chore(deps): update dependency scancode-toolkit to v32.3.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
scancode-toolkit	==32.1.0 -> ==32.3.2

---

Release Notes

aboutcode-org/scancode-toolkit (scancode-toolkit)

v32.3.2

Compare Source

This is a patch release with license and package detection
improvements, bugfixes and with new and updated license detection rules
and new licenses added.

Bugfixes:

• Fix package resource assignment for JAVA jars in scancode.io
  https://github.com/aboutcode-org/scancode-toolkit/pull/39833983

• Fix missing spdx license expression in license detections
  https://github.com/aboutcode-org/scancode-toolkit/issues/40154015

• Enforce --path as a required parameter for scancode-license-data
  console scrihttps://github.com/aboutcode-org/scancode-toolkit/issues/4024ues/4024

• Fix conda environment.yaml parsing errors.
  https://github.com/aboutcode-org/scancode-toolkit/pull/40784078

• Fix npm package parsing bug for packages with workspaces.
  https://github.com/aboutcode-org/scancode.io/issues/15211521

New features/licenses:

• Adds support for pnpm lock YAML v9
  https://github.com/pnpm/spec/blob/master/lockfile/9.0.md

• Add licenses from SPDX License List 3.26
  https://github.com/aboutcode-org/scancode-toolkit/issues/40454045

• Add assembly and identification of conda package files in
  root filesystem installatihttps://github.com/aboutcode-org/scancode-toolkit/issues/4083ues/4083

v32.3.1

Compare Source

This is a patch release with license and package detection
improvements, bugfixes and with new and updated license detection rules
and new licenses added.

• We can now collect packages from a Rust binary using rust-inspector
  for rust binaries built with cargo-auditable(Linux-only)
  Also adds a plugin for colelcting rust symbols with the option
  --rust-symbol. See the initial release for more info:
  https://github.com/aboutcode-org/rust-inspector/releases/tag/v0.[https://github.com/aboutcode-org/scancode-toolkit/pull/4043](https://redirect.github.com/aboutcode-org/scancode-toolkit/pull/4043)ull/4043

• Improves and adds bugfixes for package detection in the following ecosystems:
  conda, npm, rust, https://github.com/aboutcode-org/scancode-toolkit/pull/4073ull/4073

• Updates go-inspector to v0.5.0 . GoReSym is now built from source and has
  been updated to v3.0https://github.com/aboutcode-org/scancode-toolkit/pull/39723972

• Adds new and updated licenses, license detection rules.
  https://github.com/aboutcode-org/scancode-toolkit/pull/39633963

• Adds the latest license-expression with an updated licenseDB.
  https://github.com/aboutcode-org/scancode-toolkit/pull/39603960

v32.3.0

Compare Source

Major API/other changes:

• Output Format Version updated to 4.0.0 (major version bump)
• Dependency attribute rename: is_resolved renamed to is_pinned
  https://github.com/nexB/scancode-toolkit/pull/38883888 for more details.
• License Match attribute rename: spdx_license_expression is renamed to
  license_expression_spdx.

Changes in Output Data Structure:

• The data structure of the JSON output has changed for:

  • dependencies at file level package_data, and at top-level.

  • license matches at file level or unique codebase level license detections
    Note that the change is a modification to the JSON output,
    so we have a major version bump 3.2.0 to 4.0.0:

  • Dependency attribute is_resolved renamed to is_pinned

  • LicenseMatch attribute spdx_license_expression renamed to
    license_expression_spdx

• Update link references of ownership from nexB to aboutcode-org
  https://github.com/aboutcode-org/scancode-toolkit/issues/38853885

• New and updated licenses, including support for newly released
  SPDX license list versions:

  • SPDX License List 3.25.0:
    This release of the SPDX license list had 9 new licenses
    and exceptions, and out of them 5 were present as licenses
    and 2 were present as rules already. There were 2 new
    license/exception texts added, and also 1 license was dhttps://github.com/aboutcode-org/scancode-toolkit/pull/3897Synchronize Licenses and update SPDX License List to 3.25.0 aboutcode-org/scancode-toolkit#3897

• New and improved copyright detection with many false positive removed
  and refined detection added.

• Fix Python SyntaxWarning in textcode module.

