licensed 5.0.4 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a586e2e8aa3d3294b92e84252f95d05f8d27c9077b36da193daa33d6f4243a7
-  data.tar.gz: c4452cafe3fb8316b7a38a3f9e57d65a4fd039b1ac39b6ff6ad944b2d8e3161e
+  metadata.gz: 93373cde622ea3d33acda4c6a94ddff7c309d6381b5578c5d8224aca5d899cf3
+  data.tar.gz: c03ab707bbc5f0aaecca317e2bfa3418d716a4aaba648cd1327626ef67ec8454
 SHA512:
-  metadata.gz: 246d00fceee3b3c766d6653c70b7ec709259418eff549091796598f6c67cfe191e225bf5462b150f9f34605920f3dedc4acf635ff3942ffaa001ea7b1ce79cdb
-  data.tar.gz: 3a88e5f7008e31107a29412f6aa84c98cede336c1039166092fb07f5cd29511e25e3c18aa37a7924eb784e9af8b933bdb553adc51fda1dd67dc860bd7598bca7
+  metadata.gz: c440e8a50d67a00eedd20ab514c66d922b6ffa7c7d24a8419ed558839d2355c8315dc865785110d176718015ed93004023557b763ff6e2c5003025e27ff3a770
+  data.tar.gz: 422a67416d5799789e0f2755190a112561cf1870627dc46d628311b175f1c96d27a222c7cc67113636853ef320348f45e8affd3e1c646b1b0a3005fb49eb95c4

data/Brewfile

@@ -1,3 +1,7 @@
 # frozen_string_literal: true
 
-brew "ruby@3.1", version_file: ".ruby-version"
+brew "ruby", version_file: ".ruby-version"
+
+# Needed for building rugged
+brew "cmake"
+brew "pkgconf"

