licensed 3.2.0 → 3.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46db33bf2c824a144fbe5a85acfef469c35faeec69c3afd15a6df0c363025174
-  data.tar.gz: 73e300eaeebd28afed3ded55f60fc24b0fae9d20795ac150322c1b1975052215
+  metadata.gz: 157405d5c26fe8026b4c8d521a5753be821bb2727d9713f7732e2601699660e7
+  data.tar.gz: 1f02c3bf319500352632331f72dfc40cbfaf6a0d00350570223d3b37b2496ca7
 SHA512:
-  metadata.gz: 7d487c920e977198ac91f7eeac4fbea8c4c49a326c6d449532a06e206e9472d75276879a6e3247fee7f6e64d87f595300b3c7ee995e8d1d595fb53401888ccec
-  data.tar.gz: 77ac80e1833b1c02cbb67aac8a79422e2af24958f89a577f07a0885fb7c3cbbc71dc61e0d5fb1bd453b58a1e6d8d0c5b47bf65fdf669edec4347012af83363b9
+  metadata.gz: fa9b3832cfda8a30f99c7718a6e4c9433145e37cb51070c5e1a59009ff5b29269353ddeb68480196bd1f1680bd8c01c4ddd3538bea2f7401fcddcdb542f62ada
+  data.tar.gz: ee5718fb34a1d23738849101b121db785fdc83d587d0f7750c2cc1e613f0c8a6ece707e427bb18473f04ef67569499db28e75ce80f14f0dde2cd09e18ed14053

data/.github/dependabot.yml

@@ -0,0 +1,19 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: bundler
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: docker
+    directory: docker
+    schedule:
+      interval: weekly

data/.github/workflows/release.yml

@@ -23,7 +23,7 @@ jobs:
     steps:
       - id: get_version
         name: Get package version
-        uses: actions/github-script@v3
+        uses: actions/github-script@v4.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           result-encoding: string
@@ -41,7 +41,7 @@ jobs:
 
       - id: get_url
         name: Get release upload url
-        uses: actions/github-script@v3
+        uses: actions/github-script@v4.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           result-encoding: string
@@ -65,7 +65,7 @@ jobs:
 
       - id: get_ref
         name: Get checkout ref for custom build scripts
-        uses: actions/github-script@v3
+        uses: actions/github-script@v4.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           result-encoding: string
@@ -210,4 +210,4 @@ jobs:
         gem push $GEM
       env:
         RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
-        GEM: licensed-${{needs.vars.outputs.version}}.gem
+        GEM: licensed-${{needs.vars.outputs.version}}.gem

