RubyGems - licensed - Versions diffs - 5.0.0 → 5.0.2 - Mend

licensed 5.0.0 → 5.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 418a3151f8331f3377eb4ff5b1a322733c006478c1bb84de7c023b2b1e567876
-  data.tar.gz: ffceca317c9924f12d732781aec5a9311bccac316ca9cf0b4e5e2a02b5b5967a
+  metadata.gz: d20897c4058c8e9ad19047b9739d2a8e720bfbc89c905a6bfcb49d9fc7bc3e68
+  data.tar.gz: e9ca15847323c009380cdb7aef13eb20115f70e9794cd789e1154d5b64521040
 SHA512:
-  metadata.gz: d6a33da199f2e60fd5ed19c08ad830aab62b8c2c0016c40844af94ba7b002ba58a2aa87e05b7a771054f9e95b333ed7f9bab7934d0cee6bdf981482f0b1f4a82
-  data.tar.gz: 60da525db6d11b5df8aef42042ad11e0d796bae937e894510764ab8c3eb2dcea36501441382f97d2896f8f9d3fea162e788516038c07156b584c090a61ac9d4f
+  metadata.gz: 7beedc9a4c747ce3a915afd5f1b22555e59c0e96d025e184cffa8255a61b8d908ef5eaf3d29471e48c6e592e1fa19e4afbc90b647601e488ef8d67495077b988
+  data.tar.gz: 6a02a0c4a839d4fb907fccc6f7893e324cc9d53b9ac9aea3c7781d6a876ced89a88f7a08173fe26aa48a756addc477404037012991199f4b809d5228baefaf8f

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,5 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
@@ -6,6 +7,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
+## 5.0.2
+- Pin setup-ruby and set permissions in test workflow (<https://github.com/licensee/licensed/pull/768>)
+- Pin action versions in test.yml (<https://github.com/licensee/licensed/pull/776>)
+- Add `csv` as a dependency for Ruby 3.4+ (<https://github.com/licensee/licensed/pull/786>)
+- Fix `nil` bug when there's no `dependency` key in `package.json` (<https://github.com/licensee/licensed/pull/791>)
+## 5.0.1
+- Updated dependencies as needed for security fixes
 ## 5.0.0
 ### Breaking change
@@ -27,145 +39,145 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- Licensed status command will alert on stale cached dependency records (https://github.com/github/licensed/pull/657)
+- Licensed status command will alert on stale cached dependency records (<https://github.com/github/licensed/pull/657>)
 ## 4.3.1
 ### Changed
-- Bump nokogiri to resolve vulnerabilities (https://github.com/github/licensed/pull/648)
+- Bump nokogiri to resolve vulnerabilities (<https://github.com/github/licensed/pull/648>)
 ## 4.3.0
 ### Added
-- Cocoapods support has been re-enabled using a cocoapods plugin (https://github.com/github/licensed/pull/644)
+- Cocoapods support has been re-enabled using a cocoapods plugin (<https://github.com/github/licensed/pull/644>)
 ## 4.2.0
 ### Added
-- Reviewed and ignored configuration lists support matching on versions and version ranges (https://github.com/github/licensed/pull/629)
+- Reviewed and ignored configuration lists support matching on versions and version ranges (<https://github.com/github/licensed/pull/629>)
 ### Fixed
-- Licensed should more reliably source dependencies from Gradle >= 8.0 (https://github.com/github/licensed/pull/630)
+- Licensed should more reliably source dependencies from Gradle >= 8.0 (<https://github.com/github/licensed/pull/630>)
 ## 4.1.0
 ### Added
-- Custom license terms can be added to dependencies via new configuration options (https://github.com/github/licensed/pull/624)
-- Licensed is now integrated with pnpm to enumerate dependencies (https://github.com/github/licensed/pull/626)
+- Custom license terms can be added to dependencies via new configuration options (<https://github.com/github/licensed/pull/624>)
+- Licensed is now integrated with pnpm to enumerate dependencies (<https://github.com/github/licensed/pull/626>)
 ## 4.0.4
 ### Changed
-- Dependency version requirements are more relaxed (https://github.com/github/licensed/pull/619)
+- Dependency version requirements are more relaxed (<https://github.com/github/licensed/pull/619>)
 ## 4.0.3
 ### Changed
-- Cocoapods dependency enumeration has been disabled (https://github.com/github/licensed/pull/616)
+- Cocoapods dependency enumeration has been disabled (<https://github.com/github/licensed/pull/616>)
 ### Fixed
-- Fixed method signature change in Bundler API with Bundler >= 2.4.4 (:tada: @CvX https://github.com/github/licensed/pull/614)
-- Fixed installation dependency compatibility with Rails >= 7.0 (https://github.com/github/licensed/pull/616)
+- Fixed method signature change in Bundler API with Bundler >= 2.4.4 (:tada: @CvX <https://github.com/github/licensed/pull/614>)
+- Fixed installation dependency compatibility with Rails >= 7.0 (<https://github.com/github/licensed/pull/616>)
 ## 4.0.2
 ### Fixed
-- The path to a gradlew executable can be configured when enumerating gradle dependencies (:tada: @LouisBoudreau https://github.com/github/licensed/pull/610)
+- The path to a gradlew executable can be configured when enumerating gradle dependencies (:tada: @LouisBoudreau <https://github.com/github/licensed/pull/610>)
 ## 4.0.1
 ### Fixed
-- Running gradle tests will no longer fail when gradle is not available (https://github.com/github/licensed/pull/606)
+- Running gradle tests will no longer fail when gradle is not available (<https://github.com/github/licensed/pull/606>)
 ## 4.0.0
 ### Added
-- Licensed supports Cocoapods as a dependency source (:tada: @LouisBoudreau https://github.com/github/licensed/pull/584)
-- Licensed supports Gradle multi-project builds (:tada: @LouisBoudreau https://github.com/github/licensed/pull/583)
+- Licensed supports Cocoapods as a dependency source (:tada: @LouisBoudreau <https://github.com/github/licensed/pull/584>)
+- Licensed supports Gradle multi-project builds (:tada: @LouisBoudreau <https://github.com/github/licensed/pull/583>)
 ### Fixed
-- Licensed no longer crashes when run with Bundler >= 2.4.0 (:tada: @JoshReedSchramm https://github.com/github/licensed/pull/597)
+- Licensed no longer crashes when run with Bundler >= 2.4.0 (:tada: @JoshReedSchramm <https://github.com/github/licensed/pull/597>)
 ### Changed
-- BREAKING: Licensed no longer ships executables with releases (https://github.com/github/licensed/pull/586)
-- BREAKING: Licensed no longer includes support for Go <= 1.11 (https://github.com/github/licensed/pull/602)
+- BREAKING: Licensed no longer ships executables with releases (<https://github.com/github/licensed/pull/586>)
+- BREAKING: Licensed no longer includes support for Go <= 1.11 (<https://github.com/github/licensed/pull/602>)
 ## 3.9.1
 ### Fixed
-- Updating cached dependency records will more accurately apply `review_changed_license` flag (https://github.com/github/licensed/pull/578)
+- Updating cached dependency records will more accurately apply `review_changed_license` flag (<https://github.com/github/licensed/pull/578>)
 ## 3.9.0
 ### Added
-- `NOTICE` files can now be generated without cached files in a repository (https://github.com/github/licensed/pull/572)
+- `NOTICE` files can now be generated without cached files in a repository (<https://github.com/github/licensed/pull/572>)
 ## 3.8.0
 ### Added
-- Licensing compliance status checks can now be used without cached files in a repository (https://github.com/github/licensed/pull/560)
+- Licensing compliance status checks can now be used without cached files in a repository (<https://github.com/github/licensed/pull/560>)
 ## 3.7.5
 ### Fixed
-- Python dependency metadata will be correctly parsed from the ouput of `pip show` (https://github.com/github/licensed/pull/555)
+- Python dependency metadata will be correctly parsed from the ouput of `pip show` (<https://github.com/github/licensed/pull/555>)
 ## 3.7.4
 ### Fixed
-- Licenses for Python dependencies built with Hatchling are correctly found (https://github.com/github/licensed/pull/547)
+- Licenses for Python dependencies built with Hatchling are correctly found (<https://github.com/github/licensed/pull/547>)
 ## 3.7.3
 ### Fixed
-- Swift test fixtures build artifacts are now ignored (:tada: @CvX https://github.com/github/licensed/pull/524)
-- Running cargo test fixture setup no longer deletes test files (:tada: @CvX https://github.com/github/licensed/pull/525)
-- Bundler test fixtures are compatible with latest macOS silicon(:tada: @CvX https://github.com/github/licensed/pull/528)
-- Fix segfaults seen using licensed with ruby 3.0.4 (https://github.com/github/licensed/pull/530)
-- Fix compatibility with latest versions of bundler 2.3 (https://github.com/github/licensed/pull/535)
-- Fix compatibility with latest versions of bundler 2.3 (:tada: @CvX https://github.com/github/licensed/pull/522)
+- Swift test fixtures build artifacts are now ignored (:tada: @CvX <https://github.com/github/licensed/pull/524>)
+- Running cargo test fixture setup no longer deletes test files (:tada: @CvX <https://github.com/github/licensed/pull/525>)
+- Bundler test fixtures are compatible with latest macOS silicon(:tada: @CvX <https://github.com/github/licensed/pull/528>)
+- Fix segfaults seen using licensed with ruby 3.0.4 (<https://github.com/github/licensed/pull/530>)
+- Fix compatibility with latest versions of bundler 2.3 (<https://github.com/github/licensed/pull/535>)
+- Fix compatibility with latest versions of bundler 2.3 (:tada: @CvX <https://github.com/github/licensed/pull/522>)
 ## 3.7.2
 ### Fixed
-- Comparing dependency license contents now finds matching contents regardless of the order of the licenses (https://github.com/github/licensed/pull/516)
-- Fixed typo in a link in README.md (https://github.com/github/licensed/pull/514)
+- Comparing dependency license contents now finds matching contents regardless of the order of the licenses (<https://github.com/github/licensed/pull/516>)
+- Fixed typo in a link in README.md (<https://github.com/github/licensed/pull/514>)
 ### Changed
-- Elixir testing setup is migrated to erlef/setup-beam (https://github.com/github/licensed/pull/512)
+- Elixir testing setup is migrated to erlef/setup-beam (<https://github.com/github/licensed/pull/512>)
 ## 3.7.1
 ### Fixed
-- Dependencies' legal notice file matching has been made more strict to reduce false positives on code files containing the word `legal` (https://github.com/github/licensed/pull/510)
+- Dependencies' legal notice file matching has been made more strict to reduce false positives on code files containing the word `legal` (<https://github.com/github/licensed/pull/510>)
 ## 3.7.0
 ### Changed
-- Pip and pipenv sources will find dependency licenses under `dist-info/license_files` when available (https://github.com/github/licensed/pull/504)
+- Pip and pipenv sources will find dependency licenses under `dist-info/license_files` when available (<https://github.com/github/licensed/pull/504>)
 ## 3.6.0
@@ -173,17 +185,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- Composer dev dependencies can optionally be included in enumerated PHP dependencies (:tada: @digilist https://github.com/github/licensed/pull/486)
-- Getting started usage documentation (https://github.com/github/licensed/pull/483)
-- Initial support for NPM workspaces (https://github.com/github/licensed/pull/485)
+- Composer dev dependencies can optionally be included in enumerated PHP dependencies (:tada: @digilist <https://github.com/github/licensed/pull/486>)
+- Getting started usage documentation (<https://github.com/github/licensed/pull/483>)
+- Initial support for NPM workspaces (<https://github.com/github/licensed/pull/485>)
 ### Changed
-- Transitive dependencies are now enumerated by the `pip` source (https://github.com/github/licensed/pull/480)
+- Transitive dependencies are now enumerated by the `pip` source (<https://github.com/github/licensed/pull/480>)
 ### Fixed
-- `licensed cache --force` will now correctly overwrite existing license classifications (https://github.com/github/licensed/pull/473)
+- `licensed cache --force` will now correctly overwrite existing license classifications (<https://github.com/github/licensed/pull/473>)
 ## 3.5.0
@@ -191,7 +203,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- [Licensee](https://github.com/licensee/licensee) confidence thresholds can be configured in the licensed configuration file (https://github.com/github/licensed/pull/455)
+- [Licensee](https://github.com/licensee/licensee) confidence thresholds can be configured in the licensed configuration file (<https://github.com/github/licensed/pull/455>)
 ## 3.4.4
@@ -199,7 +211,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (https://github.com/github/licensed/pull/450)
+- The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (<https://github.com/github/licensed/pull/450>)
