Changes in Update Released on 18-July-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
GPL-AGPL-LGPL License Cleanup
There are three issues we are addressing as part of this GPL-AGPL-LGPL License data cleanup project:
Example: jquery 6.2.0 (GPL-1.0)
Here GPL-1.0 is the license with the short name associated with the component jquery.
- Short Name Change
When a particular license short name is changed and released as part of an electronic update, the short name is not automatically propagated to the inventory items with that selected license. For example, when we change the short name of license id 343 from "GPL-1.0” to “GPL-1.0-only” in an electronic update, the existing inventory items names with that selected license will not be updated. - Component to License Mapping Change
When the component to license mapping is changed, let’s say jquery is mapped with "Apache-2.0" in the electronic update, then this new mapping wouldn’t be propagated to existing inventory items. This results in inconsistency between the license mapping, existing inventory items, and future inventory items using the new license mapping. - Duplicate entry cleanup
- After running the cleanup scripts, there are possibility of having duplicate entries for the licenses which had mappings in component table and versions table. In our case, we have mappings for 3 licenses, i.e LGPL-2.1-or-later(License_id=704), AGPL-1.0-only(License_id=1654) and AGPL-3.0-only(License_id=229).
Around 16 GPL-AGPL-LGPL related licenses are updated and workaround has been provided for necessary scenarios.
For detailed information and workarounds, see the Code Insight GPL/LGPL/AGPL License Data Cleanup Project article in the Revenera Community.
| Issue ID | Issue Summary |
|---|---|
| SCA-40135 | Updating the GPL related licenses in the data library according to SPDX |
| SCA-40180, SCA-41672 | Preparation of scripts related to changes made to GPL, LGPL and AGPL licenses. |
| SCA-42149 | Updated version information for the component minimist. |
Enhanced License Detection Capability for Components
License detection capability and license evidence mechanism for GPL-LGPL-AGPL related licenses (part of GPL-AGPL-LGPL license cleanup activity) was updated/added for the following components:
-
AGPL-1.0-only
-
AGPL-1.0-or-later
-
AGPL-3.0-only
-
AGPL-3.0-or-later
-
GPL-1.0-only
-
GPL-1.0-or-later
-
GPL-2.0-only
-
GPL-2.0-or-later
-
GPL-3.0-only
-
GPL-3.0-or-later
-
LGPL-2.0-only
-
LGPL-2.0-or-later
-
LGPL-2.1-only
-
LGPL-2.1-or-later
-
LGPL-3.0-only
-
LGPL-3.0-or-later
Collector Status
The following table lists Collector Status information.
| Name | Date of Last Successful Run |
|---|---|
| gitlab | 5/13/2022 |
| maven2-ibiblio | 6/30/2022 |
| nuget gallery | 7/4/2022 |
| clojars | 7/7/2022 |
| cpan | 7/7/2022 |
| rubygems | 7/7/2022 |
| cran | 7/9/2022 |
| maven-google | 7/9/2022 |
| hackage | 7/10/2022 |
| packagist | 7/11/2022 |
| go | 7/12/2022 |
| pypi | 7/13/2022 |
| github | 7/13/2022 |
| crates | 7/13/2022 |
| fedora-koji | 7/13/2022 |
| npm | 1/30/2022 |