From 38a2f3123bb4dc6ec2f7479a0e682c92b81a954b Mon Sep 17 00:00:00 2001 From: mo khan Date: Fri, 20 Mar 2020 17:08:23 -0600 Subject: Install pip packages from a custom index * Read PIP_INDEX_URL to identify where to download packages from --- Gemfile.lock | 11 + config/.default-gems | 1 + config/.default-python-packages | 1 + lib/license/finder/ext.rb | 1 + lib/license/finder/ext/pip.rb | 69 ++++++ lib/license/finder/ext/shared_helpers.rb | 4 +- lib/license/management.rb | 1 + license-management.gemspec | 1 + spec/fixtures/build.gradle.kts | 11 - spec/fixtures/custom-maven-settings.xml | 16 -- spec/fixtures/drupal_composer.json | 241 --------------------- spec/fixtures/java/build.gradle.kts | 11 + spec/fixtures/java/custom-maven-settings.xml | 16 ++ spec/fixtures/java/maven-multimodule/api/pom.xml | 26 +++ spec/fixtures/java/maven-multimodule/model/pom.xml | 27 +++ spec/fixtures/java/maven-multimodule/pom.xml | 27 +++ spec/fixtures/java/maven-multimodule/web/pom.xml | 27 +++ .../fixtures/java/pom-public-gitlab-repository.xml | 16 ++ spec/fixtures/maven-multimodule/api/pom.xml | 26 --- spec/fixtures/maven-multimodule/model/pom.xml | 27 --- spec/fixtures/maven-multimodule/pom.xml | 27 --- spec/fixtures/maven-multimodule/web/pom.xml | 27 --- spec/fixtures/php/drupal_composer.json | 241 +++++++++++++++++++++ spec/fixtures/pom-public-gitlab-repository.xml | 16 -- spec/fixtures/python/complex-setup.py | 213 ++++++++++++++++++ spec/fixtures/python/simple-setup.py | 22 ++ spec/integration/java/gradle_spec.rb | 2 +- spec/integration/java/maven_spec.rb | 8 +- spec/integration/php/composer_spec.rb | 2 +- spec/integration/python/pip_spec.rb | 33 +++ 30 files changed, 753 insertions(+), 398 deletions(-) create mode 100644 lib/license/finder/ext/pip.rb delete mode 100644 spec/fixtures/build.gradle.kts delete mode 100644 spec/fixtures/custom-maven-settings.xml delete mode 100644 spec/fixtures/drupal_composer.json create mode 100644 spec/fixtures/java/build.gradle.kts create mode 100644 spec/fixtures/java/custom-maven-settings.xml create mode 100644 spec/fixtures/java/maven-multimodule/api/pom.xml create mode 100644 spec/fixtures/java/maven-multimodule/model/pom.xml create mode 100644 spec/fixtures/java/maven-multimodule/pom.xml create mode 100644 spec/fixtures/java/maven-multimodule/web/pom.xml create mode 100644 spec/fixtures/java/pom-public-gitlab-repository.xml delete mode 100644 spec/fixtures/maven-multimodule/api/pom.xml delete mode 100644 spec/fixtures/maven-multimodule/model/pom.xml delete mode 100644 spec/fixtures/maven-multimodule/pom.xml delete mode 100644 spec/fixtures/maven-multimodule/web/pom.xml create mode 100644 spec/fixtures/php/drupal_composer.json delete mode 100644 spec/fixtures/pom-public-gitlab-repository.xml create mode 100644 spec/fixtures/python/complex-setup.py create mode 100644 spec/fixtures/python/simple-setup.py diff --git a/Gemfile.lock b/Gemfile.lock index 8776c4d..068d07f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,6 +3,7 @@ PATH specs: license-management (3.1.4) license_finder (~> 6.0.0) + spandx (~> 0.1) GEM remote: https://rubygems.org/ @@ -27,6 +28,10 @@ GEM toml (= 0.2.0) with_env (= 1.1.0) xml-simple + mini_portile2 (2.4.0) + net-hippie (0.3.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) parallel (1.19.1) parser (2.7.0.4) ast (~> 2.4.0) @@ -67,6 +72,12 @@ GEM rubocop (>= 0.68.1) ruby-progressbar (1.10.1) rubyzip (2.3.0) + spandx (0.11.0) + addressable (~> 2.7) + bundler (>= 1.16, < 3.0.0) + net-hippie (~> 0.3) + nokogiri (~> 1.10) + thor thor (1.0.1) toml (0.2.0) parslet (~> 1.8.0) diff --git a/config/.default-gems b/config/.default-gems index c41100b..1c3a508 100644 --- a/config/.default-gems +++ b/config/.default-gems @@ -1,3 +1,4 @@ bundler ~>1.7 bundler ~>2.0 license_finder ~>6.0.0 +spandx ~>1.0 diff --git a/config/.default-python-packages b/config/.default-python-packages index 39e3e0a..ddef412 100644 --- a/config/.default-python-packages +++ b/config/.default-python-packages @@ -1,2 +1,3 @@ conan pip +pip-licenses diff --git a/lib/license/finder/ext.rb b/lib/license/finder/ext.rb index c17ffea..8731e4f 100644 --- a/lib/license/finder/ext.rb +++ b/lib/license/finder/ext.rb @@ -3,6 +3,7 @@ require 'license/finder/ext/license' require 'license/finder/ext/maven' require 'license/finder/ext/nuget' +require 'license/finder/ext/pip' require 'license/finder/ext/shared_helpers' # Apply patch to the JsonReport found in the `license_finder` gem. diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb new file mode 100644 index 0000000..54b7d40 --- /dev/null +++ b/lib/license/finder/ext/pip.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +module LicenseFinder + class Pip + def current_packages + detected_dependencies.map do |name, version| + PipPackage.new(name, version, pypi.definition_for(name, version)) + end + end + + def possible_package_paths + path = project_path || Pathname.pwd + + [ + path.join(@requirements_path), + path.join('setup.py') + ] + end + + def prepare + return install_packages if detected_package_path == @requirements_path + + requirements_path = detected_package_path.dirname.join('requirements.txt') + requirements_path.write('.') unless requirements_path.exist? + install_packages + end + + private + + def detected_dependencies + stdout, _stderr, status = execute([ + python_executable, + LicenseFinder::BIN_PATH.join('license_finder_pip.py'), + detected_package_path + ]) + return [] unless status.success? + + JSON.parse(stdout).map { |package| package.values_at('name', 'version') } + end + + def install_packages + execute([prepare_command, "-i", pip_index_url, "-r", @requirements_path]) + end + + def execute(command) + Dir.chdir(project_path) do + ::LicenseFinder::SharedHelpers::Cmd.run(Array(command).join(' ')) + end + end + + def python_executable + "python#{@python_version == '2' ? '' : '3'}" + end + + def pip_index_url + ENV.fetch('PIP_INDEX_URL', 'https://pypi.org/simple/') + end + + def pypi + @pypi ||= Spandx::Python::PyPI.new(sources: [ + Spandx::Python::Source.new({ + 'name' => 'pypi', + 'url' => pip_index_url, + 'verify_ssl' => true + }) + ]) + end + end +end diff --git a/lib/license/finder/ext/shared_helpers.rb b/lib/license/finder/ext/shared_helpers.rb index bc37b9c..b6b6fcd 100644 --- a/lib/license/finder/ext/shared_helpers.rb +++ b/lib/license/finder/ext/shared_helpers.rb @@ -4,8 +4,10 @@ module LicenseFinder module SharedHelpers class Cmd def self.run(command) + ::License::Management.logger.debug(command) stdout, stderr, status = Open3.capture3(command) - ::License::Management.logger.debug([command, stdout].join('\n')) + ::License::Management.logger.debug(stdout) unless stdout.nil? || stdout.empty? + ::License::Management.logger.error(stderr) unless stderr.nil? || stderr.empty? [stdout, stderr, status] end end diff --git a/lib/license/management.rb b/lib/license/management.rb index a39c841..16a9d62 100644 --- a/lib/license/management.rb +++ b/lib/license/management.rb @@ -3,6 +3,7 @@ require 'json' require 'logger' require 'pathname' +require 'spandx' require 'yaml' require 'license_finder' diff --git a/license-management.gemspec b/license-management.gemspec index 0372991..e0a25ca 100644 --- a/license-management.gemspec +++ b/license-management.gemspec @@ -28,6 +28,7 @@ Gem::Specification.new do |spec| spec.require_paths = ['lib'] spec.add_dependency 'license_finder', '~> 6.0.0' + spec.add_dependency 'spandx', '~> 0.1' spec.add_development_dependency 'gitlab-styles', '~> 3.1' spec.add_development_dependency 'json-schema', '~> 2.8' spec.add_development_dependency 'rspec', '~> 3.9' diff --git a/spec/fixtures/build.gradle.kts b/spec/fixtures/build.gradle.kts deleted file mode 100644 index 494fc8b..0000000 --- a/spec/fixtures/build.gradle.kts +++ /dev/null @@ -1,11 +0,0 @@ -plugins { - `java-library` -} -repositories { - jcenter() -} -dependencies { - api("org.apache.commons:commons-math3:3.6.1") - implementation("com.google.guava:guava:28.1-jre") - testImplementation("junit:junit:4.12") -} diff --git a/spec/fixtures/custom-maven-settings.xml b/spec/fixtures/custom-maven-settings.xml deleted file mode 100644 index 4fa5d16..0000000 --- a/spec/fixtures/custom-maven-settings.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - custom - - true - - - - gitlab-maven - https://gitlab.com/api/v4/projects/17523603/packages/maven - - - - - diff --git a/spec/fixtures/drupal_composer.json b/spec/fixtures/drupal_composer.json deleted file mode 100644 index 48b445b..0000000 --- a/spec/fixtures/drupal_composer.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "name": "drupal/core", - "description": "Drupal is an open source content management platform powering millions of websites and applications.", - "type": "drupal-core", - "license": "GPL-2.0-or-later", - "require": { - "ext-date": "*", - "ext-dom": "*", - "ext-filter": "*", - "ext-gd": "*", - "ext-hash": "*", - "ext-json": "*", - "ext-pcre": "*", - "ext-PDO": "*", - "ext-session": "*", - "ext-SimpleXML": "*", - "ext-SPL": "*", - "ext-tokenizer": "*", - "ext-xml": "*", - "php": "^5.5.9|>=7.0.8", - "symfony/class-loader": "~3.4.0", - "symfony/console": "~3.4.0", - "symfony/dependency-injection": "~3.4.26", - "symfony/event-dispatcher": "~3.4.0", - "symfony/http-foundation": "~3.4.27", - "symfony/http-kernel": "~3.4.14", - "symfony/routing": "~3.4.0", - "symfony/serializer": "~3.4.0", - "symfony/translation": "~3.4.0", - "symfony/validator": "~3.4.0", - "symfony/process": "~3.4.0", - "symfony/polyfill-iconv": "^1.0", - "symfony/yaml": "~3.4.5", - "typo3/phar-stream-wrapper": "^2.1.1", - "twig/twig": "^1.38.2", - "doctrine/common": "^2.5", - "doctrine/annotations": "^1.2", - "guzzlehttp/guzzle": "^6.2.1", - "symfony-cmf/routing": "^1.4", - "easyrdf/easyrdf": "^0.9", - "zendframework/zend-feed": "^2.4", - "stack/builder": "^1.0", - "egulias/email-validator": "^2.0", - "masterminds/html5": "^2.1", - "symfony/psr-http-message-bridge": "^1.1.2", - "zendframework/zend-diactoros": "^1.1", - "composer/semver": "^1.0", - "paragonie/random_compat": "^1.0|^2.0|^9.99.99", - "asm89/stack-cors": "^1.1", - "pear/archive_tar": "^1.4.9" - }, - "conflict": { - "drush/drush": "<8.1.10", - "symfony/dom-crawler": ">=4" - }, - "require-dev": { - "behat/mink": "1.7.x-dev", - "behat/mink-goutte-driver": "^1.2", - "behat/mink-selenium2-driver": "1.3.x-dev", - "drupal/coder": "^8.3.1", - "jcalderonzumba/gastonjs": "^1.0.2", - "jcalderonzumba/mink-phantomjs-driver": "^0.3.1", - "mikey179/vfsstream": "^1.2", - "phpunit/phpunit": "^4.8.35 || ^6.5", - "phpspec/prophecy": "^1.7", - "symfony/css-selector": "^3.4.0", - "symfony/phpunit-bridge": "^3.4.3", - "symfony/debug": "^3.4.0", - "justinrainbow/json-schema": "^5.2" - }, - "replace": { - "drupal/action": "self.version", - "drupal/aggregator": "self.version", - "drupal/automated_cron": "self.version", - "drupal/bartik": "self.version", - "drupal/ban": "self.version", - "drupal/basic_auth": "self.version", - "drupal/big_pipe": "self.version", - "drupal/block": "self.version", - "drupal/block_content": "self.version", - "drupal/block_place": "self.version", - "drupal/book": "self.version", - "drupal/breakpoint": "self.version", - "drupal/ckeditor": "self.version", - "drupal/classy": "self.version", - "drupal/color": "self.version", - "drupal/comment": "self.version", - "drupal/config": "self.version", - "drupal/config_translation": "self.version", - "drupal/contact