Update sctk version to v32.3.0 (#1418)

* Bump scancode-toolkit version to v32.3.0 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Rename dependency and license match attributes * Rename is_resolved to is_pinned for dependencies * Rename spdx_license_expression to license_expression_spdx for license matches Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Regen scancode scan fixtures Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> --------- Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
aboutcode-org · Oct 30, 2024 · ea5e2c7 · ea5e2c7
1 parent 55cc4f0
commit ea5e2c7
Show file tree

Hide file tree

Showing 50 changed files with 1,150 additions and 1,056 deletions.
diff --git a/scanpipe/admin.py b/scanpipe/admin.py
@@ -152,7 +152,7 @@ class DiscoveredDependencyAdmin(ScanPipeBaseAdmin):
         "scope",
         "is_runtime",
         "is_optional",
-        "is_resolved",
+        "is_pinned",
         "is_direct",
         "project",
     ]
@@ -171,7 +171,7 @@ class DiscoveredDependencyAdmin(ScanPipeBaseAdmin):
         "scope",
         "is_runtime",
         "is_optional",
-        "is_resolved",
+        "is_pinned",
         "is_direct",
     ]
     ordering = ["project", "dependency_uid"]

diff --git a/scanpipe/api/serializers.py b/scanpipe/api/serializers.py
@@ -268,7 +268,7 @@ def get_discovered_dependencies_summary(self, project):
             "total": base_qs.count(),
             "is_runtime": base_qs.filter(is_runtime=True).count(),
             "is_optional": base_qs.filter(is_optional=True).count(),
-            "is_resolved": base_qs.filter(is_resolved=True).count(),
+            "is_pinned": base_qs.filter(is_pinned=True).count(),
         }
 
     def get_codebase_relations_summary(self, project):
@@ -448,7 +448,7 @@ class Meta:
             "scope",
             "is_runtime",
             "is_optional",
-            "is_resolved",
+            "is_pinned",
             "is_direct",
             "dependency_uid",
             "for_package_uid",

diff --git a/scanpipe/filters.py b/scanpipe/filters.py
@@ -739,7 +739,7 @@ class DependencyFilterSet(FilterSetUtilsMixin, django_filters.FilterSet):
         "scope",
         "is_runtime",
         "is_optional",
-        "is_resolved",
+        "is_pinned",
         "is_direct",
         "datasource_id",
         "is_vulnerable",
@@ -760,7 +760,7 @@ class DependencyFilterSet(FilterSetUtilsMixin, django_filters.FilterSet):
             "scope",
             "is_runtime",
             "is_optional",
-            "is_resolved",
+            "is_pinned",
             "is_direct",
             "for_package",
             "resolved_to_package",
@@ -775,7 +775,7 @@ class DependencyFilterSet(FilterSetUtilsMixin, django_filters.FilterSet):
     datasource_id = ModelFieldValuesFilter()
     is_runtime = StrictBooleanFilter()
     is_optional = StrictBooleanFilter()
-    is_resolved = StrictBooleanFilter()
+    is_pinned = StrictBooleanFilter()
     is_direct = StrictBooleanFilter()
     is_vulnerable = IsVulnerable(field_name="affected_by_vulnerabilities")
 
@@ -794,7 +794,7 @@ class Meta:
             "scope",
             "is_runtime",
             "is_optional",
-            "is_resolved",
+            "is_pinned",
             "is_direct",
             "datasource_id",
             "is_vulnerable",

diff --git a/scanpipe/migrations/0068_rename_discovered_dependencies_attribute.py b/scanpipe/migrations/0068_rename_discovered_dependencies_attribute.py
@@ -0,0 +1,44 @@
+# Generated by Django 5.0.7 on 2024-10-21 07:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("scanpipe", "0067_discoveredpackage_notes"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="discovereddependency",
+            options={
+                "ordering": [
+                    "-is_runtime",
+                    "-is_pinned",
+                    "is_optional",
+                    "dependency_uid",
+                    "for_package",
+                    "datafile_resource",
+                    "datasource_id",
+                ],
+                "verbose_name": "discovered dependency",
+                "verbose_name_plural": "discovered dependencies",
+            },
+        ),
+        migrations.RemoveIndex(
+            model_name="discovereddependency",
+            name="scanpipe_di_is_reso_10570c_idx",
+        ),
+        migrations.RenameField(
+            model_name="discovereddependency",
+            old_name="is_resolved",
+            new_name="is_pinned",
+        ),
+        migrations.AddIndex(
+            model_name="discovereddependency",
+            index=models.Index(
+                fields=["is_pinned"], name="scanpipe_di_is_pinn_5667b2_idx"
+            ),
+        ),
+    ]
diff --git a/scanpipe/models.py b/scanpipe/models.py
@@ -3700,7 +3700,7 @@ class DiscoveredDependency(
         default=False,
         help_text=_("True if this dependency is an optional dependency"),
     )
-    is_resolved = models.BooleanField(
+    is_pinned = models.BooleanField(
         default=False,
         help_text=_(
             "True if this dependency version requirement has been pinned "
@@ -3722,7 +3722,7 @@ class Meta:
         verbose_name_plural = "discovered dependencies"
         ordering = [
             "-is_runtime",
-            "-is_resolved",
+            "-is_pinned",
             "is_optional",
             "dependency_uid",
             "for_package",
@@ -3733,7 +3733,7 @@ class Meta:
             models.Index(fields=["scope"]),
             models.Index(fields=["is_runtime"]),
             models.Index(fields=["is_optional"]),
-            models.Index(fields=["is_resolved"]),
+            models.Index(fields=["is_pinned"]),
             models.Index(fields=["is_direct"]),
         ]
         constraints = [

diff --git a/scanpipe/pipelines/find_vulnerabilities.py b/scanpipe/pipelines/find_vulnerabilities.py
@@ -62,7 +62,7 @@ def lookup_packages_vulnerabilities(self):
 
     def lookup_dependencies_vulnerabilities(self):
         """Check for vulnerabilities for each of the project's discovered dependency."""
-        dependencies = self.project.discovereddependencies.filter(is_resolved=True)
+        dependencies = self.project.discovereddependencies.filter(is_pinned=True)
         vulnerablecode.fetch_vulnerabilities(
             packages=dependencies,
             ignore_set=self.project.ignored_vulnerabilities_set,

diff --git a/scanpipe/pipes/purldb.py b/scanpipe/pipes/purldb.py
@@ -289,7 +289,7 @@ def feed_purldb(packages, chunk_size, logger=logger.info):
 
 def get_unique_resolved_purls(project):
     """Return PURLs from project's resolved DiscoveredDependencies."""
-    packages_resolved = project.discovereddependencies.filter(is_resolved=True)
+    packages_resolved = project.discovereddependencies.filter(is_pinned=True)
 
     distinct_results = packages_resolved.values("type", "namespace", "name", "version")
 
@@ -300,7 +300,7 @@ def get_unique_resolved_purls(project):
 def get_unique_unresolved_purls(project):
     """Return PURLs from project's unresolved DiscoveredDependencies."""
     packages_unresolved = project.discovereddependencies.filter(
-        is_resolved=False
+        is_pinned=False
     ).exclude(extracted_requirement="*")
 
     distinct_unresolved_results = packages_unresolved.values(

diff --git a/scanpipe/pipes/resolve.py b/scanpipe/pipes/resolve.py
@@ -151,7 +151,7 @@ def create_dependencies_from_packages_extra_data(project):
                 resolved_to_package=resolved_to_package,
                 datafile_resource=datafile_resource,
                 is_runtime=True,
-                is_resolved=True,
+                is_pinned=True,
                 is_direct=True,
             )
             created_count += 1

diff --git a/scanpipe/templates/scanpipe/dependency_list.html b/scanpipe/templates/scanpipe/dependency_list.html
@@ -52,10 +52,10 @@
               <a href="?is_optional={{ dependency.is_optional }}" class="is-black-link">{{ dependency.is_optional }}</a>
             </td>
             <td>
-              <a href="?is_resolved={{ dependency.is_resolved }}" class="is-black-link">{{ dependency.is_resolved }}</a>
+              <a href="?is_pinned={{ dependency.is_pinned }}" class="is-black-link">{{ dependency.is_pinned }}</a>
             </td>
             <td>
-              <a href="?is_resolved={{ dependency.is_direct }}" class="is-black-link">{{ dependency.is_direct }}</a>
+              <a href="?is_direct={{ dependency.is_direct }}" class="is-black-link">{{ dependency.is_direct }}</a>
             </td>
             <td>
               {% if dependency.for_package %}

diff --git a/scanpipe/templates/scanpipe/project_charts.html b/scanpipe/templates/scanpipe/project_charts.html
@@ -35,7 +35,7 @@ <h3 id="dependency-charts" class="title is-4 has-text-centered">
       <div id="dependency_is_optional_chart" data-url="{{ dependencies_url }}" data-lookup_field="is_optional"></div>
     </div>
     <div class="column">
-      <div id="dependency_is_resolved_chart" data-url="{{ dependencies_url }}" data-lookup_field="is_resolved"></div>
+      <div id="dependency_is_pinned_chart" data-url="{{ dependencies_url }}" data-lookup_field="is_pinned"></div>
     </div>
   </div>
 {% endif %}
@@ -82,7 +82,7 @@ <h3 class="title is-4 has-text-centered mb-3">
   {{ dependency_type|json_script:"dependency_type" }}
   {{ dependency_is_runtime|json_script:"dependency_is_runtime" }}
   {{ dependency_is_optional|json_script:"dependency_is_optional" }}
-  {{ dependency_is_resolved|json_script:"dependency_is_resolved" }}
+  {{ dependency_is_pinned|json_script:"dependency_is_pinned" }}
   <script>
     let makeChart = function(data_source_id, element_id, title) {
       let data_source = document.getElementById(data_source_id);
@@ -159,7 +159,7 @@ <h3 class="title is-4 has-text-centered mb-3">
       makeChart("dependency_type", "#dependency_type_chart", "Package\nType");
       makeChart("dependency_is_runtime", "#dependency_is_runtime_chart", "Runtime\nDependencies");
       makeChart("dependency_is_optional", "#dependency_is_optional_chart", "Optional\nDependencies");
-      makeChart("dependency_is_resolved", "#dependency_is_resolved_chart", "Resolved\nDependencies");
+      makeChart("dependency_is_pinned", "#dependency_is_pinned_chart", "Pinned\nDependencies");
     {% endif %}
     {% if project.resource_count %}
       makeChart("file_programming_language", "#programming_language_chart", "Programming\nLanguage");

diff --git a/scanpipe/tests/__init__.py b/scanpipe/tests/__init__.py
@@ -193,7 +193,7 @@ def make_dependency(project, **extra):
     "scope": "install",
     "is_runtime": True,
     "is_optional": False,
-    "is_resolved": False,
+    "is_pinned": False,
     "dependency_uid": "pkg:pypi/dask?uuid=e656b571-7d3f-46d1-b95b-8f037aef9692",
     "for_package_uid": for_package_uid,
     "datafile_path": "daglib-0.3.2.tar.gz-extract/daglib-0.3.2/PKG-INFO",
@@ -207,7 +207,7 @@ def make_dependency(project, **extra):
     "scope": "dependencies",
     "is_runtime": True,
     "is_optional": False,
-    "is_resolved": True,
+    "is_pinned": True,
     "dependency_uid": (
         "pkg:gem/appraisal@2.2.0?uuid=1907f061-911b-4980-a2d4-ae1a9ed871a9"
     ),
@@ -223,7 +223,7 @@ def make_dependency(project, **extra):
     "scope": "install",
     "is_runtime": True,
     "is_optional": False,
-    "is_resolved": False,
+    "is_pinned": False,
     "dependency_uid": "pkg:pypi/dask?uuid=e656b571-7d3f-46d1-b95b-8f037aef9692",
     "for_package_uid": for_package_uid,
     "datafile_path": "daglib-0.3.2.tar.gz-extract/daglib-0.3.2/PKG-INFO",

diff --git a/scanpipe/tests/data/asgiref/asgiref-3.3.0.spdx.json b/scanpipe/tests/data/asgiref/asgiref-3.3.0.spdx.json
@@ -3,7 +3,7 @@
   "dataLicense": "CC0-1.0",
   "SPDXID": "SPDXRef-DOCUMENT",
   "name": "scancodeio_asgiref",
-  "documentNamespace": "https://scancode.io/spdxdocs/2f5f5927-2cad-4ecb-9043-fda5337bd501",
+  "documentNamespace": "https://scancode.io/spdxdocs/24c1b665-7fb2-4e0c-8785-cba72fb35df0",
   "creationInfo": {
     "created": "2000-01-01T01:02:03Z",
     "creators": [
@@ -14,7 +14,7 @@
   "packages": [
     {
       "name": "asgiref",
-      "SPDXID": "SPDXRef-scancodeio-discoveredpackage-75b6bb66-de86-4a35-a780-bc1f635f11f4",
+      "SPDXID": "SPDXRef-scancodeio-discoveredpackage-101147dd-f8a7-4ea3-87a1-01b9b0af5d4f",
       "downloadLocation": "NOASSERTION",
       "licenseConcluded": "BSD-3-Clause",
       "copyrightText": "NOASSERTION",
@@ -33,7 +33,7 @@
     },
     {
       "name": "asgiref",
-      "SPDXID": "SPDXRef-scancodeio-discoveredpackage-d10827fc-bcd1-4c10-ad6c-972dd4defa9c",
+      "SPDXID": "SPDXRef-scancodeio-discoveredpackage-b5035991-5b4b-40be-b68b-1c9c528078cd",
       "downloadLocation": "NOASSERTION",
       "licenseConcluded": "BSD-3-Clause",
       "copyrightText": "NOASSERTION",
@@ -52,7 +52,7 @@
     },
     {
       "name": "pytest",
-      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=0928ca6e-d50e-439a-847d-ecb1366a8f2a",
+      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=cfa26c80-95fc-4da3-a290-5e7403d0d9bc",
       "downloadLocation": "NOASSERTION",
       "licenseConcluded": "NOASSERTION",
       "copyrightText": "NOASSERTION",
@@ -68,7 +68,7 @@
     },
     {
       "name": "pytest",
-      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=94372d19-8ab8-4b16-b6a7-72478e0b4cc4",
+      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=bfafc414-739f-4747-bfb0-1b3ad03d62c7",
       "downloadLocation": "NOASSERTION",
       "licenseConcluded": "NOASSERTION",
       "copyrightText": "NOASSERTION",
@@ -84,7 +84,7 @@
     },
     {
       "name": "pytest-asyncio",
-      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=ccd9eb22-778d-4bd4-af59-8b63e4163b22",
+      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=68b8d3cb-eddb-4727-b6cb-707dde279301",
       "downloadLocation": "NOASSERTION",
       "licenseConcluded": "NOASSERTION",
       "copyrightText": "NOASSERTION",
@@ -100,7 +100,7 @@
     },
     {
       "name": "pytest-asyncio",
-      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=e751ec65-9351-4949-ae8f-5bc1a9efa336",
+      "SPDXID": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=570878e1-aa7c-46bc-9216-122b73b34f9b",
       "downloadLocation": "NOASSERTION",
       "licenseConcluded": "NOASSERTION",
       "copyrightText": "NOASSERTION",
@@ -116,33 +116,33 @@
     }
   ],
   "documentDescribes": [
-    "SPDXRef-scancodeio-discoveredpackage-75b6bb66-de86-4a35-a780-bc1f635f11f4",
-    "SPDXRef-scancodeio-discoveredpackage-d10827fc-bcd1-4c10-ad6c-972dd4defa9c",
-    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=0928ca6e-d50e-439a-847d-ecb1366a8f2a",
-    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=94372d19-8ab8-4b16-b6a7-72478e0b4cc4",
-    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=ccd9eb22-778d-4bd4-af59-8b63e4163b22",
-    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=e751ec65-9351-4949-ae8f-5bc1a9efa336"
+    "SPDXRef-scancodeio-discoveredpackage-101147dd-f8a7-4ea3-87a1-01b9b0af5d4f",
+    "SPDXRef-scancodeio-discoveredpackage-b5035991-5b4b-40be-b68b-1c9c528078cd",
+    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=cfa26c80-95fc-4da3-a290-5e7403d0d9bc",
+    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=bfafc414-739f-4747-bfb0-1b3ad03d62c7",
+    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=68b8d3cb-eddb-4727-b6cb-707dde279301",
+    "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=570878e1-aa7c-46bc-9216-122b73b34f9b"
   ],
   "files": [],
   "relationships": [
     {
-      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=0928ca6e-d50e-439a-847d-ecb1366a8f2a",
-      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-75b6bb66-de86-4a35-a780-bc1f635f11f4",
+      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=cfa26c80-95fc-4da3-a290-5e7403d0d9bc",
+      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-101147dd-f8a7-4ea3-87a1-01b9b0af5d4f",
       "relationshipType": "DEPENDENCY_OF"
     },
     {
-      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=94372d19-8ab8-4b16-b6a7-72478e0b4cc4",
-      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-d10827fc-bcd1-4c10-ad6c-972dd4defa9c",
+      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest?uuid=bfafc414-739f-4747-bfb0-1b3ad03d62c7",
+      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b5035991-5b4b-40be-b68b-1c9c528078cd",
       "relationshipType": "DEPENDENCY_OF"
     },
     {
-      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=ccd9eb22-778d-4bd4-af59-8b63e4163b22",
-      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-75b6bb66-de86-4a35-a780-bc1f635f11f4",
+      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=68b8d3cb-eddb-4727-b6cb-707dde279301",
+      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-101147dd-f8a7-4ea3-87a1-01b9b0af5d4f",
       "relationshipType": "DEPENDENCY_OF"
     },
     {
-      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=e751ec65-9351-4949-ae8f-5bc1a9efa336",
-      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-d10827fc-bcd1-4c10-ad6c-972dd4defa9c",
+      "spdxElementId": "SPDXRef-scancodeio-discovereddependency-pkg:pypi/pytest-asyncio?uuid=570878e1-aa7c-46bc-9216-122b73b34f9b",
+      "relatedSpdxElement": "SPDXRef-scancodeio-discoveredpackage-b5035991-5b4b-40be-b68b-1c9c528078cd",
       "relationshipType": "DEPENDENCY_OF"
     }
   ],