deny-licenses mistakenly blocking LGPL-3.0 license

[logan-porelle]

Summary:

When I list LGPL-2.0,LGPLLR as my deny-license list and have PyGitHub==2.1.1 as a third party in my requirements.txt file then the dependency-review action blocks the pull request as a incompatible issue. The problem is that PyGitHub is a LGPL-3.0, not LGPL-2.0 license.

Replicate:

1. Have dependency-review-action setup like below:

name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read
  pull-requests: write

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v3.1.4
        with:
          comment-summary-in-pr: true
          deny-licenses: LGPL-2.0,LGPLLR

2. Open a pull request with a requirements.txt listing PyGithub==2.1.1
3. Check PR dependency-review-action failure.

Sample Output:

[juxtin]

Hi @logan-porelle, I've been trying to reproduce this and I haven't been able to so far. Is it still something that you're running into?

Disregard, I had a syntax error in my config. I can reproduce this now 👍