Skip to content

Releases: github/go-spdx

Update SPDX identifiers as of 2024-09-18

18 Sep 18:12
e6a9114
Compare
Choose a tag to compare

The only shipped change in this release is an update to the known SPDX identifiers, current as of 2024-09-18.

Release v2.3.1

18 Jun 11:33
eacf4f3
Compare
Choose a tag to compare

Overview

This retracts release v2.3.0 due to compatibility issues upgrading to Go 1.22. This release returns to Go 1.21.

See release notes for v2.3.0 for all other changes in the go-spdx v2.3 update.

Release v2.3.0

17 Jun 21:31
ed138b1
Compare
Choose a tag to compare

Overview

The process for updating SPDX licenses is now an automated process that runs nightly (ET). The script writes directly to the functions used to get the list of licenses, exceptions, and deprecations.

Updates licenses to latest SPDX license list which is v3.24.0 released on 2024-05-22 at the time of this PR.

Required Action for Upgrading

Run the following to update to this release.

go get github.com/github/[email protected]

What's Changed

Minor changes

  • Update SPDX license files (#75) (@github-actions, @elrayle)
  • add workflow to fetch spdx licenses (#62) (@elrayle)
  • Write updated licenses from SPDX directly to spdxlicenses package (#70) (@elrayle)
  • Move license functions returning SPDX licenses to spdxlicenses package (#68) (@elrayle)

Patch changes

  • add logging after writing license function files (#73) (@elrayle)
  • gitignore local copy of official spdx repo (#72) (@elrayle)
  • gitignore the path used to connect to the SPDX repo when fetching updated licenses (#67) (@elrayle)
  • Set up test workflow to be used for PR check (#63) (@elrayle)
  • plus dependency updates (see Full Changelog below)

Full Changelog: v2.2.0...v3.0.0

Release v2.2.0

19 Sep 14:33
e0a077a
Compare
Choose a tag to compare

Overview

This is a minor update to add a new function ExtractLicenses to the API.

Required Actions for Updating

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

This function allows SPDX licenses to be extracted from any valid SPDX expression.

licenses, err := ExtractLicenses("(MIT AND APACHE-2.0) OR (APACHE-2.0)")
assert.Equal(licenses, []string{"MIT", "Apache-2.0"})

What's Changed

  • Add a new ExtractLicenses function for pulling out SPDX licenses (ajhenry)

Full Changelog: v2.1.2...v2.2.0

Release v2.1.2

21 Mar 15:00
0e88248
Compare
Choose a tag to compare

Overview

This is a minor bug fix release. Fixes a bug where GPL-2.0 did not match GPL-2.0-only.

Required Actions for Updating

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

Most of the changes are adding test-cases that would have caught the bug. The only substantive changes are in the range checks in node.go. There is one minor change to compareEQ() to short cut the comparison if the two licenses are the same.

  • check all simple cases before checking ranges (i.e. nodes are not licenses, exceptions are not equal, licenses are exactly equal) This is less expensive than range checks.
  • remove any simple checks that were repeated in range check methods
  • add comment describing license ranges
  • add comments about what is expected depending on whether one or both licenses have has_plus==true
  • fix the bug by checking that both license are in the same range when neither node has_plus

What's Changed

  • fix bug where GPL-2.0 failed to match GPL-2.0-only #42 (elrayle)

Full Changelog: v2.1.1...v2.1.2

Release v2.1.1

08 Feb 22:51
9f2f2c0
Compare
Choose a tag to compare

Overview

This is a minor bug fix release. Provides better error messages for malformed expressions.

Required Actions for Updating

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

invalid expression error message
(MIT open parenthesis does not have a matching close parenthesis
MIT) close parenthesis does not have a matching open parenthesis
)MIT expression starts with close parenthesis
MIT APACHE-2.0 licenses or expressions are not separated by an operator
MIT OR expected expression following OR, but found none
MIT AND expected expression following AND, but found none
OR MIT expression starts with OR
AND MIT expression starts with AND
MIT OR OR Apache-2.0 expected license or expression, but found OR
MIT AND AND Apaches-2.0 expected license or expression, but found AND
when cause is unknown syntax error

What's Changed

  • improve checking for syntax errors #37 (elrayle)

v2.1.0

17 Jan 14:42
9f1f925
Compare
Choose a tag to compare

Overview

The list of active, deprecated, and exception licenses have been updated to the latest based on the official list from the spdx specification.

Part of this release is the addition of a utility that extracts just the IDs from the full json record for each license.

Required Actions for Upgrading

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

License ID Extraction Utility

Extracts license, deprecation, and exception ids from the official spdx license list data.
The source data needs to be manually updated by copying the licenses.json file from
https://github.com/spdx/license-list-data/blob/main/json/licenses.json and exceptions.json
file from https://github.com/spdx/license-list-data/blob/main/json/exceptions.json.

After running the extract command, the license_ids.json, deprecated_ids.json, and exception_ids.json
files will be overwritten with the extracted ids. These license ids can then be used to update the
spdxexp/license.go file.

Command to run all extractions (run command from the /cmd directory):

go run . extract -l -e

Usage options:

-h: prints this help message
-l: Extract license ids
-e: Extract exception ids

What's Changed

  • update license lists from official spdx data #35 (elrayle)
  • add documentation for license extraction utility #34 (elrayle)

Release v2.0.1

01 Dec 17:21
a7497e7
Compare
Choose a tag to compare

Overview

This updates the module name to end in /v2. This is required by go get when there is a major version change.

Required Action for Upgrading

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

The initial release of v2.0.0 did not update the module name. When trying to update to that version, you will see an error.

$ go get -u github.com/github/[email protected]
go: github.com/github/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/github/go-spdx/v2")

To address this, the v2.0.1 release updates the module name to end in /v2.

What's Changed

  • module name must end in v2 for latest go conventions #28 (elrayle)

Full Changelog: v2.0.0...v2.0.1

Release v2.0.0

01 Dec 16:18
cf11334
Compare
Choose a tag to compare

Overview

This is a breaking change that renames the primary package from expression to spdxexp. This provides better context in use (e.g. spdxexp.Satisfies).

Required Action for Upgrading

Run the following to update to this release.

go get github.com/github/[email protected]

What's Changed

  • rename package from expression to spdxexp #27 (elrayle)

Full Changelog: v1.0.0...v2.0.0

Release v1.0.0

01 Dec 00:42
82503af
Compare
Choose a tag to compare

Overview

This is a major change that renames the repository from spdx-expression to go-spdx. It also renames the primary package from spdxexp to expression. Both changes are designed to more closely align naming with go conventions.

Required Action for Upgrading

Run the following to update to this release.

go get github.com/github/[email protected]

What's Changed

  • rename repository to go-spdx
  • rename spdx package expression #26 (elrayle)

Full Changelog: v0.3.2...v1.0.0