Add maven packages bound by Xamarin NuGet packages#28822
Closed
jonpryor wants to merge 1 commit intoclearlydefined:masterfrom
Closed
Add maven packages bound by Xamarin NuGet packages#28822jonpryor wants to merge 1 commit intoclearlydefined:masterfrom
jonpryor wants to merge 1 commit intoclearlydefined:masterfrom
Conversation
[Component Governance][cgdocs] is a Microsoft internal DevOps tool which scans code to find all dependencies, and issues reports if dependencies have legal or security issues. Component Governance has created multiple alerts concerning packages used by [xamarin/AndroidX][xamarin-bindings], some due to missing license information, and some due to *incorrect* license information. For example, `com.google.mlkit:barcode-scanning` 17.3.0 is detected as having an APSL-1.0 license, and `com.android.billingclient:billing` 7.1.1 is detected as GPL-2.0. Neither of these is correct. Component Governance uses clearlydefined/curated-data as it's backend "source of truth" regarding license information. Fix my issues by updating curated-data to have the correct license information for these packages. [cgdocs]: https://aka.ms/cgdocs [xamarin-bindings]: https://github.com/xamarin/AndroidX/
Member
|
Thank you for contribution! Since there are 242 file changes 👀 this will take a while to review. 😄 If you can, in the future, please break these into smaller PRs so it is easier for them to be reviewed. |
Member
|
ClearlyDefined supports LicenseRef now so this PR will need a lot of updates. I was only able to review 110 files and of those 20 needed updating (before the LicenseRef support). Please update and resubmit into smaller PRs so we can review these quicker. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Component Governance is a Microsoft internal DevOps tool which scans code to find all dependencies, and issues reports if dependencies have legal or security issues. Component Governance has created multiple alerts concerning packages used by xamarin/AndroidX, some due to missing license information, and some due to incorrect license information. For example,
com.google.mlkit:barcode-scanning17.3.0 is detected as having an APSL-1.0 license, andcom.android.billingclient:billing7.1.1 is detected as GPL-2.0. Neither of these is correct.Component Governance uses clearlydefined/curated-data as it's backend "source of truth" regarding license information.
Fix my issues by updating curated-data to have the correct license information for these packages.