search

flet-dev / flet

Flet enables developers to easily build realtime web, mobile and desktop apps in Python. No frontend experience required.
https://flet.dev
Apache License 2.0
11.61k stars 455 forks source link

jinja2-ansible-filters listed in poetry.lock - is it actually used in normal usage? #2014

Closed alan-copeland-keysight closed 1 year ago

alan-copeland-keysight commented 1 year ago

Doing a license compliance check and Synopsys detect is flagging jinja2-ansible-filters as a GPL3 dependency. I see it listed in the poetry.lock, but don't see it in actual use.

https://github.com/search?q=repo%3Aflet-dev%2Fflet%20jinja2-ansible-filters&type=code

Is this component actually used by Flet? Or maybe just in the tests?

alan-copeland-keysight commented 1 year ago

This appears to stem from the use of "copier". I have asked a similar question over on the copier discussion group - https://github.com/orgs/copier-org/discussions/1397

FeodorFitsner commented 1 year ago

Yep, copier uses jinja2-ansible-filters directly: https://github.com/copier-org/copier/blob/99bdd11b6890bfb75e1b16cba15e20f64185cb49/pyproject.toml#L36

I'm not a licensing expert, but pretty sure that GPL3 is not compatible with MIT: https://www.quora.com/What-if-I-used-a-MIT-licensed-library-which-has-a-GPL-dependency

alan-copeland-keysight commented 1 year ago

I raised an issue over on the jinja2-ansible-filters gitlab: https://gitlab.com/dreamer-labs/libraries/jinja2-ansible-filters/-/issues/6

FeodorFitsner commented 1 year ago

@alan-copeland-keysight was there anything else found that requires our attention?

alan-copeland-keysight commented 1 year ago

copier also uses pyyaml-include, which appears to be GPL3...

Otherwise it looks good.

Are there reasonable alternatives to copier?

FeodorFitsner commented 1 year ago

https://copier.readthedocs.io/en/stable/comparisons/

FeodorFitsner commented 1 year ago

https://github.com/cookiecutter/cookiecutter would be my #1 alternative.

FeodorFitsner commented 1 year ago

Could you scan https://github.com/cookiecutter/cookiecutter for licensing issues please?

alan-copeland-keysight commented 1 year ago

I'll try to run this tomorrow

alan-copeland-keysight commented 1 year ago

cookiecutter 2.4.0 seems clean, from a permissive licensing standpoint:

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">

Component name | License names -- | -- Click - Python Command Line Utility | BSD 3-clause "New" or "Revised" License Jinja | BSD 3-clause "New" or "Revised" License MarkupSafe | BSD 3-clause "New" or "Revised" License PyYAML | MIT License audreyr/binaryornot | BSD 3-clause "New" or "Revised" License cookiecutter | BSD 3-clause "New" or "Revised" License pip | MIT License psf-requests | Apache License 2.0 py-arrow | Apache License 2.0 py-text-unidecode | Artistic License 1.0 w/clause 8 py3-markdown-it-py | MIT License py3-mdurl | MIT License py3-slugify | MIT License pypi/setuptools | MIT License python-certifi | Mozilla Public License 2.0 python-dateutil | (Apache License 2.0 OR BSD 3-clause "New" or "Revised" License) rich | MIT License types-python-dateutil | Apache License 2.0 urllib3 | MIT License

FeodorFitsner commented 1 year ago

Thank you!

I've already started migration to cookiecutter.

alan-copeland-keysight commented 1 year ago

How soon do you plan on doing a release with this included?

FeodorFitsner commented 1 year ago

Tomorrow.

FeodorFitsner commented 1 year ago

It's been released in Flet 0.12.0.