": "self.version", - "drupal/content_moderation": "self.version", - "drupal/content_translation": "self.version", - "drupal/contextual": "self.version", - "drupal/core-annotation": "self.version", - "drupal/core-assertion": "self.version", - "drupal/core-bridge": "self.version", - "drupal/core-class-finder": "self.version", - "drupal/core-datetime": "self.version", - "drupal/core-dependency-injection": "self.version", - "drupal/core-diff": "self.version", - "drupal/core-discovery": "self.version", - "drupal/core-event-dispatcher": "self.version", - "drupal/core-file-cache": "self.version", - "drupal/core-filesystem": "self.version", - "drupal/core-gettext": "self.version", - "drupal/core-graph": "self.version", - "drupal/core-http-foundation": "self.version", - "drupal/core-php-storage": "self.version", - "drupal/core-plugin": "self.version", - "drupal/core-proxy-builder": "self.version", - "drupal/core-render": "self.version", - "drupal/core-serialization": "self.version", - "drupal/core-transliteration": "self.version", - "drupal/core-utility": "self.version", - "drupal/core-uuid": "self.version", - "drupal/core-version": "self.version", - "drupal/datetime": "self.version", - "drupal/datetime_range": "self.version", - "drupal/dblog": "self.version", - "drupal/dynamic_page_cache": "self.version", - "drupal/editor": "self.version", - "drupal/entity_reference": "self.version", - "drupal/field": "self.version", - "drupal/field_layout": "self.version", - "drupal/field_ui": "self.version", - "drupal/file": "self.version", - "drupal/filter": "self.version", - "drupal/forum": "self.version", - "drupal/hal": "self.version", - "drupal/help": "self.version", - "drupal/history": "self.version", - "drupal/image": "self.version", - "drupal/inline_form_errors": "self.version", - "drupal/jsonapi": "self.version", - "drupal/language": "self.version", - "drupal/layout_builder": "self.version", - "drupal/layout_discovery": "self.version", - "drupal/link": "self.version", - "drupal/locale": "self.version", - "drupal/minimal": "self.version", - "drupal/media": "self.version", - "drupal/media_library": "self.version", - "drupal/menu_link_content": "self.version", - "drupal/menu_ui": "self.version", - "drupal/migrate": "self.version", - "drupal/migrate_drupal": "self.version", - "drupal/migrate_drupal_multilingual": "self.version", - "drupal/migrate_drupal_ui": "self.version", - "drupal/node": "self.version", - "drupal/options": "self.version", - "drupal/page_cache": "self.version", - "drupal/path": "self.version", - "drupal/quickedit": "self.version", - "drupal/rdf": "self.version", - "drupal/responsive_image": "self.version", - "drupal/rest": "self.version", - "drupal/search": "self.version", - "drupal/serialization": "self.version", - "drupal/settings_tray": "self.version", - "drupal/seven": "self.version", - "drupal/shortcut": "self.version", - "drupal/simpletest": "self.version", - "drupal/standard": "self.version", - "drupal/stark": "self.version", - "drupal/statistics": "self.version", - "drupal/syslog": "self.version", - "drupal/system": "self.version", - "drupal/taxonomy": "self.version", - "drupal/telephone": "self.version", - "drupal/text": "self.version", - "drupal/toolbar": "self.version", - "drupal/tour": "self.version", - "drupal/tracker": "self.version", - "drupal/update": "self.version", - "drupal/user": "self.version", - "drupal/views": "self.version", - "drupal/views_ui": "self.version", - "drupal/workflows": "self.version", - "drupal/workspaces": "self.version" - }, - "extra": { - "merge-plugin": { - "require": [ - "core/lib/Drupal/Component/Annotation/composer.json", - "core/lib/Drupal/Component/Assertion/composer.json", - "core/lib/Drupal/Component/Bridge/composer.json", - "core/lib/Drupal/Component/ClassFinder/composer.json", - "core/lib/Drupal/Component/Datetime/composer.json", - "core/lib/Drupal/Component/DependencyInjection/composer.json", - "core/lib/Drupal/Component/Diff/composer.json", - "core/lib/Drupal/Component/Discovery/composer.json", - "core/lib/Drupal/Component/EventDispatcher/composer.json", - "core/lib/Drupal/Component/FileCache/composer.json", - "core/lib/Drupal/Component/FileSystem/composer.json", - "core/lib/Drupal/Component/Gettext/composer.json", - "core/lib/Drupal/Component/Graph/composer.json", - "core/lib/Drupal/Component/HttpFoundation/composer.json", - "core/lib/Drupal/Component/PhpStorage/composer.json", - "core/lib/Drupal/Component/Plugin/composer.json", - "core/lib/Drupal/Component/ProxyBuilder/composer.json", - "core/lib/Drupal/Component/Render/composer.json", - "core/lib/Drupal/Component/Serialization/composer.json", - "core/lib/Drupal/Component/Transliteration/composer.json", - "core/lib/Drupal/Component/Utility/composer.json", - "core/lib/Drupal/Component/Uuid/composer.json", - "core/lib/Drupal/Component/Version/composer.json" - ], - "recurse": false, - "replace": false, - "merge-extra": false - } - }, - "minimum-stability": "dev", - "prefer-stable": true, - "autoload": { - "psr-4": { - "Drupal\\Core\\": "lib/Drupal/Core", - "Drupal\\Component\\": "lib/Drupal/Component", - "Drupal\\Driver\\": "../drivers/lib/Drupal/Driver" - }, - "classmap": [ - "lib/Drupal.php", - "lib/Drupal/Component/Utility/Timer.php", - "lib/Drupal/Component/Utility/Unicode.php", - "lib/Drupal/Core/Database/Database.php", - "lib/Drupal/Core/DrupalKernel.php", - "lib/Drupal/Core/DrupalKernelInterface.php", - "lib/Drupal/Core/Site/Settings.php" - ] - }, - "config": { - "preferred-install": "dist", - "autoloader-suffix": "Drupal8" - }, - "scripts": { - "pre-autoload-dump": "Drupal\\Core\\Composer\\Composer::preAutoloadDump", - "post-autoload-dump": [ - "Drupal\\Core\\Composer\\Composer::ensureHtaccess" - ] - } -} diff --git a/spec/fixtures/java/build.gradle.kts b/spec/fixtures/java/build.gradle.kts new file mode 100644 index 0000000..494fc8b --- /dev/null +++ b/spec/fixtures/java/build.gradle.kts @@ -0,0 +1,11 @@ +plugins { + `java-library` +} +repositories { + jcenter() +} +dependencies { + api("org.apache.commons:commons-math3:3.6.1") + implementation("com.google.guava:guava:28.1-jre") + testImplementation("junit:junit:4.12") +} diff --git a/spec/fixtures/java/custom-maven-settings.xml b/spec/fixtures/java/custom-maven-settings.xml new file mode 100644 index 0000000..4fa5d16 --- /dev/null +++ b/spec/fixtures/java/custom-maven-settings.xml @@ -0,0 +1,16 @@ + + + + custom + + true + + + + gitlab-maven + https://gitlab.com/api/v4/projects/17523603/packages/maven + + + + + diff --git a/spec/fixtures/java/maven-multimodule/api/pom.xml b/spec/fixtures/java/maven-multimodule/api/pom.xml new file mode 100644 index 0000000..c621c1a --- /dev/null +++ b/spec/fixtures/java/maven-multimodule/api/pom.xml @@ -0,0 +1,26 @@ + + + 4.0.0 + + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + + com.gitlab.security_products.tests + api + 1.0-SNAPSHOT + api + http://maven.apache.org + + + ${project.groupId} + model + ${project.version} + + + org.apache.struts + struts2-core + 2.5.1 + + + diff --git a/spec/fixtures/java/maven-multimodule/model/pom.xml b/spec/fixtures/java/maven-multimodule/model/pom.xml new file mode 100644 index 0000000..91b366b --- /dev/null +++ b/spec/fixtures/java/maven-multimodule/model/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + + com.gitlab.security_products.tests + model + 1.0-SNAPSHOT + model + http://maven.apache.org + + 1.6 + 1.6 + UTF-8 + + + + org.apache.logging.log4j + log4j-core + 2.8.2 + + + diff --git a/spec/fixtures/java/maven-multimodule/pom.xml b/spec/fixtures/java/maven-multimodule/pom.xml new file mode 100644 index 0000000..e84ad4a --- /dev/null +++ b/spec/fixtures/java/maven-multimodule/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + pom + java-maven-multi-modules + + api + model + web + + + + io.netty + netty-all + 4.1.0.Final + + + junit + junit + 3.8.1 + test + + + \ No newline at end of file diff --git a/spec/fixtures/java/maven-multimodule/web/pom.xml b/spec/fixtures/java/maven-multimodule/web/pom.xml new file mode 100644 index 0000000..548e9fb --- /dev/null +++ b/spec/fixtures/java/maven-multimodule/web/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + + com.gitlab.security_products.tests + web + 1.0-SNAPSHOT + web + http://maven.apache.org + + 1.6 + 1.6 + UTF-8 + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-xml + 2.7.3 + + + diff --git a/spec/fixtures/java/pom-public-gitlab-repository.xml b/spec/fixtures/java/pom-public-gitlab-repository.xml new file mode 100644 index 0000000..4e57c79 --- /dev/null +++ b/spec/fixtures/java/pom-public-gitlab-repository.xml @@ -0,0 +1,16 @@ + + 4.0.0 + com.gitlab.secure + license-scanning + jar + 1.0-SNAPSHOT + example + http://maven.apache.org + + + com.gitlab.xlgmokha + mvn-spike + 1.2-SNAPSHOT + + + diff --git a/spec/fixtures/maven-multimodule/api/pom.xml b/spec/fixtures/maven-multimodule/api/pom.xml deleted file mode 100644 index c621c1a..0000000 --- a/spec/fixtures/maven-multimodule/api/pom.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - 4.0.0 - - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - - com.gitlab.security_products.tests - api - 1.0-SNAPSHOT - api - http://maven.apache.org - - - ${project.groupId} - model - ${project.version} - - - org.apache.struts - struts2-core - 2.5.1 - - - diff --git a/spec/fixtures/maven-multimodule/model/pom.xml b/spec/fixtures/maven-multimodule/model/pom.xml deleted file mode 100644 index 91b366b..0000000 --- a/spec/fixtures/maven-multimodule/model/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - 4.0.0 - - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - - com.gitlab.security_products.tests - model - 1.0-SNAPSHOT - model - http://maven.apache.org - - 1.6 - 1.6 - UTF-8 - - - - org.apache.logging.log4j - log4j-core - 2.8.2 - - - diff --git a/spec/fixtures/maven-multimodule/pom.xml b/spec/fixtures/maven-multimodule/pom.xml deleted file mode 100644 index e84ad4a..0000000 --- a/spec/fixtures/maven-multimodule/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - 4.0.0 - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - pom - java-maven-multi-modules - - api - model - web - - - - io.netty - netty-all - 4.1.0.Final - - - junit - junit - 3.8.1 - test - - - \ No newline at end of file diff --git a/spec/fixtures/maven-multimodule/web/pom.xml b/spec/fixtures/maven-multimodule/web/pom.xml deleted file mode 100644 index 548e9fb..0000000 --- a/spec/fixtures/maven-multimodule/web/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - 4.0.0 - - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - - com.gitlab.security_products.tests - web - 1.0-SNAPSHOT - web - http://maven.apache.org - - 1.6 - 1.6 - UTF-8 - - - - com.fasterxml.jackson.dataformat - jackson-dataformat-xml - 2.7.3 - - - diff --git a/spec/fixtures/php/drupal_composer.json b/spec/fixtures/php/drupal_composer.json new file mode 100644 index 0000000..48b445b --- /dev/null +++ b/spec/fixtures/php/drupal_composer.json @@ -0,0 +1,241 @@ +{ + "name": "drupal/core", + "description": "Drupal is an open source content management platform powering millions of websites and applications.", + "type": "drupal-core", + "license": "GPL-2.0-or-later", + "require": { + "ext-date": "*", + "ext-dom": "*", + "ext-filter": "*", + "ext-gd": "*", + "ext-hash": "*", + "ext-json": "*", + "ext-pcre": "*", + "ext-PDO": "*", + "ext-session": "*", + "ext-SimpleXML": "*", + "ext-SPL": "*", + "ext-tokenizer": "*", + "ext-xml": "*", + "php": "^5.5.9|>=7.0.8", + "symfony/class-loader": "~3.4.0", + "symfony/console": "~3.4.0", + "symfony/dependency-injection": "~3.4.26", + "symfony/event-dispatcher": "~3.4.0", + "symfony/http-foundation": "~3.4.27", + "symfony/http-kernel": "~3.4.14", + "symfony/routing": "~3.4.0", + "symfony/serializer": "~3.4.0", + "symfony/translation": "~3.4.0", + "symfony/validator": "~3.4.0", + "symfony/process": "~3.4.0", + "symfony/polyfill-iconv": "^1.0", + "symfony/yaml": "~3.4.5", + "typo3/phar-stream-wrapper": "^2.1.1", + "twig/twig": "^1.38.2", + "doctrine/common": "^2.5", + "doctrine/annotations": "^1.2", + "guzzlehttp/guzzle": "^6.2.1", + "symfony-cmf/routing": "^1.4", + "easyrdf/easyrdf": "^0.9", + "zendframework/zend-feed": "^2.4", + "stack/builder": "^1.0", + "egulias/email-validator": "^2.0", + "masterminds/html5": "^2.1", + "symfony/psr-http-message-bridge": "^1.1.2", + "zendframework/zend-diactoros": "^1.1", + "composer/semver": "^1.0", + "paragonie/random_compat": "^1.0|^2.0|^9.99.99", + "asm89/stack-cors": "^1.1", + "pear/archive_tar": "^1.4.9" + }, + "conflict": { + "drush/drush": "<8.1.10", + "symfony/dom-crawler": ">=4" + }, + "require-dev": { + "behat/mink": "1.7.x-dev", + "behat/mink-goutte-driver": "^1.2", + "behat/mink-selenium2-driver": "1.3.x-dev", + "drupal/coder": "^8.3.1", + "jcalderonzumba/gastonjs": "^1.0.2", + "jcalderonzumba/mink-phantomjs-driver": "^0.3.1", + "mikey179/vfsstream": "^1.2", + "phpunit/phpunit": "^4.8.35 || ^6.5", + "phpspec/prophecy": "^1.7", + "symfony/css-selector": "^3.4.0", + "symfony/phpunit-bridge": "^3.4.3", + "symfony/debug": "^3.4.0", + "justinrainbow/json-schema": "^5.2" + }, + "replace": { + "drupal/action": "self.version", + "drupal/aggregator": "self.version", + "drupal/automated_cron": "self.version", + "drupal/bartik": "self.version", + "drupal/ban": "self.version", + "drupal/basic_auth": "self.version", + "drupal/big_pipe": "self.version", + "drupal/block": "self.version", + "drupal/block_content": "self.version", + "drupal/block_place": "self.version", + "drupal/book": "self.version", + "drupal/breakpoint": "self.version", + "drupal/ckeditor": "self.version", + "drupal/classy": "self.version", + "drupal/color": "self.version", + "drupal/comment": "self.version", + "drupal/config": "self.version", + "drupal/config_translation": "self.version", + "drupal/contact": "self.version", + "drupal/content_moderation": "self.version", + "drupal/content_translation": "self.version", + "drupal/contextual": "self.version", + "drupal/core-annotation": "self.version", + "drupal/core-assertion": "self.version", + "drupal/core-bridge": "self.version", + "drupal/core-class-finder": "self.version", + "drupal/core-datetime": "self.version", + "drupal/core-dependency-injection": "self.version", + "drupal/core-diff": "self.version", + "drupal/core-discovery": "self.version", + "drupal/core-event-dispatcher": "self.version", + "drupal/core-file-cache": "self.version", + "drupal/core-filesystem": "self.version", + "drupal/core-gettext": "self.version", + "drupal/core-graph": "self.version", + "drupal/core-http-foundation": "self.version", + "drupal/core-php-storage": "self.version", + "drupal/core-plugin": "self.version", + "drupal/core-proxy-builder": "self.version", + "drupal/core-render": "self.version", + "drupal/core-serialization": "self.version", + "drupal/core-transliteration": "self.version", + "drupal/core-utility": "self.version", + "drupal/core-uuid": "self.version", + "drupal/core-version": "self.version", + "drupal/datetime": "self.version", + "drupal/datetime_range": "self.version", + "drupal/dblog": "self.version", + "drupal/dynamic_page_cache": "self.version", + "drupal/editor": "self.version", + "drupal/entity_reference": "self.version", + "drupal/field": "self.version", + "drupal/field_layout": "self.version", + "drupal/field_ui": "self.version", + "drupal/file": "self.version", + "drupal/filter": "self.version", + "drupal/forum": "self.version", + "drupal/hal": "self.version", + "drupal/help": "self.version", + "drupal/history": "self.version", + "drupal/image": "self.version", + "drupal/inline_form_errors": "self.version", + "drupal/jsonapi": "self.version", + "drupal/language": "self.version", + "drupal/layout_builder": "self.version", + "drupal/layout_discovery": "self.version", + "drupal/link": "self.version", + "drupal/locale": "self.version", + "drupal/minimal": "self.version", + "drupal/media": "self.version", + "drupal/media_library": "self.version", + "drupal/menu_link_content": "self.version", + "drupal/menu_ui": "self.version", + "drupal/migrate": "self.version", + "drupal/migrate_drupal": "self.version", + "drupal/migrate_drupal_multilingual": "self.version", + "drupal/migrate_drupal_ui": "self.version", + "drupal/node": "self.version", + "drupal/options": "self.version", + "drupal/page_cache": "self.version", + "drupal/path": "self.version", + "drupal/quickedit": "self.version", + "drupal/rdf": "self.version", + "drupal/responsive_image": "self.version", + "drupal/rest": "self.version", + "drupal/search": "self.version", + "drupal/serialization": "self.version", + "drupal/settings_tray": "self.version", + "drupal/seven": "self.version", + "drupal/shortcut": "self.version", + "drupal/simpletest": "self.version", + "drupal/standard": "self.version", + "drupal/stark": "self.version", + "drupal/statistics": "self.version", + "drupal/syslog": "self.version", + "drupal/system": "self.version", + "drupal/taxonomy": "self.version", + "drupal/telephone": "self.version", + "drupal/text": "self.version", + "drupal/toolbar": "self.version", + "drupal/tour": "self.version", + "drupal/tracker": "self.version", + "drupal/update": "self.version", + "drupal/user": "self.version", + "drupal/views": "self.version", + "drupal/views_ui": "self.version", + "drupal/workflows": "self.version", + "drupal/workspaces": "self.version" + }, + "extra": { + "merge-plugin": { + "require": [ + "core/lib/Drupal/Component/Annotation/composer.json", + "core/lib/Drupal/Component/Assertion/composer.json", + "core/lib/Drupal/Component/Bridge/composer.json", + "core/lib/Drupal/Component/ClassFinder/composer.json", + "core/lib/Drupal/Component/Datetime/composer.json", + "core/lib/Drupal/Component/DependencyInjection/composer.json", + "core/lib/Drupal/Component/Diff/composer.json", + "core/lib/Drupal/Component/Discovery/composer.json", + "core/lib/Drupal/Component/EventDispatcher/composer.json", + "core/lib/Drupal/Component/FileCache/composer.json", + "core/lib/Drupal/Component/FileSystem/composer.json", + "core/lib/Drupal/Component/Gettext/composer.json", + "core/lib/Drupal/Component/Graph/composer.json", + "core/lib/Drupal/Component/HttpFoundation/composer.json", + "core/lib/Drupal/Component/PhpStorage/composer.json", + "core/lib/Drupal/Component/Plugin/composer.json", + "core/lib/Drupal/Component/ProxyBuilder/composer.json", + "core/lib/Drupal/Component/Render/composer.json", + "core/lib/Drupal/Component/Serialization/composer.json", + "core/lib/Drupal/Component/Transliteration/composer.json", + "core/lib/Drupal/Component/Utility/composer.json", + "core/lib/Drupal/Component/Uuid/composer.json", + "core/lib/Drupal/Component/Version/composer.json" + ], + "recurse": false, + "replace": false, + "merge-extra": false + } + }, + "minimum-stability": "dev", + "prefer-stable": true, + "autoload": { + "psr-4": { + "Drupal\\Core\\": "lib/Drupal/Core", + "Drupal\\Component\\": "lib/Drupal/Component", + "Drupal\\Driver\\": "../drivers/lib/Drupal/Driver" + }, + "classmap": [ + "lib/Drupal.php", + "lib/Drupal/Component/Utility/Timer.php", + "lib/Drupal/Component/Utility/Unicode.php", + "lib/Drupal/Core/Database/Database.php", + "lib/Drupal/Core/DrupalKernel.php", + "lib/Drupal/Core/DrupalKernelInterface.php", + "lib/Drupal/Core/Site/Settings.php" + ] + }, + "config": { + "preferred-install": "dist", + "autoloader-suffix": "Drupal8" + }, + "scripts": { + "pre-autoload-dump": "Drupal\\Core\\Composer\\Composer::preAutoloadDump", + "post-autoload-dump": [ + "Drupal\\Core\\Composer\\Composer::ensureHtaccess" + ] + } +} diff --git a/spec/fixtures/pom-public-gitlab-repository.xml b/spec/fixtures/pom-public-gitlab-repository.xml deleted file mode 100644 index 4e57c79..0000000 --- a/spec/fixtures/pom-public-gitlab-repository.xml +++ /dev/null @@ -1,16 +0,0 @@ - - 4.0.0 - com.gitlab.secure - license-scanning - jar - 1.0-SNAPSHOT - example - http://maven.apache.org - - - com.gitlab.xlgmokha - mvn-spike - 1.2-SNAPSHOT - - - diff --git a/spec/fixtures/python/complex-setup.py b/spec/fixtures/python/complex-setup.py new file mode 100644 index 0000000..2478283 --- /dev/null +++ b/spec/fixtures/python/complex-setup.py @@ -0,0 +1,213 @@ +"""A setuptools based setup module. + +See: +https://packaging.python.org/guides/distributing-packages-using-setuptools/ +https://github.com/pypa/sampleproject +""" + +# Always prefer setuptools over distutils +from setuptools import setup, find_packages +from os import path +# io.open is needed for projects that support Python 2.7 +# It ensures open() defaults to text mode with universal newlines, +# and accepts an argument to specify the text encoding +# Python 3 only projects can skip this import +from io import open + +here = path.abspath(path.dirname(__file__)) + +# Get the long description from the README file +with open(path.join(here, 'README.md'), encoding='utf-8') as f: + long_description = f.read() + +# Arguments marked as "Required" below must be included for upload to PyPI. +# Fields marked as "Optional" may be commented out. + +setup( + # This is the name of your project. The first time you publish this + # package, this name will be registered for you. It will determine how + # users can install this project, e.g.: + # + # $ pip install sampleproject + # + # And where it will live on PyPI: https://pypi.org/project/sampleproject/ + # + # There are some restrictions on what makes a valid project name + # specification here: + # https://packaging.python.org/specifications/core-metadata/#name + name='sampleproject', # Required + + # Versions should comply with PEP 440: + # https://www.python.org/dev/peps/pep-0440/ + # + # For a discussion on single-sourcing the version across setup.py and the + # project code, see + # https://packaging.python.org/en/latest/single_source_version.html + version='1.3.1', # Required + + # This is a one-line description or tagline of what your project does. This + # corresponds to the "Summary" metadata field: + # https://packaging.python.org/specifications/core-metadata/#summary + description='A sample Python project', # Optional + + # This is an optional longer description of your project that represents + # the body of text which users will see when they visit PyPI. + # + # Often, this is the same as your README, so you can just read it in from + # that file directly (as we have already done above) + # + # This field corresponds to the "Description" metadata field: + # https://packaging.python.org/specifications/core-metadata/#description-optional + long_description=long_description, # Optional + + # Denotes that our long_description is in Markdown; valid values are + # text/plain, text/x-rst, and text/markdown + # + # Optional if long_description is written in reStructuredText (rst) but + # required for plain-text or Markdown; if unspecified, "applications should + # attempt to render [the long_description] as