data/.github/workflows/test.yml

@@ -18,10 +18,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies 
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -45,10 +48,13 @@ jobs:
         yes | gem uninstall bundler --all
         gem install bundler -v "${{ matrix.bundler }}"
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -74,10 +80,22 @@ jobs:
         ghc-version: ${{ matrix.ghc }}
         cabal-version: ${{ matrix.cabal }}
     - run: bundle lock
-    - uses: actions/cache@v1
+    - name: cache cabal dependencies
+      uses: actions/cache@v2
+      with:
+        path: |
+          ~/.cabal/packages
+          ~/.cabal/store
+        key: ${{ runner.os }}-cabal-${{ matrix.ghc }}-${{ hashFiles('**/app.cabal') }}
+        restore-keys: |
+          ${{ runner.os }}-cabal-
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -93,7 +111,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup php
-      uses: nanasess/setup-php@v3.0.6
+      uses: nanasess/setup-php@v3.0.8
       with:
         php-version: ${{ matrix.php }}
     - name: Set up Ruby
@@ -101,10 +119,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -126,10 +147,13 @@ jobs:
     - name: Set up Bundler
       run: gem install bundler
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
         key: ${{ runner.os }}-gem-${{ matrix.ruby }}-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-${{ matrix.ruby }}-
     - name: Bootstrap
       run: script/bootstrap
     - name: Build and lint
@@ -142,7 +166,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v2
       with:
         go-version: 1.10.x
     - name: Set up Ruby
@@ -150,10 +174,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -169,7 +196,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v2
       with:
         go-version: ${{ matrix.go }}
     - name: Set up Ruby
@@ -177,10 +204,22 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache go dependencies
+      with:
+        path: |
+         ~/.cache/go-build
+         ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -211,10 +250,22 @@ jobs:
       with:
         java-version: ${{ matrix.java }}
         distribution: adopt
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gradle dependencies
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Gradle version
@@ -231,10 +282,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Run tests
@@ -248,7 +302,7 @@ jobs:
         elixir: [ 1.11.x, 1.12.x ]
     steps:
     - uses: actions/checkout@v2
-    - uses: erlef/setup-elixir@v1.6.0
+    - uses: erlef/setup-elixir@v1.9
       with:
         otp-version: ${{matrix.otp}}
         elixir-version: ${{matrix.elixir}}
@@ -257,10 +311,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -284,10 +341,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -311,10 +371,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -330,7 +393,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup python
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@v2
       with:
         python-version: ${{ matrix.python }}
         architecture: x64
@@ -339,10 +402,20 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache pip dependencies
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Install virtualenv
@@ -357,7 +430,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup python
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@v2
       with:
         python-version: '3.x'
         architecture: x64
@@ -366,10 +439,13 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Install pipenv
@@ -395,10 +471,20 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache spm dependencies
+      with:
+        path: .build
+        key: ${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}
+        restore-keys: |
+          ${{ runner.os }}-spm-
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -427,13 +513,16 @@ jobs:
       with:
         ruby-version: 2.6
     - run: bundle lock
-    - uses: actions/cache@v1
+    - uses: actions/cache@v2
+      name: cache gem dependencies
       with:
         path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+        key: ${{ runner.os }}-gem-2.6-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-gem-2.6-
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
       run: script/source-setup/yarn
     - name: Run tests
-      run: script/test yarn
+      run: script/test yarn

data/.ruby-version

@@ -1 +1 @@
-2.4.0
+2.7.4

data/CHANGELOG.md

@@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 3.2.1
+
+2021-09-06
+
+### Changed
+
+- Updated multiple dependency versions (:tada: @mmorel-35 https://github.com/github/licensed/pull/385, https://github.com/github/licensed/pull/389)
+- Go homepage links use pkg.go.dev instead of godoc.org (:tada: @mmorel-35 https://github.com/github/licensed/commit/73cfbbe954a3e8c8cbaf8b68253053b157e01b79)
+- Local development ruby version changed to 2.7.4 (https://github.com/github/licensed/pull/393)
+
+### Fixed
+
+- Bundler source correctly finds platform specific dependencies (https://github.com/github/licensed/pull/392)
+
 ## 3.2.0
 
 2021-08-19
@@ -466,4 +480,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/3.1.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.2.1...HEAD

data/README.md

@@ -84,7 +84,7 @@ A configuration file is required for most commands.  See the [configuration file
 
 ### Available dependency sources
 
-Licensed can enumerate dependency for many languages, package managers, and frameworks.  See the [sources documentation](./docs/sources) for the list of currently available sources.  Sources can be explicitly enabled and disabled as a [configuration option](./docs/configuration/sources.md).
+Licensed can enumerate dependency for many languages, package managers, and frameworks.  See the [sources documentation](./docs/sources) for the list of currently available sources.  Sources can be explicitly enabled and disabled as a [configuration option](./docs/configuration/dependency_source_enumerators.md.md).
 
 ### Automation
 

data/docker/Dockerfile.build-linux

@@ -1,4 +1,4 @@
-FROM ruby:2.4-slim-stretch
+FROM ruby:2.6.8-slim-stretch
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends cmake make gcc pkg-config squashfs-tools git curl bison rsync \

data/docs/commands/status.md

@@ -65,6 +65,7 @@ If the dependency does not include license text but does specify that it uses a
 **Resolution:** Review the dependency's usage and specified license with someone familiar with OSS licensing and compliance rules to determine whether the dependency is allowable.  Some common resolutions:
 
 1. The dependency's specified license text differed enough from the standard license text that it was not recognized and classified as `other`.  If, with human review, the license text is recognizable then update the `license: other` value in the cached metadata file to the correct license.
+   - An updated classification will persist through version upgrades until the detected license contents have changed.  The determination is made by [licensee/licensee](https://github.com/licensee/licensee), the library which this tool uses to detect and classify license contents.
 1. The dependency might need to be marked as [ignored] or [reviewed] if either of those scenarios are applicable.
 1. If the used license should be allowable without review (if your entity has a legal team, they may want to review this assessment), ensure the license SPDX is set as [allowed] in the licensed configuration file.
 

data/lib/licensed/reporters/status_reporter.rb

@@ -48,7 +48,7 @@ module Licensed
 
         errored_reports = all_reports.select { |r| r.errors.any? }.to_a
 
-        dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
+        dependency_count = all_reports.count { |r| r.target.is_a?(Licensed::Dependency) }
         error_count = errored_reports.sum { |r| r.errors.size }
 
         if error_count > 0

data/lib/licensed/sources/bundler/definition.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Licensed
+  module Bundler
+    module DefinitionExtensions
+      attr_accessor :force_exclude_groups
+
+      # Override specs to avoid logic that would raise Gem::NotFound
+      # which is handled in this ./missing_specification.rb, and to not add
+      # bundler as a dependency if it's not a user-requested gem.
+      #
+      # Newer versions of Bundler have changed the implementation of specs_for
+      # as well which no longer calls this function.  Overriding this function
+      # gives a stable access point for licensed
+      def specs
+        @specs ||= begin
+          specs = resolve.materialize(requested_dependencies)
+
+          all_dependencies = requested_dependencies.concat(specs.flat_map(&:dependencies))
+          if all_dependencies.any? { |d| d.name == "bundler" } && !specs["bundler"].any?
+            bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", ::Bundler::VERSION)).last
+            specs["bundler"] = bundler
+          end
+
+          specs
+        end
+      end
+
+      # Override requested_groups to also exclude any groups that are
+      # in the "bundler.without" section of the licensed configuration file.
+      def requested_groups
+        super - Array(force_exclude_groups)
+      end
+    end
+  end
+end

data/lib/licensed/sources/bundler.rb

@@ -3,6 +3,7 @@ require "delegate"
 begin
   require "bundler"
   require "licensed/sources/bundler/missing_specification"
+  require "licensed/sources/bundler/definition"
 rescue LoadError
 end
 
@@ -37,7 +38,6 @@ module Licensed
         end
       end
 
-      GEMFILES = { "Gemfile" => "Gemfile.lock", "gems.rb" => "gems.locked" }
       DEFAULT_WITHOUT_GROUPS = %i{development test}
       RUBY_PACKER_ERROR = "The bundler source cannot be used from the executable built with ruby-packer.  Please install licensed using `gem install` or using bundler."
 
@@ -45,15 +45,20 @@ module Licensed
         # running a ruby-packer-built licensed exe when ruby isn't available
         # could lead to errors if the host ruby doesn't exist
         return false if ruby_packer? && !Licensed::Shell.tool_available?("ruby")
-        defined?(::Bundler) && lockfile_path && lockfile_path.exist?
+
+        # if Bundler isn't loaded, this enumerator won't work!
+        return false unless defined?(::Bundler)
+
+        with_application_environment { ::Bundler.default_lockfile&.exist? }
+      rescue ::Bundler::GemfileNotFound
+        false
       end
 
       def enumerate_dependencies
         raise Licensed::Sources::Source::Error.new(RUBY_PACKER_ERROR) if ruby_packer?
 
-        with_local_configuration do
-          specs.map do |spec|
-            next if spec.name == "bundler" && !include_bundler?
+        with_application_environment do
+          definition.specs.map do |spec|
             next if spec.name == config["name"]
 
             error = spec.error if spec.respond_to?(:error)
@@ -73,41 +78,13 @@ module Licensed
         end
       end
 
-      # Returns an array of Gem::Specifications for all gem dependencies
-      def specs
-        @specs ||= definition.specs_for(groups)
-      end
-
-      # Returns whether to include bundler as a listed dependency of the project
-      def include_bundler?
-        @include_bundler ||= begin
-          # include if bundler is listed as a direct dependency that should be included
-          requested_dependencies = definition.dependencies.select { |d| (d.groups & groups).any? && d.should_include? }
-          return true if requested_dependencies.any? { |d| d.name == "bundler" }
-          # include if bundler is an indirect dependency
-          return true if specs.flat_map(&:dependencies).any? { |d| d.name == "bundler" }
-          false
-        end
-      end
-
-      # Build the bundler definition
       def definition
-        @definition ||= ::Bundler::Definition.build(gemfile_path, lockfile_path, nil)
-      end
-
-      # Returns the bundle definition groups, removing "without" groups,
-      # and including "with" groups
-      def groups
-        @groups ||= definition.groups - bundler_setting_array(:without) + bundler_setting_array(:with) - exclude_groups
-      end
-
-      # Returns a bundler setting as an array.
-      # Depending on the version of bundler, array values are either returned as
-      # a raw string ("a:b:c") or as an array ([:a, :b, :c])
-      def bundler_setting_array(key)
-        setting = ::Bundler.settings[key]
-        setting = setting.split(":").map(&:to_sym) if setting.is_a?(String)
-        Array(setting)
+        @definition ||= begin
+          definition = ::Bundler::Definition.build(::Bundler.default_gemfile, ::Bundler.default_lockfile, nil)
+          definition.extend Licensed::Bundler::DefinitionExtensions
+          definition.force_exclude_groups = exclude_groups
+          definition
+        end
       end
 
       # Returns any groups to exclude specified from both licensed configuration
@@ -121,46 +98,29 @@ module Licensed
         end
       end
 
-      # Returns the path to the Bundler Gemfile
-      def gemfile_path
-        @gemfile_path ||= GEMFILES.keys
-                                  .map { |g| config.pwd.join g }
-                                  .find { |f| f.exist? }
-      end
-
-      # Returns the path to the Bundler Gemfile.lock
-      def lockfile_path
-        return unless gemfile_path
-        @lockfile_path ||= gemfile_path.dirname.join(GEMFILES[gemfile_path.basename.to_s])
-      end
-
       # helper to clear all bundler environment around a yielded block
-      def with_local_configuration
-        # silence any bundler warnings while running licensed
-        bundler_ui, ::Bundler.ui = ::Bundler.ui, ::Bundler::UI::Silent.new
+      def with_application_environment
+        backup = nil
 
-        original_bundle_gemfile = nil
-        if gemfile_path.to_s != ENV["BUNDLE_GEMFILE"]
-          # force bundler to use the local gem file
-          original_bundle_gemfile, ENV["BUNDLE_GEMFILE"] = ENV["BUNDLE_GEMFILE"], gemfile_path.to_s
+        ::Bundler.ui.silence do
+          if ::Bundler.root != config.source_path
+            backup = ENV.to_hash
+            ENV.replace(::Bundler.original_env)
 
-          # reset all bundler configuration
-          ::Bundler.reset!
-          # and re-configure with settings for current directory
-          ::Bundler.configure
-        end
+            # reset bundler to load from the current app's source path
+            ::Bundler.reset!
+            ::Bundler.load
+          end
 
-        yield
+          yield
+        end
       ensure
-        if original_bundle_gemfile
-          ENV["BUNDLE_GEMFILE"] = original_bundle_gemfile
-
+        if backup
           # restore bundler configuration
+          ENV.replace(backup)
           ::Bundler.reset!
-          ::Bundler.configure
+          ::Bundler.load
         end
-
-        ::Bundler.ui = bundler_ui
       end
 
       # Returns whether the current licensed execution is running ruby-packer

data/lib/licensed/sources/dep.rb

@@ -40,10 +40,10 @@ module Licensed
         end
       end
 
-      # Returns the godoc.org page for a package.
+      # Returns the pkg.go.dev page for a package.
       def homepage(import_path)
         return unless import_path
-        "https://godoc.org/#{import_path}"
+        "https://pkg.go.dev/#{import_path}"
       end
 
       # Returns whether the package is part of the go std list.  Replaces

data/lib/licensed/sources/go.rb

@@ -98,7 +98,7 @@ module Licensed
       # Returns whether the package is local to the current project
       def local_package?(package)
         return false unless package && package["Dir"]
-        return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"], File::FNM_CASEFOLD)
+        return false unless File.fnmatch?("#{config.root}*", package["Dir"], File::FNM_CASEFOLD)
         vendored_path_parts(package).nil?
       end
 
@@ -132,10 +132,10 @@ module Licensed
         end
       end
 
-      # Returns the godoc.org page for a package.
+      # Returns the pkg.go.dev page for a package.
       def homepage(import_path)
         return unless import_path
-        "https://godoc.org/#{import_path}"
+        "https://pkg.go.dev/#{import_path}"
       end
 
       # Returns the root directory to search for a package license

data/lib/licensed/sources/helpers/content_versioning.rb

@@ -61,11 +61,12 @@ module Licensed
 
         paths = paths.compact.select { |path| File.file?(path) }
         return if paths.empty?
-
+        # rubocop:disable GitHub/InsecureHashAlgorithm
         paths.sort
              .reduce(Digest::XXHash64.new, :file)
              .digest
              .to_s(16) # convert to hex
+        # rubocop:enable GitHub/InsecureHashAlgorithm
       end
     end
   end

data/lib/licensed/sources/nuget.rb

@@ -234,8 +234,7 @@ module Licensed
         ].compact
 
         nuget_package_dirs.map { |dir| File.join(dir, dependency_path) }
-                          .select { |path| File.directory?(path) }
-                          .first
+                          .find { |path| File.directory?(path) }
       end
     end
   end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.2.0".freeze
+  VERSION = "3.2.1".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -26,16 +26,16 @@ Gem::Specification.new do |spec|
   spec.add_dependency "licensee", ">= 9.14.0", "< 10.0.0"
   spec.add_dependency "thor", ">= 0.19"
   spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
-  spec.add_dependency "tomlrb", "~> 1.2"
+  spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
   spec.add_dependency "bundler", ">= 1.10"
   spec.add_dependency "ruby-xxHash", "~> 0.4"
   spec.add_dependency "parallel", ">= 0.18.0"
-  spec.add_dependency "reverse_markdown", "~> 1.0"
+  spec.add_dependency "reverse_markdown", ">= 1", "< 3"
 
   spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "minitest", "~> 5.8"
   spec.add_development_dependency "mocha", "~> 1.0"
-  spec.add_development_dependency "rubocop", "~> 0.49", "< 0.67"
+  spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
   spec.add_development_dependency "rubocop-github", "~> 0.6"
-  spec.add_development_dependency "byebug", "~> 10.0.0"
+  spec.add_development_dependency "byebug", "~> 11.0.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.2.1
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-08-19 00:00:00.000000000 Z
+date: 2021-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -62,16 +62,22 @@ dependencies:
   name: tomlrb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -118,16 +124,22 @@ dependencies:
   name: reverse_markdown
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -179,7 +191,7 @@ dependencies:
         version: '0.49'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '0.67'
+        version: '1.20'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -189,7 +201,7 @@ dependencies:
         version: '0.49'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '0.67'
+        version: '1.20'
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
@@ -210,14 +222,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: 11.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: 11.0.1
 description: Licensed automates extracting and validating the licenses of dependencies.
 email:
 - opensource+licensed@github.com
@@ -226,6 +238,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
 - ".github/workflows/release.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
@@ -310,6 +323,7 @@ files:
 - lib/licensed/sources.rb
 - lib/licensed/sources/bower.rb
 - lib/licensed/sources/bundler.rb
+- lib/licensed/sources/bundler/definition.rb
 - lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
 - lib/licensed/sources/composer.rb