licensed 2.15.2 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13bec80f1d0dba11fc88692fe346f3dd1f2961ba79f21eb23d7c20e8e40df01b
-  data.tar.gz: bd4794c594cbe624ce18d0c3483d0ad05c3d37734b11eb376778a2f48fffd81a
+  metadata.gz: 26f8098aaee2e88489ccdebc2a4a37a6da75bc2bb7c1179a94eb9c62bd6428ea
+  data.tar.gz: f2bcc523cc918a383559164e953c3453f4b456f71ce4ea6edf6ff207adeae99e
 SHA512:
-  metadata.gz: cb096d054153724f25b5dc7871131a6eb2b1a7d86360f40654af2f1f41ec62ae829e470d49818a8e943ee8d8d5b533e6407f3dc3dffe272a29c40ca7b0a03b75
-  data.tar.gz: a302d4ab4db6da100c861020527dedf4d1249f0edfbc31ffea9cef1137063e30cf51ca737f59cf90c100301748f14b84edfae61ee634d665f8fa008715257117
+  metadata.gz: 5d31ba213998214f387fb053b1038c6010bfffc42babb0dcf502062a6effced42404a09f1d22741d60ab92a9723c64c6af5a0333f1576f1970c9a5adcc89f2cf
+  data.tar.gz: b06150a91ba3d2b0364f1c4a8347fa55b1ebd4ecbf97524e267f613dfc9138a8ced44a308fc80d25238147d1a237cead91dc8e9ccb29cd0736195d977d0aa516

data/CHANGELOG.md

@@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 3.0.0
+
+2021-04-27
+
+**This is a major release and includes potentially breaking changes to bundler dependency enumeration.**
+
+### Changed
+
+- The bundler source will return an error when run from an executable.  Please install licensed as a gem to continue using the bundler source.  Please see the [v3 migration document](./docs/migrations/v3.md) for full details and migration strategies.
+
 ## 2.15.2
 
 2021-04-06
@@ -411,4 +421,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.15.2...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.0.0...HEAD

data/README.md

@@ -12,12 +12,24 @@ Licensed is **not** a complete open source license compliance solution. Please u
 
 Licensed is in active development and currently used at GitHub.  See the [open issues](https://github.com/github/licensed/issues) for a list of potential work.
 
+## Licensed v3
+
+Licensed v3 includes a breaking change if both of the following are true:
+
+1. a project uses bundler to manage ruby dependencies
+2. a project uses the self-contained executable build of licensed
+
+All other usages of licensed should not encounter any major changes migrating from the latest 2.x build to 3.0.  
+
+See [CHANGELOG.md](./CHANGELOG.md) for more details on what's changed.
+See the [v3 migration documentation](./docs/migrations/v3.md) for more info on migrating to v3.
+
 ## Licensed v2
 
 Licensed v2 includes many internal changes intended to make licensed more extensible and easier to update in the future.  While not too much has changed externally, v2 is incompatible with configuration files and cached records from previous versions.  Fortunately, migrating is easy using the `licensed migrate` command.
 
 See [CHANGELOG.md](./CHANGELOG.md) for more details on what's changed.
-See the [migration documentation](./docs/migrating_to_newer_versions.md) for more info on migrating to v2, or run `licensed help migrate`.
+See the [v2 migration documentation](./docs/migrations/v2.md) for more info on migrating to v2, or run `licensed help migrate`.
 
 ## Installation
 
@@ -82,7 +94,6 @@ The [bundler-licensed plugin](https://github.com/sergey-alekseev/bundler-license
 The [licensed-ci](https://github.com/marketplace/actions/licensed-ci) GitHub Action runs `licensed` as part of an opinionated CI workflow and can be configured to run on any GitHub Action event.  See the linked actions for usage and details.
 
 The [setup-licensed](https://github.com/marketplace/actions/setup-github-licensed) GitHub Action installs `licensed` to the workflow environment.  See the linked actions for usage and details.
-   - This action is intended for projects that don't have a ruby installation setup.  If your workflow has ruby setup please install `licensed` via `Gemfile` + `bundle install` or with `gem install`.
 
 ### Configuration
 

data/docs/{migrating_to_newer_versions.md → migrations/v2.md}

@@ -1,3 +1,3 @@
-# Migrating your licensed configuration and cached records to the latest version of licensed
+# Migrating your licensed configuration and cached records to licensed v2
 
 Licensed v2+ ships with an additional executable, `licensed-migrator`, that can be used to update your licensed files to the format expected by the currently installed version.  To run, execute `licensed migrate --from v1 -c <path to licensed configuration file>`, replacing `v1` with the major version of licensed to migrate from.

data/docs/migrations/v3.md

@@ -0,0 +1,109 @@
+# Breaking changes to bundler dependency enumeration in v3
+
+**NOTE** If you are migrating from a version earlier than v2, please first [migrate to v2](./v2.md) before continuing.
+
+Licensed v3 includes a breaking change to bundler dependency enumeration when using the executable form of licensed.  Bundler dependency enumeration will no longer work with the licensed executable as of 3.0.0.
+
+**If your project does not use bundler, or if you already install the licensed gem, you are not affected by this breaking change.**
+
+## Migrating bundler enumeration for v3
+
+When using licensed v3 with bundler dependencies, licensed must be installed from its [gem](https://rubygems.org/gems/licensed).  This can be accomplished with `gem install`, or by adding licensed to a bundler gem file.
+
+### Usage in a GitHub Actions workflow
+
+Using licensed to enumerate bundler dependencies in a GitHub Actions workflow will require ruby to be available in the actions VM environment.  Ruby can be setup in an actions workflow using [ruby/setup-ruby](https://github.com/ruby/setup-ruby)(preferred) or [actions/setup-ruby](https://github.com/actions/setup-ruby)(deprecated).
+
+If you are using licensed in a GitHub Actions workflow, [jonabc/setup-licensed](https://github.com/jonabc/setup-licensed) has been updated according to this breaking change.  `setup-licensed` will install the licensed gem when ruby is available, or the licensed executable when ruby is not available.  Alternatively, you can `gem install` licensed directly as an actions step.
+
+This is an example workflow definition that runs [jonabc/licensed-ci](https://github.com/jonabc/licensed-ci)'s opinionated license compliance workflow in CI.  It includes jobs that demonstrate installing licensed using 
+- `gem install`
+- [jonabc/setup-licensed](https://github.com/jonabc/setup-licensed)
+- installing when included in a bundler gem file
+
+```yml
+name: Cache and verify dependency license metadata
+
+on:
+  # run when PRs are opened, reopened or updated
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+  # run on demand
+  workflow_dispatch:
+
+jobs:
+  # install licensed with setup-licensed
+  licensed-ci-setup-licensed:
+    runs-on: ubuntu-latest
+
+    steps:
+      # checkout the repo
+      - uses: actions/checkout@v1
+      
+      # install ruby
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.0"
+
+      # install licensed gem using setup-licensed
+      - uses: jonabc/setup-licensed@v1
+        with:
+          version: '3.x'
+
+      # install dependencies in CI environment
+      - run: bundle install
+
+      # run licensed-ci to cache any metadata changes and verify compliance
+      - uses: jonabc/licensed-ci@v1
+
+  # OR 
+  
+  # install licensed using gem install
+  licensed-ci-gem:
+    runs-on: ubuntu-latest
+
+    steps:
+      # checkout the repo
+      - uses: actions/checkout@v1
+      
+      # install ruby and bundler
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.0"
+
+      # install licensed gem using setup-licensed
+      - run: gem install licensed -v '~> 3.0'
+
+      # install dependencies in CI environment
+      - run: bundle install
+
+      # run licensed-ci to cache any metadata changes and verify compliance
+      - uses: jonabc/licensed-ci@v1
+
+  # OR
+
+  # install licensed as part of bundle installation
+  licensed-ci-bundle:
+    runs-on: ubuntu-latest
+
+    steps:
+      # checkout the repo
+      - uses: actions/checkout@v1
+      
+      # install ruby and bundler
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.0"
+
+      # install licensed and other dependencies in CI environment
+      - run: bundle install
+
+      # run licensed-ci to cache any metadata changes and verify compliance
+      - uses: jonabc/licensed-ci@v1
+        with:
+          command: 'bundle exec licensed' # run licensed within the bundler context
+```

data/docs/sources/bundler.md

@@ -2,17 +2,7 @@
 
 The bundler source will detect dependencies `Gemfile` and `Gemfile.lock` files are found at an apps `source_path`.  The source uses the `Bundler` API to enumerate dependencies from `Gemfile` and `Gemfile.lock`.
 
-### Enumerating bundler dependencies when using the licensed executable
-
-**Note** this content only applies to running licensed from an executable.  It does not apply when using licensed as a gem.
-
-_It is required that the ruby runtime is available when running the licensed executable._
-
-The licensed executable contains and runs a version of ruby.  When using the Bundler APIs, a mismatch between the version of ruby built into the licensed executable and the version of licensed used during `bundle install` can occur.  This mismatch can lead to licensed raising errors due to not finding dependencies.
-
-For example, if `bundle install` was run with ruby 2.5.0 then the bundler specification path would be `<bundle path>/ruby/2.5.0/specifications`.  However, if the licensed executable contains ruby 2.4.0, then licensed will be looking for specifications at `<bundle path>/ruby/2.4.0/specifications`.  That path may not exist, or it may contain invalid or stale content.
-
-To prevent confusion, licensed uses the local ruby runtime to determine the ruby version for local gems during `bundle install`.  If bundler is also available, then the ruby command will be run from a `bundle exec` context.
+**Note** The bundler source cannot be used when running the [packaged licensed executable](../packaging.md)
 
 ### Excluding gem groups
 

data/lib/licensed/cli.rb

@@ -74,11 +74,14 @@ module Licensed
     method_option :from, aliases: "-f", type: :string, required: true,
       desc: "Licensed version to migrate from - #{Licensed.previous_major_versions.map { |major| "v#{major}" }.join(", ")}"
     def migrate
+      shell = Thor::Base.shell.new
       case options["from"]
       when "v1"
         Licensed::Migrations::V2.migrate(options["config"])
+      when "v2"
+        shell.say "No configuration or cached file migration needed."
+        shell.say "Please see the documentation at https://github.com/github/licensed/tree/master/docs/migrations/v3.md for details."
       else
-        shell = Thor::Base.shell.new
         shell.say "Unrecognized option from=#{options["from"]}", :red
         CLI.command_help(shell, "migrate")
         exit 1

data/lib/licensed/sources/bundler.rb

@@ -2,56 +2,19 @@
 require "delegate"
 begin
   require "bundler"
+  require "licensed/sources/bundler/missing_specification"
 rescue LoadError
 end
 
 module Licensed
   module Sources
     class Bundler < Source
-      class MissingSpecification < Gem::BasicSpecification
-        attr_reader :name, :requirement
-        alias_method :version, :requirement
-        def initialize(name:, requirement:)
-          @name = name
-          @requirement = requirement
-        end
-
-        def dependencies
-          []
-        end
-
-        def source
-          nil
-        end
-
-        def platform; end
-        def gem_dir; end
-        def gems_dir
-          Gem.dir
-        end
-        def summary; end
-        def homepage; end
-
-        def error
-          "could not find #{name} (#{requirement}) in any sources"
-        end
-      end
-
-      class BundlerSpecification < ::SimpleDelegator
-        def gem_dir
-          dir = super
-          return dir if File.exist?(dir)
-
-          File.join(Gem.dir, "gems", full_name)
-        end
-      end
-
       class Dependency < Licensed::Dependency
         attr_reader :loaded_from
 
-        def initialize(name:, version:, path:, loaded_from:, errors: [], metadata: {})
+        def initialize(name:, version:, path:, loaded_from:, search_root:, errors: [], metadata: {})
           @loaded_from = loaded_from
-          super name: name, version: version, path: path, errors: errors, metadata: metadata
+          super name: name, version: version, path: path, errors: errors, metadata: metadata, search_root: search_root
         end
 
         # Load a package manager file from the base Licensee::Projects::FsProject
@@ -76,6 +39,7 @@ module Licensed
 
       GEMFILES = { "Gemfile" => "Gemfile.lock", "gems.rb" => "gems.locked" }
       DEFAULT_WITHOUT_GROUPS = %i{development test}
+      RUBY_PACKER_ERROR = "The bundler source cannot be used from the executable built with ruby-packer.  Please install licensed using `gem install` or using bundler."
 
