Skip to content

Latest commit

 

History

History
744 lines (466 loc) · 24 KB

CHANGELOG.md

File metadata and controls

744 lines (466 loc) · 24 KB
Raw

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Unreleased

4.4.0

Added

  • Licensed status command will alert on stale cached dependency records (github#657)

4.3.1

Changed

  • Bump nokogiri to resolve vulnerabilities (github#648)

4.3.0

Added

  • Cocoapods support has been re-enabled using a cocoapods plugin (github#644)

4.2.0

Added

  • Reviewed and ignored configuration lists support matching on versions and version ranges (github#629)

Fixed

  • Licensed should more reliably source dependencies from Gradle >= 8.0 (github#630)

4.1.0

Added

  • Custom license terms can be added to dependencies via new configuration options (github#624)
  • Licensed is now integrated with pnpm to enumerate dependencies (github#626)

4.0.4

Changed

  • Dependency version requirements are more relaxed (github#619)

4.0.3

Changed

  • Cocoapods dependency enumeration has been disabled (github#616)

Fixed

  • Fixed method signature change in Bundler API with Bundler >= 2.4.4 (:tada: @CvX github#614)
  • Fixed installation dependency compatibility with Rails >= 7.0 (github#616)

4.0.2

Fixed

  • The path to a gradlew executable can be configured when enumerating gradle dependencies (:tada: @LouisBoudreau github#610)

4.0.1

Fixed

  • Running gradle tests will no longer fail when gradle is not available (github#606)

4.0.0

Added

  • Licensed supports Cocoapods as a dependency source (:tada: @LouisBoudreau github#584)
  • Licensed supports Gradle multi-project builds (:tada: @LouisBoudreau github#583)

Fixed

  • Licensed no longer crashes when run with Bundler >= 2.4.0 (:tada: @JoshReedSchramm github#597)

Changed

  • BREAKING: Licensed no longer ships executables with releases (github#586)
  • BREAKING: Licensed no longer includes support for Go <= 1.11 (github#602)

3.9.1

Fixed

  • Updating cached dependency records will more accurately apply review_changed_license flag (github#578)

3.9.0

Added

  • NOTICE files can now be generated without cached files in a repository (github#572)

3.8.0

Added

  • Licensing compliance status checks can now be used without cached files in a repository (github#560)

3.7.5

Fixed

  • Python dependency metadata will be correctly parsed from the ouput of pip show (github#555)

3.7.4

Fixed

  • Licenses for Python dependencies built with Hatchling are correctly found (github#547)

3.7.3

Fixed

  • Swift test fixtures build artifacts are now ignored (:tada: @CvX github#524)
  • Running cargo test fixture setup no longer deletes test files (:tada: @CvX github#525)
  • Bundler test fixtures are compatible with latest macOS silicon(:tada: @CvX github#528)
  • Fix segfaults seen using licensed with ruby 3.0.4 (github#530)
  • Fix compatibility with latest versions of bundler 2.3 (github#535)
  • Fix compatibility with latest versions of bundler 2.3 (:tada: @CvX github#522)

3.7.2

Fixed

  • Comparing dependency license contents now finds matching contents regardless of the order of the licenses (github#516)
  • Fixed typo in a link in README.md (github#514)

Changed

  • Elixir testing setup is migrated to erlef/setup-beam (github#512)

3.7.1

Fixed

  • Dependencies' legal notice file matching has been made more strict to reduce false positives on code files containing the word legal (github#510)

3.7.0

Changed

  • Pip and pipenv sources will find dependency licenses under dist-info/license_files when available (github#504)

3.6.0

2022-03-17

Added

  • Composer dev dependencies can optionally be included in enumerated PHP dependencies (:tada: @digilist github#486)
  • Getting started usage documentation (github#483)
  • Initial support for NPM workspaces (github#485)

Changed

  • Transitive dependencies are now enumerated by the pip source (github#480)

Fixed

  • licensed cache --force will now correctly overwrite existing license classifications (github#473)

3.5.0

2022-02-24

Added

  • Licensee confidence thresholds can be configured in the licensed configuration file (github#455)

3.4.4

2022-02-07

Fixed

  • The npm and pip sources have better protection from strings causing crashes in Hash#dig (github#450)

3.4.3

2022-01-31

Added

  • The npm source handles more cases of missing, optional, peer dependencies (github#443)

3.4.2

2022-01-17

Fixed

  • The yarn source will no longer evaluate package.json files that do not represent project dependencies (github#439)

3.4.1

2022-01-07

Fixed

  • Malformed package.json files will no longer crash yarn dependency detection (github#431)

3.4.0

2021-12-14

Added

  • New Yarn enumerator with support for berry versions (github#423)

Fixed

  • Error handling cases return correct values in the Yarn enumerator (github#425)
  • Fixed link in command documentation (:tada: @chibicco github#416)
  • Fixed minor backwards compatibility issue for Ruby 2.3 support (:tada: @dzunk github#414)

Changed

  • Licensed's own dependencies are cached in the repository and kept up to date with GitHub Actions (github#421)

3.3.1

2021-10-07

Fixed

  • Fix evaluation of peer dependencies with npm 7 (:tada: @manuelpuyol github#411)

Changed

  • Manifest source evaluation performance improvements (github#407)

3.3.0

2021-09-18

Added

  • New cargo source enumerates rust dependencies (github#404)

Changed

  • Removed non-functional files from gem builds (github#405)

3.2.3

2021-09-14

Fixed

  • Bundler source will no longer infinitely recurse when enumerating specifications (github#402)
  • Using the --sources command line option will no longer delete skipped sources' cached files (github#401)

3.2.2

2021-09-09

Fixed

  • Bundler source works properly again when used outside of bundle exec (github#397)

3.2.1

2021-09-06

Changed

Fixed

  • Bundler source correctly finds platform specific dependencies (github#392)

3.2.0

2021-08-19

Added

  • Application names can be dynamically generated based on the path to the application source (github#375)

Changed

Fixed

  • The bundler source correctly checks that the path bundler specifies a gem is loaded from is a file (github#379)

3.1.0

2021-06-16

Added

  • Licensed supports Swift/Swift package manager as a dependency source (:tada: @mattt github#363)'

Changed

  • The source_path configuration property accepts arrays of inclusion and exclusion glob patterns (github#368)
  • The Nuget source now uses configured fallback folders to find dependencies that are not in found in the project folder (github#366)
  • The Nuget source supports a configurable property for the path from the project source path to the project's obj folder (github#365)

Fixed

  • The Go source's checks for local packages will correctly find paths in case-insensitive file systems (github#370)
  • The Bundler source will no longer unnecessarily reset the local Bundler environment configuration (github#372)

3.0.1

2021-05-17

Fixed

  • The bundler source will correctly enumerate dependencies pulled with a git: directive (github#360)

3.0.0

2021-04-27

This is a major release and includes potentially breaking changes to bundler dependency enumeration.

Changed

  • The bundler source will return an error when run from an executable. Please install licensed as a gem to continue using the bundler source. Please see the v3 migration document for full details and migration strategies.

2.15.2

2021-04-06

Fixed

  • The pip source works with package names containing periods (:tada: @bcskda github#350)

2.15.1

2021-03-29

Changed

  • The npm source will ignore dependencies that are marked as both extraneous and missing (github#347)

2.15.0

2021-03-24

Added

Fixed

  • Files in the manifest source will be found correctly for apps that are not at the repository root (github#345)

2.14.4

2021-02-09

Added

  • list and cache commands optionally print output in JSON or YML formats using the --format/-f flag (github#334)
  • list command will include detected license keys using the --licenses/-l flag (github#334)

2.14.3

2020-12-11

Fixed

  • Auto-generating license text for a known license will no longer raise an error if the found license has no text (:tada: @Eun github#328)

2.14.2

2020-11-20

Fixed

  • Yarn source correctly finds dependency paths on disk (github#326)
  • Go source better handles finding dependencies that have been vendored (github#323)

2.14.1

2020-10-09

Fixed

  • Shell command output is encoded to UTF8 (github#319)

2.14.0

2020-10-04

Added

  • reviewed dependencies can use glob pattern matching (github#313)

Fixed

  • Fix configuring source path globs that expand into a single directory (github#312)

2.13.0

2020-09-23

Added

  • status command results can be output in YAML and JSON formats (:tada: @julianvilas github#303)

Fixed

  • licensed no longer crashes when parsing invalid YAML from cached records (github#306)
  • NPM source will no longer crash when invalid JSON is returned from npm CLI calls (github#300)
  • Bundler source is fixed to work properly with gems.rb lockfiles (github#299)

2.12.2

2020-07-07

Changed

  • Cleaned up ruby 2.7 warnings (:tada: @jurre github#292)
  • Cleaned up additional warnings in tests (github#293)

2.12.1

2020-06-30

Fixed

  • licensed no longer exits an error code when using the --sources CLI argument (github#290)

2.12.0

2020-06-19

Added

  • --sources argument for cache, list, status and notices commands to filter running sources (github#287)

Fixed

  • cache command will not remove files outside of enabled source cache paths (github#287)

2.11.1

2020-06-09

Fixed

  • notices command properly reads cached dependency notices contents (github#283)

2.11.0

2020-06-02

Added

  • notices command to create a NOTICE file for each configured app (github#277)

Fixed

  • NuGet source no longer crashes on a non-existent dependency path (github#280)
  • Go source no longer crashes on a non-existent dependency package path (github#274)

2.10.0

2020-05-15

Changed

  • NPM source ignores missing peer dependencies (github#267)

Added

  • NuGet source (:tada: @zarenner github#261)
  • Multiple apps can share a single cache location (github#263)

2.9.2

2020-04-28

Changed

  • licensee minimum version bumped to 9.13.2 (github#256)

2.9.1

2020-03-24

Changed

  • relaxed gem version restrictions on Thor (:tada: @eileencodes github#254)

2.9.0

2020-03-19

Added

  • Source paths use glob pattern matching (github#245)

Fixed

  • Mix source supports updates to mix.lock format (:tada: @bruce github#242)
  • Go source supports go list format changes in go 1.14 (github#247)

Changed

  • licensed cache will flag dependencies for re-review when license text changes (github#248)
  • licensed status will raise errors on dependencies that need re-review (github#248)
  • licensee minimum version bumped to 9.13.1 (github#251)

2.8.0

2020-01-03

Added

Fixed

  • Cabal source will no longer crash if packages aren't found (github#230)

2.7.0

2019-11-10

Added

  • License text is automatically generated for known licenses when not otherwise available (github#223)

Changed

  • Ignoring dependencies uses glob pattern matching (github#225)

2.6.2

2019-11-03

Changed

  • A number of improvements to the go dependency enumerator
    • use go env GOPATH as a default if no other GOPATH is found
    • better compatibility with go modules when finding license content
    • better compatibility with vendored go modules
    • use a packages godoc.org page as it's homepage
    • better checks for standard packages, reducing the amount of cached content

2.6.1

2019-10-26

Changed

2.6.0

2019-10-22

Added

  • Mix source for Elixir (:tada: @bruce github#195)

2.5.0

2019-09-26

Added

Changed

  • status command will pass if multiple allowed licenses are found (github#188)

2.4.0

2019-09-15

Added

2.3.2

2019-08-26

Fixed

  • Bundler with/without array settings are properly handled for bundler 1.15.x

2.3.1

2019-08-20

Changed

  • Using the npm source with yarn, "missing" dependencies are no longer considered errors (:tada: @krzysztof-pawlik-gat github#170)
  • The bundler source now calls gem specification with dependency version requirements (github#173)

2.3.0

2019-05-19

Added

  • New Pipenv dependency source enumerator (:tada: @krzysztof-pawlik-gat github#167)

2.2.0

2019-05-11

Added

  • Content hash versioning strategy for go and manifest sources (github#164)

Fixed

  • Python source handles urls and package names with "-" in requirements.txt (:tada: @krzysztof-pawlik-gat github#165)

2.1.0

2019-04-16

Added

  • New Gradle dependency source enumerator (:tada: @dbussink github#150, @jandersson-svt github#159)
  • Metadata added to distributed packages (github#160)

Changes

  • Bundler dependency source loads license key from a gem's cached gemspec file as a fallback (github#154)
  • Licensed will only raise errors on an empty dependency path when caching records (github#149)

Fixed

  • Migrating to v2 will no longer crash trying to migrate cached records that don't exist (github#148)
  • Reported warnings will no longer crash licensed when caching records (github#147)

