Reuse

Latest version: v3.0.2

Safety actively analyzes 630217 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 7

1.1.1

Fixed

- Don't include documentation files (e.g. `README.md`) in top-level (i.e.,
`site-packages/`). (657)
- Include documentation directory in sdist. (657)

1.1.0

Added

- Added support for Python 3.11. (603)
- More file types are recognised:
- Kotlin script (`.kts`)
- Android Interface Definition Language (`.aidl`)
- Certificate files (`.pem`)
- Added comment styles:
- Apache Velocity Template (Extensions: `.vm`, `.vtl`) (554)
- XQuery comment style (Extensions: `.xq(l|m|y|uery|)`) (610)
- Some special endings are always stripped from copyright and licensing
statements (602):
- `">` (and variations such as `'>`, `" >`, and `"/>`)
- `] ::`

Changed

- Removed `setup.py` and replaced it with a Poetry configuration. Maintainers
beware. (600)
- Updated PyPI development status to 'production/stable' (381)
- The pre-commit hook now passes `lint` as an overridable argument. (574)
- `addheader` has been renamed to `annotate`. The functionality remains the
same. (550)
- Bumped SPDX license list to v3.19.

Deprecated

- `addheader` has been deprecated. It still works, but is now undocumented.
(550)

Removed

- `setup.py`. (600)
- Releases to PyPI are no longer GPG-signed. Support for this is not present in
Poetry and not planned. (600)
- Dependency on `requests` removed; using `urllib.request` from the standard
library instead. (600)

Fixed

- Repair tests related to CVE-2022-39253 changes in upstream Git. New versions
of Git no longer allow `git submodule add repository path` where repository is
a file. A flag was added to explicitly allow this in the test framework.
(619)
- Sanitize xargs input in scripts documentation. (525)
- License identifiers in comments with symmetrical ASCII art frames are now
properly detected (560)
- Fixed an error where copyright statements contained within a multi-line
comment style on a single line could not be parsed (593).
- In PHP files, add header after `<?php` (543).

1.0.0

A major release! Do not worry, no breaking changes but a development team
(carmenbianca, floriansnow, linozen, mxmehl and nicorikken) that is
confident enough to declare the REUSE helper tool stable, and a bunch of
long-awaited features!

Apart from smaller changes under the hood and typical maintenance tasks, the
main additions are new flags to the `addheader` subcommand that ease recursive
and automatic operations, the ability to ignore areas of a file that contain
strings that may falsely be detected as copyright or license statements, and the
option to merge copyright lines. The tool now also has better handling of some
edge cases with copyright and license identifiers.

We would like to thank the many contributors to this release, among them
ajinkyapatil8190, aspiers, ferdnyc, Gri-ffin, hexagonrecursion, hoijui,
Jakelyst, Liambeguin, rex4539, robinkrahl, rpavlik, siiptuo, thbde and
ventosus.

Added

- Extend [tool documentation](https://reuse.readthedocs.io) with scripts to help
using this tool and automating some steps that are not built into the tool
itself. (500)
- Recommendations for installation/run methods: package managers and pipx (457)
- Docker images for AArch64 (478)
- Added the ability to ignore parts of a file when running `reuse lint`. Simply
add `REUSE-IgnoreStart` and `REUSE-IgnoreEnd` as comments and all lines
between the two will be ignored by the next run of `reuse lint`. (463)
- [Meson subprojects](https://mesonbuild.com/Subprojects.html) are now ignored
by default. (496)
- More file types are recognised:
- sbt build files (`.sbt`)
- Vimscript files (`.vim`)
- Added `--skip-existing` flag to `addheader` in order to skip files that
already contain SPDX information. This may be useful for only adding SPDX
information to newly created files. (480)
- Added `--recursive` flag to `addheader`. (469)
- Preserve shebang for more script files:
- V-Lang (432)
- Ignore all SPDX files with their typical formats and extensions. (494)
- Add support for merging copyright lines based on copyright statement,
transforming multiple lines with a single year into a single line with a
range. (328)

Changed

- Use `setuptools` instead of the deprecated `distutils` which will be removed
with Python 3.12. (451)
- `addheader --explicit-license` renamed to `--force-dot-license`. (476)
- Dockerfiles for reuse-tool are now in a separate subdirectory `docker`. (499)
- Updated SPDX license list to 3.17. (513)
- The copyright detection mechanism now silently accepts the following strings:
`Copyright(c)` and `Copyright(C)`. (440)

Deprecated

- Deprecated `--explicit-license` in favour of `--force-dot-license`.
`--explicit-license` will remain useable (although undocumented) for the
foreseeable future. (476)

Removed

- `JsxCommentStyle` in favor of using `CCommentStyle` directly (see section
`Fixed`). (406)

