/pivotal/LicenseFinder/commit/7f08790ce1d7cd12ccd0aa9de114ca3366ab408c)
+* Add Yarn2 support - [7f08790c](https://github.com/pivotal/LicenseFinder/commit/7f08790ce1d7cd12ccd0aa9de114ca3366ab408c)
 
 ###Changed
-* Upgrade conan and use https://center.conan.io instead of conan.bintray.com [eea1292](https://github.com/pivotal/LicenseFinder/commit/eea1292bf2613f603a8a0ae42747857acf77e361)
+* Upgrade conan and use https://center.conan.io instead of conan.bintray.com - [eea1292b](https://github.com/pivotal/LicenseFinder/commit/eea1292bf2613f603a8a0ae42747857acf77e361)
 
 ### Fixed
 * Fix docker Conan and swift - [66031df9](https://github.com/pivotal/LicenseFinder/commit/66031df912c2e1e21aa794a4b897fc61c9ec6b02) 
@@ -28,15 +36,15 @@
 First two commit were supposed to show up in v6.14.0, but GPG bug prevented a correct build. Therefore, a follow up patch build was made to include the GPG fix.
 
 ### Changed
-* Upgrade Docker image to use Ubuntu Bionic [#178471230] [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
+* Upgrade Docker image to use Ubuntu Bionic [#178471230] - [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
 * Update the default timezone to GMT [#178471230] - [9fcab84](https://github.com/pivotal/LicenseFinder/commit/9fcab84605cda81e7f276d3c567d14409e371333)
 * Use local copy of Swift puglic GPG keys [#178674224] - [4db4b3e](https://github.com/pivotal/LicenseFinder/commit/4db4b3e5980ca52019549d74da574a2342a7846e)
 
 ### Added 
-* Added --npm_options option to customize npm behavior. [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott 
+* Added --npm_options option to customize npm behavior - [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott 
 
 ### Security
-* Fix issue where commands could be injected running on Cocoapods projects. [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
+* Fix issue where commands could be injected running on Cocoapods projects - [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
 
   Thanks to Joern Schneeweisz Staff Security Engineer, Security Research | GitLab for raising the issue
 
@@ -1001,4 +1009,4 @@ Bugfixes:
 [6.14.2]: https://github.com/pivotal/LicenseFinder/compare/v6.14.1...v6.14.2
 [6.15.0]: https://github.com/pivotal/LicenseFinder/compare/v6.14.2...v6.15.0
 [7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
-[7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
+[7.0.1]: https://github.com/pivotal/LicenseFinder/compare/v7.0.0...v7.0.1

data/README.md

@@ -20,41 +20,40 @@ and give you an actionable exception report.
 * docker: [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
   * the docker image contains all the package managers needed to run `license_finder`
 * support:
+  * The primary form of communication for support is through github issues. The google groups are not actively
+    monitored
   * license-finder@googlegroups.com
   * https://groups.google.com/forum/#!forum/license-finder
-* backlog: https://www.pivotaltracker.com/n/projects/234851
 
 ### Supported project types
 
 | Project Type | Package Manager | Tested on Version |
-| ------------ | --------------- | -------:|
-| Ruby Gems    | bundler         | 1.16.6  |
-| Python 2.7 Eggs  | pip2             | 19.0.2  |
-| Python 3.5 Eggs  | pip3             | 19.0.2  |
-| Node.js      | npm             | 6.4.1   |
-| Bower        | bower           | 1.8.4   |
-| Nuget (without license discovery) | nuget | 4.7.1.5393 |
-| Godep        | Godep           | 80      |
-| Go workspace (via a `.envrc` file) | Go lang | 1.11.5 |
-| Go modules   | Go lang         | 1.11.5  |
-| Java         | maven           | 3.6.0   |
-| Java         | gradle          | 4.10.3  |
+| ------------ |-----------------|------------------:|
+| Ruby Gems    | bundler         | 2.3.7 |
+| Python 2.7 Eggs  | pip2            | 19.0.2 |
+| Python 3.5 Eggs  | pip3            | 20.0.2 |
+| Node.js      | npm             | 6.4.1 |
+| Bower        | bower           | 1.8.4 |
+| Nuget (without license discovery) | nuget           | 4.7.1.5393 |
+| Godep        | Godep           | 80 |
+| Go workspace | Go lang         | 1.11.5 |
+| Go modules   | Go lang         | 1.14.3 |
+| Java         | maven           | 3.6.0 |
+| Java         | gradle          | 5.6.4 |
 
