Bump app.cash.licensee from 1.6.0 to 1.7.0

[dependabot]

Bumps app.cash.licensee from 1.6.0 to 1.7.0.

Release notes

Sourced from app.cash.licensee's releases.

1.7.0

Added

• When allowing a URL, a reason can now be provided using the because method.

  allowUrl("https://example.com/license.html") {
    because("is Apache-2.0")
  }

• Custom tasks can be created to check custom configurations or language plugins which do not have first-party support.

  tasks.register('licenseeFoo', app.cash.licensee.LicenseeTask) {
    configurationToCheck configurations.foo
    outputDir.set(layout.buildDirectory.dir('reports/licenseeFoo'))
  }

• Version catalog references are now supported by allowDependency.

  allowDependency(libs.exam) {
    because("there are reasons!")
  }

Changed

• License URLs which map to multiple SPDX identifiers will now match against any of those identifiers.

  For example, if a license URL matches both EXAMPLE and EXAMPLE-with-exemption you can mark either of those IDs as allowed and the dependency will be allowed.

Fixed

• Support reading Maven pom files which use property substitution (${something}) in their XML.
• Support for Gradle configuration cache.
• LicenseeTask is now cachable.

Changelog

Sourced from app.cash.licensee's changelog.

[1.7.0] - 2023-05-05

Added

• When allowing a URL, a reason can now be provided using the because method.

  allowUrl("https://example.com/license.html") {
    because("is Apache-2.0")
  }

• Custom tasks can be created to check custom configurations or language plugins which do not have first-party support.

  tasks.register('licenseeFoo', app.cash.licensee.LicenseeTask) {
    configurationToCheck configurations.foo
    outputDir.set(layout.buildDirectory.dir('reports/licenseeFoo'))
  }

• Version catalog references are now supported by allowDependency.

  allowDependency(libs.exam) {
    because("there are reasons!")
  }

Changed

• License URLs which map to multiple SPDX identifiers will now match against any of those identifiers.

  For example, if a license URL matches both EXAMPLE and EXAMPLE-with-exemption you can mark either of those IDs as allowed and the dependency will be allowed.

Fixed

• Support reading Maven pom files which use property substitution (${something}) in their XML.
• Support for Gradle configuration cache.
• LicenseeTask is now cachable.

Commits

• b02a851 Prepare version 1.7.0
• 8c78ad1 Revert "Add workflow to update license list automatically"
• 713180c Add workflow to update license list automatically
• 0d8c16d Support multiple spdx licenses from the same url (#205)
• 9c95af8 Add version catalog provider support to allowDependency (#203)
• 1206142 Update dependency org.jetbrains.dokka:dokka-gradle-plugin to v1.8.10 (#199)
• f5967a9 Kotlin 1.8.10 (#200)
• 78de589 Migrate to version catalog (#196)
• 7d392da Build only PRs automatically (#195)
• 95cac3f Update dependency com.vanniktech:gradle-maven-publish-plugin to v0.25.2 (#152)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)