 ## 3.4.3
@@ -207,7 +219,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- The npm source handles more cases of missing, optional, peer dependencies (https://github.com/github/licensed/pull/443)
+- The npm source handles more cases of missing, optional, peer dependencies (<https://github.com/github/licensed/pull/443>)
 ## 3.4.2
@@ -215,7 +227,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- The yarn source will no longer evaluate package.json files that do not represent project dependencies (https://github.com/github/licensed/pull/439)
+- The yarn source will no longer evaluate package.json files that do not represent project dependencies (<https://github.com/github/licensed/pull/439>)
 ## 3.4.1
@@ -223,7 +235,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- Malformed package.json files will no longer crash yarn dependency detection (https://github.com/github/licensed/pull/431)
+- Malformed package.json files will no longer crash yarn dependency detection (<https://github.com/github/licensed/pull/431>)
 ## 3.4.0
@@ -231,17 +243,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- New Yarn enumerator with support for berry versions (https://github.com/github/licensed/pull/423)
+- New Yarn enumerator with support for berry versions (<https://github.com/github/licensed/pull/423>)
 ### Fixed
-- Error handling cases return correct values in the Yarn enumerator (https://github.com/github/licensed/pull/425)
-- Fixed link in command documentation (:tada: @chibicco https://github.com/github/licensed/pull/416)
-- Fixed minor backwards compatibility issue for Ruby 2.3 support (:tada: @dzunk https://github.com/github/licensed/pull/414)
+- Error handling cases return correct values in the Yarn enumerator (<https://github.com/github/licensed/pull/425>)
+- Fixed link in command documentation (:tada: @chibicco <https://github.com/github/licensed/pull/416>)
+- Fixed minor backwards compatibility issue for Ruby 2.3 support (:tada: @dzunk <https://github.com/github/licensed/pull/414>)
 ### Changed
-- Licensed's own dependencies are cached in the repository and kept up to date with GitHub Actions (https://github.com/github/licensed/pull/421)
+- Licensed's own dependencies are cached in the repository and kept up to date with GitHub Actions (<https://github.com/github/licensed/pull/421>)
 ## 3.3.1
@@ -249,11 +261,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- Fix evaluation of peer dependencies with npm 7 (:tada: @manuelpuyol https://github.com/github/licensed/pull/411)
+- Fix evaluation of peer dependencies with npm 7 (:tada: @manuelpuyol <https://github.com/github/licensed/pull/411>)
 ### Changed
-- Manifest source evaluation performance improvements (https://github.com/github/licensed/pull/407)
+- Manifest source evaluation performance improvements (<https://github.com/github/licensed/pull/407>)
 ## 3.3.0
@@ -261,11 +273,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- New cargo source enumerates rust dependencies (https://github.com/github/licensed/pull/404)
+- New cargo source enumerates rust dependencies (<https://github.com/github/licensed/pull/404>)
 ### Changed
-- Removed non-functional files from gem builds (https://github.com/github/licensed/pull/405)
+- Removed non-functional files from gem builds (<https://github.com/github/licensed/pull/405>)
 ## 3.2.3
@@ -273,8 +285,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- Bundler source will no longer infinitely recurse when enumerating specifications (https://github.com/github/licensed/pull/402)
-- Using the `--sources` command line option will no longer delete skipped sources' cached files (https://github.com/github/licensed/pull/401)
+- Bundler source will no longer infinitely recurse when enumerating specifications (<https://github.com/github/licensed/pull/402>)
+- Using the `--sources` command line option will no longer delete skipped sources' cached files (<https://github.com/github/licensed/pull/401>)
 ## 3.2.2
@@ -282,7 +294,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- Bundler source works properly again when used outside of `bundle exec` (https://github.com/github/licensed/pull/397)
+- Bundler source works properly again when used outside of `bundle exec` (<https://github.com/github/licensed/pull/397>)
 ## 3.2.1
@@ -290,13 +302,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
-- Updated multiple dependency versions (:tada: @mmorel-35 https://github.com/github/licensed/pull/385, https://github.com/github/licensed/pull/389)
-- Go homepage links use pkg.go.dev instead of godoc.org (:tada: @mmorel-35 https://github.com/github/licensed/commit/73cfbbe954a3e8c8cbaf8b68253053b157e01b79)
-- Local development ruby version changed to 2.7.4 (https://github.com/github/licensed/pull/393)
+- Updated multiple dependency versions (:tada: @mmorel-35 <https://github.com/github/licensed/pull/385>, <https://github.com/github/licensed/pull/389>)
+- Go homepage links use pkg.go.dev instead of godoc.org (:tada: @mmorel-35 <https://github.com/github/licensed/commit/73cfbbe954a3e8c8cbaf8b68253053b157e01b79>)
+- Local development ruby version changed to 2.7.4 (<https://github.com/github/licensed/pull/393>)
 ### Fixed
-- Bundler source correctly finds platform specific dependencies (https://github.com/github/licensed/pull/392)
+- Bundler source correctly finds platform specific dependencies (<https://github.com/github/licensed/pull/392>)
 ## 3.2.0
@@ -304,18 +316,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- Application names can be dynamically generated based on the path to the application source  (https://github.com/github/licensed/pull/375)
+- Application names can be dynamically generated based on the path to the application source  (<https://github.com/github/licensed/pull/375>)
 ### Changed
-- Updated command documentation (https://github.com/github/licensed/pull/378, https://github.com/github/licensed/pull/380/files)
-- Updated configuration documentation (https://github.com/github/licensed/pull/375)
-- Cache and status commands give additional diagnostic output when using JSON and YAML formatters (https://github.com/github/licensed/pull/378)
-- Status command will give users a link to documentation when compliance checks fail (https://github.com/github/licensed/pull/381)
+- Updated command documentation (<https://github.com/github/licensed/pull/378>, <https://github.com/github/licensed/pull/380/files>)
+- Updated configuration documentation (<https://github.com/github/licensed/pull/375>)
+- Cache and status commands give additional diagnostic output when using JSON and YAML formatters (<https://github.com/github/licensed/pull/378>)
+- Status command will give users a link to documentation when compliance checks fail (<https://github.com/github/licensed/pull/381>)
 ### Fixed
-- The bundler source correctly checks that the path bundler specifies a gem is loaded from is a file (https://github.com/github/licensed/pull/379)
+- The bundler source correctly checks that the path bundler specifies a gem is loaded from is a file (<https://github.com/github/licensed/pull/379>)
 ## 3.1.0
@@ -323,17 +335,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
-- Licensed supports Swift/Swift package manager as a dependency source (:tada: @mattt https://github.com/github/licensed/pull/363)'
+- Licensed supports Swift/Swift package manager as a dependency source (:tada: @mattt <https://github.com/github/licensed/pull/363>)'
 ### Changed
-- The `source_path` configuration property accepts arrays of inclusion and exclusion glob patterns (https://github.com/github/licensed/pull/368)
-- The Nuget source now uses configured fallback folders to find dependencies that are not in found in the project folder (https://github.com/github/licensed/pull/366)
-- The Nuget source supports a configurable property for the path from the project source path to the project's `obj` folder (https://github.com/github/licensed/pull/365)
+- The `source_path` configuration property accepts arrays of inclusion and exclusion glob patterns (<https://github.com/github/licensed/pull/368>)
+- The Nuget source now uses configured fallback folders to find dependencies that are not in found in the project folder (<https://github.com/github/licensed/pull/366>)
+- The Nuget source supports a configurable property for the path from the project source path to the project's `obj` folder (<https://github.com/github/licensed/pull/365>)
 ### Fixed
-- The Go source's checks for local packages will correctly find paths in case-insensitive file systems (https://github.com/github/licensed/pull/370)
-- The Bundler source will no longer unnecessarily reset the local Bundler environment configuration (https://github.com/github/licensed/pull/372)
+- The Go source's checks for local packages will correctly find paths in case-insensitive file systems (<https://github.com/github/licensed/pull/370>)
+- The Bundler source will no longer unnecessarily reset the local Bundler environment configuration (<https://github.com/github/licensed/pull/372>)
 ## 3.0.1
@@ -341,7 +354,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- The bundler source will correctly enumerate dependencies pulled with a `git:` directive (https://github.com/github/licensed/pull/360)
+- The bundler source will correctly enumerate dependencies pulled with a `git:` directive (<https://github.com/github/licensed/pull/360>)
 ## 3.0.0
@@ -359,7 +372,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
-- The pip source works with package names containing periods (:tada: @bcskda https://github.com/github/licensed/pull/350)
+- The pip source works with package names containing periods (:tada: @bcskda <https://github.com/github/licensed/pull/350>)
 ## 2.15.1
@@ -367,161 +380,209 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
-- The npm source will ignore dependencies that are marked as both extraneous and missing (https://github.com/github/licensed/pull/347)
+- The npm source will ignore dependencies that are marked as both extraneous and missing (<https://github.com/github/licensed/pull/347>)
 ## 2.15.0
 2021-03-24
 ### Added
-- Support for npm 7 (https://github.com/github/licensed/pull/341)
+- Support for npm 7 (<https://github.com/github/licensed/pull/341>)
 ### Fixed
-- Files in the manifest source will be found correctly for apps that are not at the repository root (https://github.com/github/licensed/pull/345)
+- Files in the manifest source will be found correctly for apps that are not at the repository root (<https://github.com/github/licensed/pull/345>)
 ## 2.14.4
 2021-02-09
 ### Added
-- `list` and `cache` commands optionally print output in JSON or YML formats using the `--format/-f` flag (https://github.com/github/licensed/pull/334)
-- `list` command will include detected license keys using the `--licenses/-l` flag (https://github.com/github/licensed/pull/334)
+- `list` and `cache` commands optionally print output in JSON or YML formats using the `--format/-f` flag (<https://github.com/github/licensed/pull/334>)
+- `list` command will include detected license keys using the `--licenses/-l` flag (<https://github.com/github/licensed/pull/334>)
 ## 2.14.3
 2020-12-11
 ### Fixed
-- Auto-generating license text for a known license will no longer raise an error if the found license has no text (:tada: @Eun https://github.com/github/licensed/pull/328)
+- Auto-generating license text for a known license will no longer raise an error if the found license has no text (:tada: @Eun <https://github.com/github/licensed/pull/328>)
 ## 2.14.2
 2020-11-20
 ### Fixed
-- Yarn source correctly finds dependency paths on disk (https://github.com/github/licensed/pull/326)
-- Go source better handles finding dependencies that have been vendored (https://github.com/github/licensed/pull/323)
+- Yarn source correctly finds dependency paths on disk (<https://github.com/github/licensed/pull/326>)
+- Go source better handles finding dependencies that have been vendored (<https://github.com/github/licensed/pull/323>)
 ## 2.14.1
 2020-10-09
 ### Fixed
-- Shell command output is encoded to UTF8 (https://github.com/github/licensed/pull/319)
+- Shell command output is encoded to UTF8 (<https://github.com/github/licensed/pull/319>)
 ## 2.14.0
 2020-10-04
 ### Added
-- `reviewed` dependencies can use glob pattern matching (https://github.com/github/licensed/pull/313)