• Improve python, npm, yarn, go package detections:
  https://github.com/aboutcode-org/scancode-toolkit/pull/38573https://github.com/aboutcode-org/scancode-toolkit/pull/3869uhttps://github.com/aboutcode-org/scancode-toolkit/pull/3943ihttps://github.com/aboutcode-org/scancode-toolkit/pull/3894oolkit/pull/3894

• Drop python 3.8 support as this is end of life. Please use older releases if you
  are using python 3.8 but this is not recommended.

• We can now collect packages from a Go binary using go-inspector (Linux-only)
  https://github.com/aboutcode-org/scancode-toolkit/pull/38943894

v32.2.1

Compare Source

• Add support for parsing resolved packages and dependency relationships
  from nuget lockfile packages.lock.json.
  https://github.com/nexB/scancode-toolkit/pull/38253825

• Add support for parsing resolved packages and dependency relationships
  from cocoapods lockfile Podfile.lock.
  https://github.com/nexB/scancode-toolkit/pull/38273827

• Add support for parsing packages and dependency relationships
  from swift swift-show-dependencies.deplock generated by DepLock.
  https://github.com/nexB/scancode-toolkit/pull/38293829

• Add support for pip-inspect.deplock files to parse and store
  resolved packages and dependency relationships, to statically
  resolve a python dependency grahttps://github.com/nexB/scancode.io/issues/1262deps: update dependency @types/node to v22.15.27 #1262

• Add support for poetry packages, with poetry specific pyproject.toml
  support, poetry.lock and package assembly support. Also add support
  for parsing and storing resolved packages and dependency relationships
  required to statically resolve poetry dependecy https://github.com/nexB/scancode-toolkit/issues/2109lkit/issues/2109

• Add support for pyproject.toml files in python projects.
  https://github.com/nexB/scancode-toolkit/issues/37533753

• More improved copyright detection, see
  https://github.com/nexB/scancode-toolkit/pull/37523752

• scancode-toolkit is now installable from the fedora repo.
  https://github.com/nexB/scancode-toolkit/pull/38243824

v32.2.0

Compare Source

• New and improved package/dependency data:

  • Added new attribute in DependentPackage is_direct to aid
    package resolution and dependency graph creation.
  • Added new attributes in PackageData: is_private and
    is_virtual. #​3102 #​3811
    https://github.com/nexB/scancode-toolkit/pull/3779ull/3779

• Improved javascript package detection:

  • Add support for pnpm manifests and lockfiles #​3766
  • Add support for npm, pnpm and yarn workspaces #​3746
  • Improve resolved package and dependencies support in lockfiles for
    yarn.lock, package-lock.json, and pnpm. #​3780
  • Add support for private packages. #​3120
  • Add support for new dependency scopes across javascript
  • Lots of misc bugfixes in yarn and npm parsers.
    https://github.com/nexB/scancode-toolkit/pull/3779ull/3779

• Improve cargo package detection support with various improvements
  and bugfixes:

  • Fix for parser crashing on cargo workspaces
  • Fix a bug in dependency parsing (we were not returning any dependencies)
  • Also support getting dependency versions from workspace
  • Support more attributes from cargo
  • Better handle workspace data thorugh extra_data attribute
    https://github.com/nexB/scancode-toolkit/pull/3783ull/3783

• We now support parsing the Swift manifest JSON dump and the
  Package.resolved file https://github.com/nexB/scancode-toolkit/issues/2657.
  Run the command below on your local Swift project before running the scan:
  `swift package dump-package > Package.swift.json && swift package resolve``

• New and updated licenses, including support for newly released
  SPDX license list versions:

  • SPDX License List 3.24:
    This release of the SPDX license list had 25 new licenses
    and exceptions, and out of them 12 were present as licenses
    and 5 were present as rules already. There were 3 new
    license/exception texts added, and the rest 5 were either
    texts with small variations, additions to texts or several
    rule texts together. And the rest have bhttps://github.com/nexB/scancode-toolkit/pull/3795s see Update to SPDX license list 3.24.0 aboutcode-org/scancode-toolkit#3795

  • More new licenses and rules:

    • 23 new licenses in https://github.com/nexB/scancode-toolkit/pull/3778

---

Configuration

📅 Schedule: Branch creation - "after 9am and before 7pm every weekday" in timezone Europe/Tallinn, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.