license_finder 7.0.1 → 7.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a65abcec91ace2929ab66aa2e364002c4019e8cfd5ffdde361ce0ea4b20147f8
4
- data.tar.gz: cfeaa1bf0a57a0480d8193fa10a75597b7421abcaa15d6995adc3a885797f547
3
+ metadata.gz: a74ac8d4dd390c9608445a97a27c1b6b1a3398b33c95d28eff8eb0e1cfff63e7
4
+ data.tar.gz: 6944369b76103e35729350d5508445ad72f91bb79b2d32e6241b552cd53bf3cd
5
5
  SHA512:
6
- metadata.gz: c699e9127e4740d8795b5f494525c31251fa4dea297ebdd3c965b3d8bfc129d56d469135f2eb9614d244ed2828798008000116166fd55c1ac6ef5412e7d87313
7
- data.tar.gz: e78c9b61fdf161c85c813a9892f02e470bc036f0061720a0fac73120394fb1f9e4161b6a935acb500ae55ac6c03d2ed6df6a320dda5cbc1443be6f62747c4f51
6
+ metadata.gz: db5512b1f7c9f5c317fb4d9a0efe09fc6d4b88461b3c599ca0ab7b679ef9fdf07cb86eebe3d0ef87cefcfa5a531d9bd1e2b583f7e938ac9c3a64766f21a7f012
7
+ data.tar.gz: 75f9994268a1a7ef36145bd757cfa8c02e1fcb3d2debdd8301b9f26326bf4afc04771a8b9a2d4e8922398560e9df68c075df240144d6972a62c5613c4f6261c5
@@ -7,3 +7,10 @@ updates:
7
7
  time: "20:00"
8
8
  timezone: America/Los_Angeles
9
9
  open-pull-requests-limit: 10
10
+ - package-ecosystem: docker
11
+ directory: "/"
12
+ schedule:
13
+ interval: daily
14
+ time: "20:00"
15
+ timezone: America/Los_Angeles
16
+ open-pull-requests-limit: 10
@@ -0,0 +1,10 @@
1
+ - id: license-finder
2
+ name: Audit licenses of dependencies
3
+ entry: license_finder
4
+ language: ruby
5
+ pass_filenames: false
6
+ description: >
7
+ LicenseFinder works with your package managers to find dependencies, detect
8
+ the licenses of the packages in them, compare those licenses against a
9
+ user-defined list of permitted licenses, and give you an actionable
10
+ exception report.
data/CHANGELOG.md CHANGED
@@ -1,4 +1,27 @@
1
+ # [7.1.0] / 2022-11-28
2
+
3
+ ### Added
4
+ * Missing New BSD alternative name - [64d425d9](https://github.com/pivotal/LicenseFinder/commit/64d425d9210794c6b45c60bf730931e459a1e959)
5
+ * pre-commit hook - [2fd5ac85](https://github.com/pivotal/LicenseFinder/commit/2fd5ac85fbd4ea03b6f274f2c977448a8a517c2c) - Kurt von Laven
6
+
7
+ ### Fixed
8
+ * - Apache 2 license being too restrictive on matching - [c7fd0399](https://github.com/pivotal/LicenseFinder/commit/c7fd03994592ca97408f5134dd9eac6566e51c48)
9
+ * - Erlang not installing properly with mix - [74af3885](https://github.com/pivotal/LicenseFinder/commit/74af388579dd2f26b1814ece39c869d684218cd9)
10
+ * Scan transitive Yarn v2+ dependencies - [0115445e](https://github.com/pivotal/LicenseFinder/commit/0115445eb26de3185518adfb257b0e1911cf2fbd) - Kurt von Laven
11
+
12
+ * Issue with chaining commands with dlf - [a6af8c3e](https://github.com/pivotal/LicenseFinder/commit/a6af8c3e0abb932ed8d3c0215175f23cf75b5fb2)
13
+ * Nuget and dotnet not returning proper licenses - [e3452336](https://github.com/pivotal/LicenseFinder/commit/e3452336aa980f26de9a7d44d725bddb0ddd67a0)
14
+ * Save help documentation for the default file name - [09a93762](https://github.com/pivotal/LicenseFinder/commit/09a93762dc3bd714fdcdebb4aa84af4c7dbefa04)
15
+ * - Yarn2 output parsing - [395a7f02](https://github.com/pivotal/LicenseFinder/commit/395a7f02b7729243aaf730b6ede71cae8f21cfeb)
16
+
17
+ ### Changed
18
+ * - Bump docker image golang version to 1.17.13 - [4f3df246](https://github.com/pivotal/LicenseFinder/commit/4f3df246d2f5245681a943a6fb6dee49e3ed3ed1)
19
+
1
20
  # [7.0.1] / 2022-03-18
21
+ ### Fixed
22
+ * Maven Wrapper command path must be relative to working directory - [298a733a](https://github.com/pivotal/LicenseFinder/commit/298a733a67f34341ffabc7dfbf2ee5c27574b979) - jbmgrtn
23
+ * Support yarn license command for yarn v2+ - [ed3b319b](https://github.com/pivotal/LicenseFinder/commit/ed3b319b64bf9c72c12fd5a365952137cf7f33b6)
24
+
2
25
 
3
26
  # [7.0.0] / 2022-03-04
4
27
 
@@ -1010,3 +1033,4 @@ Bugfixes:
1010
1033
  [6.15.0]: https://github.com/pivotal/LicenseFinder/compare/v6.14.2...v6.15.0
1011
1034
  [7.0.0]: https://github.com/pivotal/LicenseFinder/compare/v6.15.0...v7.0.0
1012
1035
  [7.0.1]: https://github.com/pivotal/LicenseFinder/compare/v7.0.0...v7.0.1
1036
+ [7.1.0]: https://github.com/pivotal/LicenseFinder/compare/v7.0.1...v7.1.0
data/CONTRIBUTING.md CHANGED
@@ -78,6 +78,7 @@ If you come up with something useful, consider posting it to the Google Group
78
78
  To successfully run the test suite, you will need the following installed:
79
79
  - NPM (requires Node)
80
80
  - Yarn (requires Node)
81
+ - PNPM (requires Node)
81
82
  - Bower (requires Node and NPM)
82
83
  - Maven (requires Java)
83
84
  - Gradle (requires Java)
data/Dockerfile CHANGED
@@ -5,25 +5,25 @@ WORKDIR /tmp
5
5
  # Versioning
6
6
  ENV PIP_INSTALL_VERSION 19.0.2
7
7
  ENV PIP3_INSTALL_VERSION 20.0.2
8
- ENV GO_LANG_VERSION 1.14.3
8
+ ENV GO_LANG_VERSION 1.17.13
9
9
  ENV MAVEN_VERSION 3.6.0
10
10
  ENV SBT_VERSION 1.3.3
11
11
  ENV GRADLE_VERSION 5.6.4
12
12
  ENV RUBY_VERSION 3.1.1
13
- ENV MIX_VERSION 1.0
13
+ ENV MIX_VERSION 2.0
14
14
  ENV COMPOSER_ALLOW_SUPERUSER 1
15
15
 
16
16
  # programs needed for building
17
17
  RUN apt-get update && apt-get install -y \
18
- build-essential \
19
- curl \
20
- sudo \
21
- unzip \
22
- wget \
23
- gnupg2 \
24
- apt-utils \
25
- software-properties-common \
26
- bzr
18
+ build-essential \
19
+ curl \
20
+ sudo \
21
+ unzip \
22
+ wget \
23
+ gnupg2 \
24
+ apt-utils \
25
+ software-properties-common \
26
+ bzr
27
27
 
28
28
  RUN add-apt-repository ppa:git-core/ppa && apt-get update && apt-get install -y git
29
29
 
@@ -33,14 +33,18 @@ RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
33
33
 
34
34
  # install yarn
35
35
  RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - && \
36
- echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list && \
37
- apt-get update && \
38
- apt-get install yarn
36
+ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list && \
37
+ apt-get update && \
38
+ apt-get install yarn
39
39
 
40
40
  # install bower
41
41
  RUN npm install -g bower && \
42
42
  echo '{ "allow_root": true }' > /root/.bowerrc
43
43
 
44
+ # install pnpm
45
+ RUN npm install -g pnpm && \
46
+ pnpm version
47
+
44
48
  # install jdk 12
45
49
  RUN curl -L -o openjdk12.tar.gz https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz && \
46
50
  tar xvf openjdk12.tar.gz && \
@@ -95,14 +99,29 @@ ENV PATH=$PATH:/go/bin
95
99
  ENV GOROOT=/go
96
100
  ENV GOPATH=/gopath
97
101
  ENV PATH=$PATH:$GOPATH/bin
102
+
98
103
  RUN mkdir /gopath && \
99
- go get github.com/tools/godep && \
100
- go get github.com/FiloSottile/gvt && \
101
- go get github.com/Masterminds/glide && \
102
- go get github.com/kardianos/govendor && \
103
- go get github.com/golang/dep/cmd/dep && \
104
- go get -u github.com/rancher/trash && \
105
- go clean -cache
104
+ go install github.com/tools/godep@latest && \
105
+ go install github.com/FiloSottile/gvt@latest && \
106
+ go install github.com/kardianos/govendor@latest && \
107
+ go clean -cache
108
+
109
+ #install rvm and glide and godep
110
+ RUN apt-add-repository -y ppa:rael-gc/rvm && \
111
+ add-apt-repository -y ppa:masterminds/glide && \
112
+ apt update && apt install -y rvm && \
113
+ /usr/share/rvm/bin/rvm install --default $RUBY_VERSION &&\
114
+ apt-get install -y glide && \
115
+ apt-get install -y go-dep
116
+
117
+ # install trash
118
+ RUN curl -Lo trash.tar.gz https://github.com/rancher/trash/releases/download/v0.2.7/trash-linux_amd64.tar.gz && \
119
+ tar xvf trash.tar.gz && \
120
+ rm trash.tar.gz && \
121
+ sudo mv trash /usr/local/bin/
122
+
123
+ # install bundler
124
+ RUN bash -lc "gem update --system && gem install bundler"
106
125
 
107
126
  WORKDIR /tmp
108
127
  # Fix the locale
@@ -115,47 +134,44 @@ ENV LC_ALL=en_US.UTF-8
115
134
  # install Cargo
116
135
  RUN curl https://sh.rustup.rs -sSf | bash -ls -- -y --profile minimal
117
136
 
118
- #install rvm
119
- RUN apt-add-repository -y ppa:rael-gc/rvm && \
120
- apt update && apt install -y rvm && \
121
- /usr/share/rvm/bin/rvm install --default $RUBY_VERSION
122
-
123
- # install bundler
124
- RUN bash -lc "gem update --system && gem install bundler"
125
-
126
137
  #install mix
127
138
  RUN wget https://packages.erlang-solutions.com/erlang-solutions_${MIX_VERSION}_all.deb && \
128
139
  sudo dpkg -i erlang-solutions_${MIX_VERSION}_all.deb && \
129
140
  sudo rm -f erlang-solutions_${MIX_VERSION}_all.deb && \
130
141
  sudo apt-get update && \
131
- sudo apt-get install -y esl-erlang && \
132
- sudo apt-get install -y elixir
142
+ sudo apt-get install -y esl-erlang
143
+ # Install Elixir
144
+ WORKDIR /tmp/elixir-build
145
+ RUN git clone https://github.com/elixir-lang/elixir.git
146
+ WORKDIR elixir
147
+ RUN make && make install
148
+ WORKDIR /
133
149
 
134
150
  # install conan
135
151
  RUN apt-get install -y python-dev && \
136
- pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
137
- --ignore-installed requests --ignore-installed chardet \
138
- --ignore-installed urllib3 \
139
- --upgrade setuptools && \
140
- pip install --no-cache-dir -Iv conan==1.43.0 && \
152
+ pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
153
+ --ignore-installed requests --ignore-installed chardet \
154
+ --ignore-installed urllib3 \
155
+ --upgrade setuptools && \
156
+ pip3 install --no-cache-dir -Iv conan==1.51.3 && \
141
157
  conan config install https://github.com/conan-io/conanclientcert.git
142
158
 
143
159
 
144
160
  # install NuGet (w. mono)
145
161
  # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux
146
162
  RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF &&\
147
- echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
148
- apt-get update &&\
149
- apt-get install -y mono-complete &&\
150
- curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
151
- curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
163
+ echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
164
+ apt-get update &&\
165
+ apt-get install -y mono-complete &&\
166
+ curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
167
+ curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
152
168
 
153
169
  # install dotnet core
154
170
  RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb &&\
155
- sudo dpkg -i packages-microsoft-prod.deb &&\
156
- rm packages-microsoft-prod.deb &&\
157
- sudo apt-get update &&\
158
- sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
171
+ sudo dpkg -i packages-microsoft-prod.deb &&\
172
+ rm packages-microsoft-prod.deb &&\
173
+ sudo apt-get update &&\
174
+ sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
159
175
 
160
176
  # install Composer
161
177
  # The ARG and ENV are for installing tzdata which is part of this installaion.
@@ -178,12 +194,12 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
178
194
  # See https://docs.conda.io/en/latest/miniconda_hashes.html
179
195
  # for latest versions and SHAs.
180
196
  RUN \
181
- conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
182
- ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
183
- wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
184
- sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
185
- ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
186
- (echo; echo "yes") | sh "${conda_installer}"
197
+ conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
198
+ ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
199
+ wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
200
+ sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
201
+ ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
202
+ (echo; echo "yes") | sh "${conda_installer}"
187
203
 
188
204
  # install Swift Package Manager
189
205
  # Based on https://github.com/apple/swift-docker/blob/main/5.3/ubuntu/18.04/Dockerfile
@@ -208,11 +224,12 @@ RUN apt-get -q install -y \
208
224
 
209
225
  #install flutter
210
226
  ENV FLUTTER_HOME=/root/flutter
227
+ RUN git config --global --add safe.directory /root/flutter
211
228
  RUN curl -o flutter_linux_2.8.1-stable.tar.xz https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.8.1-stable.tar.xz \
212
229
  && tar xf flutter_linux_2.8.1-stable.tar.xz \
213
230
  && mv flutter ${FLUTTER_HOME} \
214
231
  && rm flutter_linux_2.8.1-stable.tar.xz
215
-
232
+
216
233
  ENV PATH=$PATH:${FLUTTER_HOME}/bin:${FLUTTER_HOME}/bin/cache/dart-sdk/bin
217
234
  RUN flutter doctor -v \
218
235
  && flutter update-packages \
data/README.md CHANGED
@@ -57,8 +57,19 @@ and give you an actionable exception report.
57
57
 
58
58
  ## Installation
59
59
 
60
- License Finder requires Ruby 2.4.0 or greater to run. If you have an older
61
- version of Ruby installed, you can update via Homebrew:
60
+ License Finder may be run as a [pre-commit](https://pre-commit.com) hook by
61
+ adding the following to your `.pre-commit-config.yaml`:
62
+
63
+ ```yaml
64
+ repos:
65
+ - repo: https://github.com/pivotal/LicenseFinder
66
+ rev: v7.1.0 # You probably want the latest tag.
67
+ hooks:
68
+ - id: license-finder
69
+ ```
70
+
71
+ Running License Finder directly requires Ruby 2.4.0 or greater. If you have an
72
+ older version of Ruby installed, you can update via Homebrew:
62
73
 
63
74
  ```sh
64
75
  $ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
@@ -70,7 +81,7 @@ then:
70
81
  $ brew install ruby
71
82
  ```
72
83
 
73
- The easiest way to use `license_finder` is to install it as a command
84
+ The easiest way to use `license_finder` directly is to install it as a command
74
85
  line tool, like brew, awk, gem or bundler:
75
86
 
76
87
  ```sh
@@ -154,7 +165,8 @@ $ dlf "bundle install && license_finder"
154
165
 
155
166
  You can better understand the way this script works by looking at its source, but for
156
167
  reference it will mount your current directory at the path `/scan` and run any commands
157
- passed to it from that directory.
168
+ passed to it from that directory. If your command has `&&`, ensure you quote the command.
169
+ If it does not, ensure the command is not quoted.
158
170
 
159
171
  Note that the docker image will run the gem which is installed within it.
160
172
  So the docker image tagged `7.0.0` will run *License Finder Version 7.0.0*
@@ -195,7 +207,7 @@ languages, as long as that language has a package definition in the project dire
195
207
  * `build.sbt` file (for `sbt`)
196
208
  * `Cargo.lock` file (for `cargo`)
197
209
  * `composer.lock` file (for `composer`)
198
- * `environment,yml` file (for `conda`)
210
+ * `environment.yml` file (for `conda`)
199
211
  * `pubspec.yaml & .pub cache locaton through ENV variable` (for `flutter`)
200
212
 
201
213
  ### Continuous Integration
@@ -333,12 +345,40 @@ you should manually research what the actual license is. When you
333
345
  have established the real license, you can record it with:
334
346
 
335
347
  ```sh
336
- $ license_finder licenses add my_unknown_dependency MIT --homepage="www.unknown-code.org"
348
+ $ license_finder licenses add my_unknown_dependency MIT
349
+ ```
350
+
351
+ This command would assign the MIT license to all versions of the dependency
352
+ `my_unknown_dependency`. If you prefer, you could instead assign the license
353
+ to only a specific version of the dependency:
354
+
355
+ ```sh
356
+ $ license_finder licenses add my_unknown_dependency MIT --version=1.0.0
337
357
  ```
338
358
 
339
- This command would assign the MIT license to the dependency
340
- `my_unknown_dependency`. It will also set its homepage to `www.unknown-code.org`.
359
+ Please note that adding a license to a specific version of a dependency will
360
+ cause any licenses previously added to all versions of that dependency to be
361
+ forgotten. Similarly, adding a license to all versions of a dependency will
362
+ override any licenses previously added to specific versions of that dependency.
363
+
364
+ There are several ways in which you can remove licenses that were previously
365
+ added through the `licenses add` command:
366
+
367
+ ```sh
368
+ # Removes all licenses from any version of the dependency
369
+ $ license_finder licenses remove my_unknown_dependency
341
370
 
371
+ # Removes just the MIT license from any version of the dependency
372
+ $ license_finder licenses remove my_unknown_dependency MIT
373
+
374
+ # Removes all licenses from only version 1.0.0 of the dependency
375
+ # This has no effect if you had last added a license to all versions of the dependency
376
+ $ license_finder licenses remove my_unknown_dependency --version=1.0.0
377
+
378
+ # Removes just the MIT license from only version 1.0.0 of the dependency
379
+ # This has no effect if you had last added a license to all versions of the dependency
380
+ $ license_finder licenses remove my_unknown_dependency MIT --version=1.0.0
381
+ ```
342
382
 
343
383
  ### Adding Hidden Dependencies
344
384
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 7.0.1
1
+ 7.1.0
data/dlf CHANGED
@@ -7,7 +7,12 @@ if `which docker > /dev/null`; then
7
7
  for p in "$@"; do
8
8
  escaped_params="$escaped_params \"$p\""
9
9
  done
10
- docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $escaped_params"
10
+ if [[ $escaped_params =~ "&&" ]]; then
11
+ command=${escaped_params:2:${#escaped_params}-3}
12
+ else
13
+ command=$escaped_params
14
+ fi
15
+ docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $command"
11
16
  fi
12
17
  else
13
18
  echo "You do not have docker installed. Please install it:"
@@ -46,6 +46,8 @@ module LicenseFinder
46
46
  :maven_include_groups,
47
47
  :maven_options,
48
48
  :npm_options,
49
+ :yarn_options,
50
+ :pnpm_options,
49
51
  :pip_requirements_path,
50
52
  :python_version,
51
53
  :rebar_command,
@@ -7,19 +7,24 @@ module LicenseFinder
7
7
  include MakesDecisions
8
8
 
9
9
  auditable
10
+ method_option :version, desc: 'The version associated with the license'
10
11
  desc 'add DEPENDENCY LICENSE', "Set a dependency's licenses, overwriting any license_finder has found"
11
12
  def add(name, license)
12
13
  modifying { decisions.license(name, license, txn) }
13
14
 
14
- printer.say "The #{name} dependency has been marked as using #{license} license!", :green
15
+ version_info = options[:version] ? " with version #{options[:version]}" : ''
16
+ printer.say "The #{name} dependency#{version_info} has been marked as using #{license} license!", :green
15
17
  end
16
18
 
17
19
  auditable
20
+ method_option :version, desc: 'The version associated with the license'
18
21
  desc 'remove DEPENDENCY LICENSE', 'Remove a manually set license'
19
- def remove(dep, lic)
22
+ def remove(dep, lic = nil)
20
23
  modifying { decisions.unlicense(dep, lic, txn) }
21
24
 
22
- printer.say "The dependency #{dep} no longer has a manual license"
25
+ version_info = options[:version] ? " with version #{options[:version]}" : ''
26
+ suffix = lic ? " of #{lic}" : ''
27
+ printer.say "The dependency #{dep}#{version_info} no longer has a manual license#{suffix}"
23
28
  end
24
29
  end
25
30
  end
@@ -32,6 +32,8 @@ module LicenseFinder
32
32
  class_option :maven_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false.'
33
33
  class_option :maven_options, desc: 'Maven options to append to command. Defaults to empty.'
34
34
  class_option :npm_options, desc: 'npm options to append to command. Defaults to empty.'
35
+ class_option :yarn_options, desc: 'yarn options to append to command. Defaults to empty.'
36
+ class_option :pnpm_options, desc: 'pnpm options to append to command. Defaults to empty.'
35
37
  class_option :pip_requirements_path, desc: 'Path to python requirements file. Defaults to requirements.txt.'
36
38
  class_option :python_version, desc: 'Python version to invoke pip with. Valid versions: 2 or 3. Default: 2'
37
39
  class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
@@ -152,7 +154,7 @@ module LicenseFinder
152
154
  shared_options
153
155
  format_option
154
156
  method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
155
- method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
157
+ method_option :save, desc: "Save report to a file. Default: 'license_report' in project root.", lazy_default: 'license_report'
156
158
 
157
159
  def report
158
160
  finder = LicenseAggregator.new(config, aggregate_paths)
@@ -97,6 +97,14 @@ module LicenseFinder
97
97
  get(:npm_options)
98
98
  end
99
99
 
100
+ def yarn_options
101
+ get(:yarn_options)
102
+ end
103
+
104
+ def pnpm_options
105
+ get(:pnpm_options)
106
+ end
107
+
100
108
  def pip_requirements_path
101
109
  get(:pip_requirements_path)
102
110
  end
@@ -101,6 +101,8 @@ module LicenseFinder
101
101
  maven_include_groups: config.maven_include_groups,
102
102
  maven_options: config.maven_options,
103
103
  npm_options: config.npm_options,
104
+ yarn_options: config.yarn_options,
105
+ pnpm_options: config.pnpm_options,
104
106
  pip_requirements_path: config.pip_requirements_path,
105
107
  python_version: config.python_version,
106
108
  rebar_command: config.rebar_command,
@@ -44,7 +44,7 @@ module LicenseFinder
44
44
  end
45
45
 
46
46
  def with_decided_licenses(package)
47
- decisions.licenses_of(package.name).each do |license|
47
+ decisions.licenses_of(package.name, package.version).each do |license|
48
48
  package.decide_on_license license
49
49
  end
50
50
  package
@@ -2,6 +2,7 @@
2
2
 
3
3
  require 'open-uri'
4
4
  require 'license_finder/license'
5
+ require 'license_finder/manual_licenses'
5
6
 
6
7
  module LicenseFinder
7
8
  class Decisions
@@ -11,8 +12,8 @@ module LicenseFinder
11
12
 
12
13
  attr_reader :packages, :permitted, :restricted, :ignored, :ignored_groups, :project_name, :inherited_decisions
13
14
 
14
- def licenses_of(name)
15
- @licenses[name]
15
+ def licenses_of(name, version = nil)
16
+ @manual_licenses.licenses_of(name, version)
16
17
  end
17
18
 
18
19
  def homepage_of(name)
@@ -76,7 +77,7 @@ module LicenseFinder
76
77
  def initialize
77
78
  @decisions = []
78
79
  @packages = Set.new
79
- @licenses = Hash.new { |h, k| h[k] = Set.new }
80
+ @manual_licenses = ManualLicenses.new
80
81
  @homepages = {}
81
82
  @approvals = {}
82
83
  @permitted = Set.new
@@ -100,13 +101,29 @@ module LicenseFinder
100
101
 
101
102
  def license(name, lic, txn = {})
102
103
  add_decision [:license, name, lic, txn]
103
- @licenses[name] << License.find_by_name(lic)
104
+
105
+ versions = txn[:versions]
106
+
107
+ if versions.nil? || versions.empty?
108
+ @manual_licenses.assign_to_all_versions(name, lic)
109
+ else
110
+ @manual_licenses.assign_to_specific_versions(name, lic, versions)
111
+ end
112
+
104
113
  self
105
114
  end
106
115
 
107
116
  def unlicense(name, lic, txn = {})
108
117
  add_decision [:unlicense, name, lic, txn]
109
- @licenses[name].delete(License.find_by_name(lic))
118
+
119
+ versions = txn[:versions]
120
+
121
+ if versions.nil? || versions.empty?
122
+ @manual_licenses.unassign_from_all_versions(name, lic)
123
+ else
124
+ @manual_licenses.unassign_from_specific_versions(name, lic, versions)
125
+ end
126
+
110
127
  self
111
128
  end
112
129
 
@@ -235,9 +252,10 @@ module LicenseFinder
235
252
  end
236
253
 
237
254
  def restore_inheritance(decisions)
255
+ previous_value = @inherited
238
256
  @inherited = true
239
257
  self.class.restore(decisions, self)
240
- @inherited = false
258
+ @inherited = previous_value
241
259
  self
242
260
  end
243
261
 
@@ -265,7 +265,9 @@ module LicenseFinder
265
265
  'BSD 3',
266
266
  'BSD-3',
267
267
  '3-clause BSD',
268
+ '3-Clause BSD License',
268
269
  'BSD-3-Clause',
270
+ 'BSD 3-Clause',
269
271
  'BSD 3-Clause License',
270
272
  'The 3-Clause BSD License',
271
273
  'BSD 3-clause New License',
@@ -168,5 +168,3 @@
168
168
  defend, and hold each Contributor harmless for any liability
169
169
  incurred by, or claims asserted against, such Contributor by reason
170
170
  of your accepting any such warranty or additional liability.
171
-
172
- END OF TERMS AND CONDITIONS
@@ -0,0 +1,79 @@
1
+ # frozen_string_literal: true
2
+
3
+ module LicenseFinder
4
+ class ManualLicenses
5
+ def initialize
6
+ @all_versions = {}
7
+ @specific_versions = {}
8
+ end
9
+
10
+ def licenses_of(name, version = nil)
11
+ return @all_versions[name] if @all_versions[name]
12
+
13
+ if version && @specific_versions[name] && @specific_versions[name][version]
14
+ @specific_versions[name][version]
15
+ else
16
+ Set.new
17
+ end
18
+ end
19
+
20
+ def assign_to_all_versions(name, lic)
21
+ # Ex: licenses add foo_gem MIT => Adds MIT at "all" versions for this gem
22
+
23
+ @all_versions[name] ||= Set.new
24
+ @all_versions[name] << to_license(lic)
25
+
26
+ @specific_versions.delete(name)
27
+ end
28
+
29
+ def assign_to_specific_versions(name, lic, versions)
30
+ # Ex: licenses add foo_gem MIT --version=1.0 => Adds MIT at only 1.0 for this gem
31
+
32
+ @specific_versions[name] ||= {}
33
+ versions.each do |version|
34
+ @specific_versions[name][version] ||= Set.new
35
+ @specific_versions[name][version] << to_license(lic)
36
+ end
37
+
38
+ @all_versions.delete(name)
39
+ end
40
+
41
+ def unassign_from_all_versions(name, lic = nil)
42
+ if lic
43
+ # Ex: licenses remove foo_gem MIT => Removes MIT at all versions for this gem
44
+ @all_versions[name]&.delete(to_license(lic))
45
+
46
+ @specific_versions[name]&.each do |_version, licenses|
47
+ licenses.delete(to_license(lic))
48
+ end
49
+ else
50
+ # Ex: licenses remove foo_gem => Removes all licenses for all versions of the gem
51
+ @all_versions.delete(name)
52
+ @specific_versions.delete(name)
53
+ end
54
+ end
55
+
56
+ def unassign_from_specific_versions(name, lic, versions)
57
+ return unless @specific_versions[name]
58
+
59
+ versions.each do |version|
60
+ if @specific_versions[name][version]
61
+ if lic
62
+ # Ex: licenses remove foo_gem MIT --version=1.0 => Removes MIT at only 1.0 for this gem
63
+ @specific_versions[name][version].delete(to_license(lic))
64
+ @specific_versions[name].delete(version) if @specific_versions[name][version].empty?
65
+ else
66
+ # Ex: licenses remove foo_gem --version=1.0 => Removes all licenses at only 1.0 for the gem
67
+ @specific_versions[name].delete(version)
68
+ end
69
+ end
70
+ end
71
+ end
72
+
73
+ private
74
+
75
+ def to_license(lic)
76
+ License.find_by_name(lic)
77
+ end
78
+ end
79
+ end
@@ -187,6 +187,7 @@ require 'license_finder/packages/merged_package'
187
187
  require 'license_finder/packages/nuget_package'
188
188
  require 'license_finder/packages/conan_package'
189
189
  require 'license_finder/packages/yarn_package'
190
+ require 'license_finder/packages/pnpm_package'
190
191
  require 'license_finder/packages/sbt_package'
191
192
  require 'license_finder/packages/cargo_package'
192
193
  require 'license_finder/packages/composer_package'
@@ -158,6 +158,7 @@ require 'license_finder/package_managers/go_modules'
158
158
  require 'license_finder/package_managers/trash'
159
159
  require 'license_finder/package_managers/bundler'
160
160
  require 'license_finder/package_managers/npm'
161
+ require 'license_finder/package_managers/pnpm'
161
162
  require 'license_finder/package_managers/yarn'
162
163
  require 'license_finder/package_managers/pip'
163
164
  require 'license_finder/package_managers/pipenv'
@@ -42,9 +42,13 @@ module LicenseFinder
42
42
  end
43
43
 
44
44
  def read_license_urls
45
- possible_spec_paths.flat_map do |path|
45
+ raw_licenses = possible_spec_paths.flat_map do |path|
46
46
