[jira] [Updated] (RAT-345) Dependency updates via dependabot performed for release 0.17
[ https://issues.apache.org/jira/browse/RAT-345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Philipp Ottlinger updated RAT-345: -- Description: h1. Updates via dependabot in RAT 0.17 h2. (/) Update Bump assertj-core from 3.25.1 to 3.25.3 * https://github.com/apache/creadur-rat/pull/209 3.25.2 * https://github.com/apache/creadur-rat/pull/212 3.25.3 h2. (/) Update slf4j-simple from 2.0.11 to 2.0.13 * https://github.com/apache/creadur-rat/pull/213 2.0.12 * https://github.com/apache/creadur-rat/pull/237 2.0.13 h2. (/) Update junit-platform-runner from 1.10.1 to 1.10.2 * https://github.com/apache/creadur-rat/pull/211 h2. (/) Update junit.version from 5.10.1 to 5.10.2 * https://github.com/apache/creadur-rat/pull/210 h2. (/) Update gitignore-reader from 1.3.1 to 1.4.0 * https://github.com/apache/creadur-rat/pull/214 h2. (/) Update commons-compress from 1.25.0 to 1.26.1 * https://github.com/apache/creadur-rat/pull/215 1.26.0 * https://github.com/apache/creadur-rat/pull/220 1.26.1 h2. (/) Update maven-remote-resources-plugin from 3.1.0 to 3.2.0 * https://github.com/apache/creadur-rat/pull/219 3.2.0 h2. (/) Update extra-enforcer-rules from 1.7.0 to 1.8.0 * https://github.com/apache/creadur-rat/pull/218 h2. (/) Update actions/cache from 4.0.0 to 4.0.2 * https://github.com/apache/creadur-rat/pull/217 4.0.1 * https://github.com/apache/creadur-rat/pull/226 4.0.2 h2. (/) Update actions/setup-java from 4.0.0 to 4.2.0 * https://github.com/apache/creadur-rat/pull/216 4.1.0 * https://github.com/apache/creadur-rat/pull/222 4.2.0 h2. (/) Update maven-compiler-plugin from 3.12.1 to 3.13.0 * https://github.com/apache/creadur-rat/pull/225 h2. (/) Update gitignore-reader from 1.4.0 to 1.5.1 * https://github.com/apache/creadur-rat/pull/229/ 1.5.1 h2. (/) Update commons-io from 2.15.1 to 2.16.1 * https://github.com/apache/creadur-rat/pull/231 2.16.0 * https://github.com/apache/creadur-rat/pull/236 2.16.1 h2. (/) Update maven-invoker-plugin from 3.6.0 to 3.6.1. * https://github.com/apache/creadur-rat/pull/234 3.6.1 h2. (/) Update org.apache.maven.plugin-tools:maven-plugin-annotations from 3.11.0 to 3.12.0 * https://github.com/apache/creadur-rat/pull/235 3.12.0 h2. (/) Update commons-cli from 1.6.0 to 1.7.0 * https://github.com/apache/creadur-rat/pull/241 1.7.0 h2. (/) Update org.apache:apache (ASF-parent) from 31 to 32 * https://github.com/apache/creadur-rat/pull/239 32 h2. (/) Update h2. (/) Update h2. (/) Update h2. (/) Update h2. (/) Update h2. (/) Update h1. TODO before release * add changelog entries for each above PRs was: h1. Updates via dependabot in RAT 0.17 h2. (/) Update Bump assertj-core from 3.25.1 to 3.25.3 * https://github.com/apache/creadur-rat/pull/209 3.25.2 * https://github.com/apache/creadur-rat/pull/212 3.25.3 h2. (/) Update slf4j-simple from 2.0.11 to 2.0.13 * https://github.com/apache/creadur-rat/pull/213 2.0.12 * https://github.com/apache/creadur-rat/pull/237 2.0.13 h2. (/) Update junit-platform-runner from 1.10.1 to 1.10.2 * https://github.com/apache/creadur-rat/pull/211 h2. (/) Update junit.version from 5.10.1 to 5.10.2 * https://github.com/apache/creadur-rat/pull/210 h2. (/) Update gitignore-reader from 1.3.1 to 1.4.0 * https://github.com/apache/creadur-rat/pull/214 h2. (/) Update commons-compress from 1.25.0 to 1.26.1 * https://github.com/apache/creadur-rat/pull/215 1.26.0 * https://github.com/apache/creadur-rat/pull/220 1.26.1 h2. (/) Update maven-remote-resources-plugin from 3.1.0 to 3.2.0 * https://github.com/apache/creadur-rat/pull/219 3.2.0 h2. (/) Update extra-enforcer-rules from 1.7.0 to 1.8.0 * https://github.com/apache/creadur-rat/pull/218 h2. (/) Update actions/cache from 4.0.0 to 4.0.2 * https://github.com/apache/creadur-rat/pull/217 4.0.1 * https://github.com/apache/creadur-rat/pull/226 4.0.2 h2. (/) Update actions/setup-java from 4.0.0 to 4.2.0 * https://github.com/apache/creadur-rat/pull/216 4.1.0 * https://github.com/apache/creadur-rat/pull/222 4.2.0 h2. (/) Update maven-compiler-plugin from 3.12.1 to 3.13.0 * https://github.com/apache/creadur-rat/pull/225 h2. (/) Update gitignore-reader from 1.4.0 to 1.5.1 * https://github.com/apache/creadur-rat/pull/229/ 1.5.1 h2. (/) Update commons-io from 2.15.1 to 2.16.1 * https://github.com/apache/creadur-rat/pull/231 2.16.0 * https://github.com/apache/creadur-rat/pull/236 2.16.1 h2. (/) Update maven-invoker-plugin from 3.6.0 to 3.6.1. * https://github.com/apache/creadur-rat/pull/234 3.6.1 h2. (/) Update org.apache.maven.plugin-tools:maven-plugin-annotations from 3.11.0 to 3.12.0 * https://github.com/apache/creadur-rat/pull/235 3.12.0 h2. (/) Update commons-cli from 1.6.0 to 1.7.0 * https://github.com/apache/creadur-rat/pull/241 1.7.0 h2. (/) Update h1. TODO before release * add changelog entries for each above PRs > Dependency updates via dependabot performed for release 0.17 >
[jira] [Commented] (RAT-345) Dependency updates via dependabot performed for release 0.17
[ https://issues.apache.org/jira/browse/RAT-345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839105#comment-17839105 ] ASF subversion and git services commented on RAT-345: - Commit 658f61c6f37633787f0b480c39295e645c2a68d3 in creadur-rat's branch refs/heads/master from P. Ottlinger [ https://gitbox.apache.org/repos/asf?p=creadur-rat.git;h=658f61c6 ] RAT-345: Merge pull request #239 from apache/dependabot/maven/org.apache-apache-32 Bump org.apache:apache from 31 to 32 > Dependency updates via dependabot performed for release 0.17 > > > Key: RAT-345 > URL: https://issues.apache.org/jira/browse/RAT-345 > Project: Apache Rat > Issue Type: Improvement >Affects Versions: 0.16 >Reporter: Philipp Ottlinger >Assignee: Philipp Ottlinger >Priority: Major > Fix For: 0.17 > > > h1. Updates via dependabot in RAT 0.17 > h2. (/) Update Bump assertj-core from 3.25.1 to 3.25.3 > * https://github.com/apache/creadur-rat/pull/209 3.25.2 > * https://github.com/apache/creadur-rat/pull/212 3.25.3 > h2. (/) Update slf4j-simple from 2.0.11 to 2.0.13 > * https://github.com/apache/creadur-rat/pull/213 2.0.12 > * https://github.com/apache/creadur-rat/pull/237 2.0.13 > h2. (/) Update junit-platform-runner from 1.10.1 to 1.10.2 > * https://github.com/apache/creadur-rat/pull/211 > h2. (/) Update junit.version from 5.10.1 to 5.10.2 > * https://github.com/apache/creadur-rat/pull/210 > h2. (/) Update gitignore-reader from 1.3.1 to 1.4.0 > * https://github.com/apache/creadur-rat/pull/214 > h2. (/) Update commons-compress from 1.25.0 to 1.26.1 > * https://github.com/apache/creadur-rat/pull/215 1.26.0 > * https://github.com/apache/creadur-rat/pull/220 1.26.1 > h2. (/) Update maven-remote-resources-plugin from 3.1.0 to 3.2.0 > * https://github.com/apache/creadur-rat/pull/219 3.2.0 > h2. (/) Update extra-enforcer-rules from 1.7.0 to 1.8.0 > * https://github.com/apache/creadur-rat/pull/218 > h2. (/) Update actions/cache from 4.0.0 to 4.0.2 > * https://github.com/apache/creadur-rat/pull/217 4.0.1 > * https://github.com/apache/creadur-rat/pull/226 4.0.2 > h2. (/) Update actions/setup-java from 4.0.0 to 4.2.0 > * https://github.com/apache/creadur-rat/pull/216 4.1.0 > * https://github.com/apache/creadur-rat/pull/222 4.2.0 > h2. (/) Update maven-compiler-plugin from 3.12.1 to 3.13.0 > * https://github.com/apache/creadur-rat/pull/225 > h2. (/) Update gitignore-reader from 1.4.0 to 1.5.1 > * https://github.com/apache/creadur-rat/pull/229/ 1.5.1 > h2. (/) Update commons-io from 2.15.1 to 2.16.1 > * https://github.com/apache/creadur-rat/pull/231 2.16.0 > * https://github.com/apache/creadur-rat/pull/236 2.16.1 > h2. (/) Update maven-invoker-plugin from 3.6.0 to 3.6.1. > * https://github.com/apache/creadur-rat/pull/234 3.6.1 > h2. (/) Update org.apache.maven.plugin-tools:maven-plugin-annotations from > 3.11.0 to 3.12.0 > * https://github.com/apache/creadur-rat/pull/235 3.12.0 > h2. (/) Update commons-cli from 1.6.0 to 1.7.0 > * https://github.com/apache/creadur-rat/pull/241 1.7.0 > h2. (/) Update > > h1. TODO before release > * add changelog entries for each above PRs -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] RAT-345: Bump org.apache:apache from 31 to 32 [creadur-rat]
ottlinger commented on PR #239: URL: https://github.com/apache/creadur-rat/pull/239#issuecomment-2067207412 Build failures seem to be related to JDK setup, thus merging. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@creadur.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] RAT-345: Bump org.apache:apache from 31 to 32 [creadur-rat]
ottlinger merged PR #239: URL: https://github.com/apache/creadur-rat/pull/239 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@creadur.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (RAT-345) Dependency updates via dependabot performed for release 0.17
[ https://issues.apache.org/jira/browse/RAT-345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Philipp Ottlinger updated RAT-345: -- Description: h1. Updates via dependabot in RAT 0.17 h2. (/) Update Bump assertj-core from 3.25.1 to 3.25.3 * https://github.com/apache/creadur-rat/pull/209 3.25.2 * https://github.com/apache/creadur-rat/pull/212 3.25.3 h2. (/) Update slf4j-simple from 2.0.11 to 2.0.13 * https://github.com/apache/creadur-rat/pull/213 2.0.12 * https://github.com/apache/creadur-rat/pull/237 2.0.13 h2. (/) Update junit-platform-runner from 1.10.1 to 1.10.2 * https://github.com/apache/creadur-rat/pull/211 h2. (/) Update junit.version from 5.10.1 to 5.10.2 * https://github.com/apache/creadur-rat/pull/210 h2. (/) Update gitignore-reader from 1.3.1 to 1.4.0 * https://github.com/apache/creadur-rat/pull/214 h2. (/) Update commons-compress from 1.25.0 to 1.26.1 * https://github.com/apache/creadur-rat/pull/215 1.26.0 * https://github.com/apache/creadur-rat/pull/220 1.26.1 h2. (/) Update maven-remote-resources-plugin from 3.1.0 to 3.2.0 * https://github.com/apache/creadur-rat/pull/219 3.2.0 h2. (/) Update extra-enforcer-rules from 1.7.0 to 1.8.0 * https://github.com/apache/creadur-rat/pull/218 h2. (/) Update actions/cache from 4.0.0 to 4.0.2 * https://github.com/apache/creadur-rat/pull/217 4.0.1 * https://github.com/apache/creadur-rat/pull/226 4.0.2 h2. (/) Update actions/setup-java from 4.0.0 to 4.2.0 * https://github.com/apache/creadur-rat/pull/216 4.1.0 * https://github.com/apache/creadur-rat/pull/222 4.2.0 h2. (/) Update maven-compiler-plugin from 3.12.1 to 3.13.0 * https://github.com/apache/creadur-rat/pull/225 h2. (/) Update gitignore-reader from 1.4.0 to 1.5.1 * https://github.com/apache/creadur-rat/pull/229/ 1.5.1 h2. (/) Update commons-io from 2.15.1 to 2.16.1 * https://github.com/apache/creadur-rat/pull/231 2.16.0 * https://github.com/apache/creadur-rat/pull/236 2.16.1 h2. (/) Update maven-invoker-plugin from 3.6.0 to 3.6.1. * https://github.com/apache/creadur-rat/pull/234 3.6.1 h2. (/) Update org.apache.maven.plugin-tools:maven-plugin-annotations from 3.11.0 to 3.12.0 * https://github.com/apache/creadur-rat/pull/235 3.12.0 h2. (/) Update commons-cli from 1.6.0 to 1.7.0 * https://github.com/apache/creadur-rat/pull/241 1.7.0 h2. (/) Update h1. TODO before release * add changelog entries for each above PRs was: h1. Updates via dependabot in RAT 0.17 h2. (/) Update Bump assertj-core from 3.25.1 to 3.25.3 * https://github.com/apache/creadur-rat/pull/209 3.25.2 * https://github.com/apache/creadur-rat/pull/212 3.25.3 h2. (/) Update slf4j-simple from 2.0.11 to 2.0.13 * https://github.com/apache/creadur-rat/pull/213 2.0.12 * https://github.com/apache/creadur-rat/pull/237 2.0.13 h2. (/) Update junit-platform-runner from 1.10.1 to 1.10.2 * https://github.com/apache/creadur-rat/pull/211 h2. (/) Update junit.version from 5.10.1 to 5.10.2 * https://github.com/apache/creadur-rat/pull/210 h2. (/) Update gitignore-reader from 1.3.1 to 1.4.0 * https://github.com/apache/creadur-rat/pull/214 h2. (/) Update commons-compress from 1.25.0 to 1.26.1 * https://github.com/apache/creadur-rat/pull/215 1.26.0 * https://github.com/apache/creadur-rat/pull/220 1.26.1 h2. (/) Update maven-remote-resources-plugin from 3.1.0 to 3.2.0 * https://github.com/apache/creadur-rat/pull/219 3.2.0 h2. (/) Update extra-enforcer-rules from 1.7.0 to 1.8.0 * https://github.com/apache/creadur-rat/pull/218 h2. (/) Update actions/cache from 4.0.0 to 4.0.2 * https://github.com/apache/creadur-rat/pull/217 4.0.1 * https://github.com/apache/creadur-rat/pull/226 4.0.2 h2. (/) Update actions/setup-java from 4.0.0 to 4.2.0 * https://github.com/apache/creadur-rat/pull/216 4.1.0 * https://github.com/apache/creadur-rat/pull/222 4.2.0 h2. (/) Update maven-compiler-plugin from 3.12.1 to 3.13.0 * https://github.com/apache/creadur-rat/pull/225 h2. (/) Update gitignore-reader from 1.4.0 to 1.5.1 * https://github.com/apache/creadur-rat/pull/229/ 1.5.1 h2. (/) Update commons-io from 2.15.1 to 2.16.1 * https://github.com/apache/creadur-rat/pull/231 2.16.0 * https://github.com/apache/creadur-rat/pull/236 2.16.1 h2. (/) Update maven-invoker-plugin from 3.6.0 to 3.6.1. * https://github.com/apache/creadur-rat/pull/234 3.6.1 h2. (/) Update org.apache.maven.plugin-tools:maven-plugin-annotations from 3.11.0 to 3.12.0 * https://github.com/apache/creadur-rat/pull/235 3.12.0 h2. (/) Update h2. (/) Update h1. TODO before release * add changelog entries for each above PRs > Dependency updates via dependabot performed for release 0.17 > > > Key: RAT-345 > URL: https://issues.apache.org/jira/browse/RAT-345 > Project: Apache Rat > Issue Type: Improvement >Affects Versions: 0.16 >Reporter: Philipp Ottlinger >
Re: [PR] RAT-345: Bump commons-cli:commons-cli from 1.6.0 to 1.7.0 [creadur-rat]
ottlinger merged PR #241: URL: https://github.com/apache/creadur-rat/pull/241 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@creadur.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[RAT][DISCUSS] Add inspection of some binary files
Currently Rat does nothing with binary files except note that they are binary. However, the Tika library gives us a view into the interiors of some binary files. The ones that come to mind are image files. Using Tika we can extract the metadata from binary files, for image files (and some others) this includes items like copyright and usage permission entries. We should process such tags and report copyrights that are not included in notice files. We should also explore permissions. I expect as we move forward some permissions will be expressed with SPDX tags making licensing detection easier. We may need to add a new child node to the resource node in the XML document. This should probably be a simple copyright statement something like that can be matched by our copyright matcher. This leads to another expansion of Rat capabilities: detecting copyrights, listing them in the XML report. Eventually verifying that they are recorded in the Notice files. As always, I am looking for your thoughts? Claude
[RAT][DISCUSS] Add inspection of notices
Currently we do not do anything with what we think are notices. Notices are detected as text files that have specific names. I think that we should run them through the standard processing to see if they have text for other licenses in them. This is important for ASF Notice files where we are supposed to list 3rd party licenses that require copyright notices to be included. In addition items tagged as Notices should be run through the SPDX license detection software. I don't want to do this for all standard files because the license detection utilises regular expressions and will slow down processing. However, we expect to find license declarations in some notice tagged files, for example the ASF "LICENSE" file. This will involve the inclusion of SPDX libraries, but will give us a big boost in the ability to detect 3rd party licenses. Thoughts? Claude