Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] elliptic is reported with an OFL-1.1 license. #862

Open
BAcanLL opened this issue Jan 15, 2025 · 0 comments
Open

[BUG] elliptic is reported with an OFL-1.1 license. #862

BAcanLL opened this issue Jan 15, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@BAcanLL
Copy link

BAcanLL commented Jan 15, 2025

Describe the bug
The most recent version of the elliptic package is reported as having a license of MIT AND OFL-1.1. But I'm not sure where the Open Font License is coming from.

Licenses
  
  The following dependencies have incompatible licenses:
  pnpm-lock.yaml » [email protected] – License: MIT AND OFL-1.1

Their repo shows an MIT license, and NPM correctly identifies it as having an MIT license. This could be an error on the side of elliptic's maintainers, but I can't find where this license would be coming from on their end.

To Reproduce
Steps to reproduce the behavior:

  1. Run the action on a repo with elliptic version 6.6.1.
  2. See the unexpected package value.

Expected behavior
The dependency review actions reports the license as MIT.

Screenshots
N/A

Action version
4.3.3

Note: if you're not running the latest release please try that first!

Examples
N/A

Additional context
N/A
@BAcanLL BAcanLL added the bug Something isn't working label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BAcanLL