Releases: aboutcode-org/scancode-toolkit
v21.2.9
This is a major new release. Some of the highlights include:
Security:
- Update vulnerable LXML to version 4.6.2 to fix
https://nvd.nist.gov/vuln/detail/CVE-2020-27783
This was detected thanks to https://github.com/nexb/vulnerablecode
Operating system support:
- Drop support for Python 2 #295
- Drop support for 32 bits on Windows #335
- Add support for Python 64 bits on Windows 64 bits #335
- Add support for Python 3.6, 37, 3.8 and 3.9 on Linux, Windows and macOS.
These are now tested on Azure. - Add deprecation message for native Windows support #2366
License scanning:
- Improve license detection accuracy with over 8400 new license detection fules
added or updated - Remove the previously deprecated --license-diag option
- Include pre-built license index in release archives to speed up start #988
- Use SPDX LicenseRef-scancode namespace for all licenses keys not in SPDX
- Replace DEJACODE_LICENSE_URL with SCANCODE_LICENSEDB_URL at
https://scancode-licensedb.aboutcode.org #2165
Package scanning:
- Add detection of package-installed files
- Add analysis of system package installed databases for Debian, OpenWRT and
Alpine Linux packages - Add support for Alpine Linux, Debian, OpenWRT.
Copyright scanning:
- Improve detection with minor grammar fixes
Misc.:
- Adopt a new calendar date-based versioning for scancode-toolkit version numbers
- Update thirdparty dependencies and built-in plugins
- Allow installation without extractcode and typecode native plugins. Instead
one can elect to install these or not to have a lighter footprint if needed. - Update configuration and bootstrap scripts to support a new PyPI-like
repository at https://thirdparty.aboutcode.org/pypi/ - Create new release scripts to populate released archives with just the
required wheels of a given OS and Python version. - Updated scancode.bat to handle % signs in the arguments #1876
Big thank you to all contributors and in particular:
- Abhishek Kumar
- Ayan Sinha Mahapatra
- Ayush Bhardwaj
- Chin Yeung Li
- Dennis Clark
- Duncan Howe
- John Horan
- Jono Yang
- Maximilian Huber
- Michael Herzog
- Philippe Ombredanne
- Sankha Das
- Scott Pakin
- Steven Esser
- Tushar Upadhyay
v3.2.x release
v3.2.2rc3 release candidate
v3.2.1rc2 release candidate
v3.2.0rc1 release candidate
This the first release candidate of 3.2
Some notable changes:
- Improve copyright detection #2140
- Add new license rules for "bad" licenses #1899 @viragumathe5
- Improve copyright detection @WizardOhio24
- Improve tests @hanif-ali
- Add and improve support for package manifest for #2080 Go, Ruby gem gemspec, Cocoapod podspec, opam, Python PKG-INFO - Rohit Potter @rpotter12
- Add and improve support for package lockfiles for Pipfile.lock, requirements.tx, Cargo.lock - Rohit Potter @rpotter12
- Add new --max-depth option to limit sca depth - Hanif Ali @hanif-ali
- Add initial Debian packaging - @aj4ayushjain
- Add new documentation web site and documentation generation system
- The "headers" attribute in JSON outputs now contains a 'duration' field. #1942
- Rework packaging and third-party support handling: Create new scripts and
process to provision, install and manage third-party dependencies - Abhishek Kumar @Abhishek-Dev09 - Improve CSV output and fix manifest path bug #1718 Aditya Viki8
- Add new documentation, as well as tools and process. Ayan Sinha Mahapatra
- Add new license detection rules - Ayan Sinha Mahapatra
- Improve license detection #1999 - Bryan Sutula
- Correct CC0 license #1984 - Carmen Bianca Bakker
- Add documentation for the usage of
cpp_includesplugin - Chin Yeung Li - Improve andling of npm package-lock.json #1993 - Chin Yeung Li
- Add new license detection rules - Gaupeng
- Improve documentation - Issei Horie
- Improve consolidation plugin - Jono Yang @JonoYang
- Improve Python wheels detection #1749 - Jono Yang @JonoYang
- Add support for BUCK and Bazel build scripts #1678 - Jono Yang @JonoYang
- Improve handing of ignores #1748 - Jono Yang @JonoYang
- Improved package models #1773 #1532 #1678 #1771 #1791 #1220 - Jono Yang @JonoYang
- Parse package lock files for Composer #1850, Yarn #1220, Gemfile.lock #1885 - Jono Yang @JonoYang
- Add parser for Alpine 'installed' file #2061 - Jono Yang @JonoYang
- Add support for Debian packagesinstalled files #2058 - Jono Yang @JonoYang
- Add new licenses -@Pratikrocks
- Improve support for DWARF, ELF and C++ include plugins #1712 #1752#1762 - Li Ha @licodeli
- Add support for parsing java class files #1712 #1726- Li Ha @licodeli
- Add new license detection rules - @MankaranSingh
- Add new duration field to JSON output #1937 - @MankaranSingh
- Add new rule for GPL historical note #1794 - Martin Petkov
- Add --replace-originals flag to extractcode -Maximilian Huber
- Improve Documentation - Michael Herzog
- Add new checksum type for sha256 - Nitish @nitish81299
- Improve documentation - Philippe Ombredanne
- Add new license detection rules and improve detection #1777 #1720 #1734 #1486 #1757 #1749 #1283 #1795 #2214 #1978
- Add new license detection rules and improve detection #2187 #2188 #2189 #1904 #2207 #1905 #419 #2190 #1910 #1911
- Add new license detection rules and improve detection #1841 #1913 #1795 #2124 #2145 #1800 #2200 #2206 #2186
- Allow to call "run_scan" as a function #1780
- Update license data to SPDX 3.7 #1789
- Collect matched license text correctly including with Turkish diacritics #1872
- Detect SPDX license identifiers #2007
- Add Windows 64 as supported platform #616
- Add and improve support for archive with lzip, lz4 and zstd #245 #2044 #2045
- Detect licenses in debian copyright files #2058
- Improve copyright detections #2140
- Improve FSF, unicode and Perl license detection - Qingmin Duanmu
- Add COSLi and ethical licenses - Ravi @JRavi2
- Add tests for extract.py and extract_cli.py - Ravi @JRavi2
- Add a new copyright to grammar - Richard Menzies
- Fix external URLs in documentation - Ritiek Malhotra
- Improve doc - Rohit Potter
- Correct configure on Windows and improve doc - Sebastian Schuberth
- Improve license detection. Add tests for #1758 and #1691- Shankhadeep Dey
- Improve tests of utility code - Shivam Chauhan
- Improve tests and documentation - Shivam Sandbhor @sbs2001
- Add new hippocratic license #1739 - Shivam Sandbhor
- Add new and improved licenses - Steven Esser @MaJuRG
- Improve test suite - Steven Esser @MaJuRG
- Improve fingerprint plugin #1690 - Steven Esser @MaJuRG
- Add support for Debian packages #2058 - Steven Esser @MaJuRG
- Improve FreeBSD support - @aj4ayushjain
- Add new plugins to get native code from install packages - @aj4ayushjain
- Fix license name and data - Thomas Steenbergen
- Improve runtime support for FreeBSD #1695 @knobix
- Update macOS image on azure pipeline @TG1999
- Improve documentation - @Vinay0001
Release candidate 2 for 3.1.x
v3.1.1 Release v3.1.1 which the release candidate 2 of 3.1.x
Release v3.0.2: minor bug fix
This is a minor bug fix version for 3.0.0. See https://github.com/nexB/scancode-toolkit/releases/tag/v3.0.0 for major changes.
- A tracing flag was turned on in the summary module by mistake. Reported by @tdruez #1374
- Correct a Maven parsing error. Reported and fixed by @linexb #1373
- Set proper links in the README. Reported and fixed by @sschuberth #1371
- No changes from v3.0.1
See the CHANGELOG for details at https://github.com/nexB/scancode-toolkit/blob/master/CHANGELOG.rst
To install, download scancode-toolkit-3.0.2.zip or scancode-toolkit-3.0.2.tar.bz2 from the Downloads section below and follow installation instructions in the README at https://github.com/nexB/scancode-toolkit/blob/master/README.rst
This is also available as a Python library from Pypi with pip install scancode-toolkit
You can also download the corresponding source code for bundled pre-built third-party binaries from these locations:
Release v3.0.0: new major release
This is the first 3.0 release with the best, fastest and most efficient ScanCode ever released.
This releases contains many improvements, fixes and new features including breaking API changes (when compared to 2.2.x). See the CHANGELOG for details at https://github.com/nexB/scancode-toolkit/blob/master/CHANGELOG.rst
To install, download scancode-toolkit-3.0.0.zip or scancode-toolkit-3.0.0.tar.bz2 from the Downloads section below and follow installation instructions in the README at https://github.com/nexB/scancode-toolkit/blob/master/README.rst
This is also available as a Python library from Pypi with pip install scancode-toolkit
You can also download the corresponding source code for bundled pre-built third-party binaries from these locations:
Release beta/preview v2.9.2: a beta/preview for the latest develop, before 3.0
This is a stable pre-release of what will come up for 3.0
This has many changes and bug fixes including improved SPDX license detection, package reporting and additional plugins and more: these are not yet fully documented but this release can be used for testing and is stable.
Some major changes include:
-
A security fix The support for Rar archives extraction in extractcode has been changed and downgraded to use libarchive instead of 7zip as a mitigation for a 7Zip vulnerability referenced as CVE-2018-10115 https://nvd.nist.gov/vuln/detail/CVE-2018-10115 . As a result, you may expect some extraction failures when extracting some Rar archives as fewer Rar archive formats are supported by libarchive. When the bug is properly fixed on all OS in 7Zip this may be reverted.
-
The package models have been updated significantly and streamlined. Then now also use the Package URL (purl) semantics. If you rely on the previous v2.x models and data structures, with a
--packagescans things are rather improved now. Documentation will come up next. -
The license detection has been updated in several ways:
- a new --license-expression option allow to return license expressions (using ScanCode keys)
- several licenses have been added, updated or retired after a sync with the latest SPDX license list v3.1 and AboutCode
- SPDX license identifiers are now detected by the license scan
Release beta/preview v2.9.1: a beta/preview for the latest develop, before 3.0
This is a stable pre-release of what will come up for 3.0
This has a lot of new changes including improved license detection, plugins, speed and detection that are not yet fully documented but it can be used for testing.