v3.0.0

This release contains a lot of small improvements and changes without anything
big per se. Rather, it is made in advance of a release which will contain a
single feature: REUSE.toml, a
replacement for .reuse/dep5. .reuse/dep5 will still be supported as a
deprecated feature for some time.

That future 3.1 release will have some alpha testing in advance.

Added

• Implement handling LicenseRef in download and init. (#697)
• Declared support for Python 3.12. (#846)
• More file types are recognised:
  • TCL (.tcl) (#871)
  • Julia (.jl) (#815)
  • Modern Fortran (.f90) (#836)
  • Bazel (.bzl) (#870)
  • GNU Linker script (.ld) (#862)
  • Assembly code (.s) (#862)
  • Empty placeholders (.empty) (#862)
  • ShellCheck configuration (.shellcheckrc) (#862)
  • Pylint in-project configuration (pylintrc) (#862)
  • Lisp schemes (.sld, .sls, .sps) (#875)
• Added comment styles:
  • csingle for Zig (.zig) and Hare (.ha) (#889)
• Display recommendations for steps to fix found issues during a lint. (#698)
• Add support for Pijul VCS. Pijul support is not added to the Docker image.
  (#858)
• When running annotate on a file with an unrecognised file path, the tool
  currently exits early. To automatically create a .license file for
  unrecognised files, --fallback-dot-license has been added. (#823, #851,
  #853, #859; this took a while to get right.)
• Ignore .sl directory as used by Sapling SCM.
  (#867)

Changed

• Alpine Docker image now uses 3.18 as base. (#846)
• The Git submodule detection was made less naïve. Where previously it detected
  a directory with a .git file as a submodule, it now uses the git command to
  detect submodules. This helps detect (quoted from Git man page)
  "[repositories] that were cloned independently and later added as a submodule
  or old setups", which "have the submodule's git directory inside the submodule
  instead of embedded into the superproject's git directory". (#687)
• No longer scan binary or uncommentable files for their contents in search of
  REUSE information. (#825)
• --force-dot-license and --skip-unrecognised are now mutually exclusive on
  annotate. (#852)
• No longer create and publish -extra Docker images. The openssh-client
  package is now in the main image. (#849)
• No longer create and publish dev Docker images. (#849)
• The -debian Docker image is now based off debian:12-slim. It used to be
  based on the python:slim image, which used debian:slim under the hood. (#849)

Removed

• Removed deprecated --explicit-license. (#851)
• Removed deprecated addheader. (#851)
• No longer depend on sphinx-autodoc-typehints for documentation. (#772)

Fixed

• Syntax errors in .reuse/dep5 now have better error handling. (#841)
• Reduced python-debian minimum version to 0.1.34. (#808)
• Fix issue in annotate where --single-line and --multi-line would not
  correctly raise an error with an incompatible comment style. (#853)
• Fix parsing existing copyright lines when they do not have a year (#861)
• Better handling of Lisp comment styles. Now, any number of ";" characters is
  recognised as the prefix to a Lisp comment, and ";;;" is used when inserting
  comment headers, as per
  https://www.gnu.org/software/emacs/manual/html_node/elisp/Comment-Tips.html.
  (#874)

v2.1.0

After the yanked 2.0.0 release, we're excited to announce our latest major version packed with new features and improvements! We've expanded our file type recognition, now including Fennel, CommonJS, Qt .pro, .pri, .qrc, .qss, .ui, Textile, Visual Studio Code workspace, Application Resource Bundle, Svelte components, AES encrypted files, Jakarta Server Page, Clang format, Browserslist config, Prettier config and ignored files, Flutter pubspec.lock, .metadata, Terraform and HCL, Typst and more.

We've also added the ability to detect SPDX snippet tags in files and introduced additional license metadata for the Python package. A new --json flag has been added to the lint command, marking the first step towards better integration of REUSE output with other tools.

On the changes front, we've bumped the SPDX license list to v3.21 and made significant updates to our Sphinx documentation. Please note that Python 3.6 and 3.7 support has been dropped in this release.

We've fixed several issues including automatic generation of Sphinx documentation via readthedocs.io and a compatibility issue where reuse could not be installed if gettext is not installed.

This update is all about making your experience better. Enjoy adding copyright and licensing information to your code!

