Skip to content

Releases: github/go-spdx

Release v2.3.6

13 Jan 21:43
@AshelyTC AshelyTC
v2.3.6
f3197ff
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.3.6 Latest
Latest

What's Changed

  • Bug fix for redundant + operator being added in licenses ending in -or-later
  • Updated dependencies

Full Changelog: v2.3.5...v2.3.6

Assets 2
Loading

Release v2.3.5

03 Dec 15:02
@elrayle elrayle
v2.3.5
7492bb1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.3.5

What's Changed

  • add licenses and exceptions
  • bump dependencies

Full Changelog: v2.3.4...v2.3.5

Loading

Release v2.3.4

20 Oct 21:33
@elrayle elrayle
v2.3.4
3ea60cf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.3.4

What's Changed

  • update licenses
  • bump dependencies

Full Changelog: v2.3.3...v2.3.4

Loading

Release v2.3.3

06 May 20:51
@elrayle elrayle
v2.3.3
59ab544
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.3.3

What's Changed

  • update licenses
  • bump dependencies
  • update maintainer list

Full Changelog: v2.3.2...v2.3.3

Loading

Update SPDX identifiers as of 2024-09-18

18 Sep 18:12
@dangoor dangoor
v2.3.2
e6a9114
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Update SPDX identifiers as of 2024-09-18

The only shipped change in this release is an update to the known SPDX identifiers, current as of 2024-09-18.

Loading

Release v2.3.1

18 Jun 11:33
@elrayle elrayle
v2.3.1
eacf4f3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.3.1

Overview

This retracts release v2.3.0 due to compatibility issues upgrading to Go 1.22. This release returns to Go 1.21.

See release notes for v2.3.0 for all other changes in the go-spdx v2.3 update.

Loading

Release v2.3.0

17 Jun 21:31
@elrayle elrayle
v2.3.0
ed138b1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.3.0

Overview

The process for updating SPDX licenses is now an automated process that runs nightly (ET). The script writes directly to the functions used to get the list of licenses, exceptions, and deprecations.

Updates licenses to latest SPDX license list which is v3.24.0 released on 2024-05-22 at the time of this PR.

Required Action for Upgrading

Run the following to update to this release.

go get github.com/github/[email protected]

What's Changed

Minor changes

  • Update SPDX license files (#75) (@github-actions, @elrayle)
  • add workflow to fetch spdx licenses (#62) (@elrayle)
  • Write updated licenses from SPDX directly to spdxlicenses package (#70) (@elrayle)
  • Move license functions returning SPDX licenses to spdxlicenses package (#68) (@elrayle)

Patch changes

  • add logging after writing license function files (#73) (@elrayle)
  • gitignore local copy of official spdx repo (#72) (@elrayle)
  • gitignore the path used to connect to the SPDX repo when fetching updated licenses (#67) (@elrayle)
  • Set up test workflow to be used for PR check (#63) (@elrayle)
  • plus dependency updates (see Full Changelog below)

Full Changelog: v2.2.0...v3.0.0

Contributors

elrayle
Loading

Release v2.2.0

19 Sep 14:33
@ajhenry ajhenry
v2.2.0
e0a077a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.2.0

Overview

This is a minor update to add a new function ExtractLicenses to the API.

Required Actions for Updating

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

This function allows SPDX licenses to be extracted from any valid SPDX expression.

licenses, err := ExtractLicenses("(MIT AND APACHE-2.0) OR (APACHE-2.0)")
assert.Equal(licenses, []string{"MIT", "Apache-2.0"})

What's Changed

  • Add a new ExtractLicenses function for pulling out SPDX licenses (ajhenry)

Full Changelog: v2.1.2...v2.2.0

Loading

Release v2.1.2

21 Mar 15:00
@elrayle elrayle
v2.1.2
0e88248
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.1.2

Overview

This is a minor bug fix release. Fixes a bug where GPL-2.0 did not match GPL-2.0-only.

Required Actions for Updating

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

Most of the changes are adding test-cases that would have caught the bug. The only substantive changes are in the range checks in node.go. There is one minor change to compareEQ() to short cut the comparison if the two licenses are the same.

  • check all simple cases before checking ranges (i.e. nodes are not licenses, exceptions are not equal, licenses are exactly equal) This is less expensive than range checks.
  • remove any simple checks that were repeated in range check methods
  • add comment describing license ranges
  • add comments about what is expected depending on whether one or both licenses have has_plus==true
  • fix the bug by checking that both license are in the same range when neither node has_plus

What's Changed

  • fix bug where GPL-2.0 failed to match GPL-2.0-only #42 (elrayle)

Full Changelog: v2.1.1...v2.1.2

Loading

Release v2.1.1

08 Feb 22:51
@elrayle elrayle
v2.1.1
9f2f2c0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.1.1

Overview

This is a minor bug fix release. Provides better error messages for malformed expressions.

Required Actions for Updating

Run the following to update to this release.

go get github.com/github/go-spdx/[email protected]

Details

invalid expression error message
(MIT open parenthesis does not have a matching close parenthesis
MIT) close parenthesis does not have a matching open parenthesis
)MIT expression starts with close parenthesis
MIT APACHE-2.0 licenses or expressions are not separated by an operator
MIT OR expected expression following OR, but found none
MIT AND expected expression following AND, but found none
OR MIT expression starts with OR
AND MIT expression starts with AND
MIT OR OR Apache-2.0 expected license or expression, but found OR
MIT AND AND Apaches-2.0 expected license or expression, but found AND
when cause is unknown syntax error

What's Changed

  • improve checking for syntax errors #37 (elrayle)
Loading