jetstack-secure
jetstack-secure copied to clipboard
jetstack
The dependency chzyer/logex does not have a LICENSE file
One of the transitive dependencies of preflight does not have a license, which means preflight cannot be used in things like the Google Cloud Marketplace (cf. https://github.com/jetstack/jetstack-secure-gcm/issues/47).
https://github.com/jetstack/preflight/blob/2130eb7bf2377e72e3b363e1d391802a56e3117c/go.sum#L188
It seems like the version v1.1.10 does not have a LICENSE file, although there is one on master. An issue has already been filed in 2021, but the author hasn't answered yet. Could we use a specific commit that has the LICENSE file instead of v1.1.10?
(this is a non-blocking issue with regards to jetstack-secure-gcm)
This is a really irritating issue compounded by how hard it is to extract a dependency graph for a go project.
github.com/chzyer/[email protected]
/|\
github.com/google/[email protected]
github.com/google/[email protected]
github.com/google/[email protected]
github.com/google/[email protected]
github.com/google/[email protected]
github.com/google/[email protected]
github.com/google/[email protected]
github.com/google/[email protected]
|
cloud.google.com/[email protected]
cloud.google.com/[email protected]
/|\
github.com/jetstack/[email protected]
cloud.google.com/go/[email protected]
cloud.google.com/go/[email protected]
cloud.google.com/go/[email protected]
github.com/jetstack/[email protected]
|
github.com/jetstack/preflight
So we may not be able to change it, if Google cloud's own libraries are the offender here.
I noticed that logex now has a version with a LICENSE file: https://github.com/chzyer/logex/releases/tag/v1.2.1