  Nuget.nuspec_license_urls(File.read(path)) if File.exist? path
47
47
  end.compact
48
+
49
+ raw_licenses&.map! do |license|
50
+ license.gsub('https://licenses.nuget.org/', '')
51
+ end
48
52
  end
49
53
 
50
54
  def ==(other)
@@ -61,7 +65,6 @@ module LicenseFinder
61
65
  package_metadatas = asset_files
62
66
  .flat_map { |path| AssetFile.new(path).dependencies }
63
67
  .uniq { |d| [d.name, d.version] }
64
-
65
68
  package_metadatas.map do |d|
66
69
  path = Dir.glob("#{Dir.home}/.nuget/packages/#{d.name.downcase}/#{d.version}").first
67
70
  NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls, install_path: path)
@@ -51,6 +51,10 @@ module LicenseFinder
51
51
  def current_packages
52
52
  dependencies.each_with_object({}) do |dep, memo|
53
53
  licenses = license_urls(dep)
54
+ licenses&.map! do |license|
55
+ license.gsub('https://licenses.nuget.org/', '')
56
+ end
57
+
54
58
  path = Dir.glob("#{Dir.home}/.nuget/packages/#{dep.name.downcase}/#{dep.version}").first
55
59
 
56
60
  memo[dep.name] ||= NugetPackage.new(dep.name, dep.version, spec_licenses: licenses, install_path: path)
@@ -60,6 +64,7 @@ module LicenseFinder
60
64
 
61
65
  def license_urls(dep)
62
66
  files = Dir["**/#{dep.name}.#{dep.version}.nupkg"]
67
+
63
68
  return nil if files.empty?
64
69
 
65
70
  file = files.first
@@ -0,0 +1,120 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+ require 'tempfile'
5
+
6
+ module LicenseFinder
7
+ class PNPM < PackageManager
8
+ def initialize(options = {})
9
+ super
10
+ @pnpm_options = options[:pnpm_options]
11
+ end
12
+
13
+ SHELL_COMMAND = 'pnpm licenses list --json --long'
14
+
15
+ def possible_package_paths
16
+ [project_path.join('pnpm-lock.yaml')]
17
+ end
18
+
19
+ def self.takes_priority_over
20
+ NPM
21
+ end
22
+
23
+ def current_packages
24
+ # check if the minimum version of PNPM is met
25
+ raise 'The minimum PNPM version is not met, requires 7.17.0 or later' unless supported_pnpm?
26
+
27
+ # check if the project directory has workspace file
28
+ cmd = PNPM::SHELL_COMMAND.to_s
29
+ cmd += ' --no-color'
30
+ cmd += ' --recursive' unless project_has_workspaces == false
31
+ cmd += " --dir #{project_path}" unless project_path.nil?
32
+ cmd += " #{@pnpm_options}" unless @pnpm_options.nil?
33
+
34
+ stdout, stderr, status = Cmd.run(cmd)
35
+ raise "Command '#{cmd}' failed to execute: #{stderr}" unless status.success?
36
+
37
+ json_objects = JSON.parse(stdout)
38
+ get_pnpm_packages(json_objects)
39
+ end
40
+
41
+ def get_pnpm_packages(json_objects)
42
+ packages = []
43
+ incompatible_packages = []
44
+
45
+ json_objects.map do |_, value|
46
+ value.each do |pkg|
47
+ name = pkg['name']
48
+ version = pkg['version']
49
+ license = pkg['license']
50
+ homepage = pkg['vendorUrl']
51
+ author = pkg['vendorName']
52
+ module_path = pkg['path']
53
+
54
+ package = PNPMPackage.new(
55
+ name,
56
+ version,
57
+ spec_licenses: [license],
58
+ homepage: homepage,
59
+ authors: author,
60
+ install_path: module_path
61
+ )
62
+ packages << package
63
+ end
64
+ end
65
+
66
+ packages + incompatible_packages.uniq
67
+ end
68
+
69
+ def package_management_command
70
+ 'pnpm'
71
+ end
72
+
73
+ def prepare_command
74
+ 'pnpm install --no-lockfile --ignore-scripts'
75
+ end
76
+
77
+ def prepare
78
+ prep_cmd = "#{prepare_command}#{production_flag}"
79
+ _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
80
+
81
+ return if status.success?
82
+
83
+ log_errors stderr
84
+ raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
85
+ end
86
+
87
+ private
88
+
89
+ def project_has_workspaces
90
+ Dir.chdir(project_path) do
91
+ return File.file?('pnpm-workspace.yaml')
92
+ end
93
+ end
94
+
95
+ # PNPM introduced the licenses command in 7.17.0
96
+ def supported_pnpm?
97
+ Dir.chdir(project_path) do
98
+ version_string, stderr_str, status = Cmd.run('pnpm --version')
99
+ raise "Command 'pnpm -v' failed to execute: #{stderr_str}" unless status.success?
100
+
101
+ version = version_string.split('.').map(&:to_i)
102
+ major = version[0]
103
+ minor = version[1]
104
+ patch = version[1]
105
+
106
+ return true if major > 7
107
+ return true if major == 7 && minor > 17
108
+ return true if major == 7 && minor == 17 && patch >= 0
109
+
110
+ return false
111
+ end
112
+ end
113
+
114
+ def production_flag
115
+ return '' if @ignored_groups.nil?
116
+
117
+ @ignored_groups.include?('devDependencies') ? ' --prod' : ''
118
+ end
119
+ end
120
+ end
@@ -2,7 +2,12 @@
2
2
 
3
3
  module LicenseFinder
4
4
  class Yarn < PackageManager
5
- SHELL_COMMAND = 'yarn licenses list --json'
5
+ def initialize(options = {})
6
+ super
7
+ @yarn_options = options[:yarn_options]
8
+ end
9
+
10
+ SHELL_COMMAND = 'yarn licenses list --recursive --json'
6
11
 
7
12
  def possible_package_paths
8
13
  [project_path.join('yarn.lock')]
@@ -14,31 +19,20 @@ module LicenseFinder
14
19
  if yarn_version == 1
15
20
  cmd += ' --no-progress'
16
21
  cmd += " --cwd #{project_path}" unless project_path.nil?
22
+ cmd += " #{@yarn_options}" unless @yarn_options.nil?
17
23
  end
18
24
 
19
25
  stdout, stderr, status = Cmd.run(cmd)
20
26
  raise "Command '#{cmd}' failed to execute: #{stderr}" unless status.success?
21
27
 
22
- packages = []
23
- incompatible_packages = []
24
-
25
28
  json_strings = stdout.encode('ASCII', invalid: :replace, undef: :replace, replace: '?').split("\n")
26
29
  json_objects = json_strings.map { |json_object| JSON.parse(json_object) }
27
30
 
28
- if json_objects.last['type'] == 'table'
29
- license_json = json_objects.pop['data']
30
- packages = packages_from_json(license_json)
31
- end
32
-
33
- json_objects.each do |json_object|
34
- match = /(?<name>[\w,\-]+)@(?<version>(\d+\.?)+)/ =~ json_object['data'].to_s
35
- if match
36
- package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
37
- incompatible_packages.push(package)
38
- end
31
+ if yarn_version == 1
32
+ get_yarn1_packages(json_objects)
33
+ else
34
+ get_yarn_packages(json_objects)
39
35
  end
40
-
41
- packages + incompatible_packages.uniq
42
36
  end
43
37
 
44
38
  def prepare
@@ -94,6 +88,61 @@ module LicenseFinder
94
88
  end
95
89
  end
96
90
 
91
+ def get_yarn_packages(json_objects)
92
+ packages = []
93
+ incompatible_packages = []
94
+ json_objects.each do |json_object|
95
+ license = json_object['value']
96
+ body = json_object['children']
97
+
98
+ body.each do |package_name, vendor_info|
99
+ valid_match = %r{(?<name>[@,\w,\-,/,.]+)@(?<manager>\D*):\D*(?<version>(\d+\.?)+)} =~ package_name.to_s
100
+ valid_match = %r{(?<name>[@,\w,\-,/,.]+)@virtual:.+#(\D*):\D*(?<version>(\d+\.?)+)} =~ package_name.to_s if manager.eql?('virtual')
101
+
102
+ if valid_match
103
+ homepage = vendor_info['children']['vendorUrl']
104
+ author = vendor_info['children']['vendorName']
105
+ package = YarnPackage.new(
106
+ name,
107
+ version,
108
+ spec_licenses: [license],
109
+ homepage: homepage,
110
+ authors: author,
111
+ install_path: project_path.join(modules_folder, name)
112
+ )
113
+ packages << package
114
+ end
115
+ incompatible_match = /(?<name>[\w,\-]+)@[a-z]*:(?<version>(\.))/ =~ package_name.to_s
116
+
117
+ if incompatible_match
118
+ package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
119
+ incompatible_packages.push(package)
120
+ end
121
+ end
122
+ end
123
+
124
+ packages + incompatible_packages.uniq
125
+ end
126
+
127
+ def get_yarn1_packages(json_objects)
128
+ packages = []
129
+ incompatible_packages = []
130
+ if json_objects.last['type'] == 'table'
131
+ license_json = json_objects.pop['data']
132
+ packages = packages_from_json(license_json)
133
+ end
134
+
135
+ json_objects.each do |json_object|
136
+ match = /(?<name>[\w,\-]+)@(?<version>(\d+\.?)+)/ =~ json_object['data'].to_s
137
+ if match
138
+ package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
139
+ incompatible_packages.push(package)
140
+ end
141
+ end
142
+
143
+ packages + incompatible_packages.uniq
144
+ end
145
+
97
146
  def packages_from_json(json_data)
98
147
  body = json_data['body']
99
148
  head = json_data['head']
@@ -25,7 +25,9 @@ module LicenseFinder
25
25
  def definition(name, version)
26
26
  response = request("https://pypi.org/pypi/#{name}/#{version}/json")
27
27
  response.is_a?(Net::HTTPSuccess) ? JSON.parse(response.body).fetch('info', {}) : {}
28
- rescue *CONNECTION_ERRORS
28
+ rescue *CONNECTION_ERRORS => e
29
+ raise e, "Unable to read package from pypi.org #{name} #{version}: #{e}" unless @prepare_no_fail
30
+
29
31
  {}
30
32
  end
31
33
 
@@ -72,11 +72,32 @@ module LicenseFinder
72
72
  @identifier.version,
73
73
  description: npm_json['description'],
74
74
  homepage: npm_json['homepage'],
75
+ authors: author_names,
75
76
  spec_licenses: Package.license_names_from_standard_spec(npm_json),
76
77
  install_path: npm_json['path'],
77
78
  children: @dependencies.map(&:name))
78
79
  end
79
80
 
81
+ def author_names
82
+ names = []
83
+ names.push(author_name(@json['author'])) unless @json['author'].nil?
84
+ names += @json['contributors'].map { |c| author_name(c) } if @json['contributors'].is_a?(Array)
85
+ names.join(', ')
86
+ end
87
+
88
+ def author_name(author)
89
+ if author.instance_of?(String)
90
+ author_name_from_combined(author)
91
+ else
92
+ author['name']
93
+ end
94
+ end
95
+
96
+ def author_name_from_combined(author)
97
+ matches = author.match /^(.*?)\s*(<.*?>)?\s*(\(.*?\))?\s*$/
98
+ matches[1]
99
+ end
100
+
80
101
  def ==(other)
81
102
  other.is_a?(NpmPackage) && @identifier == other.identifier
82
103
  end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ module LicenseFinder
4
+ class PNPMPackage < Package
5
+ def package_manager
6
+ 'PNPM'
7
+ end
8
+
9
+ def package_url
10
+ "https://www.npmjs.com/package/#{CGI.escape(name)}/v/#{CGI.escape(version)}"
11
+ end
12
+ end
13
+ end
@@ -4,7 +4,7 @@ module LicenseFinder
4
4
  class CsvReport < Report
5
5
  COMMA_SEP = ','.freeze
6
6
  NEWLINE_SEP = '\@NL'.freeze
7
- AVAILABLE_COLUMNS = %w[name version authors licenses license_links approved summary description homepage install_path package_manager groups texts notice].freeze
7
+ AVAILABLE_COLUMNS = %w[name version authors licenses license_links approved summary description homepage install_path package_manager groups texts notice approved_by approved_reason].freeze
8
8
  MISSING_DEPENDENCY_TEXT = 'This package is not installed. Please install to determine licenses.'.freeze
9
9
 
10
10
  def initialize(dependencies, options)
@@ -95,5 +95,14 @@ module LicenseFinder
95
95
  dep.groups.join(self.class::COMMA_SEP)
96
96
  end
97
97
  end
98
+
99
+ def format_approved_by(dep)
100
+ dep.approved_manually? ? dep.manual_approval.who : ''
101
+ end
102
+
103
+ def format_approved_reason(dep)
104
+ dep.approved_manually? ? dep.manual_approval.why : ''
105
+ end
106
+
98
107
  end
99
108
  end
@@ -3,7 +3,7 @@
3
3
  module LicenseFinder
4
4
  class Scanner
5
5
  PACKAGE_MANAGERS = [
6
- GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
6
+ GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, PNPM, Pip,
7
7
  Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv,
8
8
  Conda, Spm, Pub
9
9
  ].freeze
@@ -50,11 +50,11 @@ Gem::Specification.new do |s|
50
50
  s.add_dependency 'with_env', '1.1.0'
51
51
  s.add_dependency 'xml-simple', '~> 1.1.9'
52
52
 
53