       def enabled?
         # running a ruby-packer-built licensed exe when ruby isn't available
@@ -85,14 +49,20 @@ module Licensed
       end
 
       def enumerate_dependencies
+        raise Licensed::Sources::Source::Error.new(RUBY_PACKER_ERROR) if ruby_packer?
+
         with_local_configuration do
           specs.map do |spec|
+            next if spec.name == "bundler" && !include_bundler?
+            next if spec.name == config["name"]
+
             error = spec.error if spec.respond_to?(:error)
             Dependency.new(
               name: spec.name,
               version: spec.version.to_s,
               path: spec.gem_dir,
               loaded_from: spec.loaded_from,
+              search_root: spec_root(spec),
               errors: Array(error),
               metadata: {
                 "type"     => Bundler.type,
@@ -106,137 +76,31 @@ module Licensed
 
       # Returns an array of Gem::Specifications for all gem dependencies
       def specs
-        # get the specifications for all dependencies in a Gemfile
-        root_dependencies = definition.dependencies.select { |d| include?(d, nil) }
-        root_specs = specs_for_dependencies(root_dependencies, nil).compact
-
-        # recursively find the remaining specifications
-        all_specs = recursive_specs(root_specs)
-
-        # delete any specifications loaded from a gemspec
-        all_specs.delete_if { |s| s.source.is_a?(::Bundler::Source::Gemspec) }
-      end
-
-      # Recursively finds the dependencies for Gem specifications.
-      # Returns a `Set` containing the package names for all dependencies
-      def recursive_specs(specs, results = Set.new)
-        return [] if specs.nil? || specs.empty?
-
-        new_specs = Set.new(specs) - results.to_a
-        return [] if new_specs.empty?
-
-        results.merge new_specs
-
-        dependency_specs = new_specs.flat_map { |s| specs_for_dependencies(s.dependencies, s.source) }
-
-        return results if dependency_specs.empty?
-
-        results.merge recursive_specs(dependency_specs, results)
-      end
-
-      # Returns the specs for dependencies that pass the checks in `include?`.
-      # Returns a `MissingSpecification` if a gem specification isn't found.
-      def specs_for_dependencies(dependencies, source)
-        included_dependencies = dependencies.select { |d| include?(d, source) }
-        included_dependencies.map do |dep|
-          gem_spec(dep) || MissingSpecification.new(name: dep.name, requirement: dep.requirement)
-        end
-      end
-
-      # Returns a Gem::Specification for the provided gem argument.
-      def gem_spec(dependency)
-        return unless dependency
-
-        # find a specifiction from the resolved ::Bundler::Definition specs
-        spec = definition.resolve.find { |s| s.satisfies?(dependency) }
-
-        # a nil spec should be rare, generally only seen from bundler
-        return matching_spec(dependency) || bundle_exec_gem_spec(dependency.name, dependency.requirement) if spec.nil?
-
-        # try to find a non-lazy specification that matches `spec`
-        # spec.source.specs gives access to specifications with more
-        # information than spec itself, including platform-specific gems.
-        # these objects should have all the information needed to detect license metadata
-        source_spec = spec.source.specs.find { |s| s.name == spec.name && s.version == spec.version }
-        return source_spec if source_spec
-
-        # look for a specification at the bundler specs path
-        spec_path = ::Bundler.specs_path.join("#{spec.full_name}.gemspec")
-        return Gem::Specification.load(spec_path.to_s) if File.exist?(spec_path.to_s)
-
-        # if the specification file doesn't exist, get the specification using
-        # the bundler and gem CLI
-        bundle_exec_gem_spec(dependency.name, dependency.requirement)
+        @specs ||= definition.specs_for(groups)
       end
 
-      # Returns whether a dependency should be included in the final
-      def include?(dependency, source)
-        # ::Bundler::Dependency has an extra `should_include?`
-        return false unless dependency.should_include? if dependency.respond_to?(:should_include?)
-
-        # Don't return gems added from `add_development_dependency` in a gemspec
-        # if the :development group is excluded
-        gemspec_source = source.is_a?(::Bundler::Source::Gemspec)
-        return false if dependency.type == :development && (!gemspec_source || exclude_development_dependencies?)
-
-        # Gem::Dependency don't have groups - in our usage these objects always
-        # come as child-dependencies and are never directly from a Gemfile.
-        # We assume that all Gem::Dependencies are ok at this point
-        return true if dependency.groups.nil?
-
-        # check if the dependency is in any groups we're interested in
-        (dependency.groups & groups).any?
-      end
-
-      # Returns whether development dependencies should be excluded
-      def exclude_development_dependencies?
-        @include_development ||= begin
-          # check whether the development dependency group is explicitly removed
-          # or added via bundler and licensed configurations
-          groups = [:development] - Array(::Bundler.settings[:without]) + Array(::Bundler.settings[:with]) - exclude_groups
-          !groups.include?(:development)
+      # Returns whether to include bundler as a listed dependency of the project
+      def include_bundler?
+        @include_bundler ||= begin
+          # include if bundler is listed as a direct dependency that should be included
+          requested_dependencies = definition.dependencies.select { |d| (d.groups & groups).any? && d.should_include? }
+          return true if requested_dependencies.any? { |d| d.name == "bundler" }
+          # include if bundler is an indirect dependency
+          return true if specs.flat_map(&:dependencies).any? { |d| d.name == "bundler" }
+          false
         end
       end
 
-      # Load a gem specification from the YAML returned from `gem specification`
-      # This is a last resort when licensed can't obtain a specification from other means
-      def bundle_exec_gem_spec(name, requirement)
-        # `gem` must be available to run `gem specification`
-        return unless Licensed::Shell.tool_available?("gem")
-
-        # use `gem specification` with a clean ENV and clean Gem.dir paths
-        # to get gem specification at the right directory
-        begin
-          ::Bundler.with_original_env do
-            ::Bundler.rubygems.clear_paths
-            yaml = Licensed::Shell.execute(*ruby_command_args("gem", "specification", name, "-v", requirement.to_s))
-            spec = Gem::Specification.from_yaml(yaml)
-            # this is horrible, but it will cache the gem_dir using the clean env
-            # so that it can be used outside of this block when running from
-            # the ruby packer executable environment
-            spec.gem_dir if ruby_packer?
-            spec
-          end
-        rescue Licensed::Shell::Error
-          # return nil
-        ensure
-          ::Bundler.configure
-        end
-      end
+      # Returns a search root for a specification, one of:
+      # - the local bundler gem location
+      # - the system rubygems install gem location
+      # - nil
+      def spec_root(spec)
+        return if spec.gem_dir.nil?
+        root = [Gem.default_dir, Gem.dir].find { |dir| spec.gem_dir.start_with?(dir) }
+        return unless root
 
-      # Loads a dependency specification using rubygems' built-in
-      # `Dependency#matching_specs` and `Dependency#to_spec`, from the original
-      # gem environment
-      def matching_spec(dependency)
-        begin
-          ::Bundler.with_original_env do
-            ::Bundler.rubygems.clear_paths
-            return unless dependency.matching_specs(true).any?
-            BundlerSpecification.new(dependency.to_spec)
-          end
-        ensure
-          ::Bundler.configure
-        end
+        "#{root}/gems/#{spec.full_name}"
       end
 
       # Build the bundler definition
@@ -283,23 +147,6 @@ module Licensed
         @lockfile_path ||= gemfile_path.dirname.join(GEMFILES[gemfile_path.basename.to_s])
       end
 
-      # Returns the configured bundler executable to use, or "bundle" by default.
-      def bundler_exe
-        @bundler_exe ||= begin
-          exe = config.dig("bundler", "bundler_exe")
-          return "bundle" unless exe
-          return exe if Licensed::Shell.tool_available?(exe)
-          config.root.join(exe)
-        end
-      end
-
-      # Determines if the configured bundler executable is available and returns
-      # shell command args with or without `bundle exec` depending on availability.
-      def ruby_command_args(*args)
-        return Array(args) unless Licensed::Shell.tool_available?(bundler_exe)
-        [bundler_exe, "exec", *args]
-      end
-
       private
 
       # helper to clear all bundler environment around a yielded block
@@ -307,18 +154,8 @@ module Licensed
         # force bundler to use the local gem file
         original_bundle_gemfile, ENV["BUNDLE_GEMFILE"] = ENV["BUNDLE_GEMFILE"], gemfile_path.to_s
 
-        if ruby_packer?
-          # if running under ruby-packer, set environment from host
-
-          # hack: setting this ENV var allows licensed to use Gem paths outside
-          # of the ruby-packer filesystem.  this is needed to find spec sources
-          # from the host filesystem
-          ENV["ENCLOSE_IO_RUBYC_1ST_PASS"] = "1"
-          ruby_version = Gem::ConfigMap[:ruby_version]
-          # set the ruby version in Gem::ConfigMap to the ruby version from the host.
-          # this helps Bundler find the correct spec sources and paths
-          Gem::ConfigMap[:ruby_version] = host_ruby_version
-        end
+        # silence any bundler warnings while running licensed
+        bundler_ui, ::Bundler.ui = ::Bundler.ui, ::Bundler::UI::Silent.new
 
         # reset all bundler configuration
         ::Bundler.reset!
@@ -327,15 +164,10 @@ module Licensed
 
         yield
       ensure
-        if ruby_packer?
-          # if running under ruby-packer, restore environment after block is finished
-          ENV.delete("ENCLOSE_IO_RUBYC_1ST_PASS")
-          Gem::ConfigMap[:ruby_version] = ruby_version
-        end
-
         ENV["BUNDLE_GEMFILE"] = original_bundle_gemfile
+        ::Bundler.ui = bundler_ui
+
         # restore bundler configuration
-        ::Bundler.reset!
         ::Bundler.configure
       end
 
@@ -343,11 +175,6 @@ module Licensed
       def ruby_packer?
         @ruby_packer ||= RbConfig::TOPDIR =~ /__enclose_io_memfs__/
       end
-
-      # Returns the ruby version found in the bundler environment
-      def host_ruby_version
-        Licensed::Shell.execute(*ruby_command_args("ruby", "-e", "puts Gem::ConfigMap[:ruby_version]"))
-      end
     end
   end
 end

data/lib/licensed/sources/bundler/missing_specification.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "bundler/match_platform"
+
+# Bundler normally raises a "GemNotFound" error when a specification
+# can't be materialized which halts bundler dependency enumeration.
+
+# This monkey patch instead creates MissingSpecification objects to
+# identify missing specs without raising errors and halting enumeration.
+# It was the most minimal-touch solution I could think of that should reliably
+# work across many bundler versions
+
+module Licensed
+  module Bundler
+    class MissingSpecification < Gem::BasicSpecification
+      include ::Bundler::MatchPlatform
+
+      attr_reader :name, :version, :platform, :source
+      def initialize(name:, version:, platform:, source:)
+        @name = name
+        @version = version
+        @platform = platform
+        @source = source
+      end
+
+      def dependencies
+        []
+      end
+
+      def gem_dir; end
+      def gems_dir
+        Gem.dir
+      end
+      def summary; end
+      def homepage; end
+
+      def error
+        "could not find #{name} (#{version}) in any sources"
+      end
+    end
+  end
+end
+
+module Bundler
+  class LazySpecification
+    alias_method :orig_materialize, :__materialize__
+    def __materialize__
+      spec = orig_materialize
+      return spec if spec
+
+      Licensed::Bundler:: MissingSpecification.new(name: name, version: version, platform: platform, source: source)
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.15.2".freeze
+  VERSION = "3.0.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.15.2
+  version: 3.0.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-06 00:00:00.000000000 Z
+date: 2021-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -243,7 +243,8 @@ files:
 - docs/adding_a_new_source.md
 - docs/commands.md
 - docs/configuration.md
-- docs/migrating_to_newer_versions.md
+- docs/migrations/v2.md
+- docs/migrations/v3.md
 - docs/packaging.md
 - docs/reporters.md
 - docs/sources/bower.md
@@ -290,6 +291,7 @@ files:
 - lib/licensed/sources.rb
 - lib/licensed/sources/bower.rb
 - lib/licensed/sources/bundler.rb
+- lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
 - lib/licensed/sources/composer.rb
 - lib/licensed/sources/dep.rb