licensed 3.7.0 → 3.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -1
- data/README.md +1 -1
- data/lib/licensed/configuration.rb +10 -9
- data/lib/licensed/dependency.rb +1 -1
- data/lib/licensed/dependency_record.rb +9 -1
- data/lib/licensed/reporters/status_reporter.rb +1 -1
- data/lib/licensed/sources/bundler/missing_specification.rb +9 -2
- data/lib/licensed/sources/git_submodule.rb +7 -6
- data/lib/licensed/sources/go.rb +6 -5
- data/lib/licensed/sources/helpers/content_versioning.rb +8 -8
- data/lib/licensed/version.rb +1 -1
- data/licensed.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e919e2ec9a285b628baa46bf6688d7ec0c996d799abd776fde4f3edb8b80fe7d
|
|
4
|
+
data.tar.gz: 5eb688ce8bf9416b61be54ce32a721afeda344602c649de68c58e415e727da5f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aeee74cfa46d80c77a6a13d41106f6e7f94b9e5e440b9d75e5aea8ef5955a860da3c220bdd5214196cbab425fb29059a174ab97a20881872e0f05efc569adfaf
|
|
7
|
+
data.tar.gz: f91d94a0a7a28c5804515f5988a82c87e68257428f042d483fd436d596ce219ec35649e7b2c57cf2e52b44d2d97f6479d57df32d4c4aab40bf2cf51935dedb49
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,34 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 3.7.3
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
|
|
13
|
+
- Swift test fixtures build artifacts are now ignored (:tada: @CvX https://github.com/github/licensed/pull/524)
|
|
14
|
+
- Running cargo test fixture setup no longer deletes test files (:tada: @CvX https://github.com/github/licensed/pull/525)
|
|
15
|
+
- Bundler test fixtures are compatible with latest macOS silicon(:tada: @CvX https://github.com/github/licensed/pull/528)
|
|
16
|
+
- Fix segfaults seen using licensed with ruby 3.0.4 (https://github.com/github/licensed/pull/530)
|
|
17
|
+
- Fix compatibility with latest versions of bundler 2.3 (https://github.com/github/licensed/pull/535)
|
|
18
|
+
- Fix compatibility with latest versions of bundler 2.3 (:tada: @CvX https://github.com/github/licensed/pull/522)
|
|
19
|
+
|
|
20
|
+
## 3.7.2
|
|
21
|
+
|
|
22
|
+
### Fixed
|
|
23
|
+
|
|
24
|
+
- Comparing dependency license contents now finds matching contents regardless of the order of the licenses (https://github.com/github/licensed/pull/516)
|
|
25
|
+
- Fixed typo in a link in README.md (https://github.com/github/licensed/pull/514)
|
|
26
|
+
|
|
27
|
+
### Changed
|
|
28
|
+
|
|
29
|
+
- Elixir testing setup is migrated to erlef/setup-beam (https://github.com/github/licensed/pull/512)
|
|
30
|
+
|
|
31
|
+
## 3.7.1
|
|
32
|
+
|
|
33
|
+
### Fixed
|
|
34
|
+
|
|
35
|
+
- Dependencies' legal notice file matching has been made more strict to reduce false positives on code files containing the word `legal` (https://github.com/github/licensed/pull/510)
|
|
36
|
+
|
|
9
37
|
## 3.7.0
|
|
10
38
|
|
|
11
39
|
### Changed
|
|
@@ -603,4 +631,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
603
631
|
|
|
604
632
|
Initial release :tada:
|
|
605
633
|
|
|
606
|
-
[Unreleased]: https://github.com/github/licensed/compare/3.7.
|
|
634
|
+
[Unreleased]: https://github.com/github/licensed/compare/3.7.3...HEAD
|
data/README.md
CHANGED
|
@@ -86,7 +86,7 @@ A configuration file is required for most commands. See the [configuration file
|
|
|
86
86
|
|
|
87
87
|
### Available dependency sources
|
|
88
88
|
|
|
89
|
-
Licensed can enumerate dependency for many languages, package managers, and frameworks. See the [sources documentation](./docs/sources) for the list of currently available sources. Sources can be explicitly enabled and disabled as a [configuration option](./docs/configuration/dependency_source_enumerators.md
|
|
89
|
+
Licensed can enumerate dependency for many languages, package managers, and frameworks. See the [sources documentation](./docs/sources) for the list of currently available sources. Sources can be explicitly enabled and disabled as a [configuration option](./docs/configuration/dependency_source_enumerators.md).
|
|
90
90
|
|
|
91
91
|
## Development
|
|
92
92
|
|
|
@@ -243,15 +243,16 @@ module Licensed
|
|
|
243
243
|
|
|
244
244
|
# try to expand the source path for glob patterns
|
|
245
245
|
expanded_source_paths = source_path_array.reduce(Set.new) do |matched_paths, pattern|
|
|
246
|
-
current_matched_paths =
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
246
|
+
current_matched_paths =
|
|
247
|
+
if pattern.start_with?("!")
|
|
248
|
+
# if the pattern is an exclusion, remove all matching files
|
|
249
|
+
# from the result
|
|
250
|
+
matched_paths - Dir.glob(pattern[1..-1])
|
|
251
|
+
else
|
|
252
|
+
# if the pattern is an inclusion, add all matching files
|
|
253
|
+
# to the result
|
|
254
|
+
matched_paths + Dir.glob(pattern)
|
|
255
|
+
end
|
|
255
256
|
|
|
256
257
|
current_matched_paths.select { |p| File.directory?(p) }
|
|
257
258
|
end
|
data/lib/licensed/dependency.rb
CHANGED
|
@@ -3,7 +3,7 @@ require "licensee"
|
|
|
3
3
|
|
|
4
4
|
module Licensed
|
|
5
5
|
class Dependency < Licensee::Projects::FSProject
|
|
6
|
-
LEGAL_FILES_PATTERN =
|
|
6
|
+
LEGAL_FILES_PATTERN = /#{File::SEPARATOR}(AUTHORS|NOTICE|LEGAL)(?:\..*)?\z/i
|
|
7
7
|
|
|
8
8
|
attr_reader :name
|
|
9
9
|
attr_reader :version
|
|
@@ -27,6 +27,14 @@ module Licensed
|
|
|
27
27
|
"text" => text
|
|
28
28
|
}
|
|
29
29
|
end
|
|
30
|
+
|
|
31
|
+
def key
|
|
32
|
+
@key ||= begin
|
|
33
|
+
# rubocop:disable GitHub/InsecureHashAlgorithm
|
|
34
|
+
Digest::XXHash64.digest(sources.join("") + text)
|
|
35
|
+
# rubocop:enable GitHub/InsecureHashAlgorithm
|
|
36
|
+
end
|
|
37
|
+
end
|
|
30
38
|
end
|
|
31
39
|
|
|
32
40
|
include Licensee::ContentHelper
|
|
@@ -84,7 +92,7 @@ module Licensed
|
|
|
84
92
|
# `Licensee::CotentHelper`
|
|
85
93
|
def content
|
|
86
94
|
return if licenses.nil? || licenses.empty?
|
|
87
|
-
licenses.map(&:text).compact.join
|
|
95
|
+
licenses.sort_by(&:key).map(&:text).compact.join
|
|
88
96
|
end
|
|
89
97
|
|
|
90
98
|
# Returns whether two records match based on their contents
|
|
@@ -19,7 +19,7 @@ module Licensed
|
|
|
19
19
|
# app - An application configuration
|
|
20
20
|
# report - A report containing information about the app evaluation
|
|
21
21
|
def begin_report_app(app, report)
|
|
22
|
-
|
|
22
|
+
shell.info "Checking cached dependency records for #{app["name"]}"
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
# Reports any errors found when checking status, as well as
|
|
@@ -40,8 +40,15 @@ module Licensed
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
module LazySpecification
|
|
43
|
-
def
|
|
44
|
-
spec = super
|
|
43
|
+
def materialize_for_installation(*args)
|
|
44
|
+
spec = super(*args)
|
|
45
|
+
return spec unless spec.is_a?(LazySpecification)
|
|
46
|
+
|
|
47
|
+
Licensed::Bundler::MissingSpecification.new(name: name, version: version, platform: platform, source: source)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def __materialize__(*args)
|
|
51
|
+
spec = super(*args)
|
|
45
52
|
return spec if spec
|
|
46
53
|
|
|
47
54
|
Licensed::Bundler::MissingSpecification.new(name: name, version: version, platform: platform, source: source)
|
|
@@ -20,12 +20,13 @@ module Licensed
|
|
|
20
20
|
git_submodules_command.lines.map do |line|
|
|
21
21
|
displaypath, toplevel, version, homepage = line.strip.split
|
|
22
22
|
name = File.basename(displaypath)
|
|
23
|
-
submodule_path =
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
23
|
+
submodule_path =
|
|
24
|
+
if toplevel == config.pwd.to_s
|
|
25
|
+
name
|
|
26
|
+
else
|
|
27
|
+
parent = File.basename(toplevel)
|
|
28
|
+
"#{submodule_paths[parent]}/#{name}"
|
|
29
|
+
end
|
|
29
30
|
submodule_paths[name] = submodule_path
|
|
30
31
|
|
|
31
32
|
Licensed::Dependency.new(
|
data/lib/licensed/sources/go.rb
CHANGED
|
@@ -36,11 +36,12 @@ module Licensed
|
|
|
36
36
|
|
|
37
37
|
# Returns an array of dependency package import paths
|
|
38
38
|
def packages
|
|
39
|
-
dependency_packages =
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
39
|
+
dependency_packages =
|
|
40
|
+
if go_version < Gem::Version.new("1.11.0")
|
|
41
|
+
root_package_deps
|
|
42
|
+
else
|
|
43
|
+
go_list_deps
|
|
44
|
+
end
|
|
44
45
|
|
|
45
46
|
# don't include go std packages
|
|
46
47
|
# don't include packages under the root project that aren't vendored
|
|
@@ -27,14 +27,14 @@ module Licensed
|
|
|
27
27
|
def version_strategy
|
|
28
28
|
# default to git for backwards compatible behavior
|
|
29
29
|
@version_strategy ||= begin
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
30
|
+
case config.fetch("version_strategy", nil)
|
|
31
|
+
when CONTENTS
|
|
32
|
+
CONTENTS
|
|
33
|
+
when GIT
|
|
34
|
+
GIT
|
|
35
|
+
else
|
|
36
|
+
Licensed::Git.available? ? GIT : CONTENTS
|
|
37
|
+
end
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
data/lib/licensed/version.rb
CHANGED
data/licensed.gemspec
CHANGED
|
@@ -31,6 +31,7 @@ Gem::Specification.new do |spec|
|
|
|
31
31
|
spec.add_dependency "ruby-xxHash", "~> 0.4"
|
|
32
32
|
spec.add_dependency "parallel", ">= 0.18.0"
|
|
33
33
|
spec.add_dependency "reverse_markdown", ">= 1", "< 3"
|
|
34
|
+
spec.add_dependency "json", ">= 2.6.2"
|
|
34
35
|
|
|
35
36
|
spec.add_development_dependency "rake", ">= 12.3.3"
|
|
36
37
|
spec.add_development_dependency "minitest", "~> 5.8"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.7.
|
|
4
|
+
version: 3.7.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-08-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|
|
@@ -140,6 +140,20 @@ dependencies:
|
|
|
140
140
|
- - "<"
|
|
141
141
|
- !ruby/object:Gem::Version
|
|
142
142
|
version: '3'
|
|
143
|
+
- !ruby/object:Gem::Dependency
|
|
144
|
+
name: json
|
|
145
|
+
requirement: !ruby/object:Gem::Requirement
|
|
146
|
+
requirements:
|
|
147
|
+
- - ">="
|
|
148
|
+
- !ruby/object:Gem::Version
|
|
149
|
+
version: 2.6.2
|
|
150
|
+
type: :runtime
|
|
151
|
+
prerelease: false
|
|
152
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
153
|
+
requirements:
|
|
154
|
+
- - ">="
|
|
155
|
+
- !ruby/object:Gem::Version
|
|
156
|
+
version: 2.6.2
|
|
143
157
|
- !ruby/object:Gem::Dependency
|
|
144
158
|
name: rake
|
|
145
159
|
requirement: !ruby/object:Gem::Requirement
|