v30.0.0 - 2021-09-23

This is a major release with new features, and several bug fixes and
improvements including major updates to the license detection.

We have dropped using calendar-based versions and are now switched back to semver
versioning. To ensure that there is no ambiguity, the new major version has been
updated from 21 to 30. The primary reason is that calver was not helping
integrators to track major version changes like semver does.

We also have introduced a new JSON output format version based on semver to
version the JSON output format data structure and have documented the new
versioning approach.

Here are the key changes for each area:

Package detection:

• The Debian packages declared license detection in machine readable copyright
  files and unstructured copyright has been significantly improved with the
  tracking of the detection start and end line of a license match. This is not
  yet exposed outside of tests but has been essential to help improve detection.

• Debian copyright license detection has been significantly improved with new
  license detection rules.

• Support for Windows packages has been improved (and in particular the handling
  of Windows packages detection in the Windows registry).

• Support for Cocoapod packages has been significantly revamped and is now
  working as expected.

• Support for PyPI packages has been refined, in particular package descriptions.

Copyright detection:

• The copyright detection accuracy has been improved and several bugs have been
  fixed.

License detection:

There have been some significant updates in license detection. We now track
34,164 license and license notices:

• 84 new licenses have been added,

• 34 existing license metadata have been updated,

• 2765 new license detection rules have been added, and

• 2041 existing license rules have been updated.

• Several license detection bugs have fixed.

• The SPDX license list 3.14 is now supported and has been synced with the
  licensedb. We also include the version of the SPDX license list in the
  ScanCode YAML, JSON and the SPDX outputs, as well as display it with the
  "--version" command line option.

• Unknown licenses have a new flag "is_unknown" in their metadata to identify
  them explicitly. Before that we were just relying on the naming convention of
  having "unknown" as part of a license key.

• Rules that match at least one unknown license have a flag "has_unknown" set
  and returned in the match results.

• Experimental: License detection can now "follow" license mentions that
  reference another file such as "see license in COPYING" where we can relate
  this mention to the actual license detected in the COPYING file. Use the new
  "--unknown-licenses" command line option to test this new feature.
  This feature will evolve significantly in the next version(s).

Outputs:

• The SPDX output now has the mandatory ids attribute per SPDX spec. And we
  support SPDX 2.2 and SPDX license list 3.14.

Miscellaneous

• There is a new "--no-check-version" CLI option to scancode to bypass live,
  remote outdated version check on PyPI

• The scan results and the CLI now display an outdated version warning when
  the installed ScanCode version is older than 90 days. This is to warn users
  that they are relying on outdated, likely buggy, insecure and inaccurate scan
  results and encourage them to update to a newer version. This is made entirely
  locally based on date comparisons.

• We now display again the command line progressbar counters correctly.

• A bug has been fixed in summarization.

• Generated code detection has been improved with several new keywords.

Thank you!

Many thanks to the many contributors that made this release possible and in
particular:

• Akanksha Garg @akugarg
• Armijn Hemel @armijnhemel
• Ayan Sinha Mahapatra @AyanSinhaMahapatra
• Bryan Sutula @sutula
• Chin-Yeung Li @chinyeungli
• Dennis Clark @DennisClark
• dyh @yunhua-deng
• Dr. Frank Heimes @FrankHeimes
• gunaztar @gunaztar
• Helio Chissini de Castro @heliocastro
• Henrik Sandklef @hesa
• Jiyeong Seok @dd-jy
• John M. Horan @johnmhoran
• Jono Yang @JonoYang
• Joseph Heck @heckj
• Luis Villa @tieguy
• Konrad Weihmann @priv-kweihmann
• mapelpapel @mapelpapel
• Maximilian Huber @maxhbr
• Michael Herzog @mjherzog
• MMarwedel @MMarwedel
• Mikko Murto @mmurto
• Nishchith Shetty @inishchith
• Peter Gardfjäll @petergardfjall
• Philippe Ombredanne @pombredanne
• Rainer Bieniek @rbieniek
• Roshan Thomas @Thomshan
• Sadhana @s4-2
• Sarita Singh @itssingh
• Sebastian Schuberth @sschuberth
• Siddhant Khare @Siddhant-K-code
• Soim Kim @soimkim
• Thorsten Godau @tgodau
• Yunus Rahbar @yns88

What's Changed

• Collect InstalledWindowsProgram installed files #2615 by @JonoYang in #2623
• Improve release creation speed by @pombredanne in #2627
• Omnibus license updates July/Aug 21 by @pombredanne in #2626
• Add new flag in License Data Model definition by @akugarg in #2548
• Update Contributing: Development setup-instructions by @mapelpapel in #2631
• Referenced_filenames should be returned by API function by @akugarg in #2632
• Add emails and urls to HTML output by @sritasngh in #2539
• Avoid misinterpreting MIT license notice as Apache-2.0, issue #2635 by @petergardfjall in #2636
• Add final report for GSoC'21 by @akugarg in #2648
• Add "--no-check-version" CLI option to scancode by @yns88 in #2662
• Align tests for pubspec with latest code by @pombredanne in #2628
• Add new licenses by @akugarg in #2625
• Add podspec.json and podfile.lock parsers by @AyanSinhaMahapatra in #2638
• Add new license Anti-Capitalist Software License #2362 by @sritasngh in #2364
• Do not mistake path for copyright year by @pombredanne in #2666
• Follow license reference to another file by @akugarg in #2616
• Bump commoncode #2583 by @pombredanne in #2676
• Detect only mit license, not boost #2675 by @pombredanne in #2678
• Detect ocb correctly license #2670 by @pombredanne in #2677
• Improve license referenced_filenames handling #1364 by @pombredanne in #2681
• Add script to report rules by @AyanSinhaMahapatra in #2685
• Update Azure CI to not use ubuntu-16.04 images by @AyanSinhaMahapatra in #2688
• Introduce output data format versioning #2653 by @AyanSinhaMahapatra in #2682
• Release preparation for 2021.08 by @pombredanne in #2680
• Improve license detection accuracy by @pombredanne in #2667
• Improve copyright detection by @pombredanne in #2701
• Add CI for Docs and ABOUT files by @AyanSinhaMahapatra in #2695
• Adopt SPDX v2.2 and fix SPDX TV correctness by @pombredanne in #2704
• Improve Copyright detection by @pombredanne in #2707
• Prepare new release by @pombredanne in #2705

New Contributors

• @mapelpapel made their first contribution in #2631
• @yns88 made their first contribution in #2662

Full Changelog: v21.8.4...v30.0.0