Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Transitive license is not valid since [email protected] has no license text #172

Open
m-niedermaier opened this issue Dec 8, 2020 · 1 comment

Comments

@m-niedermaier
Copy link

m-niedermaier commented Dec 8, 2020

I'm submitting a ... (check one with "x")

[ x ] bug report => Search github for a similar issue or PR before submitting
[ ] feature request
[ ] support request => Sorry, we will not be able to answer every support request.  Please consider other venues for support requests

Current behavior
transitive dependency to @swimlane/[email protected] to [email protected] to [email protected]
And problem is, that the [email protected] has no license text

Reproduction of the problem

npm install -g @cyclonedx/bom
cyclonedx-bom  -o bom.xml

check the [email protected] in the bom.xml.

What is the motivation / use case for changing the behavior?
We cant use the library, when there is no valid license text at any transitive dependency

Please tell us about your environment:
We use cyclonedx to generte the bom.xml where the license text is missing:
https://www.npmjs.com/package/@cyclonedx/bom

  • ngx-dnd version: 8.2.0
  • Angular version: 11

Sugestion

@florianrusch
Copy link

florianrusch commented Dec 8, 2020

Sorry for the misunderstanding, we (m-niedermaier and I) don't pull the license text via cyclondx. We just need a version of custom-event for which a license file or text is provided somewhere (e.g. as LICENSE file in the repository). For the version 1.0.0 was non provided, but for the 1.0.1 it is.

So what we need is an upgrade of the custom-event lib to the 1.0.1. The crossvent lib already have a release where it uses the [email protected], it's the 1.5.5. So in @swimlane/dragula a dependency upgrade to [email protected] is needed.

Overview over the dependency tree:

@swimlane/[email protected]
├─┬ @swimlane/[email protected]
│ ├─┬ [email protected]
│ │ ├── [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│   └── [email protected]
├── @types/[email protected]
└── [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants