You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Various licenses are getting skipped and not reported because those licenses are missing in the list that helps in extracting licenses from the License URL. These licenses are excluded because the extractLicenseFromLicenseUrl function checks the _licenseUrlOverrides list in the util.js file for regular expression matches. Currently, this list does not include any entries for the below licenses.
LGPL-2.1
MPL-2.0
MPL-1.1
EPL-2.0
EPL-1.0
EDL-1.0
CDDL1.1 or GPL-2.0-with-classpath-exception
Below are the few components where we found this issue -
Affected Component 1
Component: ch.qos.logback/logback-classic
Version: 1.5.11
Details: Declared License is marked as LGPL2.1 where we have LGPL2.1 and EPL in the manifest.summary.
Affected Component 2
Component: com.sun.xml.bind/jaxb-impl
Version: 2.3.5
Details: Declared License is NOASSERTION as the license in manifest.summary is EDL.
Steps to Reproduce
Utilize the extractLicenseFromLicenseUrl function to check for licenses in the mentioned above components.
Observe that the EPL is not identified due to missing entries in the _licenseUrlOverrides list and returns null which causes declared license to miss eclipse related licenses
Proposed Solution
Include a regular expression for detecting the licenses mentioned above in the _licenseUrlOverrides list within the util.js file to ensure correct license extraction.
Additional Information - Below are the license details for missing licenses
"name": [
"Eclipse Distribution License - v 1.0"
],
"url": [
"http://www.eclipse.org/org/documents/edl-v10.php"
]
}
"name": [
"Eclipse Public License - v 1.0"
],
"url": [
"http://www.eclipse.org/legal/epl-v10.html"
]
}
The text was updated successfully, but these errors were encountered:
Issue Description
Various licenses are getting skipped and not reported because those licenses are missing in the list that helps in extracting licenses from the License URL. These licenses are excluded because the
extractLicenseFromLicenseUrl
function checks the_licenseUrlOverrides
list in theutil.js
file for regular expression matches. Currently, this list does not include any entries for the below licenses.Below are the few components where we found this issue -
Affected Component 1
ch.qos.logback/logback-classic
1.5.11
Affected Component 2
com.sun.xml.bind/jaxb-impl
2.3.5
Steps to Reproduce
extractLicenseFromLicenseUrl
function to check for licenses in the mentioned above components._licenseUrlOverrides
list and returns null which causes declared license to miss eclipse related licensesProposed Solution
Include a regular expression for detecting the licenses mentioned above in the
_licenseUrlOverrides
list within theutil.js
file to ensure correct license extraction.Additional Information - Below are the license details for missing licenses
The text was updated successfully, but these errors were encountered: