spandx 0.18.3 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 81626f66bcff1fbe9a38a489f72e0f00bbd355f91ed43582e563a04089016e83
-  data.tar.gz: b5ed156f7c0b5f9972d2e8e564dd37666f1fa8acf5c26ae4192db2a4d6d68c2e
+  metadata.gz: 6c44e1c8ed07309ed992615ac0b497265dc552cb1fab37253fd22bfe1c176fe7
+  data.tar.gz: 5932840f867f2e800e81a1e75058a02d9a97ebf2e52a0bfda6ab2e471326d459
 SHA512:
-  metadata.gz: e81245600853fa6677deedd50ece29463a50736c44cb4503391e8777b31f3493c4d9405cc33bde47538d2f991befea153abdefe0b9cfe04954f0c73277c70005
-  data.tar.gz: 190c97f3ab8e9431a5ca52ffd4dfb524f6438997a8912288c8abd821e220dfbda149fe1107f0f63b6e8e5bff6258a312800654764073e1c929182175bc89a27c
+  metadata.gz: ebe65576f1ccf3791355c3587aae8ba486aec797e80613b8f0a8e37882c6f54dd371c0d7c981d6f50d24696321332cf01fc3b8e262edcd11555da77b60a481b6
+  data.tar.gz: c1b63a3f9662788be70af6af3aef94987548da3caba5c043ddfb9f6923e39384e3af009190f1c9175693165f58ff740690146979e84bb22ab0f255e690d28faa

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-Version 0.18.3
+Version 0.19.0
 
 # Changelog
 
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.19.0] - 2024-12-31
+### Changed
+- Upgrade to Ruby 3.2+
+
 ## [0.18.3] - 2021-12-15
 - fix(spdx): fallback to online catalogue when local catalogue is not available.
 
@@ -240,7 +244,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Provide ruby API to the latest SPDX catalogue.
 
-[Unreleased]: https://github.com/spandx/spandx/compare/v0.18.3...HEAD
+[Unreleased]: https://github.com/spandx/spandx/compare/v0.19.0...HEAD
+[0.19.0]: https://github.com/spandx/spandx/compare/v0.18.3...v0.19.0
 [0.18.3]: https://github.com/spandx/spandx/compare/v0.18.2...v0.18.3
 [0.18.2]: https://github.com/spandx/spandx/compare/v0.18.1...v0.18.2
 [0.18.1]: https://github.com/spandx/spandx/compare/v0.18.0...v0.18.1

data/lib/spandx/cli/printers/table.rb

@@ -8,6 +8,7 @@ module Spandx
 
         def initialize(output: $stderr)
           @spinner = TTY::Spinner.new('[:spinner] Scanning...', output: output, clear: true, format: :dots)
+          super()
         end
 
         def match?(format)

data/lib/spandx/core/gateway.rb

@@ -3,6 +3,12 @@
 module Spandx
   module Core
     class Gateway
+      attr_reader :http
+
+      def initialize(http: Spandx.http)
+        @http = http
+      end
+
       def matches?(_dependency)
         raise ::Spandx::Error, :matches?
       end

data/lib/spandx/core/license_plugin.rb

@@ -5,6 +5,7 @@ module Spandx
     class LicensePlugin < Spandx::Core::Plugin
       def initialize(catalogue: Spdx::Catalogue.default)
         @guess = Guess.new(catalogue)
+        super()
       end
 
       def enhance(dependency)

data/lib/spandx/core/registerable.rb

@@ -17,6 +17,7 @@ module Spandx
 
       def inherited(subclass)
         registry.push(subclass)
+        super
       end
 
       def registry

data/lib/spandx/dotnet/nuget_gateway.rb

@@ -6,10 +6,6 @@ module Spandx
     # https://api.nuget.org/v3-flatcontainer/#{package.name}/index.json
     # https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource
     class NugetGateway < ::Spandx::Core::Gateway
-      def initialize(http: Spandx.http)
-        @http = http
-      end
-
       def licenses_for(dependency)
         extract_licenses_from(nuspec_for(dependency.name, dependency.version))
       end
@@ -28,8 +24,6 @@ module Spandx
 
       private
 
-      attr_reader :http
-
       def each_page(start_page:)
         url = 'https://api.nuget.org/v3/catalog0/index.json'
         items_from(fetch_json(url))

data/lib/spandx/java/gateway.rb

@@ -5,12 +5,6 @@ module Spandx
     class Gateway < ::Spandx::Core::Gateway
       DEFAULT_SOURCE = 'https://repo.maven.apache.org/maven2'
 
-      attr_reader :http
-
-      def initialize(http: Spandx.http)
-        @http = http
-      end
-
       def matches?(dependency)
         dependency.package_manager == :maven
       end

data/lib/spandx/js/yarn_lock.rb

@@ -5,7 +5,7 @@ module Spandx
     class YarnLock
       include Enumerable
 
-      START_OF_DEPENDENCY_REGEX = %r{^"?(?<name>(@|\w|-|\.|/)+)@}i.freeze
+      START_OF_DEPENDENCY_REGEX = %r{^"?(?<name>(?<item>@|\w|-|\.|/)+)@}i.freeze
       INJECT_COLON = /(?<=\w|")\s(?=\w|")/.freeze
 
       attr_reader :file_path

data/lib/spandx/js/yarn_pkg.rb

@@ -4,11 +4,6 @@ module Spandx
   module Js
     class YarnPkg < ::Spandx::Core::Gateway
       DEFAULT_SOURCE = 'https://registry.yarnpkg.com'
-      attr_reader :http
-
-      def initialize(http: Spandx.http)
-        @http = http
-      end
 
       def matches?(dependency)
         %i[npm yarn].include?(dependency.package_manager)

data/lib/spandx/php/packagist_gateway.rb

@@ -3,12 +3,6 @@
 module Spandx
   module Php
     class PackagistGateway < ::Spandx::Core::Gateway
-      attr_reader :http
-
-      def initialize(http: Spandx.http)
-        @http = http
-      end
-
       def matches?(dependency)
         dependency.package_manager == :composer
       end

data/lib/spandx/python/pypi.rb

@@ -13,8 +13,8 @@ module Spandx
       ].freeze
 
       def initialize(http: Spandx.http)
-        @http = http
         @definitions = {}
+        super
       end
 
       def matches?(dependency)
@@ -54,15 +54,13 @@ module Spandx
 
         section = path.scan(/-\d+\..*/)
         section = path.scan(/-\d+\.?.*/) if section.empty?
-        section[-1][1..-1]
+        section[-1][1..]
       rescue StandardError => error
         warn([url, error].inspect)
       end
 
       private
 
-      attr_reader :http
-
       def cleanup(url)
         SUBSTITUTIONS.inject(URI.parse(url).path.split('/')[-1]) do |memo, item|
           memo.gsub(item, '')

data/lib/spandx/ruby/gateway.rb

@@ -2,12 +2,8 @@
 
 module Spandx
   module Ruby
+    # https://guides.rubygems.org/rubygems-org-api-v2/
     class Gateway < ::Spandx::Core::Gateway
-      # https://guides.rubygems.org/rubygems-org-api-v2/
-      def initialize(http: Spandx.http)
-        @http = http
-      end
-
       def each
         response = http.get('https://index.rubygems.org/versions')
         return unless http.ok?(response)
@@ -31,8 +27,6 @@ module Spandx
 
       private
 
-      attr_reader :http
-
       def parse_each_from(io)
         _created_at = io.readline
         _triple_dash = io.readline

data/lib/spandx/ruby/parsers/gemfile_lock.rb

@@ -4,7 +4,7 @@ module Spandx
   module Ruby
     module Parsers
       class GemfileLock < ::Spandx::Core::Parser
-        STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n)   (?<major>\d+)\.\d+\.\d+/m.freeze
+        STRIP_BUNDLED_WITH = /^BUNDLED WITH$\r?\n   \d+\.\d+\.\d+/m.freeze
 
         def match?(pathname)
           basename = pathname.basename

data/lib/spandx/terraform/parsers/lock_file.rb

@@ -6,6 +6,7 @@ module Spandx
       class LockFile < ::Spandx::Core::Parser
         def initialize
           @parser = Hcl2::Parser.new
+          super()
         end
 
         def match?(pathname)

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.18.3'
+  VERSION = '0.19.0'
 end

data/lib/spandx.rb

@@ -47,7 +47,7 @@ module Spandx
       @git ||= {
         cache: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/cache.git'),
         rubygems: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/rubygems-cache.git'),
-        spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git', default_branch: 'master'),
+        spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git'),
       }
     end
   end

data/spandx.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
   spec.description   = 'Spandx is a ruby API for interacting with the spdx.org software license catalogue. This gem includes a command line interface to scan a software project for the software licenses that are associated with each dependency in the project. Spandx also allows you to hook additional information for each dependency found. For instance, you can add plugin to Spandx to find and report vulnerabilities for the dependencies it found.'
   spec.homepage      = 'https://spandx.github.io/'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.6.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 3.2.0')
 
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
@@ -32,30 +32,32 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.extensions    = ['ext/spandx/extconf.rb']
 
-  spec.add_dependency 'addressable', '~> 2.7'
+  spec.add_dependency 'addressable', '~> 2.0'
   spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
+  spec.add_dependency 'csv', '~> 3.0'
   spec.add_dependency 'hcl2', '~> 0.1'
   spec.add_dependency 'net-hippie', '~> 1.0'
-  spec.add_dependency 'nokogiri', '~> 1.10'
-  spec.add_dependency 'oj', '~> 3.10'
+  spec.add_dependency 'nokogiri', '~> 1.0'
+  spec.add_dependency 'oj', '~> 3.0'
   spec.add_dependency 'parslet', '~> 2.0'
   spec.add_dependency 'sorted_set', '~> 1.0'
-  spec.add_dependency 'terminal-table', '~> 1.8'
-  spec.add_dependency 'thor'
-  spec.add_dependency 'tty-spinner', '~> 0.9'
-  spec.add_dependency 'zeitwerk', '~> 2.3'
-
-  spec.add_development_dependency 'benchmark-ips', '~> 2.8'
-  spec.add_development_dependency 'bundler-audit', '~> 0.6'
-  spec.add_development_dependency 'byebug', '~> 11.1'
-  spec.add_development_dependency 'licensed', '~> 2.8'
+  spec.add_dependency 'terminal-table', '~> 1.0'
+  spec.add_dependency 'thor', '~> 1.0'
+  spec.add_dependency 'tty-spinner', '~> 0.1'
+  spec.add_dependency 'zeitwerk', '~> 2.0'
+
+  spec.add_development_dependency 'benchmark', '~> 0.1'
+  spec.add_development_dependency 'benchmark-ips', '~> 2.0'
+  spec.add_development_dependency 'bundler-audit', '~> 0.1'
+  spec.add_development_dependency 'byebug', '~> 11.0'
+  spec.add_development_dependency 'licensed', '~> 2.0'
   spec.add_development_dependency 'rake', '~> 13.0'
-  spec.add_development_dependency 'rake-compiler', '~> 1.1'
+  spec.add_development_dependency 'rake-compiler', '~> 1.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rspec-benchmark', '~> 0.5'
-  spec.add_development_dependency 'rubocop', '~> 0.52'
-  spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
-  spec.add_development_dependency 'ruby-prof', '~> 1.3'
+  spec.add_development_dependency 'rspec-benchmark', '~> 0.1'
+  spec.add_development_dependency 'rubocop', '~> 1.0'
+  spec.add_development_dependency 'rubocop-rspec', '~> 3.0'
+  spec.add_development_dependency 'ruby-prof', '~> 1.0'
   spec.add_development_dependency 'vcr', '~> 6.0'
-  spec.add_development_dependency 'webmock', '~> 3.7'
+  spec.add_development_dependency 'webmock', '~> 3.0'
 end

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.18.3
+  version: 0.19.0
 platform: ruby
 authors:
 - Can Eldem
 - mo khan
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-16 00:00:00.000000000 Z
+date: 2024-12-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -17,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -45,6 +44,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: csv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: hcl2
   requirement: !ruby/object:Gem::Requirement
@@ -79,28 +92,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: parslet
   requirement: !ruby/object:Gem::Requirement
@@ -135,112 +148,126 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: tty-spinner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: benchmark
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '11.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '11.0'
 - !ruby/object:Gem::Dependency
   name: licensed
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -261,14 +288,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -289,56 +316,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.52'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.52'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: ruby-prof
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -359,14 +386,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.7'
+        version: '3.0'
 description: Spandx is a ruby API for interacting with the spdx.org software license
   catalogue. This gem includes a command line interface to scan a software project
   for the software licenses that are associated with each dependency in the project.
@@ -458,7 +485,6 @@ metadata:
   homepage_uri: https://spandx.github.io/
   source_code_uri: https://github.com/spandx/spandx
   changelog_uri: https://github.com/spandx/spandx/blob/main/CHANGELOG.md
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -466,15 +492,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.
 test_files: []