The dependency chzyer/logex does not have a LICENSE file
maelvls opened this issue · comments
One of the transitive dependencies of preflight does not have a license, which means preflight cannot be used in things like the Google Cloud Marketplace (cf. jetstack/jetstack-secure-gcm#47).
https://github.com/jetstack/preflight/blob/2130eb7bf2377e72e3b363e1d391802a56e3117c/go.sum#L188
It seems like the version v1.1.10 does not have a LICENSE file, although there is one on master. An issue has already been filed in 2021, but the author hasn't answered yet. Could we use a specific commit that has the LICENSE file instead of v1.1.10?
(this is a non-blocking issue with regards to jetstack-secure-gcm)
This is a really irritating issue compounded by how hard it is to extract a dependency graph for a go project.
github.com/chzyer/logex@v1.1.10
/|\
github.com/google/pprof@v0.0.0-20200430221834-fc25d7d30c6d
github.com/google/pprof@v0.0.0-20200708004538-1a94d8640e99
github.com/google/pprof@v0.0.0-20201023163331-3e6fc7fc9c4c
github.com/google/pprof@v0.0.0-20201117184057-ae444373da19
github.com/google/pprof@v0.0.0-20200212024743-f11f1df84d12
github.com/google/pprof@v0.0.0-20191218002539-d4f498aebedc
github.com/google/pprof@v0.0.0-20200229191704-1ebb73c60ed3
github.com/google/pprof@v0.0.0-20200430221834-fc25d7d30c6d
|
cloud.google.com/go@v0.57.0
cloud.google.com/go@v0.57.0
/|\
github.com/jetstack/version-checker@v0.2.2-0.20201118163251-4bab9ef088ef
cloud.google.com/go/bigquery@v1.8.0
cloud.google.com/go/storage@v1.8.0
cloud.google.com/go/storage@v1.10.0
github.com/jetstack/version-checker@v0.2.2-0.20201118163251-4bab9ef088ef
|
github.com/jetstack/preflight
So we may not be able to change it, if Google cloud's own libraries are the offender here.
Any update on when we can fix this?
I noticed that logex now has a version with a LICENSE file: https://github.com/chzyer/logex/releases/tag/v1.2.1