licensed 3.4.2 → 3.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d7cec159ef0a5af9df07ac13ba8f540897d1039436d39d361ad2948f305f857
4
- data.tar.gz: 1e7b7b50ee7715c41e0b5774104039e471be2d749645a38265d3930d51cd81ab
3
+ metadata.gz: d2fafd3b11ba6f63760979021e1628aa1d4ae0e0cd5b0b413b06c6163a1b64fd
4
+ data.tar.gz: d5fe530e59e0091b44f0ae08403f72707f6dc4db391a6d7e39e4b620c01b1da9
5
5
  SHA512:
6
- metadata.gz: 5c32f95d211dece04fea6c8dff48525593a8348d36dea980f0815159922b5b813270d0ac8b4f6425a9cbcf9437cbf145693f18411b733c917f56ef1b495cca77
7
- data.tar.gz: '095b85ceea926a975b18b8001bebca68343dba8550ed2533ccc7eb3860424f707b0756cc121e8c6ad2fc7715c734232f43175513e5005a5c6f535551c3831f6f'
6
+ metadata.gz: a2b691823b7cbc692fb155bc672772fea156932a3d7d38111634927a0babf427343f992eded7d219041575e64e698a9821fdf1e9e12390f8e29a2c95a42e340a
7
+ data.tar.gz: 61872b213231ead8c7ce5d209af8332964e8562e8809dbbf7c3e5fd95b84cfffcc7b9c4391f0e81d6e094325293bbe61520458d4cc1233072f4b0c41b04cd165
data/CHANGELOG.md CHANGED
@@ -6,6 +6,30 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 3.5.0
10
+
11
+ 2022-02-24
12
+
13
+ ### Added
14
+
15
+ - [Licensee](https://github.com/licensee/licensee) confidence thresholds can be configured in the licensed configuration file (https://github.com/github/licensed/pull/455)
16
+
17
+ ## 3.4.4
18
+
19
+ 2022-02-07
20
+
21
+ ### Fixed
22
+
23
+ - The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (https://github.com/github/licensed/pull/450)
24
+
25
+ ## 3.4.3
26
+
27
+ 2022-01-31
28
+
29
+ ### Added
30
+
31
+ - The npm source handles more cases of missing, optional, peer dependencies (https://github.com/github/licensed/pull/443)
32
+
9
33
  ## 3.4.2
10
34
 
11
35
  2022-01-17
@@ -555,4 +579,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
555
579
 
556
580
  Initial release :tada:
557
581
 
558
- [Unreleased]: https://github.com/github/licensed/compare/3.4.2...HEAD
582
+ [Unreleased]: https://github.com/github/licensed/compare/3.4.4...HEAD
@@ -0,0 +1,13 @@
1
+ # Customize Licensee's behavior
2
+
3
+ Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and evaluate OSS licenses for project dependencies found during source enumeration. Licensed can optionally [customize Licensee's behavior](https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#customizing-licensees-behavior) based on options set in the configuration file.
4
+
5
+ **NOTE** Matching licenses based on package manager metadata and README references is always enabled and cannot currently be configured.
6
+
7
+ ```yml
8
+ licensee:
9
+ # the confidence threshold is an integer between 1 and 100. the value represents
10
+ # the minimum percentage confidence that Licensee must have to report a matched license
11
+ # https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#adjusting-the-confidence-threshold
12
+ confidence_threshold: 90 # default value: 98
13
+ ```
@@ -4,7 +4,7 @@ A configuration file specifies the details of enumerating and operating on licen
4
4
 
5
5
  Configuration can be specified in either YML or JSON formats, with examples given in YML. The example
6
6
  below describes common configuration values and their purposes. See [configuration options documentation](./configuration)
7
- for in depth information.
7
+ for in depth information.
8
8
 
9
9
  Additionally, some dependency sources have their own specific configuration options. See the [source documentation](./sources) for details.
10
10
 
data/docs/sources/npm.md CHANGED
@@ -4,7 +4,7 @@ The npm source will detect dependencies `package.json` is found at an apps `sour
4
4
 
5
5
  ### Including development dependencies
6
6
 
7
- By default, the npm source will exclude all non-development dependencies. To include development or test dependencies, set `production_only: false` in the licensed configuration.
7
+ By default, the npm source will exclude all development dependencies. To include development or test dependencies, set `production_only: false` in the licensed configuration.
8
8
 
9
9
  ```yml
10
10
  npm:
data/docs/sources/pip.md CHANGED
@@ -20,5 +20,5 @@ You have to add this setting to your licensed configuration file.
20
20
  An example usage of this might look like:
21
21
  ```yaml
22
22
  python:
23
- virtual_env_dir:"/path/to/your/venv_dir"
23
+ virtual_env_dir: "/path/to/your/venv_dir"
24
24
  ```
@@ -29,6 +29,18 @@ module Licensed
29
29
  files.clear
30
30
  end
31
31
 
32
+ # Run the command for an application configurations.
33
+ # Applies a licensee configuration for the duration of the operation.
34
+ #
35
+ # report - A Licensed::Report object for this command
36
+ #
37
+ # Returns whether the command succeeded
38
+ def run_app(app, report)
39
+ with_licensee_configuration(app, report) do
40
+ super
41
+ end
42
+ end
43
+
32
44
  # Run the command for all enumerated dependencies found in a dependency source,
33
45
  # recording results in a report.
34
46
  # Enumerating dependencies in the source is skipped if a :sources option
@@ -136,6 +148,22 @@ module Licensed
136
148
  def files
137
149
  @files ||= Set.new
138
150
  end
151
+
152
+ # Configure licensee for the duration of a yielded operation
153
+ def with_licensee_configuration(app, report)
154
+ licensee_configuration = app["licensee"]
155
+ return yield unless licensee_configuration
156
+
157
+ report["licensee"] = licensee_configuration
158
+
159
+ if new_threshold = licensee_configuration["confidence_threshold"]
160
+ old_threshold, Licensee.confidence_threshold = Licensee.confidence_threshold, new_threshold
161
+ end
162
+
163
+ yield
164
+ ensure
165
+ Licensee.confidence_threshold = old_threshold if old_threshold
166
+ end
139
167
  end
140
168
  end
141
169
  end
@@ -135,11 +135,25 @@ module Licensed
135
135
  end
136
136
 
137
137
  def missing_peer?(parent, dependency, name)
138
- dependency["peerMissing"] || (dependency["missing"] && peer_dependency(parent, name))
138
+ # return true if dependency is marked as "peerMissing"
139
+ return true if dependency["peerMissing"]
140
+
141
+ # return false unless the parent has registered the dependency
142
+ # as a peer
143
+ return false unless peer_dependency(parent, name)
144
+ # return true if the dependency itself is marked as missing
145
+ return true if dependency["missing"]
146
+ dependency.empty? && parent&.dig("peerDependenciesMeta", name, "optional")
139
147
  end
140
148
 
141
149
  def peer_dependency(parent, name)
142
- parent&.dig("peerDependencies", name)
150
+ return unless parent.is_a?(Hash)
151
+
152
+ peerDependencies = parent["peerDependencies"]
153
+ # "peerDependencies" could be set to the string "[Circular]"
154
+ return unless peerDependencies.is_a?(Hash)
155
+
156
+ peerDependencies[name]
143
157
  end
144
158
 
145
159
  def extract_version(parent, name)
@@ -63,7 +63,10 @@ module Licensed
63
63
  def virtual_env_dir
64
64
  return @virtual_env_dir if defined?(@virtual_env_dir)
65
65
  @virtual_env_dir = begin
66
- venv_dir = config.dig("python", "virtual_env_dir")
66
+ python_config = config["python"]
67
+ return unless python_config.is_a?(Hash)
68
+
69
+ venv_dir = python_config["virtual_env_dir"]
67
70
  File.expand_path(venv_dir, config.root) if venv_dir
68
71
  end
69
72
  end
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "3.4.2".freeze
3
+ VERSION = "3.5.0".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
data/licensed.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
23
23
 
24
24
  spec.required_ruby_version = ">= 2.3.0"
25
25
 
26
- spec.add_dependency "licensee", ">= 9.14.0", "< 10.0.0"
26
+ spec.add_dependency "licensee", ">= 9.15.2", "< 10.0.0"
27
27
  spec.add_dependency "thor", ">= 0.19"
28
28
  spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
29
29
  spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.2
4
+ version: 3.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-01-17 00:00:00.000000000 Z
11
+ date: 2022-02-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 9.14.0
19
+ version: 9.15.2
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: 10.0.0
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- version: 9.14.0
29
+ version: 9.15.2
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: 10.0.0
@@ -261,6 +261,7 @@ files:
261
261
  - docs/configuration/application_source.md
262
262
  - docs/configuration/configuration_root.md
263
263
  - docs/configuration/configuring_multiple_apps.md
264
+ - docs/configuration/customizing_licensee.md
264
265
  - docs/configuration/dependency_source_enumerators.md
265
266
  - docs/configuration/ignoring_dependencies.md
266
267
  - docs/configuration/metadata_cache.md