chore: For assets bundled at a particular version, reference the version’s license#3098
Conversation
Referencing the license file from the release tag corresponding to the bundled release of each asset makes it less likely that the checksum will eventually stop matching due to later upstream license changes – perhaps as simple as a new copyright date – and makes errors in the included license less likely. Since the copyright statement in the react license changed from "Copyright (c) Facebook, Inc. and its affiliates." to "Copyright (c) Meta Platforms, Inc. and affiliates." since the bundled version of react was released – and this commit uses the older version that corresponds to the bundled library – the checksum of the react license file changes. Similarly, in the vega license, the copyright date range changed from 2015-2021 to 2015-2023 after the bundled version was released, so using the correct license file for the bundled version changes the checksum.
WalkthroughThe changes involve updating the Changes
Possibly related PRs
Recent review detailsConfiguration used: CodeRabbit UI Files selected for processing (1)
Additional context usedPath-based instructions (1)
Additional comments not posted (7)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
I’ve been studying this new asset bundling scheme because I want to update Fedora’s I plan to open a follow-up PR that adds a large number of license files for things that I can find bundled in the various JavaScript assets – either because they are NPM dependencies that get included in the final bundle, as happens in This is tedious work, and it will greatly increase the number of entries in the |
The current version as of when icon paths from heroicons were incorporated in Snakemake (in d09df0c on 2022-03-13 and 142a452 on 2022-03-23) was 1.0.3; in version 2.1.2, the copyright statement changed from "Copyright (c) 2020 Refactoring UI Inc." to "Copyright (c) Tailwind Labs, Inc.". Since this commit switches to the older license text, it changes the checksum.
b47e694 to
b108bbf
Compare
|
|
The two licenses that are still referenced at
|
<!--Add a description of your PR here--> This PR is intended to apply on top of #3098; see that PR for the first two commits. From there, I attempted to account for all of the NPM packages that are bundled in `vega/vega.js` via dependencies. I made an effort to verify that every license file added in this commit actually corresponds to some code present in `vega.js`. Next, I inspected `vega.js` for comments indicating that particular routines were copied, derived, or adapted from other projects, and added the license files for those projects. I didn’t attempt to judge whether or not any of snippets might be distant enough from their inspirations that they could perhaps claim not to be derived works under a particular set of copyright laws – I just took the attributions at their word. Almost all of these licenses are ones (like `MIT`, `Apache-2.0`, `ISC` or `BSD-3-Clause`) that require including the copyright and permission statements (the license text) in copies and derived works, so while this work is fussy, tedious, and unrewarding, it would seem to be necessary. So far, I only dug through `vega.js`. I still need to check if there is anything in `vega-lite.js` or `vega-embed.js` that isn’t already accounted for in `vega.js`, and I need to look at the other libraries too. Still, I thought I should post my work in progress in case it collected any feedback. ### QC <!-- Make sure that you can tick the boxes below. --> * [ ] The PR contains a test case for the changes or the changes are already covered by an existing test case. **N/A – this change is not really testable – except that building the package confirms the checksums match.** * [x] The documentation (`docs/`) is updated to reflect the changes or this is not necessary (e.g. if the change does neither modify the language nor the behavior or functionalities of Snakemake). **N/A – no documentation update is believed to be necessary.** <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added numerous new assets and dependencies related to the Vega library, enhancing functionality. - Expanded package declarations for various D3 modules and other libraries in the reporting system. - Introduced a new class for executing Xonsh scripts, allowing for more scripting options. - Added a new rule for running Python scripts in a Conda environment, improving workflow flexibility. - Enhanced documentation with a new "Maintainers" section and expanded resources. - Introduced a new test suite for validating Conda functionalities. - Enhanced data validation capabilities using both Pandas and Polars for handling sample data. - **Bug Fixes** - Ensured that licenses and versions are accurately maintained for various libraries. - Improved error handling for Windows-specific issues in the testing framework. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Filipe G. Vieira <1151762+fgvieira@users.noreply.github.com> Co-authored-by: Johannes Köster <johannes.koester@tu-dortmund.de>
…3099) <!--Add a description of your PR here--> This PR is intended to apply on top of snakemake#3098; see that PR for the first two commits. From there, I attempted to account for all of the NPM packages that are bundled in `vega/vega.js` via dependencies. I made an effort to verify that every license file added in this commit actually corresponds to some code present in `vega.js`. Next, I inspected `vega.js` for comments indicating that particular routines were copied, derived, or adapted from other projects, and added the license files for those projects. I didn’t attempt to judge whether or not any of snippets might be distant enough from their inspirations that they could perhaps claim not to be derived works under a particular set of copyright laws – I just took the attributions at their word. Almost all of these licenses are ones (like `MIT`, `Apache-2.0`, `ISC` or `BSD-3-Clause`) that require including the copyright and permission statements (the license text) in copies and derived works, so while this work is fussy, tedious, and unrewarding, it would seem to be necessary. So far, I only dug through `vega.js`. I still need to check if there is anything in `vega-lite.js` or `vega-embed.js` that isn’t already accounted for in `vega.js`, and I need to look at the other libraries too. Still, I thought I should post my work in progress in case it collected any feedback. ### QC <!-- Make sure that you can tick the boxes below. --> * [ ] The PR contains a test case for the changes or the changes are already covered by an existing test case. **N/A – this change is not really testable – except that building the package confirms the checksums match.** * [x] The documentation (`docs/`) is updated to reflect the changes or this is not necessary (e.g. if the change does neither modify the language nor the behavior or functionalities of Snakemake). **N/A – no documentation update is believed to be necessary.** <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added numerous new assets and dependencies related to the Vega library, enhancing functionality. - Expanded package declarations for various D3 modules and other libraries in the reporting system. - Introduced a new class for executing Xonsh scripts, allowing for more scripting options. - Added a new rule for running Python scripts in a Conda environment, improving workflow flexibility. - Enhanced documentation with a new "Maintainers" section and expanded resources. - Introduced a new test suite for validating Conda functionalities. - Enhanced data validation capabilities using both Pandas and Polars for handling sample data. - **Bug Fixes** - Ensured that licenses and versions are accurately maintained for various libraries. - Improved error handling for Windows-specific issues in the testing framework. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Filipe G. Vieira <1151762+fgvieira@users.noreply.github.com> Co-authored-by: Johannes Köster <johannes.koester@tu-dortmund.de>
Referencing the license file from the release tag corresponding to the bundled release of each asset makes it less likely that the checksum will eventually start to match due to later upstream license changes – perhaps as simple as a new copyright date – and makes errors in the included licenses less likely.
Since the copyright statement in the react license changed from "Copyright (c) Facebook, Inc. and its affiliates." to "Copyright (c) Meta Platforms, Inc. and affiliates." since the bundled version of react was released – and this commit uses the older version that corresponds to the bundled library – the checksum of the react license file changes.
Similarly, in the vega license, the copyright date range changed from 2015-2021 to 2015-2023 after the bundled version was released, so using the correct license file for the bundled version changes the checksum.
QC
docs/) is updated to reflect the changes or this is not necessary (e.g. if the change does neither modify the language nor the behavior or functionalities of Snakemake). N/A – no documentation update is believed to be necessary.Summary by CodeRabbit
New Features
Bug Fixes