Description
Describe the bug
according to dependency-review-action the license of json-schema-ref-parser is JSON AND LicenseRef-scancode-proprietary-license AND MIT
however looking at the repository I only see MIT, in addition to that when using githubs api and its cli client
gh api repos/APIDevTools/json-schema-ref-parser/license it returns MIT only as well.
so i looked at the source code of dependency-review-action and found this https://github.com/actions/dependency-review-action/blob/v4.5.0/src/licenses.ts#L117 which to my understanding is the same logic as what i did with gh api
To Reproduce
https://github.com/hpi-schul-cloud/schulcloud-server/actions/runs/12887675625?pr=5455
here I updated express-openapi-validator to 5.4.2 some transitive dependency brings json-schema-ref-parser
Expected behavior
A clear and concise description of what you expected to happen.
I'm not quite sure, i guess dependency-review-action should work with MIT since it is what is specified in the repo?
Screenshots
Action version
What version of the action are you using in your workflow?
4.5
see also https://github.com/orgs/community/discussions/149719