What happened?
`org.codehaus.sonar:sonar-packaging-maven-plugin:1.13` is LGPL-3.0, an ASF Category X license, and cannot ship in an Apache binary distribution. It is pulled in transitively by the direct dependency `io.github.redouane59.twitter:twittered:2.21` (declared in `amber/build.sbt` and `common/workflow-operator/build.sbt`).
How to reproduce?
```
sbt 'WorkflowExecutionService/dependencyTree' | grep -B2 sonar-packaging-maven-plugin
```
Output shows:
```
+-io.github.redouane59.twitter:twittered:2.21
| +-org.codehaus.sonar:sonar-packaging-maven-plugin:1.13
```
Version
1.1.0-incubating (Pre-release/Master)
Commit Hash (Optional)
ef66364
Proposed fix
Either:
- Replace `twittered` with a library that does not drag in Sonar; or
- Add an `ExclusionRule(organization = "org.codehaus.sonar")` to the `twittered` dependency declaration in `amber/build.sbt` and `common/workflow-operator/build.sbt`.
Was this authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Claude Opus 4.7)
What happened?
`org.codehaus.sonar:sonar-packaging-maven-plugin:1.13` is LGPL-3.0, an ASF Category X license, and cannot ship in an Apache binary distribution. It is pulled in transitively by the direct dependency `io.github.redouane59.twitter:twittered:2.21` (declared in `amber/build.sbt` and `common/workflow-operator/build.sbt`).
How to reproduce?
```
sbt 'WorkflowExecutionService/dependencyTree' | grep -B2 sonar-packaging-maven-plugin
```
Output shows:
```
+-io.github.redouane59.twitter:twittered:2.21
| +-org.codehaus.sonar:sonar-packaging-maven-plugin:1.13
```
Version
1.1.0-incubating (Pre-release/Master)
Commit Hash (Optional)
ef66364
Proposed fix
Either:
Was this authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Claude Opus 4.7)