Update NOTICE.txt #2163
Update NOTICE.txt #2163
Conversation
- Add new dependencies (jsc-android, moment-timezone, react-native-calendars, react-native-drawer-layout, react-navigation, rn-placeholder) - Remove no-longer-used dependencies (react-native-drawer, react-native-fast-image) - Update dependency with new name (TinyColor->tinycolor2) - Update homepage and project owner info for all dependencies - Add SPDX open-source license IDs - Alphabetize dependency list so future update diffs will be smaller
jasonblais
added
the
4: Reviews Complete
NOTICE.txt
Outdated
|
|
||
| ## commonmark | ||
|
|
||
| This product contains 'commonmark' by John MacFarlane. |
There was a problem hiding this comment.
a modified version of 'commonmark'
There was a problem hiding this comment.
I'm happy to update the automation to distinguish "a modified version of..." from the unmodified upstream, where possible.
Would it be sufficient to look at the package.json version constraint, and if we find a version like "github:xxxx", where xxxx is not the official upstream repo, then we say it's "modified"?
There was a problem hiding this comment.
done, the PR is now updated with "a modified version of..." as discussed above.
|
|
||
| --- | ||
|
|
||
| lib/normalize-reference.js is a slightly modified version of |
There was a problem hiding this comment.
I don't seem to find this one
There was a problem hiding this comment.
This is part of the commonmark.js LICENSE file which we include verbatim:
https://github.com/commonmark/commonmark.js/blob/master/LICENSE
It's a little awkward that upstream LICENSEs can inject confusing --- markers. Not sure what to do about this.
There was a problem hiding this comment.
not sure either, @hmhealey any thoughts?
There was a problem hiding this comment.
I'm not sure what the typical process for including upstream licenses would be. It's a bit awkward in cases, like this, but I don't think it should cause any problems outside of being a bit confusing.
There was a problem hiding this comment.
Thanks Harrison (good to hear from you btw! :) ). From a technical point of view, it would be most efficient just to include the SPDX license identifier (for known open-source licenses), rather than pasting in the full text. But, this NOTICE is connected to legal compliance requirements, so it probably makes sense to err on the side of caution. I'm still in the process of researching expert opinions on this.
|
|
||
| --- | ||
|
|
||
| lib/from-code-point.js is derived from a polyfill |
There was a problem hiding this comment.
same as above, this is just part of the commonmark.js LICENSE file
|
|
||
| bench/samples/*.md: | ||
|
|
||
| With the exception of `bench/samples/README.md`, the samples in |
There was a problem hiding this comment.
are these dependencies of the dependencies?
There was a problem hiding this comment.
same as above, this is just part of the commonmark.js LICENSE file
NOTICE.txt
Outdated
|
|
||
| ## commonmark-react-renderer | ||
|
|
||
| This product contains 'commonmark-react-renderer' by Espen Hovlandsdal. |
There was a problem hiding this comment.
a modified version of 'commonmark-react-renderer'
NOTICE.txt
Outdated
|
|
||
| This product contains 'tinycolor', a small, fast library for color manipulation and conversion in JavaScript. It allows many forms of input, while providing color conversions and other color utility functions | ||
| This product contains 'react-native-image-gallery' by Archriss. |
There was a problem hiding this comment.
a modified version of 'react-native-image-gallery'
NOTICE.txt
Outdated
| ## react-native-fast-image | ||
| ## react-native-notifications | ||
|
|
||
| This product contains 'react-native-notifications' by Lidan Hifi. |
There was a problem hiding this comment.
a modified version of 'react-native-notifications'
NOTICE.txt
Outdated
| ## react-native-safe-area | ||
| ## react-native-youtube | ||
|
|
||
| This product contains 'react-native-youtube' by Param Aggarwal. |
There was a problem hiding this comment.
a modified version of 'react-native-youtube'
NOTICE.txt
Outdated
|
|
||
| ## react-native-permissions | ||
| This product contains 'rn-fetch-blob' by Joltup. |
There was a problem hiding this comment.
a modified version of 'rn-fetch-blob'
NOTICE.txt
Outdated
| ## react-native-tableview | ||
| ## rn-placeholder | ||
|
|
||
| This product contains 'rn-placeholder' by Marvin FRACHET. |
There was a problem hiding this comment.
a modified version of 'rn-placeholder'
enahum
added
Awaiting Submitter Action
… modified by Mattermost This is determined by looking at the requested version string in package.json. If the requested version is of the form "github:.../...(#...)", where the GitHub repo is something other than the official upstream repo (as given in the NPM registry entry), then we flag the dependency as being "a modified version".
jasonblais
added
2: Dev Review
lindy65
added
Tests/Not Needed
Summary
Update NOTICE.txt with latest open-source license info
Additional Notes
This follows the recent NOTICE.txt update to
mattermost-server, PR here: mattermost/mattermost#9433The only difference is that this is an NPM-based project, so the dependency manifest is created by listing the "dependencies" section of all
package.jsonfiles.Linebreak/whitespace changes in this PR are to match the original LICENSE files supplied with each dependency. This is a one-time change that will make future automated updates smaller.