Releases: github/go-spdx
Update SPDX identifiers as of 2024-09-18
Release v2.3.1
Overview
This retracts release v2.3.0 due to compatibility issues upgrading to Go 1.22. This release returns to Go 1.21.
See release notes for v2.3.0 for all other changes in the go-spdx v2.3 update.
Release v2.3.0
Overview
The process for updating SPDX licenses is now an automated process that runs nightly (ET). The script writes directly to the functions used to get the list of licenses, exceptions, and deprecations.
Updates licenses to latest SPDX license list which is v3.24.0 released on 2024-05-22 at the time of this PR.
Required Action for Upgrading
Run the following to update to this release.
go get github.com/github/[email protected]
What's Changed
Minor changes
- Update SPDX license files (#75) (@github-actions, @elrayle)
- add workflow to fetch spdx licenses (#62) (@elrayle)
- Write updated licenses from SPDX directly to spdxlicenses package (#70) (@elrayle)
- Move license functions returning SPDX licenses to spdxlicenses package (#68) (@elrayle)
Patch changes
- add logging after writing license function files (#73) (@elrayle)
- gitignore local copy of official spdx repo (#72) (@elrayle)
- gitignore the path used to connect to the SPDX repo when fetching updated licenses (#67) (@elrayle)
- Set up test workflow to be used for PR check (#63) (@elrayle)
- plus dependency updates (see Full Changelog below)
Full Changelog: v2.2.0...v3.0.0
Release v2.2.0
Overview
This is a minor update to add a new function ExtractLicenses
to the API.
Required Actions for Updating
Run the following to update to this release.
go get github.com/github/go-spdx/[email protected]
Details
This function allows SPDX licenses to be extracted from any valid SPDX expression.
licenses, err := ExtractLicenses("(MIT AND APACHE-2.0) OR (APACHE-2.0)")
assert.Equal(licenses, []string{"MIT", "Apache-2.0"})
What's Changed
- Add a new
ExtractLicenses
function for pulling out SPDX licenses (ajhenry)
Full Changelog: v2.1.2...v2.2.0
Release v2.1.2
Overview
This is a minor bug fix release. Fixes a bug where GPL-2.0
did not match GPL-2.0-only
.
Required Actions for Updating
Run the following to update to this release.
go get github.com/github/go-spdx/[email protected]
Details
Most of the changes are adding test-cases that would have caught the bug. The only substantive changes are in the range checks in node.go. There is one minor change to compareEQ() to short cut the comparison if the two licenses are the same.
- check all simple cases before checking ranges (i.e. nodes are not licenses, exceptions are not equal, licenses are exactly equal) This is less expensive than range checks.
- remove any simple checks that were repeated in range check methods
- add comment describing license ranges
- add comments about what is expected depending on whether one or both licenses have has_plus==true
- fix the bug by checking that both license are in the same range when neither node has_plus
What's Changed
- fix bug where GPL-2.0 failed to match GPL-2.0-only #42 (elrayle)
Full Changelog: v2.1.1...v2.1.2
Release v2.1.1
Overview
This is a minor bug fix release. Provides better error messages for malformed expressions.
Required Actions for Updating
Run the following to update to this release.
go get github.com/github/go-spdx/[email protected]
Details
invalid expression | error message |
---|---|
(MIT |
open parenthesis does not have a matching close parenthesis |
MIT) |
close parenthesis does not have a matching open parenthesis |
)MIT |
expression starts with close parenthesis |
MIT APACHE-2.0 |
licenses or expressions are not separated by an operator |
MIT OR |
expected expression following OR, but found none |
MIT AND |
expected expression following AND, but found none |
OR MIT |
expression starts with OR |
AND MIT |
expression starts with AND |
MIT OR OR Apache-2.0 |
expected license or expression, but found OR |
MIT AND AND Apaches-2.0 |
expected license or expression, but found AND |
when cause is unknown | syntax error |
What's Changed
- improve checking for syntax errors #37 (elrayle)
v2.1.0
Overview
The list of active, deprecated, and exception licenses have been updated to the latest based on the official list from the spdx specification.
Part of this release is the addition of a utility that extracts just the IDs from the full json record for each license.
Required Actions for Upgrading
Run the following to update to this release.
go get github.com/github/go-spdx/[email protected]
Details
License ID Extraction Utility
Extracts license, deprecation, and exception ids from the official spdx license list data.
The source data needs to be manually updated by copying the licenses.json file from
https://github.com/spdx/license-list-data/blob/main/json/licenses.json and exceptions.json
file from https://github.com/spdx/license-list-data/blob/main/json/exceptions.json.
After running the extract command, the license_ids.json, deprecated_ids.json, and exception_ids.json
files will be overwritten with the extracted ids. These license ids can then be used to update the
spdxexp/license.go file.
Command to run all extractions (run command from the /cmd directory):
go run . extract -l -e
Usage options:
-h: prints this help message
-l: Extract license ids
-e: Extract exception ids
What's Changed
Release v2.0.1
Overview
This updates the module name to end in /v2
. This is required by go get
when there is a major version change.
Required Action for Upgrading
Run the following to update to this release.
go get github.com/github/go-spdx/[email protected]
Details
The initial release of v2.0.0 did not update the module name. When trying to update to that version, you will see an error.
$ go get -u github.com/github/[email protected]
go: github.com/github/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/github/go-spdx/v2")
To address this, the v2.0.1 release updates the module name to end in /v2
.
What's Changed
- module name must end in v2 for latest go conventions #28 (elrayle)
Full Changelog: v2.0.0...v2.0.1
Release v2.0.0
Overview
This is a breaking change that renames the primary package from expression
to spdxexp
. This provides better context in use (e.g. spdxexp.Satisfies
).
Required Action for Upgrading
Run the following to update to this release.
go get github.com/github/[email protected]
What's Changed
- rename package from expression to spdxexp #27 (elrayle)
Full Changelog: v1.0.0...v2.0.0
Release v1.0.0
Overview
This is a major change that renames the repository from spdx-expression
to go-spdx
. It also renames the primary package from spdxexp
to expression
. Both changes are designed to more closely align naming with go conventions.
Required Action for Upgrading
Run the following to update to this release.
go get github.com/github/[email protected]
What's Changed
- rename repository to
go-spdx
- rename spdx package expression #26 (elrayle)
Full Changelog: v0.3.2...v1.0.0