Added

• Detect SPDX snippet tags in files. (#699)
• More file types are recognised:
  • Fennel (.fnl) (#638)
  • CommonJS (.cjs) (#632)
  • Qt .pro (.pro) (#632)
  • Qt .pri (.pri) (#755)
  • Qt .qrc (.qrc) (#755)
  • Qt .qss(.qss) (#755)
  • Qt .ui (.ui) (#755)
  • Textile (.textile) (#712)
  • Visual Studio Code workspace (.code-workspace) (#747)
  • Application Resource Bundle (.arb) (#749)
  • Svelte components (.svelte)
  • AES encrypted files (.aes) (#758)
  • Jakarte Server Page (.jsp) (#757)
  • Clang format (.clang-format) (#632)
  • Browserslist config (.browserslist)
  • Prettier config (.prettierrc) and ignored files (.prettierignore)
  • Flutter pubspec.lock (pubspec.lock) (#751)
  • Flutter .metadata (.metadata) (#751)
  • Terraform (.tf, tfvars) and HCL (.hcl). (#756)
  • Typst (.typ)
• Added loglevel argument to pytest and skip one test if loglevel is too high (#645).
• --add-license-concluded, --creator-person, and --creator-organization added to reuse spdx. (#623)
• Additional license metadata for the Python package has been added. The actual SPDX license expression remains the same: Apache-2.0 AND CC0-1.0 AND CC-BY-SA-4.0 AND GPL-3.0-or-later. (#733)
• Added --contributor option to annotate. (#669)
• Added --json flag to lint command (#654).
• reuse.ReuseInfo now has copy and union methods. (#759)
• reuse.ReuseInfo now stores information about the source from which the information was gathered. (#654, #787)
• Added Ukrainian and Czech translations (#767)
• Added --suppress-deprecation to hide (verbose) deprecation warnings. (#778)

Changed

• Bumped SPDX license list to v3.20. (#692)
• reuse.SpdxInfo was renamed to reuse.ReuseInfo. It is now a (frozen) dataclass instead of a namedtuple. This is only relevant if you're using reuse as a library in Python. Other functions and methods were similarly renamed. (#669)
• Sphinx documentation: Switched from RTD theme to Furo. (#673, #716)
• Removed dependency on setuptools' pkg_resources to determine the installed version of reuse. (#724)
• Bumped SPDX license list to v3.21. (#763)
• Project.reuse_info_of now returns a list of ReuseInfo objects instead of a single one. This is because the source information is now stored alongside the REUSE information. (#787)

Deprecated

• Pending deprecation of aggregation of file sources. Presently, when copyright and licensing information is defined both within e.g. the file itself and in the DEP5 file, then the information is merged or aggregated for the purposes of linting and BOM generation. In the future, this will no longer be the case unless explicitly defined. The exact mechanism for this is not yet concrete, but a PendingDeprecationWarning will be shown to the user to make them aware of this. (#778)

Removed

• Python 3.6 and 3.7 support has been dropped. (#673, #759)
• Removed runtime and build time dependency on setuptools. (#724)

Fixed

• Fixed automatic generation of Sphinx documentation via readthedocs.io by adding a .readthedocs.yaml configuration file (#648)
• Fixed a compatibility issue where reuse could not be installed (built) if gettext is not installed. (#691)
• Translations are available in Docker images. (#701)
• Marked the /data directory in Docker containers as safe in Git, preventing errors related to linting Git repositories. (#720)
• Repaired error when using Galician translations. (#719)

v2.0.0

Added

• Detect SPDX snippet tags in files. (#699)
• More file types are recognised:
  • Fennel (.fnl) (#638)
  • CommonJS (.cjs) (#632)
  • Qt .pro (.pro) (#632)
  • Qt .pri (.pri) (#755)
  • Qt .qrc (.qrc) (#755)
  • Qt .qss(.qss) (#755)
  • Qt .ui (.ui) (#755)
  • Textile (.textile) (#712)
  • Visual Studio Code workspace (.code-workspace) (#747)
  • Application Resource Bundle (.arb) (#749)
  • Svelte components (.svelte)
  • AES encrypted files (.aes) (#758)
  • Jakarte Server Page (.jsp) (#757)
• More files are recognised:
  • Clang format (.clang-format) (#632)
  • Browserslist config (.browserslist)
  • Prettier config (.prettierrc) and ignored files (.prettierignore)
  • Flutter pubspec.lock (pubspec.lock) (#751)
  • Flutter .metadata (.metadata) (#751)
  • Terraform (.tf, tfvars) and HCL (.hcl). (#756)
• Added loglevel argument to pytest and skip one test if loglevel is too high
  (#645).
• --add-license-concluded, --creator-person, and --creator-organization
  added to reuse spdx. (#623)
• Additional license metadata for the Python package has been added. The actual
  SPDX license expression remains the same:
  Apache-2.0 AND CC0-1.0 AND CC-BY-SA-4.0 AND GPL-3.0-or-later. (#733)
• Added --contributor option to annotate. (#669)
• Added --json flag to lint command (#654).
• reuse.ReuseInfo now has copy and union methods. (#759)
• Added Ukrainian and Czech translations (#767)

Changed

• Bumped SPDX license list to v3.20. (#692)
• reuse.SpdxInfo was renamed to reuse.ReuseInfo. It is now a (frozen)
  dataclass instead of a namedtuple. This is only relevant if you're using reuse
  as a library in Python. (#669)
• Sphinx documentation: Switched from RTD theme to Furo. (#673, #716)
• Removed dependency on setuptools' pkg_resources to determine the installed
  version of reuse. (#724)
• Bumped SPDX license list to v3.21. (#763)
• Bumped REUSE Spec version to 3.1. (#768)
• Introduce an order of precedence. The copyright and licensing information from
  different sources (e.g. .license or .reuse/dep5 file) is no longer merged.
  (#654)

Removed

• Python 3.6 and 3.7 support has been dropped. (#673, #759)
• Removed runtime and build time dependency on setuptools. (#724)

Fixed

• Fixed automatic generation of Sphinx documentation via readthedocs.io by
  adding a .readthedocs.yaml configuration file (#648)
• Fixed a compatibility issue where reuse could not be installed (built) if
  gettext is not installed. (#691)
• Translations are available in Docker images. (#701)
• Marked the /data directory in Docker containers as safe in Git, preventing
  errors related to linting Git repositories. (#720)
• Repaired error when using Galician translations. (#719)

v1.1.2

Fixed

• Note to maintainers: It is now possible/easier to use the build module to
  build this module. Previously, there was a namespace conflict. (#640)

v1.1.1

Fixed

• Don't include documentation files (e.g. README.md) in top-level (i.e.,
  site-packages/). (#657)
• Include documentation directory in sdist. (#657)

v1.1.0

Added

• Added support for Python 3.11. (#603)

• More file types are recognised:

  • Kotlin script (.kts)
  • Android Interface Definition Language (.aidl)
  • Certificate files (.pem)

• Added comment styles:

  • Apache Velocity Template (Extensions: .vm, .vtl) (#554)
  • XQuery comment style (Extensions: .xq(l|m|y|uery|)) (#610)

• Some special endings are always stripped from copyright and licensing
  statements (#602):

  • "> (and variations such as '>, " >, and "/>)
  • ] ::

Changed

• Removed setup.py and replaced it with a Poetry configuration. Maintainers
  beware. (#600)
• Updated PyPI development status to 'production/stable' (#381)
• The pre-commit hook now passes lint as an overridable argument. (#574)
• addheader has been renamed to annotate. The functionality remains the
  same. (#550)
• Bumped SPDX license list to v3.19.

Deprecated

• addheader has been deprecated. It still works, but is now undocumented.
  (#550)

Removed

• setup.py. (#600)
• Releases to PyPI are no longer GPG-signed. Support for this is not present in
  Poetry and not planned. (#600)
• Dependency on requests removed; using urllib.request from the standard
  library instead. (#600)

Fixed

• Repair tests related to CVE-2022-39253 changes in upstream Git. New versions
  of Git no longer allow git submodule add repository path where repository is
  a file. A flag was added to explicitly allow this in the test framework.
  (#619)
• Sanitize xargs input in scripts documentation. (#525)
• License identifiers in comments with symmetrical ASCII art frames are now
  properly detected (#560)
• Fixed an error where copyright statements contained within a multi-line
  comment style on a single line could not be parsed (#593).
• In PHP files, add header after <?php (#543).

v1.0.0

A major release! Do not worry, no breaking changes but a development team
(@carmenbianca, @floriansnow, @linozen, @mxmehl and @nicorikken) that is
confident enough to declare the REUSE helper tool stable, and a bunch of
long-awaited features!

Apart from smaller changes under the hood and typical maintenance tasks, the
main additions are new flags to the addheader subcommand that ease recursive
and automatic operations, the ability to ignore areas of a file that contain
strings that may falsely be detected as copyright or license statements, and the
option to merge copyright lines. The tool now also has better handling of some
edge cases with copyright and license identifiers.

We would like to thank the many contributors to this release, among them
@ajinkyapatil8190, @aspiers, @ferdnyc, @Gri-ffin, @hexagonrecursion, @hoijui,
@Jakelyst, @liambeguin, @rex4539, @robinkrahl, @rpavlik, @siiptuo, @thbde and
@ventosus.

Added

• Extend tool documentation with scripts to help using this tool and
  automating some steps that are not built into the tool itself. (#500)

• Recommendations for installation/run methods: package managers and pipx (#457)

• Docker images for AArch64 (#478)

• Added the ability to ignore parts of a file when running reuse lint. Simply
  add REUSE-IgnoreStart and REUSE-IgnoreEnd as comments and all lines
  between the two will be ignored by the next run of reuse lint. (#463)

• Meson subprojects are now ignored
  by default. (#496)

• More file types are recognised:

  • sbt build files (.sbt)
  • Vimscript files (.vim)

• Added --skip-existing flag to addheader in order to skip files that
  already contain SPDX information. This may be useful for only adding SPDX
  information to newly created files. (#480)

• Added --recursive flag to addheader. (#469)

• Preserve shebang for more script files:

  • V-Lang (#432)

• Ignore all SPDX files with their typical formats and extensions. (#494)

• Add support for merging copyright lines based on copyright statement,
  transforming multiple lines with a single year into a single line with a
  range. (#328)

Changed

• Use setuptools instead of the deprecated distutils which will be removed
  with Python 3.12. (#451)

• addheader --explicit-license renamed to --force-dot-license. (#476)

• Dockerfiles for reuse-tool are now in a separate subdirectory docker. (#499)

• Updated SPDX license list to 3.17. (#513)

• The copyright detection mechanism now silently accepts the following strings:
  Copyright(c) and Copyright(C). (#440)

Deprecated

• Deprecated --explicit-license in favour of --force-dot-license.
  --explicit-license will remain useable (although undocumented) for the
  foreseeable future. (#476)

Removed

• JsxCommentStyle in favor of using CCommentStyle directly (see section
  Fixed). (#406)

Fixed

• Better support for unary "+" operator in license identifiers. For example, if
  Apache-1.0+ appears as a declared license, it should not be identified as
  missing, bad, or unused if LICENSES/Apache-1.0.txt exists. It is, however,
  identified separately as a used license. (#123)

• When addheader creates a .license file, that file now has a newline at the
  end. (#477)

• Cleaned up internal string manipulation. (#477)

• JSX (.jxs and .tsx) actually uses C comment syntax as JSX blocks never
  stand at the beginning of the file where the licensing info needs to go.
  (#406)

v0.14.0

Happy holidays! This is mainly a maintenance release fixing some subcommands and
adding loads of supported file types and file names. However, you can also enjoy
the supported-licenses subcommand and the --quiet flag for linting as well
as better suggestions for license identifiers. Thanks to everyone who
contributed!

Added

• supported-licenses command that lists all licenses supported by REUSE (#401)

• --quiet switch to the lint command (#402)

• Better suggestions for faulty SPDX license identifiers in download and
  init (#416)

• Python 3.10 support declared

• More file types are recognised:

  • Apache FreeMarker Template Language (.ftl)
  • AsciiDoc (.adoc, .asc, .asciidoc)
  • Bibliography (.csl)
  • C++ (.cc and .hh)
  • GraphQL (.graphql)
  • Handlebars (.hbs)
  • Markdown-linter config (.mdlrc)
  • MS Office (.doc, .xls, .pptx and many more)
  • Nimble (.nim.cfg, .nimble)
  • Open Document Format (.odt, .ods, .fodp and many more)
  • Perl plain old documentation (.pod)
  • Portable document format (.pdf)
  • Protobuf files (.proto)
  • Soy templates (.soy)
  • SuperCollider (.sc, .scsyndef)
  • Turtle/RDF (.ttl)
  • V-Lang (.v, .vsh)
  • Vue.js (.vue)

• More file names are recognised:

  • Doxygen (Doxyfile)
  • ESLint (.eslintignore and .eslintrc)
  • Meson options file (meson_options.txt)
  • NPM ignore (.npmignore)
  • Podman container files (Containerfile)
  • SuperCollider (archive.sctxar)
  • Yarn package manager (.yarn.lock and .yarnrc)

Changed

• Updated SPDX license list to 3.15

Fixed

• Fix Extensible Stylesheet Language (.xsl) to use HTML comment syntax

• Allow creating .license file for write-protected files (#347) (#418)

• Do not break XML files special first line (#378)

• Make download subcommand work correctly outside of project root and with
  --root (#430)