Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

dependency: add clone to baseline #12467

Merged
merged 1 commit into from
Apr 27, 2023
Merged

dependency: add clone to baseline #12467

merged 1 commit into from
Apr 27, 2023

Conversation

vince-fugnitto
Copy link
Member

What it does

The pull-request adds clone (MIT) to our baseline in order to detect actual dependency updates in pull-requests.
The IP check is under review, and clone@2.1.2 has been added to the framework a while ago.

How to test

  • confirm that the "3PP License Check" job passes

Review checklist

Reminder for reviewers

@vince-fugnitto vince-fugnitto added the dependencies pull requests that update a dependency file label Apr 27, 2023
@marcdumais-work
Copy link
Contributor

@vince-fugnitto I think this dependency used to pass the dash-licenses but maybe the clearlydefined score changed, and now it doesn't any more?

@marcdumais-work
Copy link
Contributor

I checked clone's repo and found no indication that this package is under any license other than MIT. I noticed the clearlydefined score is only 53, which probably explains why dash-licenses did not trust it. However, I do not think this score means much. TL;DR: I think this is a false positive. Until the IP ticket is approved, I agree we should add it to the baseline.

@marcdumais-work
Copy link
Contributor

repo: https://github.com/pvorb/clone

marcdumais-work
marcdumais-work approved these changes Apr 27, 2023
View reviewed changes
Copy link
Contributor

@marcdumais-work marcdumais-work left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks Vince! I left a small comment for your consideration (optional).

@vince-fugnitto
dependency: add clone to baseline
a023027 
Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
@vince-fugnitto vince-fugnitto merged commit 5bccaf2 into master Apr 27, 2023
@vince-fugnitto vince-fugnitto deleted the vf/baseline-clone branch April 27, 2023 15:23
@github-actions github-actions bot added this to the 1.37.0 milestone Apr 27, 2023
jonah-iden pushed a commit to jonah-iden/theia that referenced this pull request May 2, 2023
@vince-fugnitto @jonah-iden
dependency: add clone to baseline (eclipse-theia#12467)
ae07bf3 
The commit adds `clone@2.1.2` to our baseline to make the "3PP License Check" job pass, and better represent actual problems with dependencies in future pull-requests.

Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
This was referenced Nov 27, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Nov 28, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Dec 21, 2023
Open
Open
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@marcdumais-work marcdumais-work marcdumais-work approved these changes

Assignees
No one assigned
Labels
dependencies pull requests that update a dependency file
Projects
PR Backlog
Archived in project
Milestone
1.37.0
Development

Successfully merging this pull request may close these issues.
2 participants
@vince-fugnitto @marcdumais-work