licensed 4.5.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -1
- data/Gemfile.lock +7 -7
- data/README.md +2 -2
- data/lib/licensed/sources/cabal.rb +6 -0
- data/lib/licensed/version.rb +1 -1
- data/licensed.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 418a3151f8331f3377eb4ff5b1a322733c006478c1bb84de7c023b2b1e567876
|
|
4
|
+
data.tar.gz: ffceca317c9924f12d732781aec5a9311bccac316ca9cf0b4e5e2a02b5b5967a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d6a33da199f2e60fd5ed19c08ad830aab62b8c2c0016c40844af94ba7b002ba58a2aa87e05b7a771054f9e95b333ed7f9bab7934d0cee6bdf981482f0b1f4a82
|
|
7
|
+
data.tar.gz: 60da525db6d11b5df8aef42042ad11e0d796bae937e894510764ab8c3eb2dcea36501441382f97d2896f8f9d3fea162e788516038c07156b584c090a61ac9d4f
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,23 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 5.0.0
|
|
10
|
+
|
|
11
|
+
### Breaking change
|
|
12
|
+
|
|
13
|
+
- Only supports Ruby 3.0+ due to nokogiri upgrade
|
|
14
|
+
|
|
15
|
+
### Changed
|
|
16
|
+
|
|
17
|
+
- Ensure homepage string is not too long in cabal.rb to avoid DOS attack
|
|
18
|
+
- Update dependencies
|
|
19
|
+
|
|
20
|
+
## 4.5.0
|
|
21
|
+
|
|
22
|
+
### Changed
|
|
23
|
+
|
|
24
|
+
- Bumped a number of dependencies for security fixes
|
|
25
|
+
|
|
9
26
|
## 4.4.0
|
|
10
27
|
|
|
11
28
|
### Added
|
|
@@ -132,7 +149,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
132
149
|
### Fixed
|
|
133
150
|
|
|
134
151
|
- Comparing dependency license contents now finds matching contents regardless of the order of the licenses (https://github.com/github/licensed/pull/516)
|
|
135
|
-
- Fixed typo in a link in README.md (https://github.com/github/licensed/pull/514)
|
|
152
|
+
- Fixed typo in a link in README.md (https://github.com/github/licensed/pull/514)
|
|
136
153
|
|
|
137
154
|
### Changed
|
|
138
155
|
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
licensed (
|
|
4
|
+
licensed (5.0.0)
|
|
5
5
|
json (~> 2.6)
|
|
6
6
|
licensee (~> 9.16)
|
|
7
7
|
parallel (~> 1.22)
|
|
@@ -48,19 +48,19 @@ GEM
|
|
|
48
48
|
rugged (>= 0.24, < 2.0)
|
|
49
49
|
thor (>= 0.19, < 2.0)
|
|
50
50
|
mini_portile2 (2.8.1)
|
|
51
|
-
minitest (5.
|
|
52
|
-
minitest-hooks (1.5.
|
|
51
|
+
minitest (5.25.1)
|
|
52
|
+
minitest-hooks (1.5.2)
|
|
53
53
|
minitest (> 5.3)
|
|
54
54
|
mocha (2.4.5)
|
|
55
55
|
ruby2_keywords (>= 0.0.5)
|
|
56
56
|
mutex_m (0.2.0)
|
|
57
|
-
nokogiri (1.
|
|
57
|
+
nokogiri (1.16.5)
|
|
58
58
|
mini_portile2 (~> 2.8.0)
|
|
59
59
|
racc (~> 1.4)
|
|
60
60
|
octokit (6.1.0)
|
|
61
61
|
faraday (>= 1, < 3)
|
|
62
62
|
sawyer (~> 0.9)
|
|
63
|
-
parallel (1.
|
|
63
|
+
parallel (1.26.3)
|
|
64
64
|
parser (3.2.0.0)
|
|
65
65
|
ast (~> 2.4.1)
|
|
66
66
|
pathname-common_prefix (0.0.2)
|
|
@@ -72,7 +72,7 @@ GEM
|
|
|
72
72
|
regexp_parser (2.6.2)
|
|
73
73
|
reverse_markdown (2.1.1)
|
|
74
74
|
nokogiri
|
|
75
|
-
rexml (3.3.
