licensed 2.3.0 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fb25b0f6171f25264970c95ae18b301c44400343
-  data.tar.gz: 945252932681b87f622fb9d065afae70af33ca0d
+  metadata.gz: b184dfa3d4dce1ea45476c3c6100c8cdfaf1fb2d
+  data.tar.gz: f7c2ecdf054be1bdc2d98efb8e268e0b89f37e01
 SHA512:
-  metadata.gz: d771ab002291e816f84b43eb66dc011f62ac6e3e0e4de2dfa82b869b19d60a3f584bc1cefbdd99798e14dec14310f7a447a522ff4ab0efbf6d73c9a661295811
-  data.tar.gz: 56877626264a91d6afd66740818b010655c1f9d5b0e9eb757c559f7092c3b2ef7962b12ed9d8284f4363e7e2ea7040199a86bd5cff855417b3243acebcb871d0
+  metadata.gz: 99f503908e8528098546f02466407022e708b1f8c8d2245ebf8eb104d3ba0652c7b8c1902a45348bf927c610a418cf3ee3f905f652264ec3e9769c06121d24a0
+  data.tar.gz: 256031960285da88bf28b3b1493a5f4bcc290a7776467e01820a83f339ce91751678bc21d046439912446ef4feece006a05f2d6aa0b410c22488d51ad4b44cff

data/.travis.yml

@@ -47,7 +47,19 @@ matrix:
       node_js: "8"
       before_script: ./script/source-setup/npm
       script: ./script/test npm
-      env: NAME="npm"
+      env: NAME="npm 8"
+
+    - language: node_js
+      node_js: "10"
+      before_script: ./script/source-setup/npm
+      script: ./script/test npm
+      env: NAME="npm 10"
+
+    - language: node_js
+      node_js: "12"
+      before_script: ./script/source-setup/npm
+      script: ./script/test npm
+      env: NAME="npm 12"
 
     # bower tests
     - language: node_js

data/CHANGELOG.md

@@ -6,7 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
-## 2.1.0 - 2019-04-16
+## 2.3.1 - 2019-08-20
+
+### Changed
+- Using the npm source with yarn, "missing" dependencies are no longer considered errors (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/170)
+- The bundler source now calls `gem specification` with dependency version requirements (https://github.com/github/licensed/pull/173)
+
+## 2.3.0 - 2019-05-19
 
 ### Added
 - New Pipenv dependency source enumerator (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/167)
@@ -167,4 +173,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.3.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.3.1...HEAD

data/lib/licensed/sources/bundler.rb

@@ -151,7 +151,7 @@ module Licensed
         spec = definition.resolve.find { |s| s.satisfies?(dependency) }
 
         # a nil spec should be rare, generally only seen from bundler
-        return matching_spec(dependency) || bundle_exec_gem_spec(dependency.name) if spec.nil?
+        return matching_spec(dependency) || bundle_exec_gem_spec(dependency.name, dependency.requirement) if spec.nil?
 
         # try to find a non-lazy specification that matches `spec`
         # spec.source.specs gives access to specifications with more
@@ -166,7 +166,7 @@ module Licensed
 
         # if the specification file doesn't exist, get the specification using
         # the bundler and gem CLI
-        bundle_exec_gem_spec(dependency.name)
+        bundle_exec_gem_spec(dependency.name, dependency.requirement)
       end
 
       # Returns whether a dependency should be included in the final
@@ -200,7 +200,7 @@ module Licensed
 
       # Load a gem specification from the YAML returned from `gem specification`
       # This is a last resort when licensed can't obtain a specification from other means
-      def bundle_exec_gem_spec(name)
+      def bundle_exec_gem_spec(name, requirement)
         # `gem` must be available to run `gem specification`
         return unless Licensed::Shell.tool_available?("gem")
 
@@ -209,11 +209,12 @@ module Licensed
         begin
           ::Bundler.with_original_env do
             ::Bundler.rubygems.clear_paths
-            yaml = Licensed::Shell.execute(*ruby_command_args("gem", "specification", name))
+            yaml = Licensed::Shell.execute(*ruby_command_args("gem", "specification", name, "-v", requirement.to_s))
             spec = Gem::Specification.from_yaml(yaml)
             # this is horrible, but it will cache the gem_dir using the clean env
-            # so that it can be used outside of this block
-            spec.gem_dir
+            # so that it can be used outside of this block when running from
+            # the ruby packer executable environment
+            spec.gem_dir if ruby_packer?
             spec
           end
         rescue Licensed::Shell::Error

data/lib/licensed/sources/npm.rb

@@ -13,6 +13,7 @@ module Licensed
       end
 
       def enumerate_dependencies
+        @yarn_lock_present = File.exist?(@config.pwd.join("yarn.lock"))
         packages.map do |name, package|
           path = package["path"]
           Dependency.new(
@@ -48,6 +49,7 @@ module Licensed
       # package name to it's metadata
       def recursive_dependencies(dependencies, result = {})
         dependencies.each do |name, dependency|
+          next if @yarn_lock_present && dependency["missing"]
           (result[name] ||= []) << dependency
           recursive_dependencies(dependency["dependencies"] || {}, result)
         end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.3.0".freeze
+  VERSION = "2.3.1".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-05-19 00:00:00.000000000 Z
+date: 2019-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee