reflex

laipeng/reflex

Fork 0

Commit Graph

Author	SHA1	Message	Date
Eric Brown	30c8a07ba8	Adds dependency review action to verify allowed licensed dependencies (#3306 ) This change will add a new action to scan the dependency's licenses for any that may not be allowed for this project. The pip-licenses command was run to get a dump of all the licenses associated with this repo and put into the allow-licenses list. Normally, you might only want to use deny-licenses list, but for packages like Redis, there is no defined SPDX identifier for it. Note: this list will require future maintenance as dependencies get added that are not already in the allow list. https://spdx.org/licenses/ https://github.com/raimon49/pip-licenses Related to issue #2901 Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>	2024-05-15 11:55:18 -07:00

Author

SHA1

Message

Date

Eric Brown

30c8a07ba8

Adds dependency review action to verify allowed licensed dependencies (#3306 )

This change will add a new action to scan the dependency's licenses
for any that may not be allowed for this project.

The pip-licenses command was run to get a dump of all the licenses
associated with this repo and put into the allow-licenses list.
Normally, you might only want to use deny-licenses list, but for
packages like Redis, there is no defined SPDX identifier for it.

Note: this list will require future maintenance as dependencies get
added that are not already in the allow list.

https://spdx.org/licenses/
https://github.com/raimon49/pip-licenses

Related to issue #2901

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

2024-05-15 11:55:18 -07:00

1 Commits