Open altendky opened 3 weeks ago
@altendky 👋 I wanted to give you an update. We are looking into the license data and process to understand why you are seeing the AND NOASSERTION
. I, or someone else on the team, will give you an update once I've looked at the process that brought this in.
Similar issue here for another dependency: The validity of the licenses of the dependencies below could not be determined. Ensure that they are valid SPDX licenses: pom.xml » org.springframework.data:spring-data-jpa@3.3.3 – License: Apache-2.0 AND NOASSERTION Error: Dependency review could not detect the validity of all licenses.
Describe the bug
When updating to pypi/pywin32-ctypes@0.2.3 from 0.2.2 the license is identified as
BSD-3-Clause AND NOASSERTION
instead ofBSD-3-Clause
. TheNOASSERTION
is causing an unwanted failure.I have looked at the repo (https://github.com/enthought/pywin32-ctypes/compare/v0.2.2..v0.2.3) and I am unclear what is triggering the new
AND NOASSERTION
. I also looked at the wheels on PyPI and did not identify any seemingly relevant changes around the license metadata or file.To Reproduce
https://github.com/Chia-Network/chia-blockchain/pull/18497
https://github.com/Chia-Network/chia-blockchain/actions/runs/10457582039/job/28957737729?pr=18497#step:3:23
##[debug]Filtered Changes: [{"change_type":"added","manifest":"poetry.lock","ecosystem":"pip","name":"pywin32-ctypes","version":"0.2.3","package_url":"pkg:pypi/pywin32-ctypes@0.2.3","license":"BSD-3-Clause AND NOASSERTION","source_repository_url":"https://github.com/enthought/pywin32-ctypes","scope":"runtime","vulnerabilities":[]},{"change_type":"removed","manifest":"poetry.lock","ecosystem":"pip","name":"pywin32-ctypes","version":"0.2.2","package_url":"pkg:pypi/pywin32-ctypes@0.2.2","license":"BSD-3-Clause","source_repository_url":"https://github.com/enthought/pywin32-ctypes","scope":"runtime","vulnerabilities":[]}]
Expected behavior No change to the license is noted and it is accepted.
Screenshots If applicable, add screenshots to help explain your problem.
Action version What version of the action are you using in your workflow?
latest v4