Fixed

- Better support for unary "+" operator in license identifiers. For example, if
`Apache-1.0+` appears as a declared license, it should not be identified as
missing, bad, or unused if `LICENSES/Apache-1.0.txt` exists. It is, however,
identified separately as a used license. (123)
- When `addheader` creates a `.license` file, that file now has a newline at the
end. (477)
- Cleaned up internal string manipulation. (477)
- JSX (`.jxs` and `.tsx`) actually uses C comment syntax as JSX blocks never
stand at the beginning of the file where the licensing info needs to go.
(406)

0.14.0

Happy holidays! This is mainly a maintenance release fixing some subcommands and
adding loads of supported file types and file names. However, you can also enjoy
the `supported-licenses` subcommand and the `--quiet` flag for linting as well
as better suggestions for license identifiers. Thanks to everyone who
contributed!

Added

- `supported-licenses` command that lists all licenses supported by REUSE (401)
- `--quiet` switch to the `lint` command (402)
- Better suggestions for faulty SPDX license identifiers in `download` and
`init` (416)
- Python 3.10 support declared
- More file types are recognised:
- Apache FreeMarker Template Language (`.ftl`)
- AsciiDoc (`.adoc`, `.asc`, `.asciidoc`)
- Bibliography (`.csl`)
- C++ (`.cc` and `.hh`)
- GraphQL (`.graphql`)
- Handlebars (`.hbs`)
- Markdown-linter config (`.mdlrc`)
- MS Office (`.doc`, `.xls`, `.pptx` and many more)
- Nimble (`.nim.cfg`, `.nimble`)
- Open Document Format (`.odt`, `.ods`, `.fodp` and many more)
- Perl plain old documentation (`.pod`)
- Portable document format (`.pdf`)
- Protobuf files (`.proto`)
- Soy templates (`.soy`)
- SuperCollider (`.sc`, `.scsyndef`)
- Turtle/RDF (`.ttl`)
- V-Lang (`.v`, `.vsh`)
- Vue.js (`.vue`)
- More file names are recognised:
- Doxygen (`Doxyfile`)
- ESLint (`.eslintignore` and `.eslintrc`)
- Meson options file (`meson_options.txt`)
- NPM ignore (`.npmignore`)
- Podman container files (`Containerfile`)
- SuperCollider (`archive.sctxar`)
- Yarn package manager (`.yarn.lock` and `.yarnrc`)

Changed

- Updated SPDX license list to 3.15

Fixed

- Fix Extensible Stylesheet Language (`.xsl`) to use HTML comment syntax
- Allow creating .license file for write-protected files (347) (418)
- Do not break XML files special first line (378)
- Make `download` subcommand work correctly outside of project root and with
`--root` (430)

0.13.0

Added

- `addheader` recognises file types that specifically require .license files
instead of headers using `UncommentableCommentStyle`. (189)
- `.hgtags` is ignored. (227)
- `spdx-symbol` added to possible copyright styles. (350)
- `addheader` ignores case when matching file extensions and names. (359)
- Provide `latest-debian` as Docker Hub tag, created by `Dockerfile-debian`.
(321)
- More file types are recognised:
- Javascript modules (`.mjs`)
- Jupyter Notebook (`.ipynb`)
- Scalable Vector Graphics (`.svg`)
- JSON (`.json`)
- Comma-separated values (`.csv`)
- Racket (`.rkt`)
- Org-mode (`.org`)
- LaTeX package files (`.sty`)
- devicetree (`.dts`, `.dtsi`)
- Bitbake (.bb, .bbappend, .bbclass)
- XML schemas (`.xsd`)
- OpenSCAD (`.scad`)
- More file names are recognised:
- Bash configuration (`.bashrc`)
- Coverage.py (`.coveragerc`)
- Jenkins (`Jenkinsfile`)
- SonarScanner (`sonar-project.properties`)
- Gradle (`gradle-wrapper.properties`, `gradlew`)

Changed

- Bump `alpine` Docker base image to 3.13. (369)

Fixed

- Fixed a regression where unused licenses were not at all detected. (285)
- Declared dependency on `python-debian != 0.1.39` on Windows. This version does
not import on Windows. (310)
- `MANIFEST.in` is now recognised instead of the incorrect `Manifest.in` by
`addheader`. (306)
- `addheader` now checks whether a file is both readable and writeable instead
of only writeable. (241)
- `addheader` now preserves line endings. (308)
- `download` does no longer fail when both `--output` and `--all` are used.
(326)
- Catch erroneous SPDX expressions. (331)
- Updated SPDX license list to 3.13.

0.12.1

Fixed

- Bumped versions of requirements. (288)

Page 2 of 7

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.