2.0.1

2019-02-14

Changes

  • Dependency paths that don't exist on the local disk are reported as warnings
  • Cache, status and list output is sorted by app name, source type and dependency name
  • Bumped licensee gem requirement

2.0.0

2019-02-09

This is a major release and includes breaking changes to the configuration and cached record file formats

Added

  • New migrate command to automatically update configuration and cached record file formats
  • New extensible reporting infrastructure
  • New base command and source classes to abstract away implementation details

Changes

  • Cached dependency metadata files are now stored entirely as YAML, with .dep.yml extension
  • The Bundler dependency source is now identified in configuration files and output as bundler instead of rubygem
  • Refactored sources for better consistency between classes
  • Refactored commands for better consistency between classes
  • Command outputs have changed for better consistency
  • Updated Dependency classes for better integration with licensee

Fixed

  • Licensed no longer exits on errors when evaluating dependency sources or finding dependencies
  • The Bundler dependency source correctly finds the bundler gem as a dependency in more cases

1.5.2

2018-12-27

Changes

  • Go source added support for Go modules and Golang 1.11+ (github#113)

Fixed

  • Licensed will have a non-zero exit code when commands fail (:tada: @parkr github#111)

1.5.1

2018-10-30

Fixed

  • Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable due to a ruby version mismatch (github#106)

1.5.0

2018-10-24

Added

  • licensed (version | -v | --version) command to see the current licensed version (:tada: @mwagz! github#101)

Fixed

  • NPM source no longer raises an error when ignored dependencies aren't found (:tada: @mwagz! github#100)
  • Checking for a Git repo will no longer possibly modify .git/index (:tada: @dbussink github#102)
  • Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable (github#103)

1.4.0

2018-10-20

Added

  • Git Submodules dependency source 🎉
  • Configuration option to explicitly set a root absolute path

Changes

  • COPYING file is no longer matched as a legal file

Fixed

  • NPM source will enumerate multiple versions of the same dependency
  • Running Licensed outside of a Git repository no longer raises an error
  • Packaging scripts will correctly return to the previous branch when the script is finished

1.3.4

2018-09-20

Changes

  • Bundler source will avoid looking for a gemspec file when possible

1.3.3

2018-09-07

Fixed

  • Manifest source configuration globs correctly enumerates files from within submodules
  • The manifest source no longer errors when getting version information from submodules

1.3.2

2018-08-15

Fixed

  • Fixed issue when multiple versions of a cabal package are found

1.3.1

2018-08-01

Fixed

  • Fixed regression finding ruby gems by path

1.3.0

2018-07-25

Added

  • Manifests for the manifest dependency source can be specified using glob patterns in the configuration
  • Paths to licenses for dependencies from the manifest dependency source can be specified in the configuration
  • Manifest dependency source looks for license content in C-style comments if a license file isn't found

Changes

  • GitHub is no longer queried to find remote license information
  • Removed custom logic around determining whether to use the license key from licensee
  • NPM dependency enumeration doesn't use npm list
  • Licensed now tracks content from multiple license files when available

Fixed

  • Fixed regression finding platform-specific ruby gems

1.2.0

2018-06-22

Added

  • Building and packaging distributable exes for licensed releases
  • Can now configure which Gemfile groups are excluded from dependency enumeration

Fixed

  • Bundler is no longer always reported as a dependency
  • Set the minimum required ruby version for licensed

1.1.0

2018-06-04

Added

  • Pip dependency source 🎉
  • Go Dep dependency source 🎉

Changed

  • Changed how sources configuration property affects which sources are enabled
  • Raise informative error messages when shell commands fail

Fixed

  • Don't reuse cached license when cached version metadata is missing
  • Disable dependency sources when dependent tools are not available
  • Vendored packages from the go std library are properly excluded
  • Cabal dependency enumeration properly includes executable targets

1.0.1

2018-04-26

Added

  • GOPATH settable in configuration file

Changed

  • Reuse "license" metadata property when license text has not changed

Fixed

  • Path expansion for cabal "ghc_package_db" configuration setting occurs from repository root
  • Local Gemfile(.lock) files correctly used in enumerating Bundler source dependencies

1.0.0

2018-02-20

Initial release 🎉