-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update SPDX Expression Parsing #719
Open
febuiles
wants to merge
7
commits into
main
Choose a base branch
from
change-spdx-parser
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
+713
−298
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mrysav
reviewed
Mar 22, 2024
mrysav
reviewed
Mar 22, 2024
elireisman
reviewed
Mar 27, 2024
elireisman
reviewed
Mar 27, 2024
|
||
expect(spdx.satisfies(license, expr)).toBe(false) | ||
}) | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😍
elireisman
reviewed
Mar 27, 2024
Couple questions, but this is looking good so far, thanks! 🍻 |
…w spdx pkg - TODO: update tests
elireisman
force-pushed
the
change-spdx-parser
branch
from
June 6, 2024 06:40
319f6dd
to
d981d0a
Compare
elireisman
force-pushed
the
change-spdx-parser
branch
from
June 6, 2024 20:41
d981d0a
to
22b3072
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #263
Closes #670
Closes #575
Closes #635
Context
Since we introduced SPDX licenses around 2022, we've had issues dealing with SPDX expression validations due to the library we use for checking whether one expression satisfies another one.
Folks reached out to the maintainer in 2022 to fix some of these changes, but set a clear direction that does not fit our purposes anymore. The
@onebeyond/spdx-license-satisfies
is a fork of the original project, created by people who encountered the same issues as us.Changes
This PR moves the Action away from
spdx-satisfies.js
and uses@onebeyond/spdx-license-satisfies
instead to check whether an SPDX license satisfies an expression or not: TheMIT
license satisfies the expressionMIT OR GPL-2.0
, but it does not satisfyMIT AND GPL-2.0
.In the process of making these changes I:
spdx.ts
.spdx.ts
noting the things we still need to support.tsconfig.json
to fix a duplicate entry in the compiler options.