Address caniuse-lite CC-BY 4.0 license incompatibility ⚖️

[JamieSlome]

The Dependency Review Action has flagged the usage of caniuse-lite@1.0.30001600 as the license of the dependency is not included in our allow-licenses for the Dependency Review Action (as configured in /.github/workflows).

To address this we need to decide whether this child dependency usage and its license terms has any implication to the usage of Apache-2.0 and how to address the warning raised by the GitHub Action.

Tasks

Beta Give feedback

1. Agree on implication of caniuse-lite child dependency usage
2. Appropriately silence warning by removing dependency or adding to allow-list of Dependency Review

@maoo - really keen to close this one out 👍 🍰

[maoo]

@JamieSlome - sorry I missed today's call, and apologies for going through this again, but are we sure this library is coming from a runtime dependency? Because if not, IMO the easiest fix is to remove development from https://github.com/finos/git-proxy/actions/runs/8572074375/workflow?pr=482#L20

The caniuse-lite dependency comes from browserlist, which is pulled by npm/yarn for build purposes; as such, if you don't want to exclude all devDependencies, you could simply ignore browserlist and caniuse-lite with this syntax: actions/dependency-review-action#423 (comment)

[JamieSlome]

@maoo - no problem at all 👍

I tried removing the development flag from the GitHub Action but the issue was still reported.

I will open a pull request which ignores caniuse-lite using the recommended syntax 🤝