Merge pull request #4090 from aboutcode-org/bump-dependencies

Release scancode-toolkit v32.3.2

Author: AyanSinhaMahapatra

CHANGELOG.rst

@@ -38,10 +38,47 @@ v33.0.0 (next next, roadmap)
 - Update Dockerfile and test container build.
   See https://github.com/aboutcode-org/scancode-toolkit/issues/3955
 
+v32.3.2 - 2024-01-20
+--------------------
+
+This is a patch release with license and package detection
+improvements, bugfixes and with new and updated license detection rules
+and new licenses added.
+
+Bugfixes:
+
+- Fix package resource assignment for JAVA jars in scancode.io
+  https://github.com/aboutcode-org/scancode-toolkit/pull/3983
+
+- Fix missing spdx license expression in license detections
+  https://github.com/aboutcode-org/scancode-toolkit/issues/4015
+
+- Enforce --path as a required parameter for scancode-license-data
+  console script.
+  https://github.com/aboutcode-org/scancode-toolkit/issues/4024
+
+- Fix conda environment.yaml parsing errors.
+  https://github.com/aboutcode-org/scancode-toolkit/pull/4078
+
+- Fix npm package parsing bug for packages with workspaces.
+  https://github.com/aboutcode-org/scancode.io/issues/1521
+
+New features/licenses:
+
+- Adds support for pnpm lock YAML v9
+  https://github.com/pnpm/spec/blob/master/lockfile/9.0.md
+
+- Add licenses from SPDX License List 3.26
+  https://github.com/aboutcode-org/scancode-toolkit/issues/4045
+
+- Add assembly and identification of conda package files in
+  root filesystem installations
+  https://github.com/aboutcode-org/scancode-toolkit/issues/4083
+
 v32.3.1 - 2024-01-06
 --------------------
 
-This is a minor release with license and package detection
+This is a patch release with license and package detection
 improvements, bugfixes and with new and updated license detection rules
 and new licenses added.
 

requirements.txt

@@ -35,7 +35,7 @@ jaraco.functools==4.1.0
 javaproperties==0.8.1
 Jinja2==3.1.3
 jsonstreams==0.6.0
-license-expression==30.4.0
+license-expression==30.4.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 more-itertools==8.13.0

setup-mini.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = scancode-toolkit-mini
-version = 32.3.1
+version = 32.3.2
 license = Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -84,7 +84,7 @@ install_requires =
     javaproperties >= 0.5
     jinja2 >= 2.7.0
     jsonstreams >= 0.5.0
-    license_expression >= 30.4.0
+    license_expression >= 30.4.1
     lxml >= 4.9.2
     MarkupSafe >= 2.1.2
     packageurl_python >= 0.9.0

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = scancode-toolkit
-version = 32.3.1
+version = 32.3.2
 license = Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -84,7 +84,7 @@ install_requires =
     javaproperties >= 0.5
     jinja2 >= 2.7.0
     jsonstreams >= 0.5.0
-    license_expression >= 30.4.0
+    license_expression >= 30.4.1
     lxml >= 4.9.2
     MarkupSafe >= 2.1.2
     packageurl_python >= 0.9.0

src/scancode_config.py

@@ -132,20 +132,20 @@ def _create_dir(location):
 # 4. hardcoded This is the default, fallback version in case package is not installed or we
 # do not have a proper version otherwise.
 if not __version__:
-    __version__ = '32.3.1'
+    __version__ = '32.3.2'
 
 #######################
 # used to warn user when the version is out of date
 # this is (year, month, day)
-__release_date__ = datetime.datetime(2025, 1, 6)
+__release_date__ = datetime.datetime(2025, 1, 20)
 
 # See https://github.com/nexB/scancode-toolkit/issues/2653 for more information
 # on the data format version
 __output_format_version__ = '4.0.0'
 
 # see https://github.com/spdx/tools-python/issues/820
 # this is actually `3.25.0`
-spdx_license_list_version = '3.25'
+spdx_license_list_version = '3.26'
 
 ################################################################################
 # USAGE MODE-, INSTALLATION- and IMPORT- and RUN-SPECIFIC DIRECTORIES

tests/formattedcode/data/spdx/license_known/expected.rdf

@@ -94,7 +94,7 @@
         "@rdf:resource": "http://spdx.org/licenses/CC0-1.0"
       },
       "@rdf:about": "#SPDXRef-DOCUMENT",
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/license_known/expected.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: scan

tests/formattedcode/data/spdx/license_known/expected_with_text.rdf

@@ -94,7 +94,7 @@
         "@rdf:resource": "http://spdx.org/licenses/CC0-1.0"
       },
       "@rdf:about": "#SPDXRef-DOCUMENT",
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/license_known/expected_with_text.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: scan

tests/formattedcode/data/spdx/license_ref/expected.rdf

@@ -116,7 +116,7 @@
           }
         }
       ],
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/license_ref/expected.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: scan

tests/formattedcode/data/spdx/license_ref/expected_with_text.rdf

@@ -116,7 +116,7 @@
           }
         }
       ],
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/license_ref/expected_with_text.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: scan

tests/formattedcode/data/spdx/or_later/expected.rdf

@@ -59,7 +59,7 @@
         "@rdf:resource": "http://spdx.org/licenses/CC0-1.0"
       },
       "@rdf:about": "#SPDXRef-DOCUMENT",
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/simple/expected.rdf

@@ -59,7 +59,7 @@
         "@rdf:resource": "http://spdx.org/licenses/CC0-1.0"
       },
       "@rdf:about": "#SPDXRef-DOCUMENT",
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/simple/expected.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: simple

tests/formattedcode/data/spdx/tree/expected.rdf

@@ -229,7 +229,7 @@
         "@rdf:resource": "http://spdx.org/licenses/CC0-1.0"
       },
       "@rdf:about": "#SPDXRef-DOCUMENT",
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/tree/expected.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: scan

tests/formattedcode/data/spdx/unicode/expected.rdf

@@ -68,7 +68,7 @@
           "rdfs:comment": "See details at https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/licenses/agere-bsd.LICENSE"
         }
       },
-      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.25",
+      "rdfs:comment": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.\nSPDX License List: 3.26",
       "spdx:name": "SPDX Document created by ScanCode Toolkit",
       "spdx:specVersion": "SPDX-2.2"
     },

tests/formattedcode/data/spdx/unicode/expected.tv

@@ -10,7 +10,7 @@ ScanCode should be considered or used as legal advice. Consult an Attorney
 for any legal advice.
 ScanCode is a free software code scanning tool from nexB Inc. and others.
 Visit https://github.com/nexB/scancode-toolkit/ for support and download.
-SPDX License List: 3.25</text>
+SPDX License List: 3.26</text>
 ## Creation Information
 ## Package Information
 PackageName: unicode