utopia-swagger-ui tainted by MPL-2 #834
Comments
|
Oh snap, good for noticing, I'll hope that it will get fixed in the upstream. Otherwise there is a need to find some sort of alternatives for the support of Swagger UI. |
|
Though master has a version which does not rely on |
|
This solves the issue #828. |
|
Wonderful! Glad to hear that removes the transitive dependency. |
the-kenny
added a commit
to the-kenny/pgrx
that referenced
this issue
Jan 24, 2024
The 'dirs' crate recently started depending on the 'options-ext' crate which uses copyleft license (MPL). This (unnecessary) dependency causes licensing issues for various users by possibly poisoning the dependency tree of their projects[1]. This change replaces the 'dirs' crate with 'home'. The 'home' crate is maintained by the cargo team and offers the same functionality. As a bonus, this change also results in a slightly smaller dependency tree. [1]: - artichoke/artichoke#2564 - pyrossh/rust-embed#231 - juhaku/utoipa#834 - harryfei/which-rs#78
the-kenny
added a commit
to the-kenny/pgrx
that referenced
this issue
Jan 24, 2024
The `dirs` crate recently started depending on the `options-ext` crate which uses copyleft license (MPL). This (unnecessary) dependency causes licensing issues for various users by possibly poisoning the dependency tree of their projects[1]. This change replaces the `dirs` crate with `home`. The `home` crate is maintained by the cargo team and offers the same functionality. As a bonus, this change also results in a slightly smaller dependency tree. [1]: - artichoke/artichoke#2564 - pyrossh/rust-embed#231 - juhaku/utoipa#834 - harryfei/which-rs#78
the-kenny
added a commit
to the-kenny/pgrx
that referenced
this issue
Apr 20, 2024
The `dirs` crate recently started depending on the `options-ext` crate which uses copyleft license (MPL). This (unnecessary) dependency causes licensing issues for various users by possibly poisoning the dependency tree of their projects[1]. This change replaces the `dirs` crate with `home`. The `home` crate is maintained by the cargo team and offers the same functionality. As a bonus, this change also results in a slightly smaller dependency tree. [1]: - artichoke/artichoke#2564 - pyrossh/rust-embed#231 - juhaku/utoipa#834 - harryfei/which-rs#78
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I wanted to raise a note that this crate currently has a transitive dependency on
option-ext. That library is MPL-2, a copyleft license. Theoption-extdependency is brought in viarust-embed>shellexpand>dirs. The maintainer ofdirshas explicitly stated that they added a dependency onoption-extfor the express purpose of tainting the use ofdirswith MPL-2, which thus taints any use ofutopia-swagger-ui. I have filed a ticket with shellexpand to recommend using an alternate dependency such asetcetera, which does not suffer from this tainting issue, and an issue with rust-embed so that they can depend on a non tainted version when available.The text was updated successfully, but these errors were encountered: