Urgent Bug: github.com/frankban/quicktest references LGPL license

Question

Urgent Bug: github.com/frankban/quicktest references LGPL license

Spiderman5000 opened this issue 2 years ago · 2 comments

Spiderman5000 commented 2 years ago

Summary

IBM License Checker found a violation in frankban/quicktest referencing LGPL license.

Details

I don't see any reference to quicktest in the cast code.
Can this module be removed from go.sum?
This is needed ASAP in order for IBM to continue using this module

Thanks!

Answer 1 · 2023-03-02T16:31:37.000Z

[ibmuser]$ go mod why -m github.com/frankban/quicktest
# github.com/frankban/quicktest
github.ibm.com/...
github.com/spf13/cast
github.com/spf13/cast.test
github.com/frankban/quicktest

Answer 2 · 2023-03-03T01:07:10.000Z

@Spiderman5000 quicktwst is only used in test code, it will never end up in any compiled binaries that uses cast as a library.

Go modules does not have a concept of dev dependencies, so they show up in these scans.

This is essentially a false positive check, because it's incorrect to use go.sum for checks like this.