RubyGems - license_scout - Versions diffs - 2.5.1 → 2.6.7 - Mend

license_scout 2.5.1 → 2.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/bin/license_scout +1 -1
data/lib/license_scout/cli.rb +3 -3
data/lib/license_scout/collector.rb +1 -1
data/lib/license_scout/config.rb +2 -1
data/lib/license_scout/dependency_manager/base.rb +6 -6
data/lib/license_scout/dependency_manager/habitat.rb +55 -41
data/lib/license_scout/exporter/csv.rb +1 -1
data/lib/license_scout/license.rb +1 -1
data/lib/license_scout/reporter.rb +1 -1
data/lib/license_scout/spdx.rb +3 -3
data/lib/license_scout/version.rb +1 -1
metadata +19 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd43121262b011195253e1d4337bbc5c9a8e16ce86ffc95a0531eef369b35ec6
-  data.tar.gz: e047de55037d1fc5135cec96989b30581e58cb3ee7c641529cd3fe8ce1cbd0df
+  metadata.gz: e4e08ba012a7d50d0031bce489b2862560541ec4ffcf00a643fd5575a47d0d27
+  data.tar.gz: 43fdcfc23877f95d3950256cf9b73837a9c1657c4d1bb8f3a4b96d8bbfc25f2a
 SHA512:
-  metadata.gz: c3a30a65a74f1b83b1f23ce9bd98722ad6e603134508b0392527510f35bad3f811553b544960af7029b434ec87a53feada7313ec1105bf348f784e209de03217
-  data.tar.gz: a53752fd8831112fa724eb8b178be6ef9645db8fa0aff980b04cca14bfc533737b0e87cfadff8cc09b89753ff4e5231fd37619b738326112d0200e9492cb958c
+  metadata.gz: 4678cf04268ea4ece2ac89265a1a28b13ddf58ee5b69d882e55b0e12fb7696c14204b726d4a1e4bfd65363ae122ad55be62319d2529eaeb0751707407e5e0214
+  data.tar.gz: a6f0214ee457b455a011e743e2c00324239ccf46e9036492854058a0c34db18ee16f7a9bbf880715551ecb2b208081538edc64935b4ce81cdc28ecc72eae3f65

data/bin/license_scout CHANGED Viewed

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
-$:.unshift File.expand_path("../../lib", __FILE__)
+$:.unshift File.expand_path("../lib", __dir__)
 require "license_scout"

data/lib/license_scout/cli.rb CHANGED Viewed

@@ -15,9 +15,9 @@
 # limitations under the License.
 #
-require "zlib" # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
+require "zlib" unless defined?(Zlib) # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
-require "mixlib/cli"
+require "mixlib/cli" unless defined?(Mixlib::CLI)
 require "license_scout/config"
 require "license_scout/exporter"
 require "license_scout/collector"
@@ -85,7 +85,7 @@ module LicenseScout
       LicenseScout::Config.config_files.each do |config_file|
         if config_file =~ /^http/
-          require "open-uri"
+          require "open-uri" unless defined?(OpenURI)
           LicenseScout::Log.info("[cli] Loading config from #{config_file}")

data/lib/license_scout/collector.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module LicenseScout
       @dependency_managers ||= LicenseScout::Config.all_directories.map do |dir|
         LicenseScout::DependencyManager.implementations.map do |implementation|
           dep_mgr = implementation.new(File.expand_path(dir))
-          if dep_mgr.detected?
+          if dep_mgr.detected? && !(LicenseScout::Config.exclude_collectors.include? dep_mgr.name)
             LicenseScout::Log.info("[collector] Found #{dep_mgr.signature} in #{dir}")
             dep_mgr
           else

data/lib/license_scout/config.rb CHANGED Viewed

@@ -16,7 +16,7 @@
 #
 require "mixlib/config"
-require "tmpdir"
+require "tmpdir" unless defined?(Dir.mktmpdir)
 require "license_scout/exceptions"
 require "license_scout/log"
@@ -31,6 +31,7 @@ module LicenseScout
     default :include_subdirectories, false
     default :name, File.basename(directories.first)
     default :config_files, [File.join(File.expand_path(Dir.pwd), ".license_scout.yml")]
+    default :exclude_collectors, []
     # Output
     default :log_level, :info

data/lib/license_scout/dependency_manager/base.rb CHANGED Viewed

@@ -20,14 +20,14 @@ require "license_scout/dependency"
 require "license_scout/exceptions"
 require "bundler"
-require "ffi_yajl"
-require "net/http"
-require "mixlib/shellout"
-require "pathname"
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require "net/http" unless defined?(Net::HTTP)
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
+require "pathname" unless defined?(Pathname)
 require "psych"
-require "set"
+require "set" unless defined?(Set)
 require "toml-rb"
-require "yaml"
+require "yaml" unless defined?(YAML)
 module LicenseScout
   # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing

data/lib/license_scout/dependency_manager/habitat.rb CHANGED Viewed

@@ -46,28 +46,38 @@ module LicenseScout
       def dependencies
         tdeps = Set.new(pkg_deps)
-        pkg_deps.each do |pkg_dep|
-          pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
-        end
-        tdeps.sort.map do |tdep|
-          o, n, v, r = tdep.split("/")
-          dep_name = "#{o}/#{n}"
-          dep_version = "#{v}-#{r}"
-          dependency = new_dependency(dep_name, dep_version, nil)
-          license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
-            # We hard code the channel to "unstable" because a package could be
-            # demoted from any given channel except unstable in the future and
-            # we want the url metadata to be stable in order to give end users
-            # the ability to self-audit licenses
-            # tl;dr, we want a permalink not a nowlink
-            dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+        if pkg_deps.any?
+          pkg_deps.each do |pkg_dep|
+            unless pkg_info(pkg_dep).nil?
+              pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
+            end
           end
-          dependency
-        end.compact
+          tdeps.delete(nil)
+          tdeps.sort.map do |tdep|
+            o, n, v, r = tdep.split("/")
+            dep_name = "#{o}/#{n}"
+            dep_version = "#{v}-#{r}"
+            dependency = new_dependency(dep_name, dep_version, nil)
+            if pkg_info(tdep).nil?
+              LicenseScout::Log.warn("Could not find information for #{tdep} -- skipping")
+            else
+              license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
+                # We hard code the channel to "unstable" because a package could be
+                # demoted from any given channel except unstable in the future and
+                # we want the url metadata to be stable in order to give end users
+                # the ability to self-audit licenses
+                # tl;dr, we want a permalink not a nowlink
+                dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+              end
+            end
+            dependency
+          end.compact
+        end
       end
       private
@@ -86,7 +96,9 @@ module LicenseScout
           pkg_deps = c.stdout.split("\s")
           # Fetch the fully-qualified pkg_ident for each pkg
-          pkg_deps.map { |dep| to_ident(pkg_info(dep)["ident"]) }
+          pkg_deps.map do |dep|
+            to_ident(pkg_info(dep)["ident"]) unless pkg_info(dep).nil?
+          end
         end
       end
@@ -100,29 +112,31 @@ module LicenseScout
       end
       def pkg_info_with_channel_fallbacks(pkg_ident)
-        pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
-        pkg_channel = channel_for_origin(pkg_origin)
-        # Channel selection here is similar to the logic that
-        # Habitat uses. First, search in the user-provided channel,
-        # then search in stable, then use unstable IF it is a fully
-        # qualified package
-        info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
-        return info if info
-        if pkg_channel != DEFAULT_CHANNEL
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
-          info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+        unless pkg_ident.nil?
+          pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
+          pkg_channel = channel_for_origin(pkg_origin)
+          # Channel selection here is similar to the logic that
+          # Habitat uses. First, search in the user-provided channel,
+          # then search in stable, then use unstable IF it is a fully
+          # qualified package
+          info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
           return info if info
-        end
-        if !pkg_version.nil? && !pkg_release.nil?
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
-          info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
-          return info if info
-        end
+          if pkg_channel != DEFAULT_CHANNEL
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
+            info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
-        raise LicenseScout::Exceptions::HabitatPackageNotFound.new("Could not find Habitat package #{pkg_ident}")
+          if !pkg_version.nil? && !pkg_release.nil?
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
+            info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
+          LicenseScout::Log.warn("Could not find information for #{pkg_ident} -- skipping")
+        end
       end
       def get_pkg_info(origin, channel, name, version, release)

data/lib/license_scout/exporter/csv.rb CHANGED Viewed

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
-require "csv"
+require "csv" unless defined?(CSV)
 module LicenseScout
   class Exporter

data/lib/license_scout/license.rb CHANGED Viewed

@@ -106,7 +106,7 @@ module LicenseScout
         begin
           LicenseScout::Log.debug("[license] Pulling license content for #{license_id} from #{new_url}")
-          open(new_url).read
+          URI.open(new_url).read
         rescue RuntimeError => e
           if e.message =~ /redirection forbidden/
             m = /redirection forbidden:\s+(.+)\s+->\s+(.+)/.match(e.message)

data/lib/license_scout/reporter.rb CHANGED Viewed

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "terminal-table"
 require "license_scout/exceptions"

data/lib/license_scout/spdx.rb CHANGED Viewed

@@ -17,7 +17,7 @@
 # This library was inspired by (and pulls some logic from) librariesio/spdx
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "fuzzy_match"
 module LicenseScout
@@ -45,12 +45,12 @@ module LicenseScout
       # @return [Hash] The SPDX license data in Hash form
       def licenses
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/licenses.json", __FILE__)))["licenses"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/licenses.json", __dir__)))["licenses"]
       end
       # @return [Hash] The SPDX license data in Hash form
       def exceptions
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/exceptions.json", __FILE__)))["exceptions"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/exceptions.json", __dir__)))["exceptions"]
       end
       def known_ids

data/lib/license_scout/version.rb CHANGED Viewed

@@ -16,5 +16,5 @@
 #
 module LicenseScout
-  VERSION = "2.5.1".freeze
+  VERSION = "2.6.7".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: license_scout
 version: !ruby/object:Gem::Version
-  version: 2.5.1
+  version: 2.6.7
 platform: ruby
 authors:
 - Tom Duffield
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-08 00:00:00.000000000 Z
+date: 2022-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi-yajl
@@ -28,16 +28,22 @@ dependencies:
   name: mixlib-shellout
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: toml-rb
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +78,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: mixlib-cli
   requirement: !ruby/object:Gem::Requirement
@@ -199,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Discovers license files of a project's dependencies.