-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Packages being flagged incorrectly with invalid SPDX license definitions #809
Comments
FYI : @febuiles @jonjanego |
Please start with using a current release. The latest is 4.3.4 and you are using v3 which was last updated in January. We have made some recent improvements to license parsing which might help. |
@jonjanego I tried modifying my action to the current release 540 package(s) with incompatible licenses
And so on |
FYI: @jonjanego Just wanted to send in so that this is still on track. Upgrading the version to the latest solved the issue of license parsing as you mentioned. However, all the licenses including the common ones like |
Version In short, remove all SPDX expressions from the config, like this:
Note that if you have packages that use SPDX expressions, this will report them as invalid, as support is not yet implemented (see: #263). In that case you need to downgrade to version |
That explains it @jtomkiew-mng thanks!!, both the methods worked, but currently going ahead with downgrading to |
Hi, We have 4 dependency packages being upgraded which are using extensive Dual licensing. I have recently updated my config file to accommodate the flagged license identifiers as well. Still we are getting "Invalid SPDX license" for all of them.
My dependency review workflow looks like this
My config file has these licenses already allowed:
Additionally, I also checked the license identifiers using license-expression validator but it found no issues with any of the identifiers.
Please provide a prompt reason for the failure as the dependency review workflow is not helping us in resolving this at all.
The text was updated successfully, but these errors were encountered: