licensed 4.2.0 → 4.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2b65e198a420b03486b2680a6a83fb04b4e67684d28bc4ba9ef00c466ffd7489
4
- data.tar.gz: ab2b10c6e854d3f1d7faa918e48addb497032838fd1cea942ff823053b891150
3
+ metadata.gz: a5e25ec11aa1545ab3a63cd560c95dd5f12c0008867a68668005473ab68b20ff
4
+ data.tar.gz: 9dd7d0fafc53407683ba844ae7f9ce4da2b52a72ebda61334739e9fb010b1af9
5
5
  SHA512:
6
- metadata.gz: 8dee38c45e73cb03b7c94a9260bb9bc6f5919f53156b69a751238693920e2f120a3dcb0d43f66270fa9abc8305705fdced290978e51bfe762be5f0e5ba00230d
7
- data.tar.gz: d352b46e40f545f0bd3e1aa29e3bb62454e2e329c64ce9197ba1f9c38b4f11bcbbbecc789658dcff0e6b79e43b4ee9cc839b5476e23cab44a559a605ddbd77b6
6
+ metadata.gz: 234bf05e1fd4aa01c19220ed566820b291169fb55714c5841dad75f3a01c06c37011dcc8a943008ff0b36325fb00637fcbbd3175c94cb9b18e65cbbcf2ed6514
7
+ data.tar.gz: 812597ad63783d2b16cf7cf33ab81e793ee9c8ae103b61927655019d8418a1ef5778d61ec288c817caf5e687776c8e15531cfc1c20dd1e650720ccd4f274296f
data/CHANGELOG.md CHANGED
@@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 4.3.1
10
+
11
+ ### Changed
12
+
13
+ - Bump nokogiri to resolve vulnerabilities (https://github.com/github/licensed/pull/648)
14
+
15
+ ## 4.3.0
16
+
17
+ ### Added
18
+
19
+ - Cocoapods support has been re-enabled using a cocoapods plugin (https://github.com/github/licensed/pull/644)
20
+
9
21
  ## 4.2.0
10
22
 
11
23
  ### Added
@@ -723,4 +735,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
723
735
 
724
736
  Initial release :tada:
725
737
 
726
- [Unreleased]: https://github.com/github/licensed/compare/4.2.0...HEAD
738
+ [Unreleased]: https://github.com/github/licensed/compare/4.3.1...HEAD
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- licensed (4.2.0)
4
+ licensed (4.3.1)
5
5
  json (~> 2.6)
6
6
  licensee (~> 9.16)
7
7
  parallel (~> 1.22)
@@ -14,7 +14,7 @@ PATH
14
14
  GEM
15
15
  remote: https://rubygems.org/
16
16
  specs:
17
- activesupport (7.0.4.2)
17
+ activesupport (7.0.4.3)
18
18
  concurrent-ruby (~> 1.0, >= 1.0.2)
19
19
  i18n (>= 1.6, < 2)
20
20
  minitest (>= 5.1)
@@ -23,7 +23,7 @@ GEM
23
23
  public_suffix (>= 2.0.2, < 6.0)
24
24
  ast (2.4.2)
25
25
  byebug (11.1.3)
26
- concurrent-ruby (1.2.0)
26
+ concurrent-ruby (1.2.2)
27
27
  dotenv (2.8.1)
28
28
  faraday (2.7.4)
29
29
  faraday-net_http (>= 2.0, < 3.1)
@@ -39,13 +39,15 @@ GEM
39
39
  rugged (>= 0.24, < 2.0)
40
40
  thor (>= 0.19, < 2.0)
41
41
  mini_portile2 (2.8.1)
42
- minitest (5.17.0)
42
+ minitest (5.18.0)
43
+ minitest-hooks (1.5.0)
44
+ minitest (> 5.3)
43
45
  mocha (2.0.2)
44
46
  ruby2_keywords (>= 0.0.5)
45
- nokogiri (1.14.0)
47
+ nokogiri (1.14.3)
46
48
  mini_portile2 (~> 2.8.0)
47
49
  racc (~> 1.4)
48
- octokit (6.0.1)
50
+ octokit (6.1.0)
49
51
  faraday (>= 1, < 3)
50
52
  sawyer (~> 0.9)
51
53
  parallel (1.22.1)
@@ -54,14 +56,14 @@ GEM
54
56
  pathname-common_prefix (0.0.1)
55
57
  public_suffix (5.0.1)
56
58
  racc (1.6.2)
57
- rack (3.0.4.1)
59
+ rack (3.0.7)
58
60
  rainbow (3.1.1)
59
61
  rake (13.0.6)
60
62
  regexp_parser (2.6.2)
61
63
  reverse_markdown (2.1.1)
62
64
  nokogiri
63
65
  rexml (3.2.5)
64
- rubocop (1.44.1)
66
+ rubocop (1.45.1)
65
67
  json (~> 2.3)
66
68
  parallel (~> 1.10)
67
69
  parser (>= 3.2.0.0)
@@ -80,7 +82,7 @@ GEM
80
82
  rubocop-performance (1.15.2)
81
83
  rubocop (>= 1.7.0, < 2.0)
82
84
  rubocop-ast (>= 0.4.0)
83
- rubocop-rails (2.17.4)
85
+ rubocop-rails (2.18.0)
84
86
  activesupport (>= 4.2.0)
85
87
  rack (>= 1.1)
86
88
  rubocop (>= 1.33.0, < 2.0)
@@ -93,7 +95,7 @@ GEM
93
95
  faraday (>= 0.17.3, < 3)
94
96
  thor (1.2.1)
95
97
  tomlrb (2.0.3)
96
- tzinfo (2.0.5)
98
+ tzinfo (2.0.6)
97
99
  concurrent-ruby (~> 1.0)
98
100
  unicode-display_width (2.4.2)
99
101
 
@@ -104,6 +106,7 @@ DEPENDENCIES
104
106
  byebug (~> 11.1)
105
107
  licensed!
106
108
  minitest (~> 5.17)
109
+ minitest-hooks (~> 1.5)
107
110
  mocha (~> 2.0)
108
111
  rake (~> 13.0)
109
112
  rubocop-github (~> 0.20)
data/README.md CHANGED
@@ -47,7 +47,7 @@ sudo apt-get install cmake pkg-config
47
47
  brew install cmake pkg-config
48
48
  ```
49
49
 
50
- ### With a Gemfile
50
+ ### With Gemfile
51
51
 
52
52
  Add this line to your application's Gemfile:
53
53
 
@@ -61,7 +61,7 @@ And then execute:
61
61
  $> bundle
62
62
  ```
63
63
 
64
- ### With a Homebrew (on macOS)
64
+ ### With Homebrew (on macOS)
65
65
 
66
66
  ```bash
67
67
  brew install licensed
@@ -1,10 +1,8 @@
1
1
  # CocoaPods
2
2
 
3
- **NOTE!**: Enumerating Cocoapods dependencies is disabled until the cocoapods-core gem is compatible with Rails 7+. See https://github.com/CocoaPods/Core/pull/733
3
+ The cocoapods source will detect dependencies when `Podfile` and `Podfile.lock` are found at an app's `source_path`. The cocoapods source uses the [cocoapods-dependencies-list](https://github.com/jonabc/cocoapods-dependencies-list) plugin to enumerate dependencies and gather metadata on each package.
4
4
 
5
- The cocoapods source will detect dependencies when `Podfile` and `Podfile.lock` are found at an app's `source_path`.
6
-
7
- It uses the `pod` CLI commands to enumerate dependencies and gather metadata on each package.
5
+ **NOTE: Licensed does not install the [cocoapods-dependencies-list](https://github.com/jonanc/cocoapods-dependencies-list) plugin. Users must install the gem alongside the cocoapods gem to enumerate cocoapods dependencies.**
8
6
 
9
7
  ## Evaluating dependencies from a specific target
10
8
 
@@ -15,3 +13,12 @@ cocoapods:
15
13
  targets:
16
14
  - ios
17
15
  ```
16
+
17
+ ## Specifying which pod executable to run
18
+
19
+ The cocoapods source will call the `pod` executable to evaluate dependencies by default. If needed, you can override the executable used with the `cocoapods.command` configuration option. This might be useful if the full path to the `pod` executable is needed (e.g. `pod` is not findable from the system `PATH`), or if you need to execute `pod` with `bundle exec`.
20
+
21
+ ```yml
22
+ cocoapods:
23
+ command: 'bundle exec pod'
24
+ ```
@@ -116,7 +116,7 @@ module Licensed
116
116
  # Returns an array of paths to files containing additional license terms.
117
117
  def additional_terms_for_dependency(dependency)
118
118
  amendment_paths = Array(self.dig("additional_terms", dependency["type"], dependency["name"]))
119
- amendment_paths.flat_map { |path| Dir.glob(self.root.join(path)) }
119
+ amendment_paths.flat_map { |path| Dir.glob(self.root.join(path)) }.sort
120
120
  end
121
121
 
122
122
  private
@@ -3,32 +3,29 @@ require "json"
3
3
  require "pathname"
4
4
  require "uri"
5
5
 
6
- # **NOTE** Cocoapods is disabled until cocoapods-core supports recent rails versions
7
- # https://github.com/CocoaPods/Core/pull/733
8
- # require "cocoapods-core"
9
-
10
6
  module Licensed
11
7
  module Sources
12
8
  class Cocoapods < Source
13
- def enabled?
14
- false
9
+ DEFAULT_POD_COMMAND = "pod".freeze
10
+ MISSING_PLUGIN_MESSAGE = "Error running `pods dependencies`. Please ensure the cocoapods-dependencies-list gem is installed, it is required for licensed to enumerate dependencies.".freeze
15
11
 
16
- # return unless Licensed::Shell.tool_available?("pod")
12
+ def enabled?
13
+ return unless Licensed::Shell.tool_available?("pod")
17
14
 
18
- # config.pwd.join("Podfile").exist? && config.pwd.join("Podfile.lock").exist?
15
+ config.pwd.join("Podfile").exist? && config.pwd.join("Podfile.lock").exist?
19
16
  end
20
17
 
21
18
  def enumerate_dependencies
22
19
  pods.map do |pod|
23
- name = pod.name
24
- path = dependency_path(pod.root_name)
25
- version = lockfile.version(name).version
26
-
27
20
  Dependency.new(
28
- path: path,
29
- name: name,
30
- version: version,
31
- metadata: { "type" => Cocoapods.type }
21
+ name: pod["name"],
22
+ version: pod["version"],
23
+ path: pod["path"],
24
+ metadata: {
25
+ "type" => Cocoapods.type,
26
+ "summary" => pod["summary"],
27
+ "homepage" => pod["homepage"]
28
+ }
32
29
  )
33
30
  end
34
31
  end
@@ -36,32 +33,32 @@ module Licensed
36
33
  private
37
34
 
38
35
  def pods
39
- return lockfile.dependencies if targets.nil?
40
-
41
- targets_to_validate = podfile.target_definition_list.filter { |t| targets.include?(t.label) }
42
- if targets_to_validate.any?
43
- targets_to_validate.map(&:dependencies).flatten
44
- else
45
- raise Licensed::Sources::Source::Error, "Unable to find any target in the Podfile matching the ones provided in the config."
46
- end
36
+ cocoapods_dependencies_json.values.flatten
47
37
  end
48
38
 
49
- def targets
50
- @targets ||= config.dig("cocoapods", "targets")&.map { |t| "Pods-#{t}" }
51
- end
39
+ def cocoapods_dependencies_json
40
+ args = ["dependencies", "--include-path"]
41
+ args << "--targets=#{targets.join(",")}" if targets.any?
52
42
 
53
- def lockfile
54
- @lockfile = nil
55
- # @lockfile ||= Pod::Lockfile.from_file(config.pwd.join("Podfile.lock"))
43
+ output = Licensed::Shell.execute(*pod_command, *args, allow_failure: true)
44
+ if output.include? "Unknown command"
45
+ raise Licensed::Sources::Source::Error, MISSING_PLUGIN_MESSAGE
46
+ end
47
+
48
+ JSON.parse(output)
49
+ rescue JSON::ParserError => e
50
+ message = "Licensed was unable to parse the output from 'pod dependencies'. JSON Error: #{e.message}"
51
+ raise Licensed::Sources::Source::Error, message
56
52
  end
57
53
 
58
- def podfile
59
- @podfile = nil
60
- # @podfile ||= Pod::Podfile.from_file(config.pwd.join("Podfile"))
54
+ def targets
55
+ return [] unless [String, Array].any? { |type| source_config["targets"].is_a?(type) }
56
+ Array(source_config["targets"]).map { |t| "Pods-#{t}" }
61
57
  end
62
58
 
63
- def dependency_path(name)
64
- config.pwd.join("Pods/#{name}")
59
+ def pod_command
60
+ return DEFAULT_POD_COMMAND unless source_config["command"].is_a?(String)
61
+ source_config["command"].split
65
62
  end
66
63
  end
67
64
  end
@@ -90,6 +90,11 @@ module Licensed
90
90
  config.ignored?(dependency.metadata, require_version: self.class.require_matched_dependency_version)
91
91
  end
92
92
 
93
+ # Returns configuration options set for the current source
94
+ def source_config
95
+ @source_config ||= config[self.class.type].is_a?(Hash) ? config[self.class.type] : {}
96
+ end
97
+
93
98
  private
94
99
 
95
100
  # Returns a cached list of dependencies
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "4.2.0".freeze
3
+ VERSION = "4.3.1".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
data/licensed.gemspec CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
22
  spec.require_paths = ["lib"]
23
23
 
24
- spec.required_ruby_version = ">= 2.6.0"
24
+ spec.required_ruby_version = ">= 2.7.0"
25
25
 
26
26
  spec.add_dependency "licensee", "~> 9.16"
27
27
  spec.add_dependency "thor", "~> 1.2"
@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
31
31
  spec.add_dependency "parallel", "~> 1.22"
32
32
  spec.add_dependency "reverse_markdown", "~> 2.1"
33
33
  spec.add_dependency "json", "~> 2.6"
34
- # spec.add_dependency "cocoapods-core", "~> 1.11"
35
34
 
36
35
  spec.add_development_dependency "rake", "~> 13.0"
37
36
  spec.add_development_dependency "minitest", "~> 5.17"
37
+ spec.add_development_dependency "minitest-hooks", "~> 1.5"
38
38
  spec.add_development_dependency "mocha", "~> 2.0"
39
39
  spec.add_development_dependency "rubocop-github", "~> 0.20"
40
40
  spec.add_development_dependency "byebug", "~> 11.1"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.0
4
+ version: 4.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-02-25 00:00:00.000000000 Z
11
+ date: 2023-04-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -150,6 +150,20 @@ dependencies:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
152
  version: '5.17'
153
+ - !ruby/object:Gem::Dependency
154
+ name: minitest-hooks
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '1.5'
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: '1.5'
153
167
  - !ruby/object:Gem::Dependency
154
168
  name: mocha
155
169
  requirement: !ruby/object:Gem::Requirement
@@ -321,7 +335,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
321
335
  requirements:
322
336
  - - ">="
323
337
  - !ruby/object:Gem::Version
324
- version: 2.6.0
338
+ version: 2.7.0
325
339
  required_rubygems_version: !ruby/object:Gem::Requirement
326
340
  requirements:
327
341
  - - ">="