From f1f1433c49c4b38a3e56f25443bc7c782909b827 Mon Sep 17 00:00:00 2001 From: yashkohli88 Date: Tue, 30 Jan 2024 13:42:45 +0530 Subject: [PATCH 1/2] Licensee, Ruby and its dependency updated in Dockerfile and DevDockerfile --- DevDockerfile | 20 +++++++++----------- Dockerfile | 20 +++++++++----------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/DevDockerfile b/DevDockerfile index 6a9816d4..90a9f489 100644 --- a/DevDockerfile +++ b/DevDockerfile @@ -10,10 +10,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER # Ruby and Python Dependencies RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \ rm -rf /var/lib/apt/lists/* && \ - curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \ + curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \ cd /tmp/ruby-build-* && ./install.sh && cd / && \ - ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \ - gem install bundler -v 2.3.26 --no-document + ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \ + gem install bundler -v 2.5.4 --no-document # Scancode ARG SCANCODE_VERSION="30.1.0" @@ -27,14 +27,12 @@ RUN pip3 install --upgrade pip setuptools wheel && \ ENV SCANCODE_HOME=/usr/local/bin # Licensee -# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while -# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts -# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344. -# So we pin to the previous version of nokogiri and faraday. -RUN gem install nokogiri:1.12.5 --no-document && \ - gem install faraday:1.10.0 --no-document && \ - gem install public_suffix:4.0.7 --no-document && \ - gem install licensee:9.12.0 --no-document +# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version, +# component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +RUN gem install nokogiri:1.16.0 --no-document && \ + gem install faraday:2.9.0 --no-document && \ + gem install public_suffix:5.0.4 --no-document && \ + gem install licensee:9.16.1 --no-document # REUSE RUN pip3 install setuptools diff --git a/Dockerfile b/Dockerfile index 3cc9ab55..1e4f2e45 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,10 +16,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER # Ruby and Python Dependencies RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \ rm -rf /var/lib/apt/lists/* && \ - curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \ + curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \ cd /tmp/ruby-build-* && ./install.sh && cd / && \ - ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \ - gem install bundler -v 2.3.26 --no-document + ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \ + gem install bundler -v 2.5.4 --no-document # Scancode ARG SCANCODE_VERSION="30.1.0" @@ -33,14 +33,12 @@ RUN pip3 install --upgrade pip setuptools wheel && \ ENV SCANCODE_HOME=/usr/local/bin # Licensee -# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while -# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts -# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344. -# So we pin to the previous version of nokogiri and faraday. -RUN gem install nokogiri:1.12.5 --no-document && \ - gem install faraday:1.10.0 --no-document && \ - gem install public_suffix:4.0.7 --no-document && \ - gem install licensee:9.12.0 --no-document +# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version, +# component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +RUN gem install nokogiri:1.16.0 --no-document && \ + gem install faraday:2.9.0 --no-document && \ + gem install public_suffix:5.0.4 --no-document && \ + gem install licensee:9.16.1 --no-document # REUSE RUN pip3 install setuptools From a43d7c83a43504668de8cb175096fcc1a36011ce Mon Sep 17 00:00:00 2001 From: yashkohli88 Date: Wed, 31 Jan 2024 15:54:21 +0530 Subject: [PATCH 2/2] Update Licensee, Ruby and its dependency --- DevDockerfile | 3 ++- Dockerfile | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/DevDockerfile b/DevDockerfile index 90a9f489..fd4fa715 100644 --- a/DevDockerfile +++ b/DevDockerfile @@ -28,7 +28,8 @@ ENV SCANCODE_HOME=/usr/local/bin # Licensee # Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version, -# component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +# The match is not an exact match and hence not adopted by CD licensee summarizer. RUN gem install nokogiri:1.16.0 --no-document && \ gem install faraday:2.9.0 --no-document && \ gem install public_suffix:5.0.4 --no-document && \ diff --git a/Dockerfile b/Dockerfile index 1e4f2e45..762db546 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,8 @@ ENV SCANCODE_HOME=/usr/local/bin # Licensee # Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version, -# component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice. +# The match is not an exact match and hence not adopted by CD licensee summarizer. RUN gem install nokogiri:1.16.0 --no-document && \ gem install faraday:2.9.0 --no-document && \ gem install public_suffix:5.0.4 --no-document && \