Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unlicensed indirect dependency #4520

Closed
3 of 4 tasks
matthiasr opened this issue Jan 5, 2024 · 2 comments · Fixed by #4521
Closed
3 of 4 tasks

Unlicensed indirect dependency #4520

matthiasr opened this issue Jan 5, 2024 · 2 comments · Fixed by #4521
Assignees
@caarlos0
Labels
bug Something isn't working
Milestone
v1.24.0

Comments

@matthiasr
Copy link

What happened?

The dependency sasha-s/go-csync, an indirect dependency via disgo, introduced in #3320, does not have an open source license. A repository being public is not enough.

This unfortunately means that it cannot be used in open source projects such as this one. Upstream issues: sasha-s/go-csync#4, disgoorg/disgo#329.

How can we reproduce this?

N/A

goreleaser version

1.11.0 and later

GoReleaser Check

  • goreleaser check shows no errors

Search

  • I did search for other open and closed issues before opening this

Supporter

Code of Conduct

  • I agree to follow this project's Code of Conduct

Additional context

FOSSA flags this:

This package contains unlicensed code, which by default is copyrighted to the original author. You may not use these dependencies without first obtaining a license.
@matthiasr matthiasr added bug Something isn't working triage Issue pending triage by one of the maintainers labels Jan 5, 2024
@caarlos0
Copy link
Member

caarlos0 commented Jan 5, 2024

ouch, thanks for bringing this to my attention!

I'll subscribe to the upstream issue, if they don't solve it I'll probably end up replacing disgo with something else, as we only use the post feature...

@caarlos0 caarlos0 removed the triage Issue pending triage by one of the maintainers label Jan 5, 2024
@caarlos0 caarlos0 added this to the v1.24.0 milestone Jan 5, 2024
caarlos0 added a commit that referenced this issue Jan 5, 2024
@caarlos0
fix: remove disgo dependency
be7b89e 
closes #4520
@caarlos0 caarlos0 mentioned this issue Jan 5, 2024
Merged
@caarlos0
Copy link
Member

caarlos0 commented Jan 5, 2024

actually it was pretty easy to remove the dep entirely #4521

caarlos0 added a commit that referenced this issue Jan 5, 2024
@caarlos0
fix: remove disgo dependency (#4521)
2ab840b 
closes #4520

it was easy enough to remove it :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caarlos0 caarlos0

Labels
bug Something isn't working
Projects
None yet
Milestone
v1.24.0
Development

Successfully merging a pull request may close this issue.

fix: remove disgo dependency goreleaser/goreleaser
2 participants
@matthiasr @caarlos0