Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deny-licenses blocking with OR statement #692

Closed
alima-workato opened this issue Feb 14, 2024 · 1 comment
Closed

deny-licenses blocking with OR statement #692

alima-workato opened this issue Feb 14, 2024 · 1 comment

Comments

@alima-workato
Copy link

Hello team,

We have the following action setup:

Run actions/dependency-review-action@v3
  with:
    fail-on-severity: high
    fail-on-scopes: runtime
    deny-licenses: GPL-2.0
    comment-summary-in-pr: on-failure

And the following license is triggering the deny action:

  The following dependencies have incompatible licenses:
  Gemfile.lock » diff-lcs@1.5.1 – License: MIT OR (Artistic-2.0 OR GPL-2.0-or-later)
  Error: Dependency review detected incompatible licenses.

Given the case of a dependency under multiple licenses with the OR statement, if one of them is denied and the others are not explicitly denied/allowed, shouldn't this pass be valid?

Thank you!
@febuiles
Copy link
Contributor

@alima-workato Thanks for the report. This is not the behavior we want, but it's not unexpected either. We need to fix one of our dependencies before we can get those conditionals working. PRs are welcome for #670, or you can follow that issue to get updates when this is fixed.

Closing as duplicate of #670.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@febuiles @alima-workato