[BUG] what is the license of json-schema-ref-parser #868
Labels
bug
Something isn't working
Comments
This was referenced Jan 21, 2025
Loki-Afro
added a commit
to hpi-schul-cloud/schulcloud-client
that referenced
this issue
Feb 19, 2025
Loki-Afro
added a commit
to hpi-schul-cloud/schulcloud-client
that referenced
this issue
Feb 19, 2025
* Bump elliptic from 6.5.4 to 6.6.1 Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.4 to 6.6.1. - [Commits](indutny/elliptic@v6.5.4...v6.6.1) --- updated-dependencies: - dependency-name: elliptic dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * allow elliptic due to issue in dependency-review-action: actions/dependency-review-action#868 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Phillip <phillip.wirth@dataport.de>
Loki-Afro
added a commit
to hpi-schul-cloud/superhero-dashboard
that referenced
this issue
Mar 27, 2025
Loki-Afro
added a commit
to hpi-schul-cloud/superhero-dashboard
that referenced
this issue
Mar 27, 2025
Loki-Afro
added a commit
to hpi-schul-cloud/superhero-dashboard
that referenced
this issue
Mar 27, 2025
* Bump postcss from 8.4.21 to 8.5.3 Bumps [postcss](https://github.com/postcss/postcss) from 8.4.21 to 8.5.3. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.21...8.5.3) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * minor security fixes * workaround to allow dependencies see actions/dependency-review-action#868 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Phillip Wirth <phillip.wirth@dataport.de>
dyedwiper
added a commit
to hpi-schul-cloud/schulcloud-server
that referenced
this issue
Apr 17, 2025
includes workaround to allow dependencies see actions/dependency-review-action#868
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
according to dependency-review-action the license of json-schema-ref-parser is
JSON AND LicenseRef-scancode-proprietary-license AND MIThowever looking at the repository I only see MIT, in addition to that when using githubs api and its cli client
gh api repos/APIDevTools/json-schema-ref-parser/licenseit returns MIT only as well.so i looked at the source code of dependency-review-action and found this https://github.com/actions/dependency-review-action/blob/v4.5.0/src/licenses.ts#L117 which to my understanding is the same logic as what i did with
gh apiTo Reproduce
https://github.com/hpi-schul-cloud/schulcloud-server/actions/runs/12887675625?pr=5455
here I updated
express-openapi-validatorto 5.4.2 some transitive dependency bringsjson-schema-ref-parserExpected behavior
A clear and concise description of what you expected to happen.
I'm not quite sure, i guess dependency-review-action should work with MIT since it is what is specified in the repo?
Screenshots
Action version
What version of the action are you using in your workflow?
4.5
see also https://github.com/orgs/community/discussions/149719
The text was updated successfully, but these errors were encountered: