spandx 0.15.1 → 0.18.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -2
- data/README.md +2 -2
- data/lib/spandx.rb +2 -1
- data/lib/spandx/cli/commands/build.rb +2 -1
- data/lib/spandx/cli/commands/pull.rb +16 -6
- data/lib/spandx/cli/main.rb +13 -9
- data/lib/spandx/cli/printers/table.rb +1 -1
- data/lib/spandx/core/data_file.rb +4 -0
- data/lib/spandx/core/git.rb +8 -6
- data/lib/spandx/ruby/gateway.rb +25 -1
- data/lib/spandx/ruby/index.rb +52 -0
- data/lib/spandx/terraform/parsers/hcl.rb +108 -0
- data/lib/spandx/terraform/parsers/lock_file.rb +38 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +2 -1
- metadata +24 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bb37d5c085e6c24f08f563a34abe6395448e63a0f8a7571cd16ee7353fcf0e86
|
4
|
+
data.tar.gz: 8cb0c804cf63410200d1a8d7b28e7ba7ec1cf57e180d1e66e63664f3daf2e4b8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '0815ee42c9a013e2d4979d662166ca44d898d513b64250635ab36e8c65ab55d2eb1d7683b7cd1dcf4c2d8bc365d55433aba88713b3d4e2613c47dc62a7b53ba7'
|
7
|
+
data.tar.gz: 1dd8fa583d48f9007162b2eda18e07b0e58e906791c06491dd1d43dece6304c6831b279a4840761e8a370c6aaf6d7304e16eb2baa2a9f80b627bdffbf0ae2632
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.
|
1
|
+
Version 0.18.1
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -9,6 +9,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
11
|
|
12
|
+
## [0.18.1] - 2021-06-02
|
13
|
+
### Fixed
|
14
|
+
- Parse `.terraform.lock.hcl` files with multiple providers.
|
15
|
+
|
16
|
+
## [0.18.0] - 2021-05-10
|
17
|
+
### Added
|
18
|
+
- Add support for parsing `.terraform.lock.hcl` files.
|
19
|
+
|
20
|
+
## [0.17.0] - 2020-12-28
|
21
|
+
### Added
|
22
|
+
- Allow indexing gems from index.rubygems.org.
|
23
|
+
|
24
|
+
## [0.16.1] - 2020-11-19
|
25
|
+
### Fixed
|
26
|
+
- Start spinner for table printer only
|
27
|
+
|
28
|
+
## [0.16.0] - 2020-11-19
|
29
|
+
### Changed
|
30
|
+
- Pull smaller license cache.
|
31
|
+
- Print index files after building them.
|
32
|
+
|
12
33
|
## [0.15.1] - 2020-11-18
|
13
34
|
### Fixed
|
14
35
|
- Rebuild index after pulling latest cache.
|
@@ -211,7 +232,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
211
232
|
### Added
|
212
233
|
- Provide ruby API to the latest SPDX catalogue.
|
213
234
|
|
214
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.
|
235
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.18.1...HEAD
|
236
|
+
[0.18.1]: https://github.com/spandx/spandx/compare/v0.18.0...v0.18.1
|
237
|
+
[0.18.0]: https://github.com/spandx/spandx/compare/v0.17.0...v0.18.0
|
238
|
+
[0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
|
239
|
+
[0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
|
240
|
+
[0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
|
215
241
|
[0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
|
216
242
|
[0.15.0]: https://github.com/spandx/spandx/compare/v0.14.0...v0.15.0
|
217
243
|
[0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
|
5
5
|
# Spandx ![badge](https://github.com/spandx/spandx/workflows/ci/badge.svg)
|
6
6
|
|
7
|
-
A
|
7
|
+
A Ruby API for interacting with the https://spdx.org software license catalogue.
|
8
8
|
This gem includes a command line interface to scan a software project for the
|
9
9
|
software licenses that are associated with each dependency in the project.
|
10
10
|
`spandx` leverages an offline cache of software licenses for known dependencies.