+- `reviewed` dependencies can use glob pattern matching (<https://github.com/github/licensed/pull/313>)
 ### Fixed
-- Fix configuring source path globs that expand into a single directory (https://github.com/github/licensed/pull/312)
+- Fix configuring source path globs that expand into a single directory (<https://github.com/github/licensed/pull/312>)
 ## 2.13.0
 2020-09-23
 ### Added
-- `status` command results can be output in YAML and JSON formats (:tada: @julianvilas https://github.com/github/licensed/pull/303)
+- `status` command results can be output in YAML and JSON formats (:tada: @julianvilas <https://github.com/github/licensed/pull/303>)
 ### Fixed
-- `licensed` no longer crashes when parsing invalid YAML from cached records (https://github.com/github/licensed/pull/306)
-- NPM source will no longer crash when invalid JSON is returned from npm CLI calls (https://github.com/github/licensed/pull/300)
-- Bundler source is fixed to work properly with `gems.rb` lockfiles (https://github.com/github/licensed/pull/299)
+- `licensed` no longer crashes when parsing invalid YAML from cached records (<https://github.com/github/licensed/pull/306>)
+- NPM source will no longer crash when invalid JSON is returned from npm CLI calls (<https://github.com/github/licensed/pull/300>)
+- Bundler source is fixed to work properly with `gems.rb` lockfiles (<https://github.com/github/licensed/pull/299>)
 ## 2.12.2
 2020-07-07
 ### Changed
-- Cleaned up ruby 2.7 warnings (:tada: @jurre https://github.com/github/licensed/pull/292)
-- Cleaned up additional warnings in tests (https://github.com/github/licensed/pull/293)
+- Cleaned up ruby 2.7 warnings (:tada: @jurre <https://github.com/github/licensed/pull/292>)
+- Cleaned up additional warnings in tests (<https://github.com/github/licensed/pull/293>)
 ## 2.12.1
 2020-06-30
 ### Fixed
-- `licensed` no longer exits an error code when using the `--sources` CLI argument (https://github.com/github/licensed/pull/290)
+- `licensed` no longer exits an error code when using the `--sources` CLI argument (<https://github.com/github/licensed/pull/290>)
 ## 2.12.0
 2020-06-19
 ### Added
-- `--sources` argument for cache, list, status and notices commands to filter running sources (https://github.com/github/licensed/pull/287)
+- `--sources` argument for cache, list, status and notices commands to filter running sources (<https://github.com/github/licensed/pull/287>)
 ### Fixed
-- `cache` command will not remove files outside of enabled source cache paths (https://github.com/github/licensed/pull/287)
+- `cache` command will not remove files outside of enabled source cache paths (<https://github.com/github/licensed/pull/287>)
 ## 2.11.1
 2020-06-09
 ### Fixed
-- `notices` command properly reads cached dependency notices contents (https://github.com/github/licensed/pull/283)
+- `notices` command properly reads cached dependency notices contents (<https://github.com/github/licensed/pull/283>)
 ## 2.11.0
 2020-06-02
 ### Added
-- `notices` command to create a `NOTICE` file for each configured app (https://github.com/github/licensed/pull/277)
+- `notices` command to create a `NOTICE` file for each configured app (<https://github.com/github/licensed/pull/277>)
 ### Fixed
-- NuGet source no longer crashes on a non-existent dependency path (https://github.com/github/licensed/pull/280)
-- Go source no longer crashes on a non-existent dependency package path (https://github.com/github/licensed/pull/274)
+- NuGet source no longer crashes on a non-existent dependency path (<https://github.com/github/licensed/pull/280>)
+- Go source no longer crashes on a non-existent dependency package path (<https://github.com/github/licensed/pull/274>)
 ## 2.10.0
 2020-05-15
 ### Changed
-- NPM source ignores missing peer dependencies (https://github.com/github/licensed/pull/267)
+- NPM source ignores missing peer dependencies (<https://github.com/github/licensed/pull/267>)
 ### Added
-- NuGet source (:tada: @zarenner https://github.com/github/licensed/pull/261)
-- Multiple apps can share a single cache location (https://github.com/github/licensed/pull/263)
+- NuGet source (:tada: @zarenner <https://github.com/github/licensed/pull/261>)
+- Multiple apps can share a single cache location (<https://github.com/github/licensed/pull/263>)
 ## 2.9.2
 2020-04-28
 ### Changed
-- `licensee` minimum version bumped to 9.13.2 (https://github.com/github/licensed/pull/256)
+- `licensee` minimum version bumped to 9.13.2 (<https://github.com/github/licensed/pull/256>)
 ## 2.9.1
 2020-03-24
 ### Changed
-- relaxed gem version restrictions on Thor (:tada: @eileencodes https://github.com/github/licensed/pull/254)
+- relaxed gem version restrictions on Thor (:tada: @eileencodes <https://github.com/github/licensed/pull/254>)
 ## 2.9.0
 2020-03-19
 ### Added
-- Source paths use glob pattern matching (https://github.com/github/licensed/pull/245)
+- Source paths use glob pattern matching (<https://github.com/github/licensed/pull/245>)
 ### Fixed
-- Mix source supports updates to mix.lock format (:tada: @bruce https://github.com/github/licensed/pull/242)
-- Go source supports `go list` format changes in go 1.14 (https://github.com/github/licensed/pull/247)
+- Mix source supports updates to mix.lock format (:tada: @bruce <https://github.com/github/licensed/pull/242>)
+- Go source supports `go list` format changes in go 1.14 (<https://github.com/github/licensed/pull/247>)
 ### Changed
-- `licensed cache` will flag dependencies for re-review when license text changes (https://github.com/github/licensed/pull/248)
-- `licensed status` will raise errors on dependencies that need re-review (https://github.com/github/licensed/pull/248)
-- `licensee` minimum version bumped to 9.13.1 (https://github.com/github/licensed/pull/251)
+- `licensed cache` will flag dependencies for re-review when license text changes (<https://github.com/github/licensed/pull/248>)
+- `licensed status` will raise errors on dependencies that need re-review (<https://github.com/github/licensed/pull/248>)
+- `licensee` minimum version bumped to 9.13.1 (<https://github.com/github/licensed/pull/251>)
 ## 2.8.0
 2020-01-03
 ### Added
-- Yarn source (https://github.com/github/licensed/pull/232, https://github.com/github/licensed/pull/233, https://github.com/github/licensed/pull/236)
-- NPM source has a new option to include non-production dependencies (https://github.com/github/licensed/pull/231)
+- Yarn source (<https://github.com/github/licensed/pull/232>, <https://github.com/github/licensed/pull/233>, <https://github.com/github/licensed/pull/236>)
+- NPM source has a new option to include non-production dependencies (<https://github.com/github/licensed/pull/231>)
 ### Fixed
-- Cabal source will no longer crash if packages aren't found (https://github.com/github/licensed/pull/230)
+- Cabal source will no longer crash if packages aren't found (<https://github.com/github/licensed/pull/230>)
 ## 2.7.0
 2019-11-10
 ### Added
-- License text is automatically generated for known licenses when not otherwise available (https://github.com/github/licensed/pull/223)
+- License text is automatically generated for known licenses when not otherwise available (<https://github.com/github/licensed/pull/223>)
 ### Changed
-- Ignoring dependencies uses glob pattern matching (https://github.com/github/licensed/pull/225)
+- Ignoring dependencies uses glob pattern matching (<https://github.com/github/licensed/pull/225>)
 ## 2.6.2
 2019-11-03
 ### Changed
 - A number of improvements to the go dependency enumerator
   - use `go env GOPATH` as a default if no other GOPATH is found
   - better compatibility with go modules when finding license content
@@ -530,94 +591,121 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   - better checks for standard packages, reducing the amount of cached content
 ## 2.6.1
 2019-10-26
 ### Changed
-- Performance improvements during dependency enumeration (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/204, https://github.com/github/licensed/pull/207) (https://github.com/github/licensed/pull/210)
+- Performance improvements during dependency enumeration (:tada: @krzysztof-pawlik-gat <https://github.com/github/licensed/pull/204>, <https://github.com/github/licensed/pull/207>) (<https://github.com/github/licensed/pull/210>)
 ## 2.6.0
 2019-10-22
 ### Added
-- Mix source for Elixir (:tada: @bruce https://github.com/github/licensed/pull/195)
+- Mix source for Elixir (:tada: @bruce <https://github.com/github/licensed/pull/195>)
 ## 2.5.0
 2019-09-26
 ### Added
-- `env` command to output application environment configuration (https://github.com/github/licensed/pull/187, https://github.com/github/licensed/pull/191)
+- `env` command to output application environment configuration (<https://github.com/github/licensed/pull/187>, <https://github.com/github/licensed/pull/191>)
 ### Changed
-- `status` command will pass if multiple allowed licenses are found (https://github.com/github/licensed/pull/188)
+- `status` command will pass if multiple allowed licenses are found (<https://github.com/github/licensed/pull/188>)
 ## 2.4.0
 2019-09-15
 ### Added
-- Composer source for PHP (https://github.com/github/licensed/pull/182)
+- Composer source for PHP (<https://github.com/github/licensed/pull/182>)
 ## 2.3.2
 2019-08-26
 ### Fixed
 - Bundler with/without array settings are properly handled for bundler 1.15.x
 ## 2.3.1
 2019-08-20
 ### Changed
-- Using the npm source with yarn, "missing" dependencies are no longer considered errors (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/170)
-- The bundler source now calls `gem specification` with dependency version requirements (https://github.com/github/licensed/pull/173)
+- Using the npm source with yarn, "missing" dependencies are no longer considered errors (:tada: @krzysztof-pawlik-gat <https://github.com/github/licensed/pull/170>)
+- The bundler source now calls `gem specification` with dependency version requirements (<https://github.com/github/licensed/pull/173>)
 ## 2.3.0
 2019-05-19
 ### Added
-- New Pipenv dependency source enumerator (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/167)
+- New Pipenv dependency source enumerator (:tada: @krzysztof-pawlik-gat <https://github.com/github/licensed/pull/167>)
 ## 2.2.0
 2019-05-11
 ### Added
-- Content hash versioning strategy for go and manifest sources (https://github.com/github/licensed/pull/164)
+- Content hash versioning strategy for go and manifest sources (<https://github.com/github/licensed/pull/164>)
 ### Fixed
-- Python source handles urls and package names with "-" in requirements.txt (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/165)
+- Python source handles urls and package names with "-" in requirements.txt (:tada: @krzysztof-pawlik-gat <https://github.com/github/licensed/pull/165>)
 ## 2.1.0
 2019-04-16
 ### Added
-- New Gradle dependency source enumerator (:tada: @dbussink https://github.com/github/licensed/pull/150, @jandersson-svt https://github.com/github/licensed/pull/159)
-- Metadata added to distributed packages (https://github.com/github/licensed/pull/160)
+- New Gradle dependency source enumerator (:tada: @dbussink <https://github.com/github/licensed/pull/150>, @jandersson-svt <https://github.com/github/licensed/pull/159>)
+- Metadata added to distributed packages (<https://github.com/github/licensed/pull/160>)
 ### Changes
-- Bundler dependency source loads license key from a gem's cached gemspec file as a fallback (https://github.com/github/licensed/pull/154)
-- Licensed will only raise errors on an empty dependency path when caching records (https://github.com/github/licensed/pull/149)
+- Bundler dependency source loads license key from a gem's cached gemspec file as a fallback (<https://github.com/github/licensed/pull/154>)
+- Licensed will only raise errors on an empty dependency path when caching records (<https://github.com/github/licensed/pull/149>)
 ### Fixed
-- Migrating to v2 will no longer crash trying to migrate cached records that don't exist (https://github.com/github/licensed/pull/148)
-- Reported warnings will no longer crash licensed when caching records (https://github.com/github/licensed/pull/147)
+- Migrating to v2 will no longer crash trying to migrate cached records that don't exist (<https://github.com/github/licensed/pull/148>)
+- Reported warnings will no longer crash licensed when caching records (<https://github.com/github/licensed/pull/147>)
 ## 2.0.1
 2019-02-14
 ### Changes
 - Dependency paths that don't exist on the local disk are reported as warnings
 - Cache, status and list output is sorted by app name, source type and dependency name
 - Bumped `licensee` gem requirement
 ## 2.0.0
 2019-02-09
 **This is a major release and includes breaking changes to the configuration and cached record file formats**
 ### Added
 - New `migrate` command to automatically update configuration and cached record file formats
 - New extensible reporting infrastructure
 - New base command and source classes to abstract away implementation details
 ### Changes
 - Cached dependency metadata files are now stored entirely as YAML, with `.dep.yml` extension
 - The Bundler dependency source is now identified in configuration files and output as `bundler` instead of `rubygem`
 - Refactored sources for better consistency between classes
@@ -626,134 +714,171 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Updated Dependency classes for better integration with `licensee`
 ### Fixed
 - Licensed no longer exits on errors when evaluating dependency sources or finding dependencies
 - The Bundler dependency source correctly finds the `bundler` gem as a dependency in more cases
 ## 1.5.2
 2018-12-27
 ### Changes
-- Go source added support for Go modules and Golang 1.11+ (https://github.com/github/licensed/pull/113)
+- Go source added support for Go modules and Golang 1.11+ (<https://github.com/github/licensed/pull/113>)
 ### Fixed
-- Licensed will have a non-zero exit code when commands fail (:tada: @parkr https://github.com/github/licensed/pull/111)
+- Licensed will have a non-zero exit code when commands fail (:tada: @parkr <https://github.com/github/licensed/pull/111>)
 ## 1.5.1
 2018-10-30
 ### Fixed
-- Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable due to a ruby version mismatch (https://github.com/github/licensed/pull/106)
+- Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable due to a ruby version mismatch (<https://github.com/github/licensed/pull/106>)
 ## 1.5.0
 2018-10-24
 ### Added
-- `licensed (version | -v | --version)` command to see the current licensed version (:tada: @mwagz! https://github.com/github/licensed/pull/101)
+- `licensed (version | -v | --version)` command to see the current licensed version (:tada: @mwagz! <https://github.com/github/licensed/pull/101>)
 ### Fixed
-- NPM source no longer raises an error when ignored dependencies aren't found (:tada: @mwagz! https://github.com/github/licensed/pull/100)
-- Checking for a Git repo will no longer possibly modify `.git/index` (:tada: @dbussink https://github.com/github/licensed/pull/102)
-- Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable (https://github.com/github/licensed/pull/103)
+- NPM source no longer raises an error when ignored dependencies aren't found (:tada: @mwagz! <https://github.com/github/licensed/pull/100>)
+- Checking for a Git repo will no longer possibly modify `.git/index` (:tada: @dbussink <https://github.com/github/licensed/pull/102>)
+- Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable (<https://github.com/github/licensed/pull/103>)
 ## 1.4.0
 2018-10-20
 ### Added
 - Git Submodules dependency source :tada:
 - Configuration option to explicitly set a root absolute path
 ### Changes
 - `COPYING` file is no longer matched as a legal file
 ### Fixed
 - NPM source will enumerate multiple versions of the same dependency
 - Running Licensed outside of a Git repository no longer raises an error
 - Packaging scripts will correctly return to the previous branch when the script is finished
 ## 1.3.4
 2018-09-20
 ### Changes
 - Bundler source will avoid looking for a gemspec file when possible
 ## 1.3.3
 2018-09-07
 ### Fixed
 - Manifest source configuration globs correctly enumerates files from within submodules
 - The manifest source no longer errors when getting version information from submodules
 ## 1.3.2
 2018-08-15
 ### Fixed
 - Fixed issue when multiple versions of a cabal package are found
 ## 1.3.1
 2018-08-01
 ### Fixed
 - Fixed regression finding ruby gems by path
 ## 1.3.0
 2018-07-25
 ### Added
 - Manifests for the manifest dependency source can be specified using glob patterns in the configuration
 - Paths to licenses for dependencies from the manifest dependency source can be specified in the configuration
 - Manifest dependency source looks for license content in C-style comments if a license file isn't found
 ## Changes
 - GitHub is no longer queried to find remote license information
 - Removed custom logic around determining whether to use the license key from `licensee`
 - NPM dependency enumeration doesn't use `npm list`
 - Licensed now tracks content from multiple license files when available
 ### Fixed
 - Fixed regression finding platform-specific ruby gems
 ## 1.2.0
 2018-06-22
 ### Added
 - Building and packaging distributable exes for licensed releases
 - Can now configure which Gemfile groups are excluded from dependency enumeration
 ### Fixed
 - Bundler is no longer always reported as a dependency
 - Set the minimum required ruby version for licensed
 ## 1.1.0
 2018-06-04
 ### Added
 - Pip dependency source :tada:
 - Go Dep dependency source :tada:
 ### Changed
 - Changed how `sources` configuration property affects which sources are enabled
 - Raise informative error messages when shell commands fail
 ### Fixed
 - Don't reuse cached license when cached version metadata is missing
 - Disable dependency sources when dependent tools are not available
 - Vendored packages from the go std library are properly excluded
 - Cabal dependency enumeration properly includes executable targets
 ## 1.0.1
 2018-04-26
 ### Added
 - GOPATH settable in configuration file
 ### Changed
 - Reuse "license" metadata property when license text has not changed
 ### Fixed
 - Path expansion for cabal "ghc_package_db" configuration setting occurs from repository root
 - Local Gemfile(.lock) files correctly used in enumerating Bundler source dependencies
 ## 1.0.0
 2018-02-20
 Initial release :tada:

data/Gemfile.lock CHANGED Viewed

@@ -1,12 +1,13 @@
 PATH
   remote: .
