-------------------
This is a major pre-release of what will come up for 3.0. with significant
packages and license API changes.
API changes:
- Simplify output option names 789
- Update the packages data structure and introduce Package URLs 275
- Add support for license expressions 74 with full exceptions support
Licenses:
- Add support for license expressions 74 with full exceptions support
- Enable SPDX license identifier match 81
- Update and change handling of composite licenses now that we support expressions
- Symchronize licenses with latest from SPDX and DejaCode 41
- Add new licenses ofr odds and ends: other-permissive and other-copyleft
- refine license index cache handling
- remove tests without value
- Add new license policy plugin 214, 880
Packages:
- Split packages from package_manifest 1027. This is experimental
The packages scan return now a single package_manifest key (not a list)
And a post_scan plugin (responding to the same --package) option perform
a roll-up of the manifest informationat the proper level for a package
type as the "packages" attribute (which is still a list). For instance
a package.json "package_manifest" will end up having a "packages" entry
in its parent directory.
- Include and return Package URLs (purl) 805 and 275
- Major rework of the package data structure 275
- Rename asserted_license to declared_licensing 275
- Add basic Godeps parsing support 275
- Add basic gemspec and Rubygems parsing support 275
- Add basic Gemfile.lock parsing support 275
- Add basic Win DLL parsing support 275
- Replace MD5/SHA1 by a list of checksums 275
- Use a single download_url, not a list 275
- Add namespace to npm. Compute defaults URL 275
Misc:
- multiple minor bug fixes
- do not ignore .repo files 881
Credits: Many thanks to everyone that contributed to this release with code and bug reports
- JonoYang
- majurg
- pombredanne
- yash-nisar
- ThorstenHarter