|
|
75
|
+
rexml (3.3.6)
|
|
76
76
|
strscan
|
|
77
77
|
rubocop (1.45.1)
|
|
78
78
|
json (~> 2.3)
|
|
@@ -105,7 +105,7 @@ GEM
|
|
|
105
105
|
addressable (>= 2.3.5)
|
|
106
106
|
faraday (>= 0.17.3, < 3)
|
|
107
107
|
strscan (3.1.0)
|
|
108
|
-
thor (1.3.
|
|
108
|
+
thor (1.3.2)
|
|
109
109
|
tomlrb (2.0.3)
|
|
110
110
|
tzinfo (2.0.6)
|
|
111
111
|
concurrent-ruby (~> 1.0)
|
data/README.md
CHANGED
|
@@ -21,7 +21,7 @@ Licensed v3 includes a breaking change if both of the following are true:
|
|
|
21
21
|
1. a project uses bundler to manage ruby dependencies
|
|
22
22
|
2. a project uses the self-contained executable build of licensed
|
|
23
23
|
|
|
24
|
-
All other usages of licensed should not encounter any major changes migrating from the latest 2.x build to 3.0.
|
|
24
|
+
All other usages of licensed should not encounter any major changes migrating from the latest 2.x build to 3.0.
|
|
25
25
|
|
|
26
26
|
See [CHANGELOG.md](./CHANGELOG.md) for more details on what's changed.
|
|
27
27
|
See the [v3 migration documentation](./docs/migrations/v3.md) for more info on migrating to v3.
|
|
@@ -94,7 +94,7 @@ To get started after checking out the repo, run
|
|
|
94
94
|
|
|
95
95
|
You can also run `script/console` for an interactive prompt that will allow you to experiment.
|
|
96
96
|
|
|
97
|
-
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then
|
|
97
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then create a release on GitHub.
|
|
98
98
|
|
|
99
99
|
### Adding a new source
|
|
100
100
|
|
|
@@ -71,6 +71,12 @@ module Licensed
|
|
|
71
71
|
# Returns a homepage url that enforces https and removes url fragments
|
|
72
72
|
def safe_homepage(homepage)
|
|
73
73
|
return unless homepage
|
|
74
|
+
# Ensure there's no denial of service issue with a long homepage
|
|
75
|
+
# 1000 characters is likely enough for any real project homepage
|
|
76
|
+
# See https://github.com/github/licensed/security/code-scanning/1
|
|
77
|
+
if homepage.length > 1000
|
|
78
|
+
raise ArgumentError, "Input too long"
|
|
79
|
+
end
|
|
74
80
|
# use https and remove url fragment
|
|
75
81
|
homepage.gsub(/http:/, "https:")
|
|
76
82
|
.gsub(/#[^?]*\z/, "")
|
data/lib/licensed/version.rb
CHANGED
data/licensed.gemspec
CHANGED
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
|
-
spec.required_ruby_version = ">=
|
|
24
|
+
spec.required_ruby_version = ">= 3.0.0"
|
|
25
25
|
|
|
26
26
|
spec.add_dependency "licensee", "~> 9.16"
|
|
27
27
|
spec.add_dependency "thor", "~> 1.2"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 5.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|
|
@@ -335,14 +335,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
335
335
|
requirements:
|
|
336
336
|
- - ">="
|
|
337
337
|
- !ruby/object:Gem::Version
|
|
338
|
-
version:
|
|
338
|
+
version: 3.0.0
|
|
339
339
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
340
340
|
requirements:
|
|
341
341
|
- - ">="
|
|
342
342
|
- !ruby/object:Gem::Version
|
|
343
343
|
version: '0'
|
|
344
344
|
requirements: []
|
|
345
|
-
rubygems_version: 3.
|
|
345
|
+
rubygems_version: 3.3.26
|
|
346
346
|
signing_key:
|
|
347
347
|
specification_version: 4
|
|
348
348
|
summary: Extract and validate the licenses of dependencies.
|