 ### Experimental project types
 
 * Erlang (via `rebar` and `Erlang.mk`)
-* Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager)
-* Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
+* Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager(SPM)
 * Elixir (via `mix`)
 * Golang (via `gvt`, `glide`,`dep`, `trash` and `govendor`)
 * JavaScript (via `yarn`)
 * C++/C (via `conan`)
 * Scala (via `sbt`)
 * Rust (via `cargo`)
-* Go Modules (via `go mod`)
 * PHP (via `composer`)
-* Python (via Conda [Conda 4.8.3, Python 3.7, Bash; requires an `environment.yml` or `environment.yaml`])
-* Flutter (via `flutter pub, requires pubspec.yaml & .pub cache locaton through ENV variable`)
+* Python (via `Conda`, `pipenv`)
+* Flutter (via `flutter pub`)
 
 ## Installation
 
@@ -158,7 +157,7 @@ reference it will mount your current directory at the path `/scan` and run any c
 passed to it from that directory.
 
 Note that the docker image will run the gem which is installed within it.
-So the docker image tagged `4.0.2` will run *License Finder Version 4.0.2*
+So the docker image tagged `7.0.0` will run *License Finder Version 7.0.0*
 
 See the [contributing guide](https://github.com/pivotal/LicenseFinder/blob/master/CONTRIBUTING.md) for information on development. 
 
@@ -169,9 +168,10 @@ languages, as long as that language has a package definition in the project dire
 
 * `Gemfile` (for `bundler`)
 * `requirements.txt` (for `pip`)
+* `Pipfile.lock` (for `pipenv`)
 * `package.json` (for `npm`)
 * `pom.xml` (for `maven`)
-* `build.gradle` (for `gradle`)
+* `build.gradle` or `build.gradle.kts` (for `gradle`)
 * `settings.gradle` that specifies `rootProject.buildFileName` (for `gradle`)
 * `bower.json` (for `bower`)
 * `Podfile` (for `pod`) (set `ACKNOWLEDGEMENTS_PATH` variable if you want to target a particular `Pods-acknowledgements-<TARGET>.plist`. Can be useful in multi-target pods projects.)
@@ -186,6 +186,8 @@ languages, as long as that language has a package definition in the project dire
 * `glide.lock` file (for `glide`)
 * `vendor/vendor.json` file (for `govendor`)
 * `Gopkg.lock` file (for `dep`)
+* `Godeps/Godeps.json` (for `godep`)
+* `*.envrc` file (for `go`) 
 * `go.mod` file (for `go mod`)
 * `vendor.conf` file (for `trash`)
 * `yarn.lock` file (for `yarn`)
@@ -193,7 +195,8 @@ languages, as long as that language has a package definition in the project dire
 * `build.sbt` file (for `sbt`)
 * `Cargo.lock` file (for `cargo`)
 * `composer.lock` file (for `composer`)
-
+* `environment,yml` file (for `conda`)
+* `pubspec.yaml & .pub cache locaton through ENV variable` (for `flutter`)
 
 ### Continuous Integration
 
@@ -499,7 +502,7 @@ licenseConfigurations := Set("compile", "provided")
 
 ## Requirements
 
-`license_finder` requires ruby >= 1.9.3, or jruby.
+`license_finder` requires ruby >= 2.4.0. We will be dropping 2.4.x support soon.
 
 
 ## Upgrading

data/VERSION

@@ -1 +1 @@
-7.0.0
+7.0.1

data/lib/license_finder/package_managers/maven.rb

@@ -34,14 +34,10 @@ module LicenseFinder
     end
 
     def package_management_command
-      wrapper = if Platform.windows?
-                  'mvnw.cmd'
-                else
-                  './mvnw'
-                end
+      wrapper = File.join(project_path, Platform.windows? ? 'mvnw.cmd' : 'mvnw')
       maven = 'mvn'
 
-      File.exist?(File.join(project_path, wrapper)) ? wrapper : maven
+      File.exist?(wrapper) ? wrapper : maven
     end
 
     def possible_package_paths

data/lib/license_finder/package_managers/yarn.rb

@@ -2,16 +2,19 @@
 
 module LicenseFinder
   class Yarn < PackageManager
-    SHELL_COMMAND = 'yarn licenses list --no-progress --json'
+    SHELL_COMMAND = 'yarn licenses list --json'
 
     def possible_package_paths
       [project_path.join('yarn.lock')]
     end
 
     def current_packages
-      cmd = "#{Yarn::SHELL_COMMAND}#{yarn1_production_flag}"
-      suffix = " --cwd #{project_path}" unless project_path.nil?
-      cmd += suffix unless suffix.nil?
+      # the licenses plugin supports the classic production flag
+      cmd = "#{Yarn::SHELL_COMMAND}#{classic_yarn_production_flag}"
+      if yarn_version == 1
+        cmd += ' --no-progress'
+        cmd += " --cwd #{project_path}" unless project_path.nil?
+      end
 
       stdout, stderr, status = Cmd.run(cmd)
       raise "Command '#{cmd}' failed to execute: #{stderr}" unless status.success?
@@ -56,30 +59,38 @@ module LicenseFinder
     end
 
     def prepare_command
-      if yarn2_project?
-        yarn2_prepare_command
+      if yarn_version == 1
+        classic_yarn_prepare_command
       else
-        yarn1_prepare_command
+        yarn_prepare_command
       end
     end
 
     private
 
-    def yarn2_prepare_command
-      "#{yarn2_production_flag}yarn install"
+    def yarn_prepare_command
+      "#{yarn_plugin_production_command}yarn install && yarn plugin import https://raw.githubusercontent.com/mhassan1/yarn-plugin-licenses/#{yarn_licenses_plugin_version}/bundles/@yarnpkg/plugin-licenses.js"
+    end
+
+    def classic_yarn_prepare_command
+      "yarn install --ignore-engines --ignore-scripts#{classic_yarn_production_flag}"
     end
 
-    def yarn1_prepare_command
-      "yarn install --ignore-engines --ignore-scripts#{yarn1_production_flag}"
+    def yarn_licenses_plugin_version
+      if yarn_version == 2
+        'v0.6.0'
+      else
+        'v0.7.2'
+      end
     end
 
-    def yarn2_project?
+    def yarn_version
       Dir.chdir(project_path) do
         version_string, stderr_str, status = Cmd.run('yarn -v')
         raise "Command 'yarn -v' failed to execute: #{stderr_str}" unless status.success?
 
         version = version_string.split('.').map(&:to_i)
-        return version[0] >= 2
+        return version[0]
       end
     end
 
@@ -120,13 +131,13 @@ module LicenseFinder
       all_packages - [yarn_internal_package]
     end
 
-    def yarn1_production_flag
+    def classic_yarn_production_flag
       return '' if @ignored_groups.nil?
 
       @ignored_groups.include?('devDependencies') ? ' --production' : ''
     end
 
-    def yarn2_production_flag
+    def yarn_plugin_production_command
       return '' if @ignored_groups.nil?
 
       @ignored_groups.include?('devDependencies') ? 'yarn plugin import workspace-tools && yarn workspaces focus --all --production && ' : ''

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.0.1
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-04 00:00:00.000000000 Z
+date: 2022-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -569,7 +569,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.8
+rubygems_version: 3.3.9
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.