Release prep v32.3.1

.github/workflows/scancode-release.yml

@@ -239,7 +239,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        os: [ubuntu-22.04, ubuntu-24.04, macos-12, macos-13]
+        os: [ubuntu-22.04, ubuntu-24.04, macos-13, macos-14]
         pyver: ["3.9", "3.10", "3.11", "3.12"]
 
     steps:
@@ -371,7 +371,7 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        os: [macos-12, macos-13]
+        os: [macos-13, macos-14]
         pyver: ["3.9", "3.10", "3.11", "3.12"]
 
     steps:

CHANGELOG.rst

@@ -14,8 +14,6 @@ v33.0.0 (next next, roadmap)
 - Dependencies for
 - Support for copyright detection objects.
 
-- We can now collect packages from a Rust binary using rust-inspector (Linux-only)
-
 - A new field in packages with the license category for the
   detected license expression and also an API function to
   compute license categories from license expressions.
@@ -40,6 +38,33 @@ v33.0.0 (next next, roadmap)
 - Update Dockerfile and test container build.
   See https://github.com/aboutcode-org/scancode-toolkit/issues/3955
 
+v32.3.1 - 2024-01-06
+--------------------
+
+This is a minor release with license and package detection
+improvements, bugfixes and with new and updated license detection rules
+and new licenses added.
+
+- We can now collect packages from a Rust binary using rust-inspector
+  for rust binaries built with `cargo-auditable`(Linux-only)
+  Also adds a plugin for colelcting rust symbols with the option
+  ``--rust-symbol``. See the initial release for more info:
+  https://github.com/aboutcode-org/rust-inspector/releases/tag/v0.1.0
+  https://github.com/aboutcode-org/scancode-toolkit/pull/4043
+
+- Improves and adds bugfixes for package detection in the following ecosystems:
+  conda, npm, rust, go.
+  https://github.com/aboutcode-org/scancode-toolkit/pull/4073
+
+- Updates go-inspector to v0.5.0 . GoReSym is now built from source and has
+  been updated to v3.0.1. https://github.com/aboutcode-org/scancode-toolkit/pull/3972
+
+- Adds new and updated licenses, license detection rules.
+  https://github.com/aboutcode-org/scancode-toolkit/pull/3963
+
+- Adds the latest license-expression with an updated licenseDB.
+  https://github.com/aboutcode-org/scancode-toolkit/pull/3960
+
 v32.3.0 - 2024-10-21
 --------------------
 

azure-pipelines.yml

@@ -138,8 +138,8 @@ jobs:
 
     - template: etc/ci/azure-posix.yml
       parameters:
-          job_name: macos12_cpython
-          image_name: macOS-12
+          job_name: macos14_cpython
+          image_name: macOS-14
           python_versions: ['3.9', '3.10', '3.11', '3.12']
           python_architecture: x64
           test_suites:

configure

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0 AND MIT
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
 # ScanCode is a trademark of nexB Inc.
-# See https://github.com/nexB/ for support or download.
+# See https://github.com/aboutcode-org/ for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 

configure.bat

@@ -4,7 +4,7 @@
 @rem Copyright (c) nexB Inc. and others. All rights reserved.
 @rem SPDX-License-Identifier: Apache-2.0
 @rem See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-@rem See https://github.com/nexB/ for support or download.
+@rem See https://github.com/aboutcode-org/ for support or download.
 @rem See https://aboutcode.org for more information about nexB OSS projects.
 
 

docs/source/conf.py

@@ -47,7 +47,7 @@
 
 # This points to aboutcode.readthedocs.io
 # In case of "undefined label" ERRORS check docs on intersphinx to troubleshoot
-# Link was created at commit - https://github.com/nexB/aboutcode/commit/faea9fcf3248f8f198844fe34d43833224ac4a83
+# Link was created at commit - https://github.com/aboutcode-org/aboutcode/commit/faea9fcf3248f8f198844fe34d43833224ac4a83
 
 intersphinx_mapping = {
     "aboutcode": ("https://aboutcode.readthedocs.io/en/latest/", None),

etc/scripts/check_thirdparty.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import click
@@ -17,7 +17,8 @@
 @click.option(
     "-d",
     "--dest",
-    type=click.Path(exists=True, readable=True, path_type=str, file_okay=False),
+    type=click.Path(exists=True, readable=True,
+                    path_type=str, file_okay=False),
     required=True,
     help="Path to the thirdparty directory to check.",
 )

etc/scripts/fetch_thirdparty.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
@@ -55,7 +55,8 @@
     "-d",
     "--dest",
     "dest_dir",
-    type=click.Path(exists=True, readable=True, path_type=str, file_okay=False),
+    type=click.Path(exists=True, readable=True,
+                    path_type=str, file_okay=False),
     metavar="DIR",
     default=utils_thirdparty.THIRDPARTY_DIR,
     show_default=True,
@@ -224,7 +225,8 @@ def fetch_thirdparty(
     environments = None
     if wheels:
         evts = itertools.product(python_versions, operating_systems)
-        environments = [utils_thirdparty.Environment.from_pyver_and_os(pyv, os) for pyv, os in evts]
+        environments = [utils_thirdparty.Environment.from_pyver_and_os(
+            pyv, os) for pyv, os in evts]
 
     # Collect PyPI repos
     repos = []
@@ -260,13 +262,14 @@ def fetch_thirdparty(
                     repos=repos,
                 )
                 if not fetched:
-                    wheels_or_sdist_not_found[f"{name}=={version}"].append(environment)
+                    wheels_or_sdist_not_found[f"{name}=={version}"].append(
+                        environment)
                     if TRACE:
                         print(f"      NOT FOUND")
 
         if (sdists or
             (f"{name}=={version}" in wheels_or_sdist_not_found and name in sdist_only)
-         ):
+            ):
             if TRACE:
                 print(f"  ==> Fetching sdist: {name}=={version}")
 
@@ -289,7 +292,8 @@ def fetch_thirdparty(
         sdist_missing = sdists and "sdist" in dists and not name in wheel_only
         if sdist_missing:
             mia.append(f"SDist missing: {nv} {dists}")
-        wheels_missing = wheels and any(d for d in dists if d != "sdist") and not name in sdist_only
+        wheels_missing = wheels and any(
+            d for d in dists if d != "sdist") and not name in sdist_only
         if wheels_missing:
             mia.append(f"Wheels missing: {nv} {dists}")
 
@@ -299,7 +303,8 @@ def fetch_thirdparty(
         raise Exception(mia)
 
     print(f"==> FETCHING OR CREATING ABOUT AND LICENSE FILES")
-    utils_thirdparty.fetch_abouts_and_licenses(dest_dir=dest_dir, use_cached_index=use_cached_index)
+    utils_thirdparty.fetch_abouts_and_licenses(
+        dest_dir=dest_dir, use_cached_index=use_cached_index)
     utils_thirdparty.clean_about_files(dest_dir=dest_dir)
 
     # check for problems

etc/scripts/gen_requirements.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import argparse

etc/scripts/gen_requirements_dev.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import argparse

etc/scripts/utils_dejacode.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import io
@@ -33,7 +33,8 @@
 
 def can_do_api_calls():
     if not DEJACODE_API_KEY and DEJACODE_API_URL:
-        print("DejaCode DEJACODE_API_KEY and DEJACODE_API_URL not configured. Doing nothing")
+        print(
+            "DejaCode DEJACODE_API_KEY and DEJACODE_API_URL not configured. Doing nothing")
         return False
     else:
         return True
@@ -68,7 +69,8 @@ def get_package_data(distribution):
         return results[0]
 
     elif len_results > 1:
-        print(f"More than 1 entry exists, review at: {DEJACODE_API_URL_PACKAGES}")
+        print(
+            f"More than 1 entry exists, review at: {DEJACODE_API_URL_PACKAGES}")
     else:
         print("Could not find package:", distribution.download_url)
 
@@ -149,7 +151,8 @@ def find_latest_dejacode_package(distribution):
     # there was no exact match, find the latest version
     # TODO: consider the closest version rather than the latest
     # or the version that has the best data
-    with_versions = [(packaging_version.parse(p["version"]), p) for p in packages]
+    with_versions = [(packaging_version.parse(p["version"]), p)
+                     for p in packages]
     with_versions = sorted(with_versions)
     latest_version, latest_package_version = sorted(with_versions)[-1]
     print(

etc/scripts/utils_requirements.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
@@ -102,7 +102,8 @@ def lock_dev_requirements(
     all_req_nvs = get_required_name_versions(all_req_lines)
     dev_only_req_nvs = {n: v for n, v in all_req_nvs if n not in main_names}
 
-    new_reqs = "\n".join(f"{n}=={v}" for n, v in sorted(dev_only_req_nvs.items()))
+    new_reqs = "\n".join(
+        f"{n}=={v}" for n, v in sorted(dev_only_req_nvs.items()))
     with open(dev_requirements_file, "w") as fo:
         fo.write(new_reqs)
 
@@ -113,10 +114,12 @@ def get_installed_reqs(site_packages_dir):
     as a text.
     """
     if not os.path.exists(site_packages_dir):
-        raise Exception(f"site_packages directory: {site_packages_dir!r} does not exists")
+        raise Exception(
+            f"site_packages directory: {site_packages_dir!r} does not exists")
     # Also include these packages in the output with --all: wheel, distribute,
     # setuptools, pip
-    args = ["pip", "freeze", "--exclude-editable", "--all", "--path", site_packages_dir]
+    args = ["pip", "freeze", "--exclude-editable",
+            "--all", "--path", site_packages_dir]
     return subprocess.check_output(args, encoding="utf-8")