Releases: github/go-spdx
Release v2.7.0
Overview
This release makes one changes:
- new validation function that returns the normalized/deduped list of valid licenses
validate, normalize, and dedup licenses
A new function was added, ValidateAndNormalizeLicensesWithOptions. It is functionally equivalent to ValidateLicensesWithOptions with options:
- FailComplexExpressions - rejects license that includes a conjunctive (e.g. "MIT AND Apache-2.0")
- FailDeprecatedLicenses - rejects deprecated SPDX license identifiers (e.g. "eCos-2.0")
- FailAllLicenseRefs - rejects all SPDX license references (e.g. "LicenseRef-MyLicense")
- FailAllDocumentRefs - rejects all SPDX document references (e.g. "DocumentRef-MyDocument")
ValidateLicensesWithOptions returns a boolean indicating whether all licenses are valid (i.e. true) or one of more are invalid (i.e. false). It also returns a list of any licenses that were invalid.
ValidateAndNormalizeLicensesWithOptions does not return a boolean. It returns 2 lists. The first is the list of normalized valid licenses that have been deduped. The second is a list of of any licenses that were invalid. If the invalid list is empty, then all licenses are valid.
Normalization and Deduping
licenses: `"mit", "apache-2.0"`
normalized: `"MIT", "Apache-2.0"`
licenses: `"mit", "MIT", " MIT ", "apache-2.0"`
normalized: `MIT, Apache-2.0`
What's Changed
Full Changelog: v2.6.0...v2.7.0
Contributors
Assets 2
Release v2.6.0
Overview
This release makes two changes:
- more control over how licenses are validated
- performance improvements
Control over license validation
A new function was added, ValidateLicensesWithOptions, that uses options to allow the caller to specify what to consider invalid.
All of these are valid by default which is consistent the with current behavior of ValidateLicenses.
- FailComplexExpressions - rejects license that includes a conjunctive (e.g. "MIT AND Apache-2.0")
- FailDeprecatedLicenses - rejects deprecated SPDX license identifiers (e.g. "eCos-2.0")
- FailAllLicenseRefs - rejects all SPDX license references (e.g. "LicenseRef-MyLicense")
- FailAllDocumentRefs - rejects all SPDX document references (e.g. "DocumentRef-MyDocument")
Usage
// equivalent to calling `ValidateLicenses`
valid, invalidLicenses := ValidateLicensesWithOptions(licenses, ValidateLicensesOptions{})
// reject only expressions that have a conjunctive
valid, invalidLicenses := ValidateLicensesWithOptions(licenses, ValidateLicensesOptions{FailComplexExpressions: true})
// reject expressions that have a conjunctive and deprecated licenses
valid, invalidLicenses := ValidateLicensesWithOptions(licenses, ValidateLicensesOptions{FailComplexExpressions: true, FailDeprecatedLicenses: true})What's Changed
Full Changelog: v2.5.0...v2.6.0
Contributors
Assets 2
v2.5.0
Contributors
Assets 2
Release v2.4.0
What's Changed
- performance improvements for Satisfies and ValidateLicenses (#132) @elrayle
- fix panic in parseWith (#129) @phameratl
- add licenses and exceptions (#130) actions
Full Changelog: v2.3.6...v2.4.0
Contributors
Assets 2
Release v2.3.6
What's Changed
- Bug fix for redundant
+operator being added in licenses ending in-or-later - Updated dependencies
Full Changelog: v2.3.5...v2.3.6
Release v2.3.5
Release v2.3.4
Release v2.3.3
What's Changed
- update licenses
- bump dependencies
- update maintainer list
Full Changelog: v2.3.2...v2.3.3
Update SPDX identifiers as of 2024-09-18
The only shipped change in this release is an update to the known SPDX identifiers, current as of 2024-09-18.
Release v2.3.1
Overview
This retracts release v2.3.0 due to compatibility issues upgrading to Go 1.22. This release returns to Go 1.21.
See release notes for v2.3.0 for all other changes in the go-spdx v2.3 update.