chore(deps): update dependency scancode-toolkit to v32.3.2 #979
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==32.1.0->==32.3.2Release Notes
aboutcode-org/scancode-toolkit (scancode-toolkit)
v32.3.2Compare Source
This is a patch release with license and package detection
improvements, bugfixes and with new and updated license detection rules
and new licenses added.
Bugfixes:
Fix package resource assignment for JAVA jars in scancode.io
https://github.com/aboutcode-org/scancode-toolkit/pull/39833983
Fix missing spdx license expression in license detections
https://github.com/aboutcode-org/scancode-toolkit/issues/40154015
Enforce --path as a required parameter for scancode-license-data
console scrihttps://github.com/aboutcode-org/scancode-toolkit/issues/4024ues/4024
Fix conda environment.yaml parsing errors.
https://github.com/aboutcode-org/scancode-toolkit/pull/40784078
Fix npm package parsing bug for packages with workspaces.
https://github.com/aboutcode-org/scancode.io/issues/15211521
New features/licenses:
Adds support for pnpm lock YAML v9
https://github.com/pnpm/spec/blob/master/lockfile/9.0.md
Add licenses from SPDX License List 3.26
https://github.com/aboutcode-org/scancode-toolkit/issues/40454045
Add assembly and identification of conda package files in
root filesystem installatihttps://github.com/aboutcode-org/scancode-toolkit/issues/4083ues/4083
v32.3.1Compare Source
This is a patch release with license and package detection
improvements, bugfixes and with new and updated license detection rules
and new licenses added.
We can now collect packages from a Rust binary using rust-inspector
for rust binaries built with
cargo-auditable(Linux-only)Also adds a plugin for colelcting rust symbols with the option
--rust-symbol. See the initial release for more info:https://github.com/aboutcode-org/rust-inspector/releases/tag/v0.[https://github.com/aboutcode-org/scancode-toolkit/pull/4043](https://github.com/aboutcode-org/scancode-toolkit/pull/4043)ull/4043
Improves and adds bugfixes for package detection in the following ecosystems:
conda, npm, rust, https://github.com/aboutcode-org/scancode-toolkit/pull/4073ull/4073
Updates go-inspector to v0.5.0 . GoReSym is now built from source and has
been updated to v3.0https://github.com/aboutcode-org/scancode-toolkit/pull/39723972
Adds new and updated licenses, license detection rules.
https://github.com/aboutcode-org/scancode-toolkit/pull/39633963
Adds the latest license-expression with an updated licenseDB.
https://github.com/aboutcode-org/scancode-toolkit/pull/39603960
v32.3.0Compare Source
Major API/other changes:
is_resolvedrenamed tois_pinnedhttps://github.com/nexB/scancode-toolkit/pull/38883888 for more details.
spdx_license_expressionis renamed tolicense_expression_spdx.Changes in Output Data Structure:
The data structure of the JSON output has changed for:
dependencies at file level package_data, and at top-level.
license matches at file level or unique codebase level license detections
Note that the change is a modification to the JSON output,
so we have a major version bump
3.2.0to4.0.0:Dependency attribute
is_resolvedrenamed tois_pinnedLicenseMatch attribute
spdx_license_expressionrenamed tolicense_expression_spdxUpdate link references of ownership from nexB to aboutcode-org
https://github.com/aboutcode-org/scancode-toolkit/issues/38853885
New and updated licenses, including support for newly released
SPDX license list versions:
This release of the SPDX license list had 9 new licenses
and exceptions, and out of them 5 were present as licenses
and 2 were present as rules already. There were 2 new
license/exception texts added, and also 1 license was dhttps://github.com/aboutcode-org/scancode-toolkit/pull/3897Synchronize Licenses aboutcode-org/scancode-toolkit#3897
New and improved copyright detection with many false positive removed
and refined detection added.
Fix Python
SyntaxWarningin textcode module.Improve python, npm, yarn, go package detections:
https://github.com/aboutcode-org/scancode-toolkit/pull/38573https://github.com/aboutcode-org/scancode-toolkit/pull/3869uhttps://github.com/aboutcode-org/scancode-toolkit/pull/3943ihttps://github.com/aboutcode-org/scancode-toolkit/pull/3894oolkit/pull/3894
Drop python 3.8 support as this is end of life. Please use older releases if you
are using python 3.8 but this is not recommended.
We can now collect packages from a Go binary using go-inspector (Linux-only)
https://github.com/aboutcode-org/scancode-toolkit/pull/38943894
v32.2.1Compare Source
Add support for parsing resolved packages and dependency relationships
from nuget lockfile
packages.lock.json.https://github.com/nexB/scancode-toolkit/pull/38253825
Add support for parsing resolved packages and dependency relationships
from cocoapods lockfile
Podfile.lock.https://github.com/nexB/scancode-toolkit/pull/38273827
Add support for parsing packages and dependency relationships
from swift
swift-show-dependencies.deplockgenerated by DepLock.https://github.com/nexB/scancode-toolkit/pull/38293829
Add support for
pip-inspect.deplockfiles to parse and storeresolved packages and dependency relationships, to statically
resolve a python dependency grahttps://github.com/nexB/scancode.io/issues/1262/issues/1262
Add support for poetry packages, with poetry specific pyproject.toml
support, poetry.lock and package assembly support. Also add support
for parsing and storing resolved packages and dependency relationships
required to statically resolve poetry dependecy https://github.com/nexB/scancode-toolkit/issues/2109lkit/issues/2109
Add support for pyproject.toml files in python projects.
https://github.com/nexB/scancode-toolkit/issues/37533753
More improved copyright detection, see
https://github.com/nexB/scancode-toolkit/pull/37523752
scancode-toolkitis now installable from the fedora repo.https://github.com/nexB/scancode-toolkit/pull/38243824
v32.2.0Compare Source
New and improved package/dependency data:
is_directto aidpackage resolution and dependency graph creation.
is_privateandis_virtual. #3102 #3811https://github.com/nexB/scancode-toolkit/pull/3779ull/3779
Improved javascript package detection:
yarn.lock, package-lock.json, and pnpm. #3780
https://github.com/nexB/scancode-toolkit/pull/3779ull/3779
Improve cargo package detection support with various improvements
and bugfixes:
https://github.com/nexB/scancode-toolkit/pull/3783ull/3783
We now support parsing the Swift manifest JSON dump and the
Package.resolvedfile https://github.com/nexB/scancode-toolkit/issues/2657.Run the command below on your local Swift project before running the scan:
`swift package dump-package > Package.swift.json && swift package resolve``
New and updated licenses, including support for newly released
SPDX license list versions:
SPDX License List 3.24:
This release of the SPDX license list had 25 new licenses
and exceptions, and out of them 12 were present as licenses
and 5 were present as rules already. There were 3 new
license/exception texts added, and the rest 5 were either
texts with small variations, additions to texts or several
rule texts together. And the rest have bhttps://github.com/nexB/scancode-toolkit/pull/3795s see Update to SPDX license list 3.24.0 aboutcode-org/scancode-toolkit#3795
More new licenses and rules:
Configuration
📅 Schedule: Branch creation - "after 9am and before 7pm every weekday" in timezone Europe/Tallinn, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.