New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mypy has invalid SPDX license definitions #16228
Comments
It does not change the license itself, only its idenfier in `setup.py`, so external tools can read it better. Full list: https://spdx.org/licenses/ Closes #16228
It does not change the license itself, only its identifier in `setup.py`, so external tools can read it better. Full list: https://spdx.org/licenses/ Closes #16228
@ilevkivskyi was the intent of the fix to remove the tools ability to identify the license? |
Can you please be more specific? What happened? What did you try? What did you expect to happen? |
The same status check provided by github "dependency-review-action" ran, now instead of not being able to figure out which license applies to |
The screenshot says that you used Can you please try the main branch? |
that is weird I did use the |
This still does not look correct to me, Line 11 in 72605dc
|
This is my lock file ( [[package]]
name = "mypy"
version = "1.7.0+dev.2e52e98fd2873775a58616c097e93c96f58fc991"
description = "Optional static typing for Python"
optional = false
python-versions = ">=3.8"
files = []
develop = false
[package.dependencies]
mypy_extensions = ">=1.0.0"
typing_extensions = ">=4.1.0"
[package.extras]
dmypy = ["psutil (>=4.0)"]
install-types = ["pip"]
mypyc = ["setuptools (>=50)"]
reports = ["lxml"]
[package.source]
type = "git"
url = "https://github.com/python/mypy.git"
reference = "master"
resolved_reference = "2e52e98fd2873775a58616c097e93c96f58fc991" |
Bug Report
We are unable to leverage the "dependency-review-action" tooling provided by GitHub to determine if
mypy
meets our license needs.To Reproduce
Run dependabot and the dependency check functionality.
Expected Behavior
The mypy license to be defined in a SPDX compatible manner so it is easier to prove to management/it security that the licenses are not an issue to use.
Actual Behavior
The dependency_review Action is unable to determine how mypy is licensed.
Your Environment
mypy.ini
(and other config files): N/AThe text was updated successfully, but these errors were encountered: