breautek
commented
1 year ago I raised an issue on LEGAL for confirmation moving forward, but personally I think it's fine.
Closed erisu closed 1 year ago
breautek
commented
1 year ago I raised an issue on LEGAL for confirmation moving forward, but personally I think it's fine.
codecov-commenter
commented
1 year ago Merging #112 (71ca028) into master (310e0fb) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #112 +/- ##
=======================================
Coverage 91.93% 91.93%
=======================================
Files 1 1
Lines 62 62
=======================================
Hits 57 57
Misses 5 5 :mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
erisu
commented
1 year ago Closing PR without merging. The changes appears to be unnecessary.
We are not copying their sources and not bundling it directly in our releases.
https://infra.apache.org/licensing-howto.html#bundled-vs-non-bundled
breautek
commented
1 year ago Additionally, Apache approved the Blue Oak 1.0.0 license as Cat A: https://github.com/apache/www-site/pull/193
Platforms affected
n/a
Motivation and Context
Add a new license that was introduced by a sub-dependency.
Description
Node module
path-scurrywas introduced by our direct dependency for@npmcli/arborist.This module has a BlueOak-1.0.0 license and is not listed under Apache's Legal: Category A.
arboristuse to be bundled withpacoteand did not have such dependency and license.I dont think it will be a problem, but do we need to request a review from Legal? And if its OK should they update their website to include this license for future reference?
Testing
n/a
Checklist
(platform)if this change only applies to one platform (e.g.(android))