|
@@ -104,7 +104,7 @@ end
|
|
104
104
|
|
105
105
|
## Development
|
106
106
|
|
107
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/
|
107
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
108
108
|
|
109
109
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
110
110
|
|
data/lib/spandx.rb
CHANGED
@@ -11,6 +11,7 @@ require 'nokogiri'
|
|
11
11
|
require 'oj'
|
12
12
|
require 'parslet'
|
13
13
|
require 'pathname'
|
14
|
+
require 'sorted_set'
|
14
15
|
require 'yaml'
|
15
16
|
require 'zeitwerk'
|
16
17
|
require 'spandx/spandx'
|
@@ -45,7 +46,7 @@ module Spandx
|
|
45
46
|
@git ||= {
|
46
47
|
cache: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/cache.git'),
|
47
48
|
rubygems: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/rubygems-cache.git'),
|
48
|
-
spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git'),
|
49
|
+
spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git', default_branch: 'master'),
|
49
50
|
}
|
50
51
|
end
|
51
52
|
end
|
@@ -5,10 +5,11 @@ module Spandx
|
|
5
5
|
module Commands
|
6
6
|
class Build
|
7
7
|
INDEXES = {
|
8
|
+
dotnet: Spandx::Dotnet::Index,
|
8
9
|
maven: Spandx::Java::Index,
|
9
10
|
nuget: Spandx::Dotnet::Index,
|
10
|
-
dotnet: Spandx::Dotnet::Index,
|
11
11
|
pypi: Spandx::Python::Index,
|
12
|
+
rubygems: Spandx::Ruby::Index,
|
12
13
|
}.freeze
|
13
14
|
|
14
15
|
def initialize(options)
|
@@ -4,13 +4,20 @@ module Spandx
|
|
4
4
|
module Cli
|
5
5
|
module Commands
|
6
6
|
class Pull
|
7
|
+
attr_reader :cache_dir, :rubygems_cache_dir
|
8
|
+
|
7
9
|
def initialize(options)
|
8
10
|
@options = options
|
11
|
+
@cache_dir = Spandx.git[:cache].root.join('.index')
|
12
|
+
@rubygems_cache_dir = Spandx.git[:rubygems].root.join('.index')
|
9
13
|
end
|
10
14
|
|
11
15
|
def execute(output: $stderr)
|
12
16
|
sync(output)
|
13
17
|
build(output, ::Spandx::Core::Dependency::PACKAGE_MANAGERS.values.uniq)
|
18
|
+
index_files_in(cache_dir, rubygems_cache_dir).each do |item|
|
19
|
+
output.puts item.to_s.gsub(Dir.home, '~')
|
20
|
+
end
|
14
21
|
output.puts 'OK'
|
15
22
|
end
|
16
23
|
|
@@ -25,14 +32,11 @@ module Spandx
|
|
25
32
|
end
|
26
33
|
|
27
34
|
def build(output, sources)
|
28
|
-
|
29
|
-
|
30
|
-
with_spinner('Rebuilding index...', output: output) do
|
35
|
+
with_spinner('Building index...', output: output) do
|
31
36
|
sources.each do |source|
|
32
|
-
Spandx::Core::Cache
|
33
|
-
.new(source, root: index_path)
|
34
|
-
.rebuild_index
|
37
|
+
Spandx::Core::Cache.new(source, root: cache_dir).rebuild_index
|
35
38
|
end
|
39
|
+
Spandx::Core::Cache.new(:rubygems, root: rubygems_cache_dir).rebuild_index
|
36
40
|
end
|
37
41
|
end
|
38
42
|
|
@@ -41,9 +45,15 @@ module Spandx
|
|
41
45
|
spinner.auto_spin
|
42
46
|
yield
|
43
47
|
spinner.success('(done)')
|
48
|
+
rescue StandardError => error
|
49
|
+
spinner.error("(#{error.message})")
|
44
50
|
ensure
|
45
51
|
spinner.stop
|
46
52
|
end
|
53
|
+
|
54
|
+
def index_files_in(*dirs)
|
55
|
+
dirs.map { |x| x.glob('**/*.idx') }.flatten.sort
|
56
|
+
end
|
47
57
|
end
|
48
58
|
end
|
49
59
|
end
|
data/lib/spandx/cli/main.rb
CHANGED
@@ -12,15 +12,11 @@ module Spandx
|
|
12
12
|
method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
|
13
13
|
method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
|
14
14
|
def scan(lockfile = Pathname.pwd)
|
15
|
-
if options[:help]
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
Spandx.logger = Logger.new(options[:logfile])
|
21
|
-
pull if options[:pull]
|
22
|
-
Spandx::Cli::Commands::Scan.new(lockfile, options).execute
|
23
|
-
end
|
15
|
+
return invoke :help, ['scan'] if options[:help]
|
16
|
+
|
17
|
+
prepare(options)
|
18
|
+
pull if options[:pull]
|
19
|
+
Spandx::Cli::Commands::Scan.new(lockfile, options).execute
|
24
20
|
end
|
25
21
|
|
26
22
|
desc 'pull', 'Pull the latest offline cache'
|
@@ -52,6 +48,14 @@ module Spandx
|
|
52
48
|
puts "v#{Spandx::VERSION}"
|
53
49
|
end
|
54
50
|
map %w[--version -v] => :version
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def prepare(options)
|
55
|
+
Oj.default_options = { mode: :strict }
|
56
|
+
Spandx.airgap = options[:airgap]
|
57
|
+
Spandx.logger = Logger.new(options[:logfile])
|
58
|
+
end
|
55
59
|
end
|
56
60
|
end
|
57
61
|
end
|
@@ -8,7 +8,6 @@ module Spandx
|
|
8
8
|
|
9
9
|
def initialize(output: $stderr)
|
10
10
|
@spinner = TTY::Spinner.new('[:spinner] Scanning...', output: output, clear: true, format: :dots)
|
11
|
-
@spinner.auto_spin
|
12
11
|
end
|
13
12
|
|
14
13
|
def match?(format)
|
@@ -16,6 +15,7 @@ module Spandx
|
|
16
15
|
end
|
17
16
|
|
18
17
|
def print_header(_io)
|
18
|
+
@spinner.auto_spin
|
19
19
|
@dependencies = SortedSet.new
|
20
20
|
end
|
21
21
|
|
data/lib/spandx/core/git.rb
CHANGED
@@ -3,10 +3,11 @@
|
|
3
3
|
module Spandx
|
4
4
|
module Core
|
5
5
|
class Git
|
6
|
-
attr_reader :root, :url
|
6
|
+
attr_reader :root, :url, :default_branch
|
7
7
|
|
8
|
-
def initialize(url:)
|
8
|
+
def initialize(url:, default_branch: 'main')
|
9
9
|
@url = url
|
10
|
+
@default_branch = default_branch
|
10
11
|
@root = path_for(url)
|
11
12
|
end
|
12
13
|
|
@@ -31,14 +32,15 @@ module Spandx
|
|
31
32
|
root.join('.git').directory?
|
32
33
|
end
|
33
34
|
|
34
|
-
def clone!
|
35
|
+
def clone!(branch: default_branch)
|
35
36
|
system('rm', '-rf', root.to_s) if root.exist?
|
36
|
-
system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch',
|
37
|
+
system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', branch, url, root.to_s)
|
37
38
|
end
|
38
39
|
|
39
|
-
def pull!
|
40
|
+
def pull!(remote: 'origin', branch: default_branch)
|
40
41
|
Dir.chdir(root) do
|
41
|
-
system('git', '
|
42
|
+
system('git', 'fetch', '--quiet', '--depth=1', '--prune', '--no-tags', remote)
|
43
|
+
system('git', 'checkout', '--quiet', branch)
|
42
44
|
end
|
43
45
|
end
|
44
46
|
end
|
data/lib/spandx/ruby/gateway.rb
CHANGED
@@ -8,8 +8,21 @@ module Spandx
|
|
8
8
|
@http = http
|
9
9
|
end
|
10
10
|
|
11
|
+
def each
|
12
|
+
response = http.get('https://index.rubygems.org/versions')
|
13
|
+
return unless http.ok?(response)
|
14
|
+
|
15
|
+
parse_each_from(StringIO.new(response.body)) do |item|
|
16
|
+
yield item
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
11
20
|
def licenses_for(dependency)
|
12
|
-
|
21
|
+
licenses(dependency.name, dependency.version)
|
22
|
+
end
|
23
|
+
|
24
|
+
def licenses(name, version)
|
25
|
+
details_on(name, version)['licenses'] || []
|
13
26
|
end
|
14
27
|
|
15
28
|
def matches?(dependency)
|
@@ -20,6 +33,17 @@ module Spandx
|
|
20
33
|
|
21
34
|
attr_reader :http
|
22
35
|
|
36
|
+
def parse_each_from(io)
|
37
|
+
_created_at = io.readline
|
38
|
+
_triple_dash = io.readline
|
39
|
+
until io.eof?
|
40
|
+
name, versions, _digest = io.readline.split(' ')
|
41
|
+
versions.split(',').each do |version|
|
42
|
+
yield({ name: name, version: version })
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
23
47
|
def details_on(name, version)
|
24
48
|
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
25
49
|
response = http.get(url, default: {})
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Ruby
|
5
|
+
class Index
|
6
|
+
include Enumerable
|
7
|
+
|
8
|
+
attr_reader :directory, :name, :rubygems
|
9
|
+
|
10
|
+
def initialize(directory:)
|
11
|
+
@directory = directory
|
12
|
+
@name = 'rubygems'
|
13
|
+
@cache = ::Spandx::Core::Cache.new(@name, root: directory)
|
14
|
+
@rubygems = ::Spandx::Ruby::Gateway.new
|
15
|
+
end
|
16
|
+
|
17
|
+
def update!(*)
|
18
|
+
queue = Queue.new
|
19
|
+
[fetch(queue), save(queue)].each(&:join)
|
20
|
+
cache.rebuild_index
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
attr_reader :cache
|
26
|
+
|
27
|
+
def fetch(queue)
|
28
|
+
Thread.new do
|
29
|
+
rubygems.each do |item|
|
30
|
+
queue.enq(
|
31
|
+
item.merge(
|
32
|
+
licenses: rubygems.licenses(item[:name], item[:version])
|
33
|
+
)
|
34
|
+
)
|
35
|
+
end
|
36
|
+
queue.enq(:stop)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def save(queue)
|
41
|
+
Thread.new do
|
42
|
+
loop do
|
43
|
+
item = queue.deq
|
44
|
+
break if item == :stop
|
45
|
+
|
46
|
+
cache.insert(item[:name], item[:version], item[:licenses])
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Terraform
|
5
|
+
module Parsers
|
6
|
+
class Hcl < Parslet::Parser
|
7
|
+
rule(:alpha) { match['a-zA-Z'] }
|
8
|
+
rule(:assign) { str('=') }
|
9
|
+
rule(:colon) { str(':') }
|
10
|
+
rule(:comma) { str(',') }
|
11
|
+
rule(:comment) { (str('#') | str('//')) >> ((str("\n") >> str("\r").maybe).absent? >> any).repeat >> eol }
|
12
|
+
rule(:crlf) { match('[\r\n]') }
|
13
|
+
rule(:digit) { match('\d') }
|
14
|
+
rule(:dot) { str('.') }
|
15
|
+
rule(:eol) { whitespace? >> crlf.repeat }
|
16
|
+
rule(:greater_than_or_equal_to) { str('>=') }
|
17
|
+
rule(:hyphen) { str('-') }
|
18
|
+
rule(:lbracket) { str('[') }
|
19
|
+
rule(:lcurly) { str('{') }
|
20
|
+
rule(:major) { number }
|
21
|
+
rule(:major_minor) { (number >> dot >> number) }
|
22
|
+
rule(:major_minor_patch) { number >> dot >> number >> dot >> number }
|
23
|
+
rule(:multiline_comment) { str('/*') >> (str('*/').absent? >> any).repeat >> str('*/') }
|
24
|
+
rule(:number) { digit.repeat }
|
25
|
+
rule(:plus) { str('+') }
|
26
|
+
rule(:pre_release) { hyphen >> (alpha | digit).repeat }
|
27
|
+
rule(:pre_release?) { pre_release.maybe }
|
28
|
+
rule(:quote) { str('"') }
|
29
|
+
rule(:rbracket) { str(']') }
|
30
|
+
rule(:rcurly) { str('}') }
|
31
|
+
rule(:slash) { str('/') }
|
32
|
+
rule(:space) { match('\s') }
|
33
|
+
rule(:tilda_wacka) { str('~>') }
|
34
|
+
rule(:version) { number >> dot >> number >> dot >> number >> pre_release? }
|
35
|
+
rule(:whitespace) { (multiline_comment | comment | space).repeat }
|
36
|
+
rule(:whitespace?) { whitespace.maybe }
|
37
|
+
|
38
|
+
rule(:pessimistic_version_constraint) do
|
39
|
+
tilda_wacka >> whitespace >> (
|
40
|
+
major_minor_patch |
|
41
|
+
major_minor |
|
42
|
+
major
|
43
|
+
)
|
44
|
+
end
|
45
|
+
|
46
|
+
rule(:greater_than_or_equal_to_version) do
|
47
|
+
greater_than_or_equal_to >> whitespace >> (
|
48
|
+
major_minor_patch |
|
49
|
+
major_minor |
|
50
|
+
major
|
51
|
+
)
|
52
|
+
end
|
53
|
+
|
54
|
+
rule(:version_constraint) do
|
55
|
+
pessimistic_version_constraint | greater_than_or_equal_to_version
|
56
|
+
end
|
57
|
+
|
58
|
+
rule :version_assignment do
|
59
|
+
str('version') >> whitespace >> assign >> whitespace >> quote >> version.as(:version) >> quote
|
60
|
+
end
|
61
|
+
|
62
|
+
rule :constraint_assignment do
|
63
|
+
str('constraints') >> whitespace >> assign >> whitespace >> quote >> version_constraint.as(:constraints) >> quote
|
64
|
+
end
|
65
|
+
|
66
|
+
rule :string do
|
67
|
+
quote >> (
|
68
|
+
digit | dot | alpha | str('~> ') | slash | colon | assign | plus
|
69
|
+
).repeat(1).as(:value) >> quote
|
70
|
+
end
|
71
|
+
|
72
|
+
rule :array_item do
|
73
|
+
whitespace? >> string >> comma.maybe >> eol
|
74
|
+
end
|
75
|
+
|
76
|
+
rule :array do
|
77
|
+
lbracket >> eol >> array_item.repeat >> whitespace >> rbracket
|
78
|
+
end
|
79
|
+
|
80
|
+
rule :argument_value do
|
81
|
+
(array.as(:values) | string) >> eol
|
82
|
+
end
|
83
|
+
|
84
|
+
rule :argument do
|
85
|
+
whitespace >> alpha.repeat(1).as(:name) >> whitespace >> assign >> whitespace >> argument_value
|
86
|
+
end
|
87
|
+
|
88
|
+
rule :block_body do
|
89
|
+
lcurly >> crlf >> argument.repeat.as(:arguments) >> rcurly
|
90
|
+
end
|
91
|
+
|
92
|
+
rule :identifier do
|
93
|
+
whitespace >> quote >> (alpha | dot | slash).repeat(1).as(:name) >> quote >> whitespace
|
94
|
+
end
|
95
|
+
|
96
|
+
rule :block do
|
97
|
+
alpha.repeat(1).as(:type) >> identifier >> block_body
|
98
|
+
end
|
99
|
+
|
100
|
+
rule :blocks do
|
101
|
+
whitespace? >> (block >> eol.maybe).repeat(1).as(:blocks)
|
102
|
+
end
|
103
|
+
|
104
|
+
root(:blocks)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Terraform
|
5
|
+
module Parsers
|
6
|
+
class LockFile < ::Spandx::Core::Parser
|
7
|
+
def initialize
|
8
|
+
@parser = Spandx::Terraform::Parsers::Hcl.new
|
9
|
+
end
|
10
|
+
|
11
|
+
def match?(pathname)
|
12
|
+
basename = pathname.basename
|
13
|
+
basename.fnmatch?('.terraform.lock.hcl')
|
14
|
+
end
|
15
|
+
|
16
|
+
def parse(path)
|
17
|
+
tree = @parser.parse(path.read)
|
18
|
+
tree[:blocks].map do |block|
|
19
|
+
version_arg = version_arg_from(block)
|
20
|
+
::Spandx::Core::Dependency.new(
|
21
|
+
name: block[:name].to_s,
|
22
|
+
version: version_arg[:value]&.to_s,
|
23
|
+
path: path
|
24
|
+
)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def version_arg_from(block)
|
31
|
+
block[:arguments].find do |x|
|
32
|
+
x[:name] == 'version'
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
18
18
|
|
19
19
|
spec.metadata['homepage_uri'] = spec.homepage
|
20
20
|
spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
|
21
|
-
spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/
|
21
|
+
spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/main/CHANGELOG.md'
|
22
22
|
|
23
23
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
24
24
|
Dir.glob('exe/*') +
|
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
|
|
38
38
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
39
39
|
spec.add_dependency 'oj', '~> 3.10'
|
40
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
41
|
+
spec.add_dependency 'sorted_set', '~> 1.0'
|
41
42
|
spec.add_dependency 'terminal-table', '~> 1.8'
|
42
43
|
spec.add_dependency 'thor'
|
43
44
|
spec.add_dependency 'tty-spinner', '~> 0.9'
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.18.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Can Eldem
|
8
8
|
- mo khan
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2021-06-03 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
@@ -101,6 +101,20 @@ dependencies:
|
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
103
|
version: '2.0'
|
104
|
+
- !ruby/object:Gem::Dependency
|
105
|
+
name: sorted_set
|
106
|
+
requirement: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.0'
|
111
|
+
type: :runtime
|
112
|
+
prerelease: false
|
113
|
+
version_requirements: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '1.0'
|
104
118
|
- !ruby/object:Gem::Dependency
|
105
119
|
name: terminal-table
|
106
120
|
requirement: !ruby/object:Gem::Requirement
|
@@ -413,12 +427,15 @@ files:
|
|
413
427
|
- lib/spandx/python/pypi.rb
|
414
428
|
- lib/spandx/python/source.rb
|
415
429
|
- lib/spandx/ruby/gateway.rb
|
430
|
+
- lib/spandx/ruby/index.rb
|
416
431
|
- lib/spandx/ruby/parsers/gemfile_lock.rb
|
417
432
|
- lib/spandx/spdx/catalogue.rb
|
418
433
|
- lib/spandx/spdx/composite_license.rb
|
419
434
|
- lib/spandx/spdx/expression.rb
|
420
435
|
- lib/spandx/spdx/gateway.rb
|
421
436
|
- lib/spandx/spdx/license.rb
|
437
|
+
- lib/spandx/terraform/parsers/hcl.rb
|
438
|
+
- lib/spandx/terraform/parsers/lock_file.rb
|
422
439
|
- lib/spandx/version.rb
|
423
440
|
- spandx.gemspec
|
424
441
|
homepage: https://spandx.github.io/
|
@@ -427,8 +444,8 @@ licenses:
|
|
427
444
|
metadata:
|
428
445
|
homepage_uri: https://spandx.github.io/
|
429
446
|
source_code_uri: https://github.com/spandx/spandx
|
430
|
-
changelog_uri: https://github.com/spandx/spandx/blob/
|
431
|
-
post_install_message:
|
447
|
+
changelog_uri: https://github.com/spandx/spandx/blob/main/CHANGELOG.md
|
448
|
+
post_install_message:
|
432
449
|
rdoc_options: []
|
433
450
|
require_paths:
|
434
451
|
- lib
|
@@ -443,8 +460,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
443
460
|
- !ruby/object:Gem::Version
|
444
461
|
version: '0'
|
445
462
|
requirements: []
|
446
|
-
rubygems_version: 3.
|
447
|
-
signing_key:
|
463
|
+
rubygems_version: 3.2.19
|
464
|
+
signing_key:
|
448
465
|
specification_version: 4
|
449
466
|
summary: A ruby interface to the SPDX catalogue.
|
450
467
|
test_files: []
|