fix(@angular-devkit/build-angular): switch to license-checker-webpack-plugin

[dgp1130]

Fixes #16193, #14095.

This replaces the existing license-webpack-plugin with the new license-checker-webpack-plugin. The former would output multiple 3rdpartylicenses.txt files which would trigger warnings in Webpack. The later does not emit this warning and still appears to log all third party licenses in a reasonable fashion.

The output format is changed, see https://www.diffchecker.com/puCPV7LQ for a more complete before-and-after comparison of a simple example Angular app (with jQuery and Bootstrap installed).

It is worth discussing if we want to go down this route or if we should stick with license-webpack-plugin and attempt to fix it rather than changing the entire dependency.

[alan-agius4]

Out of curiosity can you check if it fixes also #14095

[dgp1130]

@alan-agius4, I tried out on their repro case and I do see open-iconic in the output. I see it as:

--------------------------------------------------------------------------------
open-iconic v1.1.1 - Iconic
git+https://github.com/iconic/open-iconic.git
--------------------------------------------------------------------------------

(MIT License OR SIL OFL 1.1)

The user said they expected to see that repo's FONT-LICENSE and ICON-LICENSE. I don't think those particular files are picked up, as this seems to come from the package.json. I think that would be expected as those two *-LICENSE names are non-standard. If so, we can probably close that issue as well with this PR.

[alan-agius4]

Thanks @dgp1130 for checking the ionic issue. Will update the issue as suggested.

[dgp1130]

Discussed this PR, and we'd rather not change a dependency like this so close to the v9 release.

Decision is to instead suppress the warnings for v9, and then for v9.x we can re-evaluate if we want to try and fix the existing dependency or change to this one.

[dgp1130]

Now is probably a good time to make this happen, I'll revisit and update this PR.

[dgp1130]

Rebased the PR on master and double checked that it still appears to be working as expected. I also added a second commit reverting the log suppression code that is no longer necessary. PTAL.

I believe this can merge to patch as I don't think we make guarantees about the format of the 3rdpartylicenses.txt file. Let me know if this should be considered a breaking change and merged only to master for v10.

[alan-agius4]

The revert commit message should be reworded to

revert: "fix(@angular-devkit/build-angular): suppress duplicate 3rdpartylicenses.txt warning

I think since we are changing the dependency and the output, it's safer to target only master.

[dgp1130]

Fixed the commit message, rebased to master again, and updated the labels to target master only.

[alan-agius4]

LGTM, kindly rebase again as you have conflicts.

[alan-agius4]

Oops, please add this back as this is a direct depedency of build-angular.

[dgp1130]

Done. Any particular reason this is needed but not detected? I'm not sure how yarn decided to remove this.

[alan-agius4]

I am aware of any functionality from yarn to remove dependencies.

[dgp1130]

Hmm, strange. I'm not sure why these got removed/reordered then. I think this happened when I did yarn add, but I'm not too sure as it was some months ago when I first made the PR.

[alan-agius4]

See above.

[dgp1130]

I also rebased onto master.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}