Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump scancode-toolkit from 32.0.8 to 32.1.0 #20

Merged
merged 1 commit into from
Mar 23, 2024
Merged

Bump scancode-toolkit from 32.0.8 to 32.1.0 #20

merged 1 commit into from
Mar 23, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2024

Bumps scancode-toolkit from 32.0.8 to 32.1.0.

Release notes

Sourced from scancode-toolkit's releases.

v32.1.0

New CLI options:

  • A new CLI option --package-only has been added which performs a faster package scan by skipping the package assembly step and also skipping license/copyright detection on package metadata.

Major API/other changes:

  • Output Format Version updated to 3.1.0 (minor version bump)
  • Drops python 3.7 and adopts python 3.12
  • New license match attributes:
    • from_file
    • matched_text_diagnostics is added for --license-text-diagnostics
  • In codebase-level license_detections we have a new attribute reference_matches
  • SPDX license expressions everywhere side-by-side with ScanCode license expressions.
  • All rule attribute level data provided in codebase level todo items.

Changes in Output Data Structure:

  • The data structure of the JSON output has changed for licenses at file level, and license detections at top-level. But note that all the changes are additions to the JSON output, so we have a minor version bump 3.0.0 to 3.1.0:

    • There is a new attribute from_file in matches which is in license_detections in:

      • File level license_detections
      • Codebase level license_detections
      • license_detections and other_license_detections in file-level package_data
      • license_detections and other_license_detections in codebase level packages

    • On using the CLI option --license-text-diagnostics there is now a new license match attribute matched_text_diagnostics with the matched text and highlighted diagnostics, instead of having this replace the plain matched_text.

    • A new reference_matches attribute is added to codebase-level license_detections which is same as the matches attribute in other license detections.

    • We now have SPDX license expressions everywhere we have ScanCode license expressions for ease of use and adopting SPDX everywhere. A new attribute license_expression_spdx is added to:

      • license_detections in file and codebase level

... (truncated)

Changelog

Sourced from scancode-toolkit's changelog.

v32.1.0 (next, roadmap)

New CLI options:

  • A new CLI option --package-only has been added which performs a faster package scan by skipping the package assembly step and also skipping license/copyright detection on package metadata.

Major API/other changes:

  • Output Format Version updated to 3.1.0 (minor version bump)
  • Drops python 3.7 and adopts python 3.12
  • New license match attributes:
    • from_file
    • matched_text_diagnostics is added for --license-text-diagnostics
  • In codebase-level license_detections we have a new attribute reference_matches
  • SPDX license expressions everywhere side-by-side with ScanCode license expressions.
  • All rule attribute level data provided in codebase level todo items.

Changes in Output Data Structure:

  • The data structure of the JSON output has changed for licenses at file level, and license detections at top-level. But note that all the changes are additions to the JSON output, so we have a minor version bump 3.0.0 to 3.1.0:

    • There is a new attribute from_file in matches which is in license_detections in:

      • File level license_detections
      • Codebase level license_detections
      • license_detections and other_license_detections in file-level package_data
      • license_detections and other_license_detections in codebase level packages

    • On using the CLI option --license-text-diagnostics there is now a new license match attribute matched_text_diagnostics with the matched text and highlighted diagnostics, instead of having this replace the plain matched_text.

    • A new reference_matches attribute is added to codebase-level license_detections which is same as the matches attribute in other license detections.

    • We now have SPDX license expressions everywhere we have ScanCode license expressions for ease of use and adopting SPDX everywhere. A new attribute license_expression_spdx

... (truncated)

Commits
  • cafcbcf Merge pull request #3701 from nexB/release-prep-v32.1.0
  • 3992030 Update semantic-version to match univers
  • 1befe77 Bump release date and other minor updates
  • ddb4cf2 Pin pypa/gh-action-pypi-publish to v1 release
  • e4ec505 Add requirements from spdx-tools dependencies
  • ba2f53f Bump pyahocorasick version to v2.1.0
  • 22b92df Update supported python versions in docs
  • 1e2b38b Bump versions of pymaven-patch and lxml
  • 701ce0e Bump version to v32.1.0
  • 42402f7 Build wheels for python 3.12
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump scancode-toolkit from 32.0.8 to 32.1.0
1dd2d3e 
Bumps [scancode-toolkit](https://github.com/nexB/scancode-toolkit) from 32.0.8 to 32.1.0.
- [Release notes](https://github.com/nexB/scancode-toolkit/releases)
- [Changelog](https://github.com/nexB/scancode-toolkit/blob/develop/CHANGELOG.rst)
- [Commits](aboutcode-org/scancode-toolkit@v32.0.8...v32.1.0)

---
updated-dependencies:
- dependency-name: scancode-toolkit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 23, 2024
@stefan6419846 stefan6419846 merged commit 4ffc380 into main Mar 23, 2024
10 checks passed
@stefan6419846 stefan6419846 deleted the dependabot/pip/scancode-toolkit-32.1.0 branch March 23, 2024 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stefan6419846