Reuse

Fixed

- `annotate`'s '`--style` now works again when used for a file with an
unrecognised extension. (909)

Fixed

- `.qrc` and `.ui` now have the HTML comment style instead of being marked
uncommentable. (896)
- This reverts behaviour introduced in v3.0.0: the contents of uncommentable
files are scanned for REUSE information again. The contents of binary files
are not. (896)

This release contains a lot of small improvements and changes without anything
big per se. Rather, it is made in advance of a release which will contain a
single feature: [REUSE.toml](https://github.com/fsfe/reuse-tool/issues/779), a
replacement for `.reuse/dep5`. `.reuse/dep5` will still be supported as a
deprecated feature for some time.

That future 3.1 release will have some alpha testing in advance.

Added

- Implement handling LicenseRef in `download` and `init`. (697)
- Declared support for Python 3.12. (846)
- More file types are recognised:
- TCL (`.tcl`) (871)
- Julia (`.jl`) (815)
- Modern Fortran (`.f90`) (836)
- Bazel (`.bzl`) (870)
- GNU Linker script (`.ld`) (862)
- Assembly code (`.s`) (862)
- Empty placeholders (`.empty`) (862)
- ShellCheck configuration (`.shellcheckrc`) (862)
- Pylint in-project configuration (`pylintrc`) (862)
- Lisp schemes (`.sld`, `.sls`, `.sps`) (875)
- Added comment styles:
- `csingle` for Zig (`.zig`) and Hare (`.ha`) (889)
- Display recommendations for steps to fix found issues during a lint. (698)
- Add support for Pijul VCS. Pijul support is not added to the Docker image.
(858)
- When running `annotate` on a file with an unrecognised file path, the tool
currently exits early. To automatically create a .license file for
unrecognised files, `--fallback-dot-license` has been added. (823, 851,
853, 859; this took a while to get right.)
- Ignore `.sl` directory as used by [Sapling SCM](https://sapling-scm.com/).
(867)

Changed

- Alpine Docker image now uses 3.18 as base. (846)
- The Git submodule detection was made less naïve. Where previously it detected
a directory with a `.git` file as a submodule, it now uses the git command to
detect submodules. This helps detect (quoted from Git man page)
"[repositories] that were cloned independently and later added as a submodule
or old setups", which "have the submodule's git directory inside the submodule
instead of embedded into the superproject's git directory". (687)
- No longer scan binary or uncommentable files for their contents in search of
REUSE information. (825)
- `--force-dot-license` and `--skip-unrecognised` are now mutually exclusive on
`annotate`. (852)
- No longer create and publish `-extra` Docker images. The `openssh-client`
package is now in the main image. (849)
- No longer create and publish `dev` Docker images. (849)
- The `-debian` Docker image is now based off debian:12-slim. It used to be
based on the python:slim image, which used debian:slim under the hood. (849)

Removed

- Removed deprecated `--explicit-license`. (851)
- Removed deprecated `addheader`. (851)
- No longer depend on `sphinx-autodoc-typehints` for documentation. (772)

Fixed

- Syntax errors in .reuse/dep5 now have better error handling. (841)
- Reduced python-debian minimum version to 0.1.34. (808)
- Fix issue in `annotate` where `--single-line` and `--multi-line` would not
correctly raise an error with an incompatible comment style. (853)
- Fix parsing existing copyright lines when they do not have a year (861)
- Better handling of Lisp comment styles. Now, any number of ";" characters is
recognised as the prefix to a Lisp comment, and ";;;" is used when inserting
comment headers, as per
<https://www.gnu.org/software/emacs/manual/html_node/elisp/Comment-Tips.html>.
(874)

After the yanked 2.0.0 release, we're excited to announce our latest major
version packed with new features and improvements! We've expanded our file type
recognition, now including Fennel, CommonJS, Qt .pro, .pri, .qrc, .qss, .ui,
Textile, Visual Studio Code workspace, Application Resource Bundle, Svelte
components, AES encrypted files, Jakarta Server Page, Clang format, Browserslist
config, Prettier config and ignored files, Flutter pubspec.lock, .metadata,
Terraform and HCL, Typst and more.

We've also added the ability to detect SPDX snippet tags in files and introduced
additional license metadata for the Python package. A new `--json` flag has been
added to the `lint` command, marking the first step towards better integration
of REUSE output with other tools.

On the changes front, we've bumped the SPDX license list to v3.21 and made
significant updates to our Sphinx documentation. Please note that Python 3.6 and
3.7 support has been dropped in this release.

We've fixed several issues including automatic generation of Sphinx
documentation via readthedocs.io and a compatibility issue where reuse could not
be installed if gettext is not installed.

This update is all about making your experience better. Enjoy adding copyright
and licensing information to your code!

Added

- Detect SPDX snippet tags in files. (699)
- More file types are recognised:
- Fennel (`.fnl`) (638)
- CommonJS (`.cjs`) (632)
- Qt .pro (`.pro`) (632)
- Qt .pri (`.pri`) (755)
- Qt .qrc (`.qrc`) (755)
- Qt .qss(`.qss`) (755)
- Qt .ui (`.ui`) (755)
- Textile (`.textile`) (712)
- Visual Studio Code workspace (`.code-workspace`) (747)
- Application Resource Bundle (`.arb`) (749)
- Svelte components (`.svelte`)
- AES encrypted files (`.aes`) (758)
- Jakarte Server Page (`.jsp`) (757)
- Clang format (`.clang-format`) (632)
- Browserslist config (`.browserslist`)
- Prettier config (`.prettierrc`) and ignored files (`.prettierignore`)
- Flutter pubspec.lock (`pubspec.lock`) (751)
- Flutter .metadata (`.metadata`) (751)
- Terraform (`.tf`, `tfvars`) and HCL (`.hcl`). (756)
- Typst (`.typ`)
- Added loglevel argument to pytest and skip one test if loglevel is too high
(645).
- `--add-license-concluded`, `--creator-person`, and `--creator-organization`
added to `reuse spdx`. (623)
- Additional license metadata for the Python package has been added. The actual
SPDX license expression remains the same:
`Apache-2.0 AND CC0-1.0 AND CC-BY-SA-4.0 AND GPL-3.0-or-later`. (733)
- Added `--contributor` option to `annotate`. (669)
- Added `--json` flag to `lint` command (654).
- `reuse.ReuseInfo` now has `copy` and `union` methods. (759)
- `reuse.ReuseInfo` now stores information about the source from which the
information was gathered. (654, 787)
- Added Ukrainian and Czech translations (767)
- Added `--suppress-deprecation` to hide (verbose) deprecation warnings. (778)

Changed

- Bumped SPDX license list to v3.20. (692)
- `reuse.SpdxInfo` was renamed to `reuse.ReuseInfo`. It is now a (frozen)
dataclass instead of a namedtuple. This is only relevant if you're using reuse
as a library in Python. Other functions and methods were similarly renamed.
(669)
- Sphinx documentation: Switched from RTD theme to Furo. (673, 716)
- Removed dependency on setuptools' `pkg_resources` to determine the installed
version of reuse. (724)
- Bumped SPDX license list to v3.21. (763)
- `Project.reuse_info_of` now returns a list of `ReuseInfo` objects instead of a
single one. This is because the source information is now stored alongside the
REUSE information. (787)

Deprecated

- Pending deprecation of aggregation of file sources. Presently, when copyright
and licensing information is defined both within e.g. the file itself and in
the DEP5 file, then the information is merged or aggregated for the purposes
of linting and BOM generation. In the future, this will no longer be the case
unless explicitly defined. The exact mechanism for this is not yet concrete,
but a `PendingDeprecationWarning` will be shown to the user to make them aware
of this. (778)

Removed

- Python 3.6 and 3.7 support has been dropped. (673, 759)
- Removed runtime and build time dependency on `setuptools`. (724)

Fixed

- Fixed automatic generation of Sphinx documentation via readthedocs.io by
adding a `.readthedocs.yaml` configuration file (648)
- Fixed a compatibility issue where reuse could not be installed (built) if
gettext is not installed. (691)
- Translations are available in Docker images. (701)
- Marked the `/data` directory in Docker containers as safe in Git, preventing
errors related to linting Git repositories. (720)
- Repaired error when using Galician translations. (719)

Security

This version was yanked because of an unanticipated workflow that we broke. The
breaking change is the fact that an order of precedence was defined for
copyright and licensing information sources. For instance, if a file contained
the `SPDX-License-Identifier` tag, and if that file was also (explicitly or
implicitly) covered by DEP5, then the information from the DEP5 setting would no
longer apply to that file.

While the intention of the breaking change was sound (don't mix information
sources; define a single source of truth), there were legitimate use-cases that
were broken as a result of this.

Apologies to everyone whose CI broke. We'll get this one right before long.

Fixed

- Note to maintainers: It is now possible/easier to use the `build` module to
build this module. Previously, there was a namespace conflict. (640)