Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

browser-stdout has an invalid license, which transitively makes mocha a problematic dependency #3248

Closed
1 task done
honzajavorek opened this issue Feb 21, 2018 · 4 comments · Fixed by #3258
Closed
1 task done

browser-stdout has an invalid license, which transitively makes mocha a problematic dependency #3248

honzajavorek opened this issue Feb 21, 2018 · 4 comments · Fixed by #3258
Labels
area: browser browser-specific status: accepting prs Mocha can use your help with this one! type: chore generally involving deps, tooling, configuration, etc.

Comments

@honzajavorek
Copy link
Contributor

honzajavorek commented Feb 21, 2018
edited
Loading

Prerequisites

Description

mocha depends on the browser-stdout package, which is problematic, as it does not have proper licensing. It only mentions ICS in the package.json, but that's not satisfactory even by the license itself - see kumavis/browser-stdout#3. The maintainer doesn't seem to be attentive to this problem - kumavis/browser-stdout#4 This transitively makes mocha a problematic dependency as well.

Steps to Reproduce

Inspect the mocha dependency tree for incorrectly licensed packages. Every package should have a license name, full license text, and a copyright notice with a copyright holder.

Expected behavior: [What you expect to happen]

The mocha package depends only on packages with correct licensing.

Actual behavior: [What actually happens]

The browser-stdout package is in the dependency tree as a direct 1st level dependency, and it is not properly licensed. Just license name, but no full license text, no copyright notice with a copyright holder.

Reproduces how often: [What percentage of the time does it reproduce?]

100%

Versions

mocha@5.0.1
@honzajavorek honzajavorek mentioned this issue Feb 21, 2018
Merged
@Bamieh Bamieh added area: browser browser-specific type: chore generally involving deps, tooling, configuration, etc. status: accepting prs Mocha can use your help with this one! labels Feb 22, 2018
@Bamieh
Copy link
Contributor

Bamieh commented Feb 22, 2018

@honzajavorek thanks for raising this issue. I'll follow up on this by friday if no one did until then.

@honzajavorek
Copy link
Contributor Author

@Bamieh Is there a way I can help?

@Bamieh
Copy link
Contributor

Bamieh commented Feb 24, 2018
edited
Loading

@honzajavorek I reached out to Aaron on twitter. Hopefully he will be kind enough to give some time to merge the PR and solve this issue. Let's wait and see!

@kumavis
Copy link

kumavis commented Feb 27, 2018

so sorry 😿
fixed in browser-stdout@1.3.1

honzajavorek added a commit to honzajavorek/mocha that referenced this issue Mar 1, 2018
@honzajavorek
Update to correctly licensed browser-stdout version
b3b34be 
Fixes mochajs#3248. Thanks @Bamieh and @kumavis!
@honzajavorek honzajavorek mentioned this issue Mar 1, 2018
Merged
boneskull pushed a commit that referenced this issue Mar 1, 2018
@honzajavorek @boneskull
Update to correctly licensed browser-stdout version
3537061 
Fixes #3248. Thanks @Bamieh and @kumavis!
@renovate renovate bot mentioned this issue Mar 6, 2018
Merged
This was referenced Mar 6, 2018
Merged
Merged
This was referenced Sep 22, 2018
Closed
Closed
Closed
Open
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Merged
Closed
This was referenced Sep 23, 2018
Closed
Open
Closed
This was referenced Oct 2, 2018
Closed
Closed
Closed
Open
This was referenced Oct 25, 2018
Merged
Merged
Closed
Closed
This was referenced Nov 1, 2018
Merged
Merged
Merged
This was referenced Nov 9, 2018
Merged
Closed
Merged
This was referenced Nov 19, 2018
Closed
Merged
This was referenced Dec 1, 2018
Closed
Merged
Merged
This was referenced Dec 8, 2018
Merged
Closed
Merged
Closed
This was referenced Dec 23, 2018
Closed
Closed
sgilroy pushed a commit to TwineHealth/mocha that referenced this issