Closed CalvinRodo closed 3 years ago
We are compliant with MPL 2.0 since we aren't modifying our dependencies we don't have to license under MPL 2.0 and since we aren't distributing an executable we don't have to distribute MPL 2.0 license with it.
This may change if we go on a public Container Registry.
I'm looking to ignore Snyk Warnings through a .snyk file have to wait for a response from Snyk support before I do this.
Analysis is done closing in favour of mitigation issue #354
Snyk has identified some MPL 2.0 Licenses as a vulnerability we need to identify the impact of this licenses in our project.
https://tldrlegal.com/license/mozilla-public-license-2.0-(mpl-2) https://spdx.org/licenses/MPL-2.0.html
Detailed paths
Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/go-sql-driver/mysql@1.5.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/hcl/ast@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/ast@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 › github.com/hashicorp/hcl/json/scanner@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 › github.com/hashicorp/hcl/hcl/scanner@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 › github.com/hashicorp/hcl/hcl/strconv@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 › github.com/hashicorp/hcl/hcl/ast@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 › github.com/hashicorp/hcl/hcl/ast@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 › github.com/hashicorp/hcl/json/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 › github.com/hashicorp/hcl/hcl/ast@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 › github.com/hashicorp/hcl/json/token@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl/hcl/printer@1.0.0 › github.com/hashicorp/hcl/hcl/parser@1.0.0 › github.com/hashicorp/hcl/hcl/scanner@1.0.0 › github.com/hashicorp/hcl/hcl/token@1.0.0 Introduced through: github.com/cds-snc/covid-alert-server@0.0.0 › github.com/spf13/viper@1.7.0 › github.com/hashicorp/hcl@1.0.0 › github.com/hashicorp/hcl/json/parser@1.0.0 › github.com/hashicorp/hcl/json/scanner@1.0.0 › github.com/hashicorp/hcl/json/token@1.0.0