Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update scancode-toolkit requirement from <=31.2.6 to <=32.0.7 #36

Merged
merged 38 commits into from
Mar 13, 2024
Merged

Update scancode-toolkit requirement from <=31.2.6 to <=32.0.7 #36

merged 38 commits into from
Mar 13, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 2, 2023

Updates the requirements on scancode-toolkit to permit the latest version.

Release notes

Sourced from scancode-toolkit's releases.

v32.0.7

v32.0.6 - 2023-07-13

This is a minor release with a lot of license detection improvements, with new and updated license detection rules and new licenses.

  • 33 new licenses, 30 licenses updated
  • 70 new and updated license rules

The main updates over the previous stable release are:

  • To the license Rule class adds is_license_clue attribute and is_deprecated attribute to support license clues detection, and always maintain consistency on unique rule names. Adds fixes for other license detection bug related to license clues, bug in setup.cfg license detection and makes license detection identifiers python-safe. See nexB/scancode-toolkit#3462
  • Update/Add new licenses and license rules. See nexB/scancode-toolkit#3470 nexB/scancode-toolkit#3513
  • Bump commoncode to v31.0.3 fixing a VirtualCodebase creation issue when there is a directory under the root with the same name as the root directory itself. nexB/commoncode#57 nexB/scancode-toolkit#3495

What's Changed

New Contributors

Full Changelog: aboutcode-org/scancode-toolkit@v32.0.6...v32.0.7

Changelog

Sourced from scancode-toolkit's changelog.

Changelog

v33.0.0 (next next, roadmap)

  • We now support new package manifest formats:

    • OpenWRT packages.
    • Yocto/BitBake .bb recipes.

  • Fallback packages for non-native dependencies of SCTK.

  • Dependencies for

  • Support for copyright detection objects.

  • Bump commoncode to v31.0.3

v32.1.0 (next, roadmap)

  • A new field in packages with the license category for the detected license expression and also an API function to compute license categories from license expressions. See nexB/scancode-toolkit#2897

  • More support for tabular output formats: New command-line options for XSLX output, and the old --csv command line option is removed. See nexB/scancode-toolkit#830

  • --unknown-licenses is removed and this is always enabled and only used in case of improper detections automatically. Also tag all license rules with required phrases to improve license detection and reduce false positives. See nexB/scancode-toolkit#3300

  • A new --todo option is added to show the todo items that should be reviewed, which are ambiguous license/package detections.

  • File categorization support added, a post scan plugin tagging files with priority levels for review, and also take advantage of these in other summary plugins. See nexB/scancode-toolkit#1745

v32.0.6 - 2023-07-13

This is a minor release with a lot of license detection improvements, with new and updated license detection rules and new licenses.

... (truncated)

Commits
  • c157593 Merge pull request #3527 from nexB/release-prep-32.0.7
  • 66017bc Update changelog for v32.0.7
  • 6675bb1 Bump version to v32.0.7
  • 9e4d706 Merge pull request #3513 from nexB/update-license-rules
  • 4678e22 Add updates for review comments
  • 9c90afe Add new and updated license detection rules
  • d8b0dbe Add false positve license rules
  • 2fcb719 Remove unnecessary code
  • 87b0b8e Add free-surfer license
  • 0dfb0ca Add updated test expectations
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update scancode-toolkit requirement from <=31.2.6 to <=32.0.7
be4a47c 
Updates the requirements on [scancode-toolkit](https://github.com/nexB/scancode-toolkit) to permit the latest version.
- [Release notes](https://github.com/nexB/scancode-toolkit/releases)
- [Changelog](https://github.com/nexB/scancode-toolkit/blob/develop/CHANGELOG.rst)
- [Commits](aboutcode-org/scancode-toolkit@v1.0.0...v32.0.7)

---
updated-dependencies:
- dependency-name: scancode-toolkit
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 2, 2023
@dependabot dependabot bot mentioned this pull request Oct 2, 2023
Closed
ct2034 added 6 commits October 9, 2023 10:51
@ct2034
working from 32.0.7
53dc988 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
is_license_text check fixed with new result semantics
85df286 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
linting fix
db494df 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
handling of ignored files
ca0e3e1 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
formatting
c53c22b 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
this is all WIP
073e6fb 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 16, 2023

A newer version of scancode-toolkit exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

ct2034 added 4 commits October 30, 2023 13:29
@ct2034
Merge branch 'main' into dependabot/pip/scancode-toolkit-lte-32.0.7
6555c19
@ct2034
Unnecessary "else" after "return"
5312b77 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
still bad with 32.0.8
d747147 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034
ignoring those rules
8f18304 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ant-u
Copy link
Collaborator

ant-u commented Feb 23, 2024

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 23, 2024

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

ant-u and others added 6 commits February 23, 2024 15:37
@ant-u
Merge branch 'main' into dependabot/pip/scancode-toolkit-lte-32.0.7
dada029
@ant-u
changed method get_spdx_license_name back, WIP
f633c28 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
scancode get_copyrights function filtering word 'anything', changed t…
1e7a499 
…o second

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
linter issues
b5d3b25 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
Added spaces around comment for scancode to recognize copyright message
fd8d6de 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
Merge branch 'main' of https://github.com/boschresearch/ros_license_t…
af457d3 
…oolkit into dependabot/pip/scancode-toolkit-lte-32.0.7

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u ant-u self-assigned this Feb 27, 2024
ant-u added 3 commits March 4, 2024 16:04
@ant-u
added check for only one license text which is in spdx to start handl…
648de94 
…ing wrong tags as the license of the file

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
When only one SPDX License File exists, make a warning to change the …
59be16e 
…wrong tag

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
Added check if multiple files exist
27393ff 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2024
edited
Loading

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
574 540 94% 90% 🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: d476dbb by action🐍

ant-u added 2 commits March 5, 2024 15:23
@ant-u
restructured LicenseTextExistsCheck
28cede1 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
reverted restructure of check since pytest has trouble with it
eec394c 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
ant-u added 8 commits March 6, 2024 11:54
@ant-u
moved LicenseTextExists checks to seperate function
b7859b4 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
made own evaluation function for licenseInCodeCheck
9aefe6a 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
added irgnore flag for too many attributes localy to package.py since…
945cd93 
… this is the only place where saving inofficial licenses makes sense

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
Converted check_licenses mehtod to function
622738e 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
restructured Check LicensesInCode and TextExists to work with attribu…
75c2d63 
…tes instead of local vars

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
added test for two licenses with both tags not in spdx
6c9ba21 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
changed license from test to MPL
5af585d 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
Added negative test for two not in spdx tags but one for own license …
89f05d9 
…file

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u ant-u requested a review from ct2034 March 6, 2024 14:57
ct2034
ct2034 requested changes Mar 12, 2024
View reviewed changes
setup.cfg Show resolved Hide resolved
src/ros_license_toolkit/checks.py Show resolved Hide resolved
src/ros_license_toolkit/checks.py Outdated Show resolved Hide resolved
src/ros_license_toolkit/checks.py Outdated Show resolved Hide resolved
src/ros_license_toolkit/common.py Outdated Show resolved Hide resolved
src/ros_license_toolkit/package.py Outdated Show resolved Hide resolved
src/ros_license_toolkit/package.py Outdated Show resolved Hide resolved
ant-u added 7 commits March 12, 2024 17:32
@ant-u
Added comments: replaced is_license-text_file with get_spdx_license_n…
0f5a4e3 
…ame, changed linter config...

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
imports sorted
03627d0 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
moved inofficial_license_tag to LicenseTag Object
b386f16 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
The determination of the id from the license declaration is now in Li…
dcea9ba 
…censeTag and package itself.

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
changed checks to work with already filled out attribute id_from_lice…
4820e4f 
…nse_file

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
Added test that checks new feature of inofficial id. Code and declara…
ec9a687 
…tion are under AFL-2.0 but tag is AFL

Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u
linter issues
b016705 
Signed-off-by: Anton Utz <uta5fe@bosch.com>
@ant-u ant-u requested a review from ct2034 March 13, 2024 14:06
ct2034
ct2034 requested changes Mar 13, 2024
View reviewed changes
Copy link
Member

@ct2034 ct2034 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change the W503. After that you can merge it

setup.cfg Outdated Show resolved Hide resolved
@ct2034
fixing warning name
d476dbb 
Signed-off-by: Christian Henkel <christian.henkel2@de.bosch.com>
@ct2034 ct2034 merged commit 8fd10b7 into main Mar 13, 2024
12 checks passed
@dependabot dependabot bot deleted the dependabot/pip/scancode-toolkit-lte-32.0.7 branch March 13, 2024 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ant-u ant-u ant-u left review comments

@ct2034 ct2034 ct2034 approved these changes

Assignees

@ct2034 ct2034

@ant-u ant-u

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ant-u @ct2034