Merge pull request #549 from yashkohli88/yk/licensee-upgrade

Upgrade licensee
clearlydefined · Jun 12, 2024 · 88fe13f · 88fe13f
2 parents 3411b76 + 2b1858f
commit 88fe13f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 22 deletions.
diff --git a/DevDockerfile b/DevDockerfile
@@ -10,10 +10,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER
 # Ruby and Python Dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \
   rm -rf /var/lib/apt/lists/* && \
-  curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \
+  curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \
   cd /tmp/ruby-build-* && ./install.sh && cd / && \
-  ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \
-  gem install bundler -v 2.3.26 --no-document
+  ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \
+  gem install bundler -v 2.5.4 --no-document
 
 # Scancode
 ARG SCANCODE_VERSION="30.1.0"
@@ -27,14 +27,13 @@ RUN pip3 install --upgrade pip setuptools wheel && \
 ENV SCANCODE_HOME=/usr/local/bin
 
 # Licensee
-# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while
-# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts
-# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344.
-# So we pin to the previous version of nokogiri and faraday.
-RUN gem install nokogiri:1.12.5 --no-document && \
-  gem install faraday:1.10.0 --no-document && \
-  gem install public_suffix:4.0.7 --no-document && \
-  gem install licensee:9.12.0 --no-document
+# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version,
+# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice.
+# The match is not an exact match and hence not adopted by CD licensee summarizer.
+RUN gem install nokogiri:1.16.0 --no-document && \
+  gem install faraday:2.9.0 --no-document && \
+  gem install public_suffix:5.0.4 --no-document && \
+  gem install licensee:9.16.1 --no-document
 
 # REUSE
 RUN pip3 install setuptools

diff --git a/Dockerfile b/Dockerfile
@@ -16,10 +16,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER
 # Ruby and Python Dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \
   rm -rf /var/lib/apt/lists/* && \
-  curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \
+  curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \
   cd /tmp/ruby-build-* && ./install.sh && cd / && \
-  ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \
-  gem install bundler -v 2.3.26 --no-document
+  ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \
+  gem install bundler -v 2.5.4 --no-document
 
 # Scancode
 ARG SCANCODE_VERSION="30.1.0"
@@ -33,14 +33,13 @@ RUN pip3 install --upgrade pip setuptools wheel && \
 ENV SCANCODE_HOME=/usr/local/bin
 
 # Licensee
-# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while
-# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts
-# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344.
-# So we pin to the previous version of nokogiri and faraday.
-RUN gem install nokogiri:1.12.5 --no-document && \
-  gem install faraday:1.10.0 --no-document && \
-  gem install public_suffix:4.0.7 --no-document && \
-  gem install licensee:9.12.0 --no-document
+# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version,
+# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice.
+# The match is not an exact match and hence not adopted by CD licensee summarizer.
+RUN gem install nokogiri:1.16.0 --no-document && \
+  gem install faraday:2.9.0 --no-document && \
+  gem install public_suffix:5.0.4 --no-document && \
+  gem install licensee:9.16.1 --no-document
 
 # REUSE
 RUN pip3 install setuptools