Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Order dependency records contents before comparing #516

Merged
merged 3 commits into from
Jun 2, 2022
Merged

Order dependency records contents before comparing #516

merged 3 commits into from
Jun 2, 2022

Conversation

jonabc
Copy link
Contributor

@jonabc jonabc commented Jun 2, 2022

When licensed and/or licensee is looking for license files in a repo it doesn't look like there is any explicit content ordering, which makes it possible for a version upgrade of a dependency to find licenses in a different order than what's present in a cached file.

This PR adds a sort key for DependencyRecord::License objects. The key is used in DependencyRecord#content to make the comparison between license contents read from a stored metadata file in the repo and license contents found from live dependency listing order-agnostic.

jonabc and others added 2 commits June 2, 2022 09:35
@jonabc
compare records in deterministic order
8c7ecf2 
as long as the license text and sources are the same,
it doesn't matter what order they're found
Auto-update license files
a97951c
@jonabc jonabc mentioned this pull request Jun 2, 2022
Merged
@jonabc
Copy link
Contributor Author

jonabc commented Jun 2, 2022

The licensed-ci GitHub Action has created a pull request containing license metadata updates based on the changes in this branch.

Please review the pull request for any additional changes required and merge when ready.

@jonabc
Merge pull request #517 from github/ordered-license-content-compariso…
ed9208c 
…n-licenses

License updates for ordered-license-content-comparison
@jonabc jonabc merged commit 76795e0 into master Jun 2, 2022
@jonabc jonabc deleted the ordered-license-content-comparison branch June 2, 2022 17:31
jonabc added a commit that referenced this pull request Jun 2, 2022
@jonabc
release 3.7.2
52e9b6b 
## 3.7.2

### Fixed

- Comparing dependency license contents now finds matching contents regardless of the order of the licenses (#516)
- Fixed typo in a link in README.md (#514)

### Changed

- Elixir testing setup is migrated to erlef/setup-beam (#512)
@jonabc jonabc mentioned this pull request Jun 2, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jonabc