licensed 3.6.0 → 3.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +24 -1
  3. data/README.md +1 -1
  4. data/lib/licensed/dependency.rb +1 -1
  5. data/lib/licensed/dependency_record.rb +9 -1
  6. data/lib/licensed/sources/pip.rb +21 -11
  7. data/lib/licensed/sources/pipenv.rb +5 -33
  8. data/lib/licensed/sources/source.rb +7 -2
  9. data/lib/licensed/version.rb +1 -1
  10. data/licensed.gemspec +2 -2
  11. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a328b5551bdf77593f4bf97f4a846b7792898b6f749c25f5c5f39e68669f2164
4
- data.tar.gz: ac9b2013cf25d9dab94aadd2122a41bfa2790d741bd9e1588a270cd122dfaddb
3
+ metadata.gz: 31f187eacefe804712d35112ff72bc25e5d4cdd8696ac529327689999de6160e
4
+ data.tar.gz: 6154eb5ff6efebaf727da8b03315dd7eed04b96911c9e43a81569138a39d0497
5
5
  SHA512:
6
- metadata.gz: 846cadb01c2045ea258a785767ebfc8df3cee9d3a05648c93291c94cc21b7e84fb83146476c4afb64f9bc137a530cb84ba523ec41e2c4938396629b5b8901795
7
- data.tar.gz: 4aa7028294894b9f0c1781b558032d80f87669e959e71aa1b635c7a8687f77b4cf11be6431f280cfcbc06ea25f605da061a9af2fb480ea134a4172f989060451
6
+ metadata.gz: e433eac2fa6ae6b394f6919fabb2c7f7b38fe335619cd13d392ce8bd208a9d6be06016789ba563660acf31110548daa2d3ebac306115dc01b3c3bb11d88f21d9
7
+ data.tar.gz: 2fab2eac0cce0339c50d8a7242cd29627ec2bdce027104dfec70c405cc0e3b1e50961ead3a6375d2cbd8476703c8af03dd7957fd0762f6794855caa47c1a2e73
data/CHANGELOG.md CHANGED
@@ -6,6 +6,29 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 3.7.2
10
+
11
+ ### Fixed
12
+
13
+ - Comparing dependency license contents now finds matching contents regardless of the order of the licenses (https://github.com/github/licensed/pull/516)
14
+ - Fixed typo in a link in README.md (https://github.com/github/licensed/pull/514)
15
+
16
+ ### Changed
17
+
18
+ - Elixir testing setup is migrated to erlef/setup-beam (https://github.com/github/licensed/pull/512)
19
+
20
+ ## 3.7.1
21
+
22
+ ### Fixed
23
+
24
+ - Dependencies' legal notice file matching has been made more strict to reduce false positives on code files containing the word `legal` (https://github.com/github/licensed/pull/510)
25
+
26
+ ## 3.7.0
27
+
28
+ ### Changed
29
+
30
+ - Pip and pipenv sources will find dependency licenses under `dist-info/license_files` when available (https://github.com/github/licensed/pull/504)
31
+
9
32
  ## 3.6.0
10
33
 
11
34
  2022-03-17
@@ -597,4 +620,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
597
620
 
598
621
  Initial release :tada:
599
622
 
600
- [Unreleased]: https://github.com/github/licensed/compare/3.6.0...HEAD
623
+ [Unreleased]: https://github.com/github/licensed/compare/3.7.2...HEAD
data/README.md CHANGED
@@ -86,7 +86,7 @@ A configuration file is required for most commands. See the [configuration file
86
86
 
87
87
  ### Available dependency sources
88
88
 
89
- Licensed can enumerate dependency for many languages, package managers, and frameworks. See the [sources documentation](./docs/sources) for the list of currently available sources. Sources can be explicitly enabled and disabled as a [configuration option](./docs/configuration/dependency_source_enumerators.md.md).
89
+ Licensed can enumerate dependency for many languages, package managers, and frameworks. See the [sources documentation](./docs/sources) for the list of currently available sources. Sources can be explicitly enabled and disabled as a [configuration option](./docs/configuration/dependency_source_enumerators.md).
90
90
 
91
91
  ## Development
92
92
 
data/lib/licensed/dependency.rb CHANGED
@@ -3,7 +3,7 @@ require "licensee"
3
3
 
4
4
  module Licensed
5
5
  class Dependency < Licensee::Projects::FSProject
6
- LEGAL_FILES_PATTERN = /(AUTHORS|NOTICE|LEGAL)(?:\..*)?\z/i
6
+ LEGAL_FILES_PATTERN = /#{File::SEPARATOR}(AUTHORS|NOTICE|LEGAL)(?:\..*)?\z/i
7
7
 
8
8
  attr_reader :name
9
9
  attr_reader :version
data/lib/licensed/dependency_record.rb CHANGED
@@ -27,6 +27,14 @@ module Licensed
27
27
  "text" => text
28
28
  }
29
29
  end
30
+
31
+ def key
32
+ @key ||= begin
33
+ # rubocop:disable GitHub/InsecureHashAlgorithm
34
+ Digest::XXHash64.digest(sources.join("") + text)
35
+ # rubocop:enable GitHub/InsecureHashAlgorithm
36
+ end
37
+ end
30
38
  end
31
39
 
32
40
  include Licensee::ContentHelper
@@ -84,7 +92,7 @@ module Licensed
84
92
  # `Licensee::CotentHelper`
85
93
  def content
86
94
  return if licenses.nil? || licenses.empty?
87
- licenses.map(&:text).compact.join
95
+ licenses.sort_by(&:key).map(&:text).compact.join
88
96
  end
89
97
 
90
98
  # Returns whether two records match based on their contents
data/lib/licensed/sources/pip.rb CHANGED
@@ -10,18 +10,17 @@ module Licensed
10
10
  PACKAGE_INFO_SEPARATOR = "\n---\n"
11
11
 
12
12
  def enabled?
13
- virtual_env_pip && Licensed::Shell.tool_available?(virtual_env_pip)
13
+ !pip_command.empty? && Licensed::Shell.tool_available?(pip_command.join(""))
14
14
  end
15
15
 
16
16
  def enumerate_dependencies
17
17
  packages.map do |package|
18
- location = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
19
18
  Dependency.new(
20
19
  name: package["Name"],
21
20
  version: package["Version"],
22
- path: location,
21
+ path: package_license_location(package),
23
22
  metadata: {
24
- "type" => Pip.type,
23
+ "type" => self.class.type,
25
24
  "summary" => package["Summary"],
26
25
  "homepage" => package["Home-page"]
27
26
  }
@@ -29,8 +28,24 @@ module Licensed
29
28
  end
30
29
  end
31
30
 
31
+ protected
32
+
33
+ # Returns the command to run pip
34
+ def pip_command
35
+ return [] unless virtual_env_dir
36
+ Array(File.join(virtual_env_dir, "bin", "pip"))
37
+ end
38
+
32
39
  private
33
40
 
41
+ # Returns the location of license files in the package, checking for the inclusion of a new `license_files`
42
+ # folder per https://peps.python.org/pep-0639/
43
+ def package_license_location(package)
44
+ dist_info = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
45
+ license_files = File.join(dist_info, "license_files")
46
+ return File.exist?(license_files) ? license_files : dist_info
47
+ end
48
+
34
49
  # Returns parsed information for all packages used by the project,
35
50
  # using `pip list` to determine what packages are used and `pip show`
36
51
  # to gather package information
@@ -64,17 +79,12 @@ module Licensed
64
79
 
65
80
  # Returns the output from `pip list --format=json`
66
81
  def pip_list_command
67
- Licensed::Shell.execute(virtual_env_pip, "--disable-pip-version-check", "list", "--format=json")
82
+ Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "list", "--format=json")
68
83
  end
69
84
 
70
85
  # Returns the output from `pip show <package> <package> ...`
71
86
  def pip_show_command(packages)
72
- Licensed::Shell.execute(virtual_env_pip, "--disable-pip-version-check", "show", *packages)
73
- end
74
-
75
- def virtual_env_pip
76
- return unless virtual_env_dir
77
- File.join(virtual_env_dir, "bin", "pip")
87
+ Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", *packages)
78
88
  end
79
89
 
80
90
  def virtual_env_dir
data/lib/licensed/sources/pipenv.rb CHANGED
@@ -4,44 +4,16 @@ require "parallel"
4
4
 
5
5
  module Licensed
6
6
  module Sources
7
- class Pipenv < Source
7
+ class Pipenv < Pip
8
8
  def enabled?
9
9
  Licensed::Shell.tool_available?("pipenv") && File.exist?(config.pwd.join("Pipfile.lock"))
10
10
  end
11
11
 
12
- def enumerate_dependencies
13
- Parallel.map(pakages_from_pipfile_lock, in_threads: Parallel.processor_count) do |package_name|
14
- package = package_info(package_name)
15
- location = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
16
- Dependency.new(
17
- name: package["Name"],
18
- version: package["Version"],
19
- path: location,
20
- metadata: {
21
- "type" => Pipenv.type,
22
- "summary" => package["Summary"],
23
- "homepage" => package["Home-page"]
24
- }
25
- )
26
- end
27
- end
28
-
29
- private
30
-
31
- def pakages_from_pipfile_lock
32
- Licensed::Shell.execute("pipenv", "run", "pip", "list")
33
- .lines
34
- .drop(2) # Header
35
- .map { |line| line.strip.split.first.strip }
36
- end
12
+ protected
37
13
 
38
- def package_info(package_name)
39
- p_info = Licensed::Shell.execute("pipenv", "run", "pip", "--disable-pip-version-check", "show", package_name).lines
40
- p_info.each_with_object(Hash.new(0)) { |pkg, a|
41
- k, v = pkg.split(":", 2)
42
- next if k.nil? || k.empty?
43
- a[k.strip] = v&.strip
44
- }
14
+ # Returns the command to run pip
15
+ def pip_command
16
+ %w(pipenv run pip)
45
17
  end
46
18
  end
47
19
  end
data/lib/licensed/sources/source.rb CHANGED
@@ -14,8 +14,13 @@ module Licensed
14
14
  class << self
15
15
  attr_reader :sources
16
16
  def inherited(klass)
17
- # add child source classes are defined,
18
- # add them to the known sources list
17
+ # register the inherited class as a source on the Licensed::Sources::Source class
18
+ Licensed::Sources::Source.register_source(klass)
19
+ end
20
+
21
+ def register_source(klass)
22
+ # add the source class to the known sources list
23
+ return unless klass < Licensed::Sources::Source
19
24
  (@sources ||= []) << klass
20
25
  end
21
26
 
data/lib/licensed/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "3.6.0".freeze
3
+ VERSION = "3.7.2".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
data/licensed.gemspec CHANGED
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
35
35
  spec.add_development_dependency "rake", ">= 12.3.3"
36
36
  spec.add_development_dependency "minitest", "~> 5.8"
37
37
  spec.add_development_dependency "mocha", "~> 1.0"
38
- spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
38
+ spec.add_development_dependency "rubocop", "~> 1.26", "< 1.27"
39
39
  spec.add_development_dependency "rubocop-github", "~> 0.6"
40
- spec.add_development_dependency "byebug", "~> 11.0.1"
40
+ spec.add_development_dependency "byebug", "~> 11.1.3"
41
41
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.0
4
+ version: 3.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-03-17 00:00:00.000000000 Z
11
+ date: 2022-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -188,20 +188,20 @@ dependencies:
188
188
  requirements:
189
189
  - - "~>"
190
190
  - !ruby/object:Gem::Version
191
- version: '0.49'
191
+ version: '1.26'
192
192
  - - "<"
193
193
  - !ruby/object:Gem::Version
194
- version: '1.20'
194
+ version: '1.27'
195
195
  type: :development
196
196
  prerelease: false
197
197
  version_requirements: !ruby/object:Gem::Requirement
198
198
  requirements:
199
199
  - - "~>"
200
200
  - !ruby/object:Gem::Version
201
- version: '0.49'
201
+ version: '1.26'
202
202
  - - "<"
203
203
  - !ruby/object:Gem::Version
204
- version: '1.20'
204
+ version: '1.27'
205
205
  - !ruby/object:Gem::Dependency
206
206
  name: rubocop-github
207
207
  requirement: !ruby/object:Gem::Requirement
@@ -222,14 +222,14 @@ dependencies:
222
222
  requirements:
223
223
  - - "~>"
224
224
  - !ruby/object:Gem::Version
225
- version: 11.0.1
225
+ version: 11.1.3
226
226
  type: :development
227
227
  prerelease: false
228
228
  version_requirements: !ruby/object:Gem::Requirement
229
229
  requirements:
230
230
  - - "~>"
231
231
  - !ruby/object:Gem::Version
232
- version: 11.0.1
232
+ version: 11.1.3
233
233
  description: Licensed automates extracting and validating the licenses of dependencies.
234
234
  email:
235
235
  - opensource+licensed@github.com