Safety vulnerability ID: 48439
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Scancode-toolkit 21.3.30 updates its dependency 'pyyaml' to v5.4.1 to include security fixes.
Latest version: 32.3.3
ScanCode is a tool to scan code for license, copyright, package and their documented dependencies and other interesting facts.
--------
This is a major version with no breaking API changes. Heads-up: the next version
will bring up some significant API changes summarized above.
Security:
~~~~~~~~~
- Update dependency versions for security fixes.
License scanning:
~~~~~~~~~~~~~~~~~
- Add 22 new licenses and update 71 existing licenses
- Update licenses to include the SPDX license list 3.12
- Improve license detection accuracy with over 2,300 new and updated license
detection rules
- Undeprecate the regexp license and deprecate the hs-regexp-orig license
- Improve license db initial load time with caching for faster scancode
start time
- Add experimental SCANCODE_LICENSE_INDEX_CACHE environment variable to point
to an alternative directory where the license index cache is stored (as
opposed to store this as package data.)
- Ensure that license short names are not more than 50 characters long
- Thank you to:
- Dennis Clark DennisClark
- Chin-Yeung Li chinyeungli
- Armijn Hemmel armijnhemel
- Sarita Singh itssingh
- Akanksha Garg akugarg
Copyright scanning:
~~~~~~~~~~~~~~~~~~~
- Detect SPDX-FileCopyrightText as defined by the FSFE Reuse project
Thank you to Daniel Eder daniel-eder
- Fix bug when using the --filter-clues command line option
Thank you to Van Lindberg VanL
- Fixed copyright truncation bug
Thank you to Akanksha Garg akugarg
Package scanning:
~~~~~~~~~~~~~~~~~
- Add support for installed RPMs detection internally (not wired to scans)
Thank you to Chin-Yeung Li chinyeungli
- Improve handling of Debian copyright files with faster and more
accurate license detection
Thank you to Thomas Druez tdruez
- Add new built-in support for installed_files report. Only available when
used as a library.
- Improve support for RPM, npm, Debian, build scripts (Bazel) and Go packages
Thank you to:
- Divyansh Sharma Divyansh2512
- Jonothan Yang JonoYang
- Steven Esser majurg
- Add new support to collect information from semi-structured Readme files
and related metadata files.
Thank you to Jonothan Yang JonoYang and Steven Esser majurg
Outputs:
~~~~~~~~~
- Add new Debian copyright-formatted output.
Thank you to Jelmer Vernooij jelmer
- Fix bug in --include where directories where not skipped correctly
Thank you to Pierre Tardy tardyp
Misc. and documentation improvements:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Update the way tests assertions are made
Thank you to Aditya Viki adityaviki
- Thank you to Aryan Kenchappagol aryanxk02
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application