Skip to content

Update spdx requirement from 0.11 to 0.12#1102

Merged
NobodyXu merged 3 commits intomainfrom
dependabot/cargo/spdx-0.12
Aug 23, 2025
Merged

Update spdx requirement from 0.11 to 0.12#1102
NobodyXu merged 3 commits intomainfrom
dependabot/cargo/spdx-0.12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Aug 19, 2025

Updates the requirements on spdx to permit the latest version.

Release notes

Sourced from spdx's releases.

0.12.0

Added

  • PR#81 resolved #68 by adding support for the WITH [%s"DocumentRef-"(idstring)":"]%s"AdditionRef-"(idstring) syntax. Thanks @​weihanglo!
Changelog

Sourced from spdx's changelog.

[0.12.0] - 2025-08-19

Added

  • PR#81 resolved #68 by adding support for the WITH [%s"DocumentRef-"(idstring)":"]%s"AdditionRef-"(idstring) syntax. Thanks @​weihanglo!

[0.11.1] - 2025-08-11

Changed

  • PR#80 changed how Licensee::satisfies works for GNU licenses again, it now requires that the license ids match exactly. This is incredibly pedantic but means it's up to consumers if the want to have a smarter comparison, I just don't want to have to care about GNU licenses, ever.

Fixed

  • PR#80 reverted a change introduced in [PR#78] that would auto-fixup GNU licenses to their non-deprecated forms eg. GPL-2.0 => GPL-2.0-only. This is no longer done, resolving #79.

[0.11.0] - 2025-08-08

Changed

  • [PR#78] removed ParseMode::allow_lower_case_operators, newer revisions of the SPDX spec allow all lower-case operators, making the option pointless.
  • [PR#78] added ParseMode::allow_deprecated, which will cause an error if a deprecated license identifier is used, false in LAX and true in STRICT.
  • [PR#78] changed the various imprecise names for GPL licenses to be mapped to the non-deprecated -only versions.
  • [PR#78] Expression::canonicalize now always changes GNU licenses to be -only or -or-later as the bare identifiers are deprecated.

Added

  • [PR#78] added LicenseId::version to retrieve the numeric version of the license if it has one.
  • [PR#78] added LicenseId::base to retrieve the base name of the license.
  • [PR#78] added gnu_license_id which attempts to retrieve the license id for a GNU license from its base identifier. This retrieves the -only or -or-later license that matches.
  • [PR#78] added Licensee::parse_mode, Licensee::parse now forwards to that function with ParseMode::STRICT.
  • [PR#78] added Reason::GnuPlusWithSuffix and Reason::DeprecatedLicenseId as errors.

Fixed

  • [PR#78] fixed an issue where Licensee::satisfies would not properly allow some licenses if the version was not at the end when using a +, notably the BSD licenses have the version in the middle of the license id.
  • [PR#78] fixed the handling of GNU licenses in Licensee::satisfies, at least to my best understanding.
    Licensee GPL-1.0-only GPL-1.0-or-later GPL-2.0-only GPL-2.0-or-later GPL-3.0-only GPL-3.0-or-later
    GPL-1.0-only
    GPL-1.0-or-later
    GPL-2.0-only
    GPL-2.0-or-later
    GPL-3.0-only
    GPL-3.0-or-later

[0.10.9] - 2025-07-12

Changed

  • PR#74 update SPDX license list to 3.27.0.

[0.10.8] - 2024-12-31

Changed

  • PR#74 update SPDX license list to 3.26.0.

[0.10.7] - 2024-11-15

Changed

  • PR#72 update SPDX license list to 3.25.0.

[0.10.6] - 2024-05-31

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot bot and others added 3 commits August 23, 2025 10:52
@dependabot @taiki-e
Update spdx requirement from 0.11 to 0.12
a8f4876 
Updates the requirements on [spdx](https://github.com/EmbarkStudios/spdx) to permit the latest version.
- [Release notes](https://github.com/EmbarkStudios/spdx/releases)
- [Changelog](https://github.com/EmbarkStudios/spdx/blob/main/CHANGELOG.md)
- [Commits](EmbarkStudios/spdx@0.11.0...0.12.0)

---
updated-dependencies:
- dependency-name: spdx
  dependency-version: 0.12.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@NobodyXu @taiki-e
Fix matchibg of spdx::LicenseReq
48a48be
@taiki-e
fmt
d324a49
@taiki-e taiki-e force-pushed the dependabot/cargo/spdx-0.12 branch from 91c257a to d324a49 Compare August 23, 2025 01:52
@NobodyXu NobodyXu merged commit 405215e into main Aug 23, 2025
58 checks passed
@NobodyXu NobodyXu deleted the dependabot/cargo/spdx-0.12 branch August 23, 2025 02:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NobodyXu NobodyXu NobodyXu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NobodyXu @taiki-e