text/x-rst; charset=UTF-8 and + # fall back to text/plain if it is not valid rst" (see link below) + # + # This field corresponds to the "Description-Content-Type" metadata field: + # https://packaging.python.org/specifications/core-metadata/#description-content-type-optional + long_description_content_type='text/markdown', # Optional (see note above) + + # This should be a valid link to your project's main homepage. + # + # This field corresponds to the "Home-Page" metadata field: + # https://packaging.python.org/specifications/core-metadata/#home-page-optional + url='https://github.com/pypa/sampleproject', # Optional + + # This should be your name or the name of the organization which owns the + # project. + author='The Python Packaging Authority', # Optional + + # This should be a valid email address corresponding to the author listed + # above. + author_email='pypa-dev@googlegroups.com', # Optional + + # Classifiers help users find your project by categorizing it. + # + # For a list of valid classifiers, see https://pypi.org/classifiers/ + classifiers=[ # Optional + # How mature is this project? Common values are + # 3 - Alpha + # 4 - Beta + # 5 - Production/Stable + 'Development Status :: 3 - Alpha', + + # Indicate who your project is intended for + 'Intended Audience :: Developers', + 'Topic :: Software Development :: Build Tools', + + # Pick your license as you wish + 'License :: OSI Approved :: MIT License', + + # Specify the Python versions you support here. In particular, ensure + # that you indicate whether you support Python 2, Python 3 or both. + # These classifiers are *not* checked by 'pip install'. See instead + # 'python_requires' below. + 'Programming Language :: Python :: 2', + 'Programming Language :: Python :: 2.7', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + ], + + # This field adds keywords for your project which will appear on the + # project page. What does your project relate to? + # + # Note that this is a string of words separated by whitespace, not a list. + keywords='sample setuptools development', # Optional + + # When your source code is in a subdirectory under the project root, e.g. + # `src/`, it is necessary to specify the `package_dir` argument. + package_dir={'': 'src'}, # Optional + + # You can just specify package directories manually here if your project is + # simple. Or you can use find_packages(). + # + # Alternatively, if you just want to distribute a single Python file, use + # the `py_modules` argument instead as follows, which will expect a file + # called `my_module.py` to exist: + # + # py_modules=["my_module"], + # + packages=find_packages(where='src'), # Required + + # Specify which Python versions you support. In contrast to the + # 'Programming Language' classifiers above, 'pip install' will check this + # and refuse to install the project if the version does not match. If you + # do not support Python 2, you can simplify this to '>=3.5' or similar, see + # https://packaging.python.org/guides/distributing-packages-using-setuptools/#python-requires + python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4', + + # This field lists other packages that your project depends on to run. + # Any package you put here will be installed by pip when your project is + # installed, so they must be valid existing projects. + # + # For an analysis of "install_requires" vs pip's requirements files see: + # https://packaging.python.org/en/latest/requirements.html + install_requires=['peppercorn'], # Optional + + # List additional groups of dependencies here (e.g. development + # dependencies). Users will be able to install these using the "extras" + # syntax, for example: + # + # $ pip install sampleproject[dev] + # + # Similar to `install_requires` above, these must be valid existing + # projects. + extras_require={ # Optional + 'dev': ['check-manifest'], + 'test': ['coverage'], + }, + + # If there are data files included in your packages that need to be + # installed, specify them here. + # + # If using Python 2.6 or earlier, then these have to be included in + # MANIFEST.in as well. + package_data={ # Optional + 'sample': ['package_data.dat'], + }, + + # Although 'package_data' is the preferred approach, in some case you may + # need to place data files outside of your packages. See: + # http://docs.python.org/3.4/distutils/setupscript.html#installing-additional-files + # + # In this case, 'data_file' will be installed into '/my_data' + data_files=[('my_data', ['data/data_file'])], # Optional + + # To provide executable scripts, use entry points in preference to the + # "scripts" keyword. Entry points provide cross-platform support and allow + # `pip` to create the appropriate form of executable for the target + # platform. + # + # For example, the following would provide a command called `sample` which + # executes the function `main` from this package when invoked: + entry_points={ # Optional + 'console_scripts': [ + 'sample=sample:main', + ], + }, + + # List additional URLs that are relevant to your project as a dict. + # + # This field corresponds to the "Project-URL" metadata fields: + # https://packaging.python.org/specifications/core-metadata/#project-url-multiple-use + # + # Examples listed include a pattern for specifying where the package tracks + # issues, where the source is hosted, where to say thanks to the package + # maintainers, and where to support the project financially. The key is + # what's used to render the link text on PyPI. + project_urls={ # Optional + 'Bug Reports': 'https://github.com/pypa/sampleproject/issues', + 'Funding': 'https://donate.pypi.org', + 'Say Thanks!': 'http://saythanks.io/to/example', + 'Source': 'https://github.com/pypa/sampleproject/', + }, +) + diff --git a/spec/fixtures/python/simple-setup.py b/spec/fixtures/python/simple-setup.py new file mode 100644 index 0000000..02ee1c4 --- /dev/null +++ b/spec/fixtures/python/simple-setup.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python3 +import os +import shutil + +from setuptools import find_packages +from setuptools import setup + +shutil.rmtree("build", ignore_errors=True) + +setup( + name="package name", + version='1.1', + packages=find_packages(), + include_package_data=True, + install_requires=[ + "boto3", + ], + author="author", + author_email="author@author.com", + description="All the stuff", + url="https://www.author.com", +) diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb index 3c63e37..7a510ac 100644 --- a/spec/integration/java/gradle_spec.rb +++ b/spec/integration/java/gradle_spec.rb @@ -60,7 +60,7 @@ plugins { ].each do |gradle_version| %w[8 11].each do |java_version| context "when scanning a gradle (v#{gradle_version}) project that uses a kotlin build script" do - let(:build_file_content) { fixture_file_content("build.gradle.kts") } + let(:build_file_content) { fixture_file_content("java/build.gradle.kts") } it 'scans a gradle project' do runner.add_file('build.gradle.kts', build_file_content) diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb index ad4cf5e..176cb6e 100644 --- a/spec/integration/java/maven_spec.rb +++ b/spec/integration/java/maven_spec.rb @@ -6,7 +6,7 @@ RSpec.describe "maven" do describe "When the maven dependencies come from a custom public maven repository" do it 'is able to detect some of the licenses' do - runner.add_file('pom.xml', fixture_file_content('pom-public-gitlab-repository.xml')) + runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) report = runner.scan(env: { 'CI_PROJECT_ID' => '17523603' @@ -17,8 +17,8 @@ RSpec.describe "maven" do end it 'downloads packages from by using a custom `settings.xml`' do - runner.add_file('pom.xml', fixture_file_content('pom-public-gitlab-repository.xml')) - runner.add_file('my_settings.xml', fixture_file_content('custom-maven-settings.xml')) + runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) + runner.add_file('my_settings.xml', fixture_file_content('java/custom-maven-settings.xml')) report = runner.scan(env: { 'CI_PROJECT_ID' => 'invalid', @@ -50,7 +50,7 @@ RSpec.describe "maven" do describe "When scanning a project with multiple modules" do before do - runner.mount(dir: fixture_file('maven-multimodule')) + runner.mount(dir: fixture_file('java/maven-multimodule')) end it 'detects dependences from each module' do diff --git a/spec/integration/php/composer_spec.rb b/spec/integration/php/composer_spec.rb index 2b6d697..1419dd4 100644 --- a/spec/integration/php/composer_spec.rb +++ b/spec/integration/php/composer_spec.rb @@ -6,7 +6,7 @@ RSpec.describe "composer" do context "when the project's dependencies require php-gd e.g. in the case of Drupal" do it 'installs the required dependencies and produces a valid report' do # composer.json from https://git.drupalcode.org/project/drupal/raw/8.7.x/core/composer.json - runner.add_file('composer.json', fixture_file_content('drupal_composer.json')) + runner.add_file('composer.json', fixture_file_content('php/drupal_composer.json')) report = runner.scan expect(report).to match_schema(version: '2.0') diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb index 9c565a9..e54aa19 100644 --- a/spec/integration/python/pip_spec.rb +++ b/spec/integration/python/pip_spec.rb @@ -65,4 +65,37 @@ RSpec.describe "pip" do end end end + + context "when scanning projects with a `setup.py` but do not have a `requirements.txt` files" do + pending 'detects licenses in a simple `setup.py`' do + runner.add_file('setup.py', fixture_file_content('python/simple-setup.py')) + report = runner.scan + + expect(report).to match_schema(version: '2.0') + expect(report[:dependencies]).not_to be_empty + expect(find_in(report, 'boto3')[:licenses]).to match_array(['MIT']) + end + + pending 'detects licenses in a more complicated `setup.py`' do + runner.add_file('setup.py', fixture_file_content('python/complex-setup.py')) + report = runner.scan + + expect(report).to match_schema(version: '2.0') + expect(report[:dependencies]).not_to be_empty + expect(find_in(report, 'peppercorn')[:licenses]).to match_array(['BSD-2-Clause']) + end + end + + context "when scanning projects that have a custom index-url" do + before do + runner.add_file('requirements.txt', 'pip==18.1') + end + + it 'detects the licenses from the custom index' do + report = runner.scan(env: { 'PIP_INDEX_URL' => 'https://test.pypi.org/simple/' }) + + expect(report).to match_schema(version: '2.0') + expect(find_in(report, 'pip')[:licenses]).to match_array(["MIT"]) + end + end end -- cgit v1.2.3 From f601e9bfb512ef21f727313959ff6349490abf17 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 26 Mar 2020 21:54:51 -0600 Subject: Add CHANGELOG entry --- CHANGELOG.md | 4 ++++ Gemfile.lock | 2 +- lib/license/management/version.rb | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2c2cd7..574c667 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # GitLab License management changelog +## v3.2.0 + +- Install packages from `PIP_INDEX_URL`. (!125) + ## v3.1.4 - Print `license-maven-plugin` logs to console. (!127) diff --git a/Gemfile.lock b/Gemfile.lock index 068d07f..8fd6a53 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (3.1.4) + license-management (3.2.0) license_finder (~> 6.0.0) spandx (~> 0.1) diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index c004a9c..946d5e9 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.1.4' + VERSION = '3.2.0' end end -- cgit v1.2.3