   specs:
-    licensed (5.0.0)
+    licensed (5.0.2)
+      csv (~> 3.3)
       json (~> 2.6)
       licensee (~> 9.16)
       parallel (~> 1.22)
       pathname-common_prefix (~> 0.0.1)
-      reverse_markdown (~> 2.1)
+      reverse_markdown (>= 2.1, < 4.0)
       ruby-xxHash (~> 0.4.0)
       thor (~> 1.2)
       tomlrb (~> 2.0)
@@ -24,56 +25,61 @@ GEM
       minitest (>= 5.1)
       mutex_m
       tzinfo (~> 2.0)
-    addressable (2.8.1)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
     base64 (0.2.0)
     bigdecimal (3.1.7)
     byebug (11.1.3)
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
-    dotenv (2.8.1)
+    csv (3.3.2)
+    dotenv (3.1.4)
     drb (2.2.1)
-    faraday (2.7.4)
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (3.0.2)
+    faraday (2.12.1)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.0)
+      net-http (>= 0.5.0)
     i18n (1.14.4)
       concurrent-ruby (~> 1.0)
-    json (2.7.2)
-    licensee (9.16.0)
-      dotenv (~> 2.0)
-      octokit (>= 4.20, < 7.0)
-      reverse_markdown (>= 1, < 3)
+    json (2.9.1)
+    licensee (9.18.0)
+      dotenv (>= 2, < 4)
+      octokit (>= 4.20, < 10.0)
+      reverse_markdown (>= 1, < 4)
       rugged (>= 0.24, < 2.0)
       thor (>= 0.19, < 2.0)
-    mini_portile2 (2.8.1)
-    minitest (5.25.1)
+    logger (1.6.1)
+    mini_portile2 (2.8.8)
+    minitest (5.25.4)
     minitest-hooks (1.5.2)
       minitest (> 5.3)
-    mocha (2.4.5)
+    mocha (2.7.1)
       ruby2_keywords (>= 0.0.5)
     mutex_m (0.2.0)
-    nokogiri (1.16.5)
-      mini_portile2 (~> 2.8.0)
+    net-http (0.5.0)
+      uri
+    nokogiri (1.16.7)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    octokit (6.1.0)
+    octokit (9.2.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     parallel (1.26.3)
     parser (3.2.0.0)
       ast (~> 2.4.1)
     pathname-common_prefix (0.0.2)
-    public_suffix (5.0.1)
-    racc (1.6.2)
+    public_suffix (6.0.1)
+    racc (1.8.1)
     rack (3.0.9.1)
     rainbow (3.1.1)
     rake (13.2.1)
     regexp_parser (2.6.2)
-    reverse_markdown (2.1.1)
+    reverse_markdown (3.0.0)
       nokogiri
-    rexml (3.3.6)
-      strscan
+    rexml (3.3.9)
     rubocop (1.45.1)
       json (~> 2.3)
       parallel (~> 1.10)
@@ -100,16 +106,16 @@ GEM
     ruby-progressbar (1.11.0)
     ruby-xxHash (0.4.0.2)
     ruby2_keywords (0.0.5)
-    rugged (1.5.1)
+    rugged (1.7.2)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    strscan (3.1.0)
     thor (1.3.2)
     tomlrb (2.0.3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.4.2)
+    uri (1.0.2)
 PLATFORMS
   ruby

data/docs/migrations/v3.md CHANGED Viewed

@@ -16,7 +16,7 @@ Using licensed to enumerate bundler dependencies in a GitHub Actions workflow wi
 If you are using licensed in a GitHub Actions workflow, [github/setup-licensed](https://github.com/github/setup-licensed) has been updated according to this breaking change.  `setup-licensed` will install the licensed gem when ruby is available, or the licensed executable when ruby is not available.  Alternatively, you can `gem install` licensed directly as an actions step.
-This is an example workflow definition that runs [github/licensed-ci](https://github.com/github/licensed-ci)'s opinionated license compliance workflow in CI.  It includes jobs that demonstrate installing licensed using
+This is an example workflow definition that runs [github/licensed-ci](https://github.com/github/licensed-ci)'s opinionated license compliance workflow in CI.  It includes jobs that demonstrate installing licensed using
 - `gem install`
 - [github/setup-licensed](https://github.com/github/setup-licensed)
 - installing when included in a bundler gem file
@@ -43,9 +43,9 @@ jobs:
     steps:
       # checkout the repo
       - uses: actions/checkout@v1
       # install ruby
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
         with:
           ruby-version: "3.0"
@@ -60,8 +60,8 @@ jobs:
       # run licensed-ci to cache any metadata changes and verify compliance
       - uses: github/licensed-ci@v1
-  # OR
+  # OR
   # install licensed using gem install
   licensed-ci-gem:
     runs-on: ubuntu-latest
@@ -69,9 +69,9 @@ jobs:
     steps:
       # checkout the repo
       - uses: actions/checkout@v1
       # install ruby and bundler
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
         with:
           ruby-version: "3.0"
@@ -93,9 +93,9 @@ jobs:
     steps:
       # checkout the repo
       - uses: actions/checkout@v1
       # install ruby and bundler
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
         with:
           ruby-version: "3.0"

data/lib/licensed/sources/npm.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module Licensed
       end
       def packages
-        root_dependencies = package_metadata["dependencies"]
+        root_dependencies = package_metadata["dependencies"] || {}
         recursive_dependencies(root_dependencies).each_with_object({}) do |(name, results), hsh|
           results.uniq! { |package| package["version"] }
           if results.size == 1

data/lib/licensed/version.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "5.0.0".freeze
+  VERSION = "5.0.2".freeze
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec CHANGED Viewed

@@ -23,13 +23,14 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 3.0.0"
+  spec.add_dependency "csv", "~> 3.3"
   spec.add_dependency "licensee", "~> 9.16"
   spec.add_dependency "thor", "~> 1.2"
   spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
   spec.add_dependency "tomlrb", "~> 2.0"
   spec.add_dependency "ruby-xxHash", "~> 0.4.0"
   spec.add_dependency "parallel", "~> 1.22"
-  spec.add_dependency "reverse_markdown", "~> 2.1"
+  spec.add_dependency "reverse_markdown", ">= 2.1", "< 4.0"
   spec.add_dependency "json", "~> 2.6"
   spec.add_development_dependency "rake", "~> 13.0"

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.2
 platform: ruby
 authors:
 - GitHub
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-04 00:00:00.000000000 Z
+date: 2025-02-06 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: csv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
 - !ruby/object:Gem::Dependency
   name: licensee
   requirement: !ruby/object:Gem::Requirement
@@ -98,16 +112,22 @@ dependencies:
   name: reverse_markdown
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
@@ -327,7 +347,7 @@ homepage: https://github.com/github/licensed
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -343,7 +363,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.3.26
-signing_key:
+signing_key:
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.
 test_files: []