data/Gemfile.lock

@@ -1,10 +1,11 @@
 PATH
   remote: .
   specs:
-    licensed (5.0.4)
+    licensed (5.0.7)
       csv (~> 3.3)
       json (~> 2.6)
       licensee (~> 9.16)
+      ostruct (~> 0.6.3)
       parallel (~> 1.22)
       pathname-common_prefix (~> 0.0.1)
       reverse_markdown (>= 2.1, < 4.0)
@@ -15,118 +16,121 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.2.2.1)
+    activesupport (8.1.3)
       base64
-      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      json
       logger (>= 1.4.2)
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
-    ast (2.4.2)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
+      uri (>= 0.13.1)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
+    ast (2.4.3)
+    base64 (0.3.0)
+    bigdecimal (4.1.1)
     byebug (12.0.0)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.0)
-    csv (3.3.4)
-    dotenv (3.1.7)
-    drb (2.2.1)
-    faraday (2.12.2)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
+    csv (3.3.5)
+    dotenv (3.2.0)
+    drb (2.2.3)
+    faraday (2.14.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-net_http (3.4.0)
-      net-http (>= 0.5.0)
-    i18n (1.14.7)
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    json (2.11.3)
-    language_server-protocol (3.17.0.4)
-    licensee (9.18.0)
+    json (2.19.3)
+    language_server-protocol (3.17.0.5)
+    licensee (9.19.0)
       dotenv (>= 2, < 4)
-      octokit (>= 4.20, < 10.0)
+      octokit (>= 4.20, < 11.0)
       reverse_markdown (>= 1, < 4)
       rugged (>= 0.24, < 2.0)
       thor (>= 0.19, < 2.0)
     lint_roller (1.1.0)
-    logger (1.6.6)
-    mini_portile2 (2.8.8)
-    minitest (5.25.5)
-    minitest-hooks (1.5.2)
+    logger (1.7.0)
+    mini_portile2 (2.8.9)
+    minitest (5.27.0)
+    minitest-hooks (1.5.3)
       minitest (> 5.3)
-    mocha (2.7.1)
+    mocha (3.1.0)
       ruby2_keywords (>= 0.0.5)
-    net-http (0.6.0)
-      uri
-    nokogiri (1.18.8)
+    net-http (0.9.1)
+      uri (>= 0.11.1)
+    nokogiri (1.19.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    octokit (9.2.0)
+    octokit (10.0.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    parallel (1.27.0)
-    parser (3.3.7.1)
+    ostruct (0.6.3)
+    parallel (1.28.0)
+    parser (3.3.11.1)
       ast (~> 2.4.1)
       racc
     pathname-common_prefix (0.0.2)
-    public_suffix (6.0.1)
+    prism (1.9.0)
+    public_suffix (7.0.5)
     racc (1.8.1)
-    rack (3.1.12)
+    rack (3.2.6)
     rainbow (3.1.1)
-    rake (13.2.1)
-    regexp_parser (2.10.0)
-    reverse_markdown (3.0.0)
+    rake (13.4.1)
+    regexp_parser (2.12.0)
+    reverse_markdown (3.0.2)
       nokogiri
-    rubocop (1.73.2)
+    rubocop (1.86.1)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
-      parallel (~> 1.10)
+      parallel (>= 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.38.1)
-      parser (>= 3.3.1.0)
-    rubocop-github (0.23.0)
-      rubocop (>= 1.72)
+    rubocop-ast (1.49.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
+    rubocop-github (0.27.0)
+      rubocop (>= 1.76)
       rubocop-performance (>= 1.24)
       rubocop-rails (>= 2.23)
-    rubocop-performance (1.24.0)
+    rubocop-performance (1.26.1)
       lint_roller (~> 1.1)
-      rubocop (>= 1.72.1, < 2.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
-    rubocop-rails (2.30.3)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+    rubocop-rails (2.34.3)
       activesupport (>= 4.2.0)
       lint_roller (~> 1.1)
       rack (>= 1.1)
-      rubocop (>= 1.72.1, < 2.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
     ruby-progressbar (1.13.0)
     ruby-xxHash (0.4.0.2)
     ruby2_keywords (0.0.5)
     rugged (1.9.0)
-    sawyer (0.9.2)
+    sawyer (0.9.3)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
     securerandom (0.4.1)
-    thor (1.3.2)
-    tomlrb (2.0.3)
+    thor (1.5.0)
+    tomlrb (2.0.4)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (3.1.4)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
-    uri (1.0.3)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
 
 PLATFORMS
   ruby
@@ -136,9 +140,9 @@ DEPENDENCIES
   licensed!
   minitest (~> 5.17)
   minitest-hooks (~> 1.5)
-  mocha (~> 2.0)
+  mocha (~> 3.0)
   rake (~> 13.0)
   rubocop-github (~> 0.20)
 
 BUNDLED WITH
-   2.3.26
+  4.0.8

data/README.md

@@ -94,7 +94,7 @@ To get started after checking out the repo, run
 
 You can also run `script/console` for an interactive prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then create a release on GitHub.
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, create a GitHub release from the matching `vX.Y.Z` tag.
 
 ### Adding a new source
 

data/docs/migrations/v3.md

@@ -45,7 +45,7 @@ jobs:
       - uses: actions/checkout@v1
 
       # install ruby
-      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
+      - uses: ruby/setup-ruby@80740b3b13bf9857e28854481ca95a84e78a2bdf
         with:
           ruby-version: "3.0"
 
@@ -71,7 +71,7 @@ jobs:
       - uses: actions/checkout@v1
 
       # install ruby and bundler
-      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
+      - uses: ruby/setup-ruby@80740b3b13bf9857e28854481ca95a84e78a2bdf
         with:
           ruby-version: "3.0"
 
@@ -95,7 +95,7 @@ jobs:
       - uses: actions/checkout@v1
 
       # install ruby and bundler
-      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc
+      - uses: ruby/setup-ruby@80740b3b13bf9857e28854481ca95a84e78a2bdf
         with:
           ruby-version: "3.0"
 

data/lib/licensed/sources/bundler/missing_specification.rb

@@ -59,6 +59,8 @@ end
 
 module Bundler
   class LazySpecification
-    prepend ::Licensed::Bundler::LazySpecification
+    if Gem::Version.new(::Bundler::VERSION) < Gem::Version.new("4.0.0")
+      prepend ::Licensed::Bundler::LazySpecification
+    end
   end
 end

data/lib/licensed/sources/pip.rb

@@ -20,7 +20,7 @@ module Licensed
             metadata: {
               "type"        => self.class.type,
               "summary"     => package["Summary"],
-              "homepage"    => package["Home-page"]
+              "homepage"    => homepage(package)
             }
           )
         end
@@ -39,7 +39,7 @@ module Licensed
       # Returns the location of license files in the package, checking for the inclusion of a new `license_files`
       # folder per https://peps.python.org/pep-0639/
       def package_license_location(package)
-        dist_info = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
+        dist_info = package_dist_info_path(package)
 
         license_path = ["license_files", "licenses"]
           .map { |directory| File.join(dist_info, directory) }
@@ -48,6 +48,15 @@ module Licensed
         license_path || dist_info
       end
 
+      # Returns the package's .dist-info path, matching case-insensitively to support
+      # filesystems where installed wheel metadata directories may be lowercase.
+      def package_dist_info_path(package)
+        expected = "#{package["Name"].tr("-", "_")}-#{package["Version"]}.dist-info".downcase
+        dist_infos = Dir.glob(File.join(package["Location"], "*.dist-info"))
+        dist_infos.find { |path| File.basename(path).downcase == expected } ||
+          File.join(package["Location"], "#{package["Name"].tr("-", "_")}-#{package["Version"]}.dist-info")
+      end
+
       # Returns parsed information for all packages used by the project,
       # using `pip list` to determine what packages are used and `pip show`
       # to gather package information
@@ -68,20 +77,36 @@ module Licensed
         @package_names ||= begin
           JSON.parse(pip_list_command).map { |package| package["name"] }
         rescue JSON::ParserError => e
-          message = "Licensed was unable to parse the output from 'npm list'. JSON Error: #{e.message}"
+          message = "Licensed was unable to parse the output from 'pip list'. JSON Error: #{e.message}"
           raise Licensed::Sources::Source::Error, message
         end
       end
 
       # Returns a hash filled with package info parsed from the email-header formatted output
-      # returned by `pip show`
+      # returned by `pip show --verbose`, including continuation lines for multi-line fields.
       def parse_package_info(package_info)
+        current_key = nil
+
         package_info.lines.each_with_object(Hash.new(0)) do |pkg, a|
-          next if pkg.start_with?(/^\s/)
+          if pkg.match?(/^\s/)
+            if current_key
+              current_value = a[current_key]
+              continuation = pkg.strip
+              a[current_key] =
+                if current_value.to_s.empty?
+                  continuation
+                else
+                  "#{current_value}\n#{continuation}"
+                end
+            end
+            next
+          end
 
           k, v = pkg.split(":", 2)
           next if k.nil? || k.empty?
-          a[k.strip] = v&.strip
+
+          current_key = k.strip
+          a[current_key] = v&.strip
         end
       end
 
@@ -92,7 +117,39 @@ module Licensed
 
       # Returns the output from `pip show <package> <package> ...`
       def pip_show_command(package)
-        Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", package)
+        Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", "--verbose", package)
+      end
+
+      # Returns the package homepage from pip package metadata
+      def homepage(package)
+        home_page = package["Home-page"]
+        return home_page unless home_page.to_s.empty?
+
+        homepage_from_project_urls(package["Project-URL"] || package["Project-URLs"]) || home_page
+      end
+
+      # Returns best-effort homepage URL extracted from Project-URL(s) metadata
+      # With priority given to Home > Repository > Source, otherwise the first URL
+      def homepage_from_project_urls(project_urls)
+        return if project_urls.to_s.empty?
+
+        entries = project_urls
+          .to_s
+          .split("\n")
+          .map(&:strip)
+          .reject(&:empty?)
+
+        candidates = entries.filter_map do |entry|
+          label, url = entry.split(",", 2).map { |value| value&.strip }
+          next unless url&.match?(%r{^https?://})
+
+          [label.to_s, url]
+        end
+
+        preferred = candidates.find { |label, _| label.match?(/home/i) } ||
+          candidates.find { |label, _| label.match?(/repo/i) } ||
+          candidates.find { |label, _| label.match?(/source/i) }
+        preferred&.last || candidates.first&.last
       end
 
       def virtual_env_dir

data/lib/licensed/version.rb

@@ -1,6 +1,56 @@
 # frozen_string_literal: true
+require "open3"
+
 module Licensed
-  VERSION = "5.0.4".freeze
+  VERSION = begin
+    root = File.expand_path("../..", __dir__)
+    loaded_spec = Gem.loaded_specs["licensed"]
+    loaded_from = loaded_spec&.loaded_from && File.expand_path(loaded_spec.loaded_from)
+
+    # Published gems should report the version stored in gem metadata. Source
+    # checkouts need to ignore Bundler's path gemspec so development builds can
+    # infer the next release version from git tags.
+    if loaded_spec&.version && loaded_from != File.join(root, "licensed.gemspec")
+      loaded_spec.version.to_s
+    else
+      git_error = nil
+
+      begin
+        output, status = Open3.capture2e(
+          "git",
+          "describe",
+          "--tags",
+          chdir: root
+        )
+      rescue SystemCallError => e
+        git_error = e.message
+      end
+
+      if status&.success?
+        described_version = output.strip.delete_prefix("v")
+
+        # Exact tags build that tag's version. Commits after a tag build the
+        # next patch version Homebrew and the release workflow should expect.
+        if (match = described_version.match(/\A(.+)-\d+-g[0-9a-f]+(?:-dirty)?\z/))
+          match[1].sub(/\d+\z/) { |segment| (segment.to_i + 1).to_s.rjust(segment.length, "0") }
+        else
+          described_version
+        end
+      elsif File.exist?(lockfile = File.join(root, "Gemfile.lock"))
+        # Shallow CI checkouts do not fetch tags in the broad test matrix. The
+        # lockfile keeps Bundler setup fast and deterministic there.
+        lockfile_version = File.read(lockfile)[/^    licensed \(([^)]+)\)$/, 1]
+        raise "Unable to determine licensed version from Gemfile.lock" unless lockfile_version
+
+        lockfile_version
+      else
+        error_output = output.to_s.strip
+        raise "Unable to determine licensed version" if git_error.to_s.empty? && error_output.empty?
+
+        raise "Unable to determine licensed version: #{git_error || error_output}"
+      end
+    end
+  end.freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -32,11 +32,12 @@ Gem::Specification.new do |spec|
   spec.add_dependency "parallel", "~> 1.22"
   spec.add_dependency "reverse_markdown", ">= 2.1", "< 4.0"
   spec.add_dependency "json", "~> 2.6"
+  spec.add_dependency "ostruct", "~> 0.6.3"
 
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "minitest", "~> 5.17"
   spec.add_development_dependency "minitest-hooks", "~> 1.5"
-  spec.add_development_dependency "mocha", "~> 2.0"
+  spec.add_development_dependency "mocha", "~> 3.0"
   spec.add_development_dependency "rubocop-github", "~> 0.20"
   spec.add_development_dependency "byebug", "~> 12.0"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 5.0.4
+  version: 5.1.0
 platform: ruby
 authors:
 - GitHub
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-05-06 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: csv
@@ -142,6 +141,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -190,14 +203,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
@@ -348,7 +361,6 @@ homepage: https://github.com/github/licensed
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -363,8 +375,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
-signing_key:
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.
 test_files: []