licensed 4.4.0 → 4.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0aa51288268aeff291057d44b430bd4e8b03a1d396eaa1073f2f5401a69a75d5
-  data.tar.gz: 340dcf2edab467791df510d35abcf8a48f14239d5edb7d1f09b5df9cf04b40df
+  metadata.gz: d7d2ea0e055fe77e271036b11cc0494a3258e4a7f912bea4b135da327f7c6b16
+  data.tar.gz: eba319d54b8bc1865e25c325113b85fe3e151f5dfe52fe17059400bfbff4d6ea
 SHA512:
-  metadata.gz: 23f1ac2d64039e0942ebd6e39dca3d8fd17d4143308cf0d5d03b9d7b7d6efda6ca7ea998af78caf8f00755631f63960d640c75deeb15fb1f76512895d1f5611a
-  data.tar.gz: a7f32b2517e130a2f645678b775c7a0a6b8ae4ce64514a9763fe0d3f174f8f4a28afb79d6c88b49b5e47a225d837ad2cff943142bcc0c00cec80b508827035fd
+  metadata.gz: cb1676bd29d609faf6bab6b32a8c54599ab7a3b508e0ade9c59ca6f6538923420540b78ac2074af343bc3dc8eceb611a74f4f3dc921ea0fef95eefc596f77395
+  data.tar.gz: 26ca34201fe2c44c1dfe2bf2168720b885b051aca5e143225348febfc34d24d5e3b17845224fb543e5187aea370bcbf2c446f5e37e3d5c8028054f3cc3e061c3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    licensed (4.4.0)
+    licensed (4.5.0)
       json (~> 2.6)
       licensee (~> 9.16)
       parallel (~> 1.22)
@@ -14,24 +14,33 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.4.3)
+    activesupport (7.1.3.2)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
+    base64 (0.2.0)
+    bigdecimal (3.1.7)
     byebug (11.1.3)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.2.3)
+    connection_pool (2.4.1)
     dotenv (2.8.1)
+    drb (2.2.1)
     faraday (2.7.4)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
-    i18n (1.12.0)
+    i18n (1.14.4)
       concurrent-ruby (~> 1.0)
-    json (2.6.3)
+    json (2.7.2)
     licensee (9.16.0)
       dotenv (~> 2.0)
       octokit (>= 4.20, < 7.0)
@@ -39,30 +48,32 @@ GEM
       rugged (>= 0.24, < 2.0)
       thor (>= 0.19, < 2.0)
     mini_portile2 (2.8.1)
-    minitest (5.18.0)
-    minitest-hooks (1.5.0)
+    minitest (5.24.1)
+    minitest-hooks (1.5.1)
       minitest (> 5.3)
-    mocha (2.0.2)
+    mocha (2.4.5)
       ruby2_keywords (>= 0.0.5)
-    nokogiri (1.14.3)
+    mutex_m (0.2.0)
+    nokogiri (1.15.6)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     octokit (6.1.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    parallel (1.23.0)
+    parallel (1.25.1)
     parser (3.2.0.0)
       ast (~> 2.4.1)
-    pathname-common_prefix (0.0.1)
+    pathname-common_prefix (0.0.2)
     public_suffix (5.0.1)
     racc (1.6.2)
-    rack (3.0.7)
+    rack (3.0.9.1)
     rainbow (3.1.1)
-    rake (13.0.6)
+    rake (13.2.1)
     regexp_parser (2.6.2)
     reverse_markdown (2.1.1)
       nokogiri
-    rexml (3.2.5)
+    rexml (3.3.3)
+      strscan
     rubocop (1.45.1)
       json (~> 2.3)
       parallel (~> 1.10)
@@ -93,7 +104,8 @@ GEM
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    thor (1.2.2)
+    strscan (3.1.0)
+    thor (1.3.1)
     tomlrb (2.0.3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)

data/README.md

@@ -8,7 +8,7 @@ Licensed is **not** a complete open source license compliance solution. Please u
 
 ![Build status](https://github.com/github/licensed/workflows/Test/badge.svg)
 
-Licensed is in active development and currently used at GitHub.  See the [open issues](https://github.com/github/licensed/issues) for a list of potential work.
+Licensed is currently in **low maintenance mode**. At this point, we're only looking to maintain this repository for security fixes.
 
 ## Licensed v4 - **Removed support for non-Ruby environments**
 

data/docs/configuration/customizing_licensee.md

@@ -1,6 +1,6 @@
 # Customize Licensee's behavior
 
-Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and evaluate OSS licenses for project dependencies found during source enumeration.  Licensed can optionally [customize Licensee's behavior](https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#customizing-licensees-behavior) based on options set in the configuration file.
+Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and evaluate OSS licenses for project dependencies found during source enumeration. Licensed can optionally [customize Licensee's behavior](https://github.com/licensee/licensee/blob/main/docs/customizing.md#customizing-licensees-behavior) based on options set in the configuration file.
 
 **NOTE** Matching licenses based on package manager metadata and README references is always enabled and cannot currently be configured.
 
@@ -8,6 +8,6 @@ Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and eva
 licensee:
   # the confidence threshold is an integer between 1 and 100. the value represents
   # the minimum percentage confidence that Licensee must have to report a matched license
-  # https://github.com/licensee/licensee/blob/master/docs/customizing.md#adjusting-the-confidence-threshold
+  # https://github.com/licensee/licensee/blob/main/docs/customizing.md#adjusting-the-confidence-threshold
   confidence_threshold: 90 # default value: 98
 ```

data/docs/migrations/v3.md

@@ -14,11 +14,11 @@ When using licensed v3 with bundler dependencies, licensed must be installed fro
 
 Using licensed to enumerate bundler dependencies in a GitHub Actions workflow will require ruby to be available in the actions VM environment.  Ruby can be setup in an actions workflow using [ruby/setup-ruby](https://github.com/ruby/setup-ruby)(preferred) or [actions/setup-ruby](https://github.com/actions/setup-ruby)(deprecated).
 
-If you are using licensed in a GitHub Actions workflow, [jonabc/setup-licensed](https://github.com/jonabc/setup-licensed) has been updated according to this breaking change.  `setup-licensed` will install the licensed gem when ruby is available, or the licensed executable when ruby is not available.  Alternatively, you can `gem install` licensed directly as an actions step.
+If you are using licensed in a GitHub Actions workflow, [github/setup-licensed](https://github.com/github/setup-licensed) has been updated according to this breaking change.  `setup-licensed` will install the licensed gem when ruby is available, or the licensed executable when ruby is not available.  Alternatively, you can `gem install` licensed directly as an actions step.
 
-This is an example workflow definition that runs [jonabc/licensed-ci](https://github.com/jonabc/licensed-ci)'s opinionated license compliance workflow in CI.  It includes jobs that demonstrate installing licensed using 
+This is an example workflow definition that runs [github/licensed-ci](https://github.com/github/licensed-ci)'s opinionated license compliance workflow in CI.  It includes jobs that demonstrate installing licensed using 
 - `gem install`
-- [jonabc/setup-licensed](https://github.com/jonabc/setup-licensed)
+- [github/setup-licensed](https://github.com/github/setup-licensed)
 - installing when included in a bundler gem file
 
 ```yml
@@ -50,7 +50,7 @@ jobs:
           ruby-version: "3.0"
 
       # install licensed gem using setup-licensed
-      - uses: jonabc/setup-licensed@v1
+      - uses: github/setup-licensed@v1
         with:
           version: '3.x'
 
@@ -58,7 +58,7 @@ jobs:
       - run: bundle install
 
       # run licensed-ci to cache any metadata changes and verify compliance
-      - uses: jonabc/licensed-ci@v1
+      - uses: github/licensed-ci@v1
 
   # OR 
   
@@ -82,7 +82,7 @@ jobs:
       - run: bundle install
 
       # run licensed-ci to cache any metadata changes and verify compliance
-      - uses: jonabc/licensed-ci@v1
+      - uses: github/licensed-ci@v1
 
   # OR
 
@@ -103,7 +103,7 @@ jobs:
       - run: bundle install
 
       # run licensed-ci to cache any metadata changes and verify compliance
-      - uses: jonabc/licensed-ci@v1
+      - uses: github/licensed-ci@v1
         with:
           command: 'bundle exec licensed' # run licensed within the bundler context
 ```

data/docs/sources/cocoapods.md

@@ -2,7 +2,7 @@
 
 The cocoapods source will detect dependencies when `Podfile` and `Podfile.lock` are found at an app's `source_path`.  The cocoapods source uses the [cocoapods-dependencies-list](https://github.com/jonabc/cocoapods-dependencies-list) plugin to enumerate dependencies and gather metadata on each package.
 
-**NOTE:  Licensed does not install the [cocoapods-dependencies-list](https://github.com/jonanc/cocoapods-dependencies-list) plugin.  Users must install the gem alongside the cocoapods gem to enumerate cocoapods dependencies.**
+**NOTE:  Licensed does not install the [cocoapods-dependencies-list](https://github.com/jonabc/cocoapods-dependencies-list) plugin.  Users must install the gem alongside the cocoapods gem to enumerate cocoapods dependencies.**
 
 ## Evaluating dependencies from a specific target
 

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "4.4.0".freeze
+  VERSION = "4.5.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 4.4.0
+  version: 4.5.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-05-26 00:00:00.000000000 Z
+date: 2024-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -342,7 +342,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.4.19
 signing_key: 
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.