diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 2a1f48480b..91521e9c6e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -38,10 +38,47 @@ v33.0.0 (next next, roadmap) - Update Dockerfile and test container build. See https://github.com/aboutcode-org/scancode-toolkit/issues/3955 +v32.3.2 - 2024-01-20 +-------------------- + +This is a patch release with license and package detection +improvements, bugfixes and with new and updated license detection rules +and new licenses added. + +Bugfixes: + +- Fix package resource assignment for JAVA jars in scancode.io + https://github.com/aboutcode-org/scancode-toolkit/pull/3983 + +- Fix missing spdx license expression in license detections + https://github.com/aboutcode-org/scancode-toolkit/issues/4015 + +- Enforce --path as a required parameter for scancode-license-data + console script. + https://github.com/aboutcode-org/scancode-toolkit/issues/4024 + +- Fix conda environment.yaml parsing errors. + https://github.com/aboutcode-org/scancode-toolkit/pull/4078 + +- Fix npm package parsing bug for packages with workspaces. + https://github.com/aboutcode-org/scancode.io/issues/1521 + +New features/licenses: + +- Adds support for pnpm lock YAML v9 + https://github.com/pnpm/spec/blob/master/lockfile/9.0.md + +- Add licenses from SPDX License List 3.26 + https://github.com/aboutcode-org/scancode-toolkit/issues/4045 + +- Add assembly and identification of conda package files in + root filesystem installations + https://github.com/aboutcode-org/scancode-toolkit/issues/4083 + v32.3.1 - 2024-01-06 -------------------- -This is a minor release with license and package detection +This is a patch release with license and package detection improvements, bugfixes and with new and updated license detection rules and new licenses added. diff --git a/requirements.txt b/requirements.txt index fb3ec03fb7..7d4e409c81 100644 --- a/requirements.txt +++ b/requirements.txt @@ -35,7 +35,7 @@ jaraco.functools==4.1.0 javaproperties==0.8.1 Jinja2==3.1.3 jsonstreams==0.6.0 -license-expression==30.4.0 +license-expression==30.4.1 lxml==5.1.0 MarkupSafe==2.1.5 more-itertools==8.13.0 diff --git a/setup-mini.cfg b/setup-mini.cfg index b335a995f1..79a2f3265b 100644 --- a/setup-mini.cfg +++ b/setup-mini.cfg @@ -1,6 +1,6 @@ [metadata] name = scancode-toolkit-mini -version = 32.3.1 +version = 32.3.2 license = Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft # description must be on ONE line https://github.com/pypa/setuptools/issues/1390 @@ -84,7 +84,7 @@ install_requires = javaproperties >= 0.5 jinja2 >= 2.7.0 jsonstreams >= 0.5.0 - license_expression >= 30.4.0 + license_expression >= 30.4.1 lxml >= 4.9.2 MarkupSafe >= 2.1.2 packageurl_python >= 0.9.0 diff --git a/setup.cfg b/setup.cfg index 31269077d1..d4f115c5f4 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,6 @@ [metadata] name = scancode-toolkit -version = 32.3.1 +version = 32.3.2 license = Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft # description must be on ONE line https://github.com/pypa/setuptools/issues/1390 @@ -84,7 +84,7 @@ install_requires = javaproperties >= 0.5 jinja2 >= 2.7.0 jsonstreams >= 0.5.0 - license_expression >= 30.4.0 + license_expression >= 30.4.1 lxml >= 4.9.2 MarkupSafe >= 2.1.2 packageurl_python >= 0.9.0 diff --git a/src/scancode_config.py b/src/scancode_config.py index df5b596b4e..b63919af33 100644 --- a/src/scancode_config.py +++ b/src/scancode_config.py @@ -132,12 +132,12 @@ def _create_dir(location): # 4. hardcoded This is the default, fallback version in case package is not installed or we # do not have a proper version otherwise. if not __version__: - __version__ = '32.3.1' + __version__ = '32.3.2' ####################### # used to warn user when the version is out of date # this is (year, month, day) -__release_date__ = datetime.datetime(2025, 1, 6) +__release_date__ = datetime.datetime(2025, 1, 20) # See https://github.com/nexB/scancode-toolkit/issues/2653 for more information # on the data format version @@ -145,7 +145,7 @@ def _create_dir(location): # see https://github.com/spdx/tools-python/issues/820 # this is actually `3.25.0` -spdx_license_list_version = '3.25' +spdx_license_list_version = '3.26' ################################################################################ # USAGE MODE-, INSTALLATION- and IMPORT- and RUN-SPECIFIC DIRECTORIES diff --git a/tests/formattedcode/data/spdx/license_known/expected.rdf b/tests/formattedcode/data/spdx/license_known/expected.rdf index a88dfd87b2..981d6e02ad 100644 --- a/tests/formattedcode/data/spdx/license_known/expected.rdf +++ b/tests/formattedcode/data/spdx/license_known/expected.rdf @@ -94,7 +94,7 @@ "@rdf:resource": "http://spdx.org/licenses/CC0-1.0" }, "@rdf:about": "#SPDXRef-DOCUMENT", - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/license_known/expected.tv b/tests/formattedcode/data/spdx/license_known/expected.tv index 7e92ad4120..90307b65af 100644 --- a/tests/formattedcode/data/spdx/license_known/expected.tv +++ b/tests/formattedcode/data/spdx/license_known/expected.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: scan diff --git a/tests/formattedcode/data/spdx/license_known/expected_with_text.rdf b/tests/formattedcode/data/spdx/license_known/expected_with_text.rdf index a88dfd87b2..981d6e02ad 100644 --- a/tests/formattedcode/data/spdx/license_known/expected_with_text.rdf +++ b/tests/formattedcode/data/spdx/license_known/expected_with_text.rdf @@ -94,7 +94,7 @@ "@rdf:resource": "http://spdx.org/licenses/CC0-1.0" }, "@rdf:about": "#SPDXRef-DOCUMENT", - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/license_known/expected_with_text.tv b/tests/formattedcode/data/spdx/license_known/expected_with_text.tv index 7e92ad4120..90307b65af 100644 --- a/tests/formattedcode/data/spdx/license_known/expected_with_text.tv +++ b/tests/formattedcode/data/spdx/license_known/expected_with_text.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: scan diff --git a/tests/formattedcode/data/spdx/license_ref/expected.rdf b/tests/formattedcode/data/spdx/license_ref/expected.rdf index 23da4d5767..8c08204f59 100644 --- a/tests/formattedcode/data/spdx/license_ref/expected.rdf +++ b/tests/formattedcode/data/spdx/license_ref/expected.rdf @@ -116,7 +116,7 @@ } } ], - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/license_ref/expected.tv b/tests/formattedcode/data/spdx/license_ref/expected.tv index e638c308db..5894319f59 100644 --- a/tests/formattedcode/data/spdx/license_ref/expected.tv +++ b/tests/formattedcode/data/spdx/license_ref/expected.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: scan diff --git a/tests/formattedcode/data/spdx/license_ref/expected_with_text.rdf b/tests/formattedcode/data/spdx/license_ref/expected_with_text.rdf index 40a88ce0b0..825c0f3808 100644 --- a/tests/formattedcode/data/spdx/license_ref/expected_with_text.rdf +++ b/tests/formattedcode/data/spdx/license_ref/expected_with_text.rdf @@ -116,7 +116,7 @@ } } ], - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/license_ref/expected_with_text.tv b/tests/formattedcode/data/spdx/license_ref/expected_with_text.tv index ffd906c0a1..eac3dc1556 100644 --- a/tests/formattedcode/data/spdx/license_ref/expected_with_text.tv +++ b/tests/formattedcode/data/spdx/license_ref/expected_with_text.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: scan diff --git a/tests/formattedcode/data/spdx/or_later/expected.rdf b/tests/formattedcode/data/spdx/or_later/expected.rdf index fdbb650018..58c7a24ea4 100644 --- a/tests/formattedcode/data/spdx/or_later/expected.rdf +++ b/tests/formattedcode/data/spdx/or_later/expected.rdf @@ -59,7 +59,7 @@ "@rdf:resource": "http://spdx.org/licenses/CC0-1.0" }, "@rdf:about": "#SPDXRef-DOCUMENT", - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/simple/expected.rdf b/tests/formattedcode/data/spdx/simple/expected.rdf index ad33644f3a..f71f4f3a78 100644 --- a/tests/formattedcode/data/spdx/simple/expected.rdf +++ b/tests/formattedcode/data/spdx/simple/expected.rdf @@ -59,7 +59,7 @@ "@rdf:resource": "http://spdx.org/licenses/CC0-1.0" }, "@rdf:about": "#SPDXRef-DOCUMENT", - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/simple/expected.tv b/tests/formattedcode/data/spdx/simple/expected.tv index f3688013da..c38b3b4831 100644 --- a/tests/formattedcode/data/spdx/simple/expected.tv +++ b/tests/formattedcode/data/spdx/simple/expected.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: simple diff --git a/tests/formattedcode/data/spdx/tree/expected.rdf b/tests/formattedcode/data/spdx/tree/expected.rdf index efe1ffd414..afc65a59a0 100644 --- a/tests/formattedcode/data/spdx/tree/expected.rdf +++ b/tests/formattedcode/data/spdx/tree/expected.rdf @@ -229,7 +229,7 @@ "@rdf:resource": "http://spdx.org/licenses/CC0-1.0" }, "@rdf:about": "#SPDXRef-DOCUMENT", - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/tree/expected.tv b/tests/formattedcode/data/spdx/tree/expected.tv index 37d1e5d870..5483a57a5b 100644 --- a/tests/formattedcode/data/spdx/tree/expected.tv +++ b/tests/formattedcode/data/spdx/tree/expected.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: scan diff --git a/tests/formattedcode/data/spdx/unicode/expected.rdf b/tests/formattedcode/data/spdx/unicode/expected.rdf index 801082cc75..c352c5f2f8 100644 --- a/tests/formattedcode/data/spdx/unicode/expected.rdf +++ b/tests/formattedcode/data/spdx/unicode/expected.rdf @@ -68,7 +68,7 @@ "rdfs:comment": "See details at https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/licenses/agere-bsd.LICENSE" } }, - "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25", + "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26", "spdx:name": "SPDX Document created by ScanCode Toolkit", "spdx:specVersion": "SPDX-2.2" }, diff --git a/tests/formattedcode/data/spdx/unicode/expected.tv b/tests/formattedcode/data/spdx/unicode/expected.tv index 160f1b0be1..3e3eae9360 100644 --- a/tests/formattedcode/data/spdx/unicode/expected.tv +++ b/tests/formattedcode/data/spdx/unicode/expected.tv @@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney for any legal advice. ScanCode is a free software code scanning tool from nexB Inc. and others. Visit https://github.com/nexB/scancode-toolkit/ for support and download. -SPDX License List: 3.25 +SPDX License List: 3.26 ## Creation Information ## Package Information PackageName: unicode