licensed 3.4.2 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +25 -1
- data/docs/configuration/customizing_licensee.md +13 -0
- data/docs/configuration.md +1 -1
- data/docs/sources/npm.md +1 -1
- data/docs/sources/pip.md +1 -1
- data/lib/licensed/commands/cache.rb +28 -0
- data/lib/licensed/sources/npm.rb +16 -2
- data/lib/licensed/sources/pip.rb +4 -1
- data/lib/licensed/version.rb +1 -1
- data/licensed.gemspec +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d2fafd3b11ba6f63760979021e1628aa1d4ae0e0cd5b0b413b06c6163a1b64fd
|
|
4
|
+
data.tar.gz: d5fe530e59e0091b44f0ae08403f72707f6dc4db391a6d7e39e4b620c01b1da9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a2b691823b7cbc692fb155bc672772fea156932a3d7d38111634927a0babf427343f992eded7d219041575e64e698a9821fdf1e9e12390f8e29a2c95a42e340a
|
|
7
|
+
data.tar.gz: 61872b213231ead8c7ce5d209af8332964e8562e8809dbbf7c3e5fd95b84cfffcc7b9c4391f0e81d6e094325293bbe61520458d4cc1233072f4b0c41b04cd165
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,30 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 3.5.0
|
|
10
|
+
|
|
11
|
+
2022-02-24
|
|
12
|
+
|
|
13
|
+
### Added
|
|
14
|
+
|
|
15
|
+
- [Licensee](https://github.com/licensee/licensee) confidence thresholds can be configured in the licensed configuration file (https://github.com/github/licensed/pull/455)
|
|
16
|
+
|
|
17
|
+
## 3.4.4
|
|
18
|
+
|
|
19
|
+
2022-02-07
|
|
20
|
+
|
|
21
|
+
### Fixed
|
|
22
|
+
|
|
23
|
+
- The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (https://github.com/github/licensed/pull/450)
|
|
24
|
+
|
|
25
|
+
## 3.4.3
|
|
26
|
+
|
|
27
|
+
2022-01-31
|
|
28
|
+
|
|
29
|
+
### Added
|
|
30
|
+
|
|
31
|
+
- The npm source handles more cases of missing, optional, peer dependencies (https://github.com/github/licensed/pull/443)
|
|
32
|
+
|
|
9
33
|
## 3.4.2
|
|
10
34
|
|
|
11
35
|
2022-01-17
|
|
@@ -555,4 +579,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
555
579
|
|
|
556
580
|
Initial release :tada:
|
|
557
581
|
|
|
558
|
-
[Unreleased]: https://github.com/github/licensed/compare/3.4.
|
|
582
|
+
[Unreleased]: https://github.com/github/licensed/compare/3.4.4...HEAD
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Customize Licensee's behavior
|
|
2
|
+
|
|
3
|
+
Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and evaluate OSS licenses for project dependencies found during source enumeration. Licensed can optionally [customize Licensee's behavior](https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#customizing-licensees-behavior) based on options set in the configuration file.
|
|
4
|
+
|
|
5
|
+
**NOTE** Matching licenses based on package manager metadata and README references is always enabled and cannot currently be configured.
|
|
6
|
+
|
|
7
|
+
```yml
|
|
8
|
+
licensee:
|
|
9
|
+
# the confidence threshold is an integer between 1 and 100. the value represents
|
|
10
|
+
# the minimum percentage confidence that Licensee must have to report a matched license
|
|
11
|
+
# https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#adjusting-the-confidence-threshold
|
|
12
|
+
confidence_threshold: 90 # default value: 98
|
|
13
|
+
```
|
data/docs/configuration.md
CHANGED
|
@@ -4,7 +4,7 @@ A configuration file specifies the details of enumerating and operating on licen
|
|
|
4
4
|
|
|
5
5
|
Configuration can be specified in either YML or JSON formats, with examples given in YML. The example
|
|
6
6
|
below describes common configuration values and their purposes. See [configuration options documentation](./configuration)
|
|
7
|
-
for in depth information.
|
|
7
|
+
for in depth information.
|
|
8
8
|
|
|
9
9
|
Additionally, some dependency sources have their own specific configuration options. See the [source documentation](./sources) for details.
|
|
10
10
|
|
data/docs/sources/npm.md
CHANGED
|
@@ -4,7 +4,7 @@ The npm source will detect dependencies `package.json` is found at an apps `sour
|
|
|
4
4
|
|
|
5
5
|
### Including development dependencies
|
|
6
6
|
|
|
7
|
-
By default, the npm source will exclude all
|
|
7
|
+
By default, the npm source will exclude all development dependencies. To include development or test dependencies, set `production_only: false` in the licensed configuration.
|
|
8
8
|
|
|
9
9
|
```yml
|
|
10
10
|
npm:
|
data/docs/sources/pip.md
CHANGED
|
@@ -29,6 +29,18 @@ module Licensed
|
|
|
29
29
|
files.clear
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
# Run the command for an application configurations.
|
|
33
|
+
# Applies a licensee configuration for the duration of the operation.
|
|
34
|
+
#
|
|
35
|
+
# report - A Licensed::Report object for this command
|
|
36
|
+
#
|
|
37
|
+
# Returns whether the command succeeded
|
|
38
|
+
def run_app(app, report)
|
|
39
|
+
with_licensee_configuration(app, report) do
|
|
40
|
+
super
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
32
44
|
# Run the command for all enumerated dependencies found in a dependency source,
|
|
33
45
|
# recording results in a report.
|
|
34
46
|
# Enumerating dependencies in the source is skipped if a :sources option
|
|
@@ -136,6 +148,22 @@ module Licensed
|
|
|
136
148
|
def files
|
|
137
149
|
@files ||= Set.new
|
|
138
150
|
end
|
|
151
|
+
|
|
152
|
+
# Configure licensee for the duration of a yielded operation
|
|
153
|
+
def with_licensee_configuration(app, report)
|
|
154
|
+
licensee_configuration = app["licensee"]
|
|
155
|
+
return yield unless licensee_configuration
|
|
156
|
+
|
|
157
|
+
report["licensee"] = licensee_configuration
|
|
158
|
+
|
|
159
|
+
if new_threshold = licensee_configuration["confidence_threshold"]
|
|
160
|
+
old_threshold, Licensee.confidence_threshold = Licensee.confidence_threshold, new_threshold
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
yield
|
|
164
|
+
ensure
|
|
165
|
+
Licensee.confidence_threshold = old_threshold if old_threshold
|
|
166
|
+
end
|
|
139
167
|
end
|
|
140
168
|
end
|
|
141
169
|
end
|
data/lib/licensed/sources/npm.rb
CHANGED
|
@@ -135,11 +135,25 @@ module Licensed
|
|
|
135
135
|
end
|
|
136
136
|
|
|
137
137
|
def missing_peer?(parent, dependency, name)
|
|
138
|
-
|
|
138
|
+
# return true if dependency is marked as "peerMissing"
|
|
139
|
+
return true if dependency["peerMissing"]
|
|
140
|
+
|
|
141
|
+
# return false unless the parent has registered the dependency
|
|
142
|
+
# as a peer
|
|
143
|
+
return false unless peer_dependency(parent, name)
|
|
144
|
+
# return true if the dependency itself is marked as missing
|
|
145
|
+
return true if dependency["missing"]
|
|
146
|
+
dependency.empty? && parent&.dig("peerDependenciesMeta", name, "optional")
|
|
139
147
|
end
|
|
140
148
|
|
|
141
149
|
def peer_dependency(parent, name)
|
|
142
|
-
parent
|
|
150
|
+
return unless parent.is_a?(Hash)
|
|
151
|
+
|
|
152
|
+
peerDependencies = parent["peerDependencies"]
|
|
153
|
+
# "peerDependencies" could be set to the string "[Circular]"
|
|
154
|
+
return unless peerDependencies.is_a?(Hash)
|
|
155
|
+
|
|
156
|
+
peerDependencies[name]
|
|
143
157
|
end
|
|
144
158
|
|
|
145
159
|
def extract_version(parent, name)
|
data/lib/licensed/sources/pip.rb
CHANGED
|
@@ -63,7 +63,10 @@ module Licensed
|
|
|
63
63
|
def virtual_env_dir
|
|
64
64
|
return @virtual_env_dir if defined?(@virtual_env_dir)
|
|
65
65
|
@virtual_env_dir = begin
|
|
66
|
-
|
|
66
|
+
python_config = config["python"]
|
|
67
|
+
return unless python_config.is_a?(Hash)
|
|
68
|
+
|
|
69
|
+
venv_dir = python_config["virtual_env_dir"]
|
|
67
70
|
File.expand_path(venv_dir, config.root) if venv_dir
|
|
68
71
|
end
|
|
69
72
|
end
|
data/lib/licensed/version.rb
CHANGED
data/licensed.gemspec
CHANGED
|
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
|
|
24
24
|
spec.required_ruby_version = ">= 2.3.0"
|
|
25
25
|
|
|
26
|
-
spec.add_dependency "licensee", ">= 9.
|
|
26
|
+
spec.add_dependency "licensee", ">= 9.15.2", "< 10.0.0"
|
|
27
27
|
spec.add_dependency "thor", ">= 0.19"
|
|
28
28
|
spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
|
|
29
29
|
spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 9.
|
|
19
|
+
version: 9.15.2
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 10.0.0
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 9.
|
|
29
|
+
version: 9.15.2
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 10.0.0
|
|
@@ -261,6 +261,7 @@ files:
|
|
|
261
261
|
- docs/configuration/application_source.md
|
|
262
262
|
- docs/configuration/configuration_root.md
|
|
263
263
|
- docs/configuration/configuring_multiple_apps.md
|
|
264
|
+
- docs/configuration/customizing_licensee.md
|
|
264
265
|
- docs/configuration/dependency_source_enumerators.md
|
|
265
266
|
- docs/configuration/ignoring_dependencies.md
|
|
266
267
|
- docs/configuration/metadata_cache.md
|