Deraen
commented
7 years ago Json-schema-validator 3 is dual licenced with LGPL and Apache license, so updating scjsv to that should help.
Closed kenrestivo-stem closed 7 years ago
Deraen
commented
7 years ago Json-schema-validator 3 is dual licenced with LGPL and Apache license, so updating scjsv to that should help.
Deraen
commented
7 years ago For quickfix, you can exclude metosin/scjsv dependency, ring-swagger only needs it if you require ring.swagger.validator namespace.
Deraen
commented
7 years ago I read the json-schema-validator readme wrong, CURRENT version is dual licensed, some previous versions were LGPL only. Lein-licences just doesn't support multiple licences: https://github.com/technomancy/lein-licenses/issues/4
~/.m2/repository/com/github/fge/json-schema-validator/2.2.6 master*
❯ head -n22 json-schema-validator-2.2.6.pom | tail -n12
<licenses>
<license>
<name>Lesser General Public License, version 3 or greater</name>
<url>http://www.gnu.org/licenses/lgpl.html</url>
<distribution>repo</distribution>
</license>
<license>
<name>Apache Software License, version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0</url>
<distribution>repo</distribution>
</license>
</licenses>I checked all the other packages also, and they are all dual licensed.
kenrestivo-stem
commented
7 years ago Great, thanks.
Also, I was able to do this to avoid the warning:
[yada "1.2.1" :exclusions [github.fge/json-schema-validator]]
We were going to use yada/swagger at work, but can't now, because a search of the transitive depencies shows it depends on ring-swagger, which depends on metosin/scjsv, which depends on json-schema-validator, which is LGPL, and LGPL is not allowed.
Lein tree shows:
It seems, per lein-licenses, like all the fge libraries are LGPL:
You'll probably need to update the license of ring-swagger, so it can disclose that it depends on LGPL software.