1.12.0

Changed

• Update SPDX database to version 3.25 (2024-08-19).
• Add fallback URL for popular MIT variant.

1.11.0

New

• LicenseeTask exposes jsonOutput and validationOutput properties which are providers of the generated file that you can use to copy elsewhere or bundle into binaries.

Changed

• Invalid SPDX identifiers passed to allow will now throw an exception.
• Update SPDX database to version 3.23 (2024-02-08).

1.10.0

New

• Gradle platform dependencies (also sometimes called BOMs) are now ignored since they only contribute version constraints and no code.

1.9.1

Fixed

• Avoid task name showing up in logs when logging is disabled but unused licenses are present.

1.9.0

Added

• Add configuration option for behavior on unused license. By default we log, but you can now choose to ignore.

  licensee {
    unusedAction(IGNORE)
  }

• New fallback URL for ISC.

Changed

• Update SPDX database to version 3.22 (2023-10-05).

1.8.0

Changed

• Fallback URLs now map to multiple license SPDX IDs where appropriate.
  For example, https://opensource.org/license/gpl-2-0 matches both GPL-2.0 and GPL-2.0-or-later.

• Remove the use of afterEvalute internally. This causes some task names to slightly change and the output folders
  to slightly change when used with the Android Gradle plugin.

• Update SPDX database to version 3.21 (2023-06-18).

• Minimum Gradle version is now 8.0

1.7.0

Added

• When allowing a URL, a reason can now be provided using the because method.

  allowUrl("https://example.com/license.html") {
    because("is Apache-2.0")
  }

• Custom tasks can be created to check custom configurations or language plugins which do not have first-party support.

  tasks.register('licenseeFoo', app.cash.licensee.LicenseeTask) {
    configurationToCheck configurations.foo
    outputDir.set(layout.buildDirectory.dir('reports/licenseeFoo'))
  }

• Version catalog references are now supported by allowDependency.

  allowDependency(libs.exam) {
    because("there are reasons!")
  }

Changed

• License URLs which map to multiple SPDX identifiers will now match against any of those identifiers.

  For example, if a license URL matches both EXAMPLE and EXAMPLE-with-exemption you can mark either of those
  IDs as allowed and the dependency will be allowed.

Fixed

• Support reading Maven pom files which use property substitution (${something}) in their XML.
• Support for Gradle configuration cache.
• LicenseeTask is now cachable.

1.6.0

Added

• Support for Android dynamic feature module plugin.
• New fallback URL for EPL-2.0.

Changed

• Update SPDX database to version 3.18 (2022-08-12).

1.5.0

Changed

• Upgrade AGP dependency to 7.2 which requires JDK 11 to run.

Fixed

• Include Gradle variant attributes when resolving POMs. This should fix issues with Kotlin JS and Kotlin multiplatform artifacts.

1.4.1

Fixed

• Track SPDX database format change which resulted in JSON license URLs being used instead of HTML license URLs.