Commoncode

Latest version: v32.0.0

Safety actively analyzes 689550 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 5

31.0.1

------------------------------

- Fix issue when instantiating a ``VirtualCodebase`` from a JSON where if there
is no codebase attribute with the same name in the scan, then None is assigned
to the codebase attribute instead of the default value that was passed in when
VirtualCodebase was instantiated.
https://github.com/nexB/commoncode/issues/48

- Update spdx-tools to 0.7.0rc0
https://github.com/nexB/commoncode/pull/50

31.0.0

------------------------------

This is a major version with API-breaking changes in the resource module.

- Drop support for Python 3.6

- The Resource has no rid (resource id) and no pid (parent id). Instead
we now use internally a simpler mapping of {path: Resource} object.
As a result the iteration on a Codebase is faster but this requires more
memory.

- The Codebase and VirtualCodebase accepts a new "paths" argument that is list
of paths. When provided, the Codebase will only contain Resources with these
paths and no other resources. This handy to create a Codebase with only a
subset of paths of interest. When we create a Codebase or VirtualCodebase
with paths, we also always create any intermediate directories. So if you
ask for a path of "root/dir/file", we create three resources: "root",
"root/dir" and "root/dir/file". We accumulate codebase errors if the paths
does not exists in the Codebase or VirtualCodebase. The paths must start with
the root path segment and must be POSIX paths.

- When you create a VirtualCodebase with multiple scans, we now prefix each
scan path with a codebase-1/, codebase-2/, etc. directory in addition to the
"virtual_root" shared root directory. Otherwise files data was overwritten
and inconsistent when each location "files" were sharing leading path
segments. So if you provide to JSON inputs with that each contain the path
"root/dir/file", the VirtualCodebase will contain these paths:

- "virtual_root/codebase-1/root/dir/file"
- "virtual_root/codebase-2/root/dir/file"

It is otherwise practically impossible to correctly merge file data from
multiple codebases reliably, so adding this prefix ensures that we are doing
the right thing

- The Resource.path now never contains leading or trailing slash. We also
normalize the path everywhere. In particular this behaviour is visible when
you create a Codebase with a "full_root" argument. Previously, the paths of a
"full_root" Codebase were prefixed with a slash "/".

- When you create a VirtualCodebase with more than one Resource, we now recreate
the directory tree for any intermediary directory used in a path that is
otherwise missing from files path list.
In particular this behaviour changed when you create a VirtualCodebase from
a previous Codebase created with a "full_root" argument. Previously, the
missing paths of a "full_root" Codebase were kept unchanged.
Note that the VirtualCodebase has always ignored the "full_root" argument.

- The Codebase and VirtualCodebase are now iterable. Iterating on a codebase
is the same as a top-down walk.

- The "Codebase.original_location" attributed has been removed.
No known users of commoncode used this.

- The Codebase and VirtualCodebase no longer have a "full_root" and
"strip_root" constructor arguments and attributes. These can still be
passed but they will be ignored.

- Resource.path is now always the plain path where the first segment
is the last segment of the root location, e.g. the root fiename.

- The Resource now has new "full_root_path" and "strip_root_path"
properties that return the corresponding paths.

- The Resource.to_dict and the new Codebase.to_list both have a new
"full_root" and "strip_root" arguments

- The Resource.get_path() method accepts "full_root" and "strip_root" arguments.

- The Resource.create_child() method has been removed.

Other changes:

- Remove Python upper version limit.
- Merge latest skeleton
- fileutils.parent_directory() now accepts a "with_trail" argument.
The returned directory has a trailing path separator unless with_trail is False.
The default is True and the default behaviour is unchanged.

- Add ``posix_only`` option to ``commoncode.paths.portable_filename`` and
``commoncode.paths.safe_path``. This option prevents
``commoncode.paths.portable_filename`` and ``commoncode.paths.safe_path`` from
replacing filenames and punctuation in filenames that are valid on POSIX
operating systems, but not Windows.

- Remove unused intbitset dependency.

30.2.0

------------------------------

- Relax dependencies version requirements by removing upper bounds.
- Use latest skeleton.

30.1.2

------------------------------

- Minor improved utilities
- More robust handling of Codebase with a single Resource

30.1.1

------------------------------

- Remove usage of deprecated ``click.get_terminal_size()``.

30.1.0

------------------------------

- Add ``warning`` field to ``commoncode.Codebase`` headers.
- Add new functions ``get_jar_nv()`` and ``get_nupkg_nv()`` that accepts
a filename of a JAR or nupkg and return a name/version tuple extracted
using multiple heuristics.

Page 2 of 5

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.