licensed 3.4.2 → 3.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +25 -1
- data/docs/configuration/customizing_licensee.md +13 -0
- data/docs/configuration.md +1 -1
- data/docs/sources/npm.md +1 -1
- data/docs/sources/pip.md +1 -1
- data/lib/licensed/commands/cache.rb +28 -0
- data/lib/licensed/sources/npm.rb +16 -2
- data/lib/licensed/sources/pip.rb +4 -1
- data/lib/licensed/version.rb +1 -1
- data/licensed.gemspec +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d2fafd3b11ba6f63760979021e1628aa1d4ae0e0cd5b0b413b06c6163a1b64fd
|
|
4
|
+
data.tar.gz: d5fe530e59e0091b44f0ae08403f72707f6dc4db391a6d7e39e4b620c01b1da9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a2b691823b7cbc692fb155bc672772fea156932a3d7d38111634927a0babf427343f992eded7d219041575e64e698a9821fdf1e9e12390f8e29a2c95a42e340a
|
|
7
|
+
data.tar.gz: 61872b213231ead8c7ce5d209af8332964e8562e8809dbbf7c3e5fd95b84cfffcc7b9c4391f0e81d6e094325293bbe61520458d4cc1233072f4b0c41b04cd165
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,30 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 3.5.0
|
|
10
|
+
|
|
11
|
+
2022-02-24
|
|
12
|
+
|
|
13
|
+
### Added
|
|
14
|
+
|
|
15
|
+
- [Licensee](https://github.com/licensee/licensee) confidence thresholds can be configured in the licensed configuration file (https://github.com/github/licensed/pull/455)
|
|
16
|
+
|
|
17
|
+
## 3.4.4
|
|
18
|
+
|
|
19
|
+
2022-02-07
|
|
20
|
+
|
|
21
|
+
### Fixed
|
|
22
|
+
|
|
23
|
+
- The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (https://github.com/github/licensed/pull/450)
|
|
24
|
+
|
|
25
|
+
## 3.4.3
|
|
26
|
+
|
|
27
|
+
2022-01-31
|
|
28
|
+
|
|
29
|
+
### Added
|
|
30
|
+
|
|
31
|
+
- The npm source handles more cases of missing, optional, peer dependencies (https://github.com/github/licensed/pull/443)
|
|
32
|
+
|
|
9
33
|
## 3.4.2
|
|
10
34
|
|
|
11
35
|
2022-01-17
|
|
@@ -555,4 +579,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
555
579
|
|
|
556
580
|
Initial release :tada:
|
|
557
581
|
|
|
558
|
-
[Unreleased]: https://github.com/github/licensed/compare/3.4.
|
|
582
|
+
[Unreleased]: https://github.com/github/licensed/compare/3.4.4...HEAD
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Customize Licensee's behavior
|
|
2
|
+
|
|
3
|
+
Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and evaluate OSS licenses for project dependencies found during source enumeration. Licensed can optionally [customize Licensee's behavior](https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#customizing-licensees-behavior) based on options set in the configuration file.
|
|
4
|
+
|
|
5
|
+
**NOTE** Matching licenses based on package manager metadata and README references is always enabled and cannot currently be configured.
|
|
6
|
+
|
|
7
|
+
```yml
|
|
8
|
+
licensee:
|
|
9
|
+
# the confidence threshold is an integer between 1 and 100. the value represents
|
|
10
|
+
# the minimum percentage confidence that Licensee must have to report a matched license
|
|
11
|
+
# https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#adjusting-the-confidence-threshold
|
|
12
|
+
confidence_threshold: 90 # default value: 98
|
|
13
|
+
```
|
data/docs/configuration.md
CHANGED
|
@@ -4,7 +4,7 @@ A configuration file specifies the details of enumerating and operating on licen
|
|
|
4
4
|
|
|
5
5
|
Configuration can be specified in either YML or JSON formats, with examples given in YML. The example
|
|
6
6
|
below describes common configuration values and their purposes. See [configuration options documentation](./configuration)
|
|
7
|
-
for in depth information.
|
|
7
|
+
for in depth information.
|
|
8
8
|
|
|
9
9
|
Additionally, some dependency sources have their own specific configuration options. See the [source documentation](./sources) for details.
|
|
10
10
|
|
data/docs/sources/npm.md
CHANGED
|
@@ -4,7 +4,7 @@ The npm source will detect dependencies `package.json` is found at an apps `sour
|
|
|
4
4
|
|
|
5
5
|
### Including development dependencies
|
|
6
6
|
|
|
7
|
-
By default, the npm source will exclude all
|
|
7
|
+
By default, the npm source will exclude all development dependencies. To include development or test dependencies, set `production_only: false` in the licensed configuration.
|
|
8
8
|
|
|
9
9
|
```yml
|
|
10
10
|
npm:
|
data/docs/sources/pip.md
CHANGED
|
@@ -29,6 +29,18 @@ module Licensed
|
|
|
29
29
|
files.clear
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
# Run the command for an application configurations.
|
|
33
|
+
# Applies a licensee configuration for the duration of the operation.
|
|
34
|
+
#
|
|
35
|
+
# report - A Licensed::Report object for this command
|
|
36
|
+
#
|
|
37
|
+
# Returns whether the command succeeded
|
|
38
|
+
def run_app(app, report)
|
|
39
|
+
with_licensee_configuration(app, report) do
|
|
40
|
+
super
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
32
44
|
# Run the command for all enumerated dependencies found in a dependency source,
|
|
33
45
|
# recording results in a report.
|
|
34
46
|
# Enumerating dependencies in the source is skipped if a :sources option
|
|
@@ -136,6 +148,22 @@ module Licensed
|
|
|
136
148
|
def files
|
|
137
149
|
@files ||= Set.new
|
|
138
150
|
end
|
|
151
|
+
|
|
152
|
+
# Configure licensee for the duration of a yielded operation
|
|
153
|
+
def with_licensee_configuration(app, report)
|
|
154
|
+
licensee_configuration = app["licensee"]
|
|
155
|
+
return yield unless licensee_configuration
|
|
156
|
+
|
|
157
|
+
report["licensee"] = licensee_configuration
|
|
158
|
+
|
|
159
|
+
if new_threshold = licensee_configuration["confidence_threshold"]
|
|
160
|
+
old_threshold, Licensee.confidence_threshold = Licensee.confidence_threshold, new_threshold
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
yield
|
|
164
|
+
ensure
|
|
165
|
+
Licensee.confidence_threshold = old_threshold if old_threshold
|
|
166
|
+
end
|
|
139
167
|
end
|
|
140
168
|
end
|
|
141
169
|
end
|
data/lib/licensed/sources/npm.rb
CHANGED
|
@@ -135,11 +135,25 @@ module Licensed
|
|
|
135
135
|
end
|
|
136
136
|
|
|
137
137
|
def missing_peer?(parent, dependency, name)
|
|
138
|
-
|
|
138
|
+
# return true if dependency is marked as "peerMissing"
|
|
139
|
+
return true if dependency["peerMissing"]
|
|
140
|
+
|
|
141
|
+
# return false unless the parent has registered the dependency
|
|
142
|
+
# as a peer
|
|
143
|
+
return false unless peer_dependency(parent, name)
|
|
144
|
+
# return true if the dependency itself is marked as missing
|
|
145
|
+
return true if dependency["missing"]
|
|
146
|
+
dependency.empty? && parent&.dig("peerDependenciesMeta", name, "optional")
|
|
139
147
|
end
|
|
140
148
|
|
|
141
149
|
def peer_dependency(parent, name)
|
|
142
|
-
parent
|
|
150
|
+
return unless parent.is_a?(Hash)
|
|
151
|
+
|
|
152
|
+
peerDependencies = parent["peerDependencies"]
|
|
153
|
+
# "peerDependencies" could be set to the string "[Circular]"
|
|
154
|
+
return unless peerDependencies.is_a?(Hash)
|
|
155
|
+
|
|
156
|
+
peerDependencies[name]
|
|
143
157
|
end
|
|
144
158
|
|
|
145
159
|
def extract_version(parent, name)
|
data/lib/licensed/sources/pip.rb
CHANGED
|
@@ -63,7 +63,10 @@ module Licensed
|
|
|
63
63
|
def virtual_env_dir
|
|
64
64
|
return @virtual_env_dir if defined?(@virtual_env_dir)
|
|
65
65
|
@virtual_env_dir = begin
|
|
66
|
-
|
|
66
|
+
python_config = config["python"]
|
|
67
|
+
return unless python_config.is_a?(Hash)
|
|
68
|
+
|
|
69
|
+
venv_dir = python_config["virtual_env_dir"]
|
|
67
70
|
File.expand_path(venv_dir, config.root) if venv_dir
|
|
68
71
|
end
|
|
69
72
|
end
|
data/lib/licensed/version.rb
CHANGED
data/licensed.gemspec
CHANGED
|
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
|
|
24
24
|
spec.required_ruby_version = ">= 2.3.0"
|
|
25
25
|
|
|
26
|
-
spec.add_dependency "licensee", ">= 9.
|
|
26
|
+
spec.add_dependency "licensee", ">= 9.15.2", "< 10.0.0"
|
|
27
27
|
spec.add_dependency "thor", ">= 0.19"
|
|
28
28
|
spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
|
|
29
29
|
spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 9.
|
|
19
|
+
version: 9.15.2
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 10.0.0
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 9.
|
|
29
|
+
version: 9.15.2
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 10.0.0
|
|
@@ -261,6 +261,7 @@ files:
|
|
|
261
261
|
- docs/configuration/application_source.md
|
|
262
262
|
- docs/configuration/configuration_root.md
|
|
263
263
|
- docs/configuration/configuring_multiple_apps.md
|
|
264
|
+
- docs/configuration/customizing_licensee.md
|
|
264
265
|
- docs/configuration/dependency_source_enumerators.md
|
|
265
266
|
- docs/configuration/ignoring_dependencies.md
|
|
266
267
|
- docs/configuration/metadata_cache.md
|