- s.add_development_dependency 'addressable', '2.8.0'
53
+ s.add_development_dependency 'addressable', '2.8.1'
54
54
  s.add_development_dependency 'capybara', '~> 3.32.2'
55
55
  s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM.match?(/darwin/)
56
56
  s.add_development_dependency 'e2mmap', '~> 0.1.0'
57
- s.add_development_dependency 'fakefs', '~> 1.4.1'
57
+ s.add_development_dependency 'fakefs', '~> 1.8.0'
58
58
  s.add_development_dependency 'matrix', '~> 0.1.0'
59
59
  s.add_development_dependency 'mime-types', '3.4.1'
60
60
  s.add_development_dependency 'pry', '~> 0.14.1'
@@ -66,8 +66,8 @@ Gem::Specification.new do |s|
66
66
  s.add_development_dependency 'webmock', '~> 3.14'
67
67
 
68
68
  s.add_development_dependency 'nokogiri', '~>1.10'
69
- s.add_development_dependency 'rack', '~> 2.2.3'
70
- s.add_development_dependency 'rack-test', '~> 1.1.0', '> 0.7'
69
+ s.add_development_dependency 'rack', '~> 3.0.0'
70
+ s.add_development_dependency 'rack-test', '> 0.7', '~> 2.0.2'
71
71
 
72
72
  s.files = `git ls-files`.split("\n").reject { |f| f.start_with?('spec', 'features') }
73
73
  s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_finder
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.1
4
+ version: 7.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Collins
@@ -27,7 +27,7 @@ authors:
27
27
  autorequire:
28
28
  bindir: bin
29
29
  cert_chain: []
30
- date: 2022-03-18 00:00:00.000000000 Z
30
+ date: 2022-11-28 00:00:00.000000000 Z
31
31
  dependencies:
32
32
  - !ruby/object:Gem::Dependency
33
33
  name: bundler
@@ -131,14 +131,14 @@ dependencies:
131
131
  requirements:
132
132
  - - '='
133
133
  - !ruby/object:Gem::Version
134
- version: 2.8.0
134
+ version: 2.8.1
135
135
  type: :development
136
136
  prerelease: false
137
137
  version_requirements: !ruby/object:Gem::Requirement
138
138
  requirements:
139
139
  - - '='
140
140
  - !ruby/object:Gem::Version
141
- version: 2.8.0
141
+ version: 2.8.1
142
142
  - !ruby/object:Gem::Dependency
143
143
  name: capybara
144
144
  requirement: !ruby/object:Gem::Requirement
@@ -173,14 +173,14 @@ dependencies:
173
173
  requirements:
174
174
  - - "~>"
175
175
  - !ruby/object:Gem::Version
176
- version: 1.4.1
176
+ version: 1.8.0
177
177
  type: :development
178
178
  prerelease: false
179
179
  version_requirements: !ruby/object:Gem::Requirement
180
180
  requirements:
181
181
  - - "~>"
182
182
  - !ruby/object:Gem::Version
183
- version: 1.4.1
183
+ version: 1.8.0
184
184
  - !ruby/object:Gem::Dependency
185
185
  name: matrix
186
186
  requirement: !ruby/object:Gem::Requirement
@@ -327,34 +327,34 @@ dependencies:
327
327
  requirements:
328
328
  - - "~>"
329
329
  - !ruby/object:Gem::Version
330
- version: 2.2.3
330
+ version: 3.0.0
331
331
  type: :development
332
332
  prerelease: false
333
333
  version_requirements: !ruby/object:Gem::Requirement
334
334
  requirements:
335
335
  - - "~>"
336
336
  - !ruby/object:Gem::Version
337
- version: 2.2.3
337
+ version: 3.0.0
338
338
  - !ruby/object:Gem::Dependency
339
339
  name: rack-test
340
340
  requirement: !ruby/object:Gem::Requirement
341
341
  requirements:
342
- - - "~>"
343
- - !ruby/object:Gem::Version
344
- version: 1.1.0
345
342
  - - ">"
346
343
  - !ruby/object:Gem::Version
347
344
  version: '0.7'
345
+ - - "~>"
346
+ - !ruby/object:Gem::Version
347
+ version: 2.0.2
348
348
  type: :development
349
349
  prerelease: false
350
350
  version_requirements: !ruby/object:Gem::Requirement
351
351
  requirements:
352
- - - "~>"
353
- - !ruby/object:Gem::Version
354
- version: 1.1.0
355
352
  - - ">"
356
353
  - !ruby/object:Gem::Version
357
354
  version: '0.7'
355
+ - - "~>"
356
+ - !ruby/object:Gem::Version
357
+ version: 2.0.2
358
358
  description: |2
359
359
  LicenseFinder works with your package managers to find
360
360
  dependencies, detect the licenses of the packages in them, compare
@@ -371,6 +371,7 @@ files:
371
371
  - ".force-build"
372
372
  - ".github/dependabot.yml"
373
373
  - ".gitignore"
374
+ - ".pre-commit-hooks.yaml"
374
375
  - ".rspec"
375
376
  - ".rubocop.yml"
376
377
  - CHANGELOG.md
@@ -457,6 +458,7 @@ files:
457
458
  - lib/license_finder/license/text.rb
458
459
  - lib/license_finder/license_aggregator.rb
459
460
  - lib/license_finder/logger.rb
461
+ - lib/license_finder/manual_licenses.rb
460
462
  - lib/license_finder/package.rb
461
463
  - lib/license_finder/package_delta.rb
462
464
  - lib/license_finder/package_manager.rb
@@ -485,6 +487,7 @@ files:
485
487
  - lib/license_finder/package_managers/nuget.rb
486
488
  - lib/license_finder/package_managers/pip.rb
487
489
  - lib/license_finder/package_managers/pipenv.rb
490
+ - lib/license_finder/package_managers/pnpm.rb
488
491
  - lib/license_finder/package_managers/pub.rb
489
492
  - lib/license_finder/package_managers/rebar.rb
490
493
  - lib/license_finder/package_managers/sbt.rb
@@ -519,6 +522,7 @@ files:
519
522
  - lib/license_finder/packages/npm_package.rb
520
523
  - lib/license_finder/packages/nuget_package.rb
521
524
  - lib/license_finder/packages/pip_package.rb
525
+ - lib/license_finder/packages/pnpm_package.rb
522
526
  - lib/license_finder/packages/pubspec_package.rb
523
527
  - lib/license_finder/packages/rebar_package.rb
524
528
  - lib/license_finder/packages/sbt_package.rb
@@ -569,7 +573,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
569
573
  - !ruby/object:Gem::Version
570
574
  version: '0'
571
575
  requirements: []
572
- rubygems_version: 3.3.9
576
+ rubygems_version: 3.3.26
573
577
  signing_key:
574
578
  specification_version: 4
575
579
  summary: Audit the OSS licenses of your application's dependencies.