RubyGems - licensed - Versions diffs - 3.4.1 → 3.4.2 - Mend

licensed 3.4.1 → 3.4.2

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a241c3ec016e1b2f49cc7a4ed53c53ee07a45fb5dc5f1b6655e6c4e5acf2d6d
-  data.tar.gz: 26e55577302098d09128c87d422856307841fa85dd95c181a7fe9280713ee644
+  metadata.gz: 3d7cec159ef0a5af9df07ac13ba8f540897d1039436d39d361ad2948f305f857
+  data.tar.gz: 1e7b7b50ee7715c41e0b5774104039e471be2d749645a38265d3930d51cd81ab
 SHA512:
-  metadata.gz: 4358bc3c0f238d569beb172ded8589088336a64ccac81f55f2f669e7619c59c5590fdda1b88c5d3812cc8f554af2381ec1f74f40798634a547a6e8884d33c10e
-  data.tar.gz: 751818fb0934e5cf80629971267373117d1649d6ec65f8ae35477f53153307a4fee7893d9182f9b112fe622d8554656ca4892717084793b31577cb1b86557fad
+  metadata.gz: 5c32f95d211dece04fea6c8dff48525593a8348d36dea980f0815159922b5b813270d0ac8b4f6425a9cbcf9437cbf145693f18411b733c917f56ef1b495cca77
+  data.tar.gz: '095b85ceea926a975b18b8001bebca68343dba8550ed2533ccc7eb3860424f707b0756cc121e8c6ad2fc7715c734232f43175513e5005a5c6f535551c3831f6f'

data/CHANGELOG.md CHANGED Viewed

@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
+## 3.4.2
+2022-01-17
+### Fixed
+- The yarn source will no longer evaluate package.json files that do not represent project dependencies (https://github.com/github/licensed/pull/439)
 ## 3.4.1
 2022-01-07
@@ -547,4 +555,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 Initial release :tada:
-[Unreleased]: https://github.com/github/licensed/compare/3.4.1...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.4.2...HEAD

data/Rakefile CHANGED Viewed

@@ -62,6 +62,7 @@ namespace :test do
     t.libs << "lib"
     t.test_files = FileList["test/**/*_test.rb"].exclude("test/fixtures/**/*_test.rb")
                                                 .exclude("test/sources/*_test.rb")
+                                                .exclude("test/sources/**/*_test.rb")
   end
 end

data/lib/licensed/sources/yarn/berry.rb CHANGED Viewed

@@ -32,7 +32,7 @@ module Licensed
         mapped_packages = yarn_info.reduce({}) do |accum, package|
           name, _ = package["value"].rpartition("@")
           version = package.dig("children", "Version")
-          id = "#{name}-#{version}"
+          id = "#{name}@#{version}"
           accum[name] ||= []
           accum[name] << {
@@ -59,22 +59,6 @@ module Licensed
         end
       end
-      # Returns a hash that maps all dependency names to their location on disk
-      # by parsing every package.json file under node_modules.
-      def dependency_paths
-        @dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
-          begin
-            dirname = File.dirname(file)
-            json = JSON.parse(File.read(file))
-            hsh["#{json["name"]}-#{json["version"]}"] = dirname
-          rescue JSON::ParserError
-            # don't crash execution if there is a problem parsing a package.json file
-            # if the bad package.json file relates to a package that licensed should be reporting on
-            # then this will still result in an error about a missing package
-          end
-        end
-      end
       # Returns the output from running `yarn list` to get project dependencies
       def yarn_info_command
         args = %w(--json --manifest --recursive --all)

data/lib/licensed/sources/yarn/v1.rb CHANGED Viewed

@@ -73,22 +73,6 @@ module Licensed
         result
       end
-      # Returns a hash that maps all dependency names to their location on disk
-      # by parsing every package.json file under node_modules.
-      def dependency_paths
-        @dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
-          begin
-            dirname = File.dirname(file)
-            json = JSON.parse(File.read(file))
-            hsh["#{json["name"]}@#{json["version"]}"] = dirname
-          rescue JSON::ParserError
-            # don't crash execution if there is a problem parsing a package.json file
-            # if the bad package.json file relates to a package that licensed should be reporting on
-            # then this will still result in an error about a missing package
-          end
-        end
-      end
       # Finds and returns the yarn package tree listing from `yarn list` output
       def yarn_package_tree
         return @yarn_package_tree if defined?(@yarn_package_tree)

data/lib/licensed/sources/yarn.rb CHANGED Viewed

@@ -23,6 +23,25 @@ module Licensed
       def yarn_version
         Gem::Version.new(Licensed::Shell.execute("yarn", "-v"))
       end
+      # Returns a hash that maps all dependency names to their location on disk
+      # by parsing every package.json file under node_modules.
+      def dependency_paths
+        @dependency_paths ||= [
+            *Dir.glob(config.pwd.join("**/node_modules/*/package.json")),
+            *Dir.glob(config.pwd.join("**/node_modules/@*/*/package.json"))
+          ].each_with_object({}) do |file, hsh|
+          begin
+            dirname = File.dirname(file)
+            json = JSON.parse(File.read(file))
+            hsh["#{json["name"]}@#{json["version"]}"] = dirname
+          rescue JSON::ParserError
+            # don't crash execution if there is a problem parsing a package.json file
+            # if the bad package.json file relates to a package that licensed should be reporting on
+            # then this will still result in an error about a missing package
+          end
+        end
+      end
     end
   end
 end

data/lib/licensed/version.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.4.1".freeze
+  VERSION = "3.4.2".freeze
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.4.1
+  version: 3.4.2
 platform: ruby
 authors:
 - GitHub
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-01-08 00:00:00.000000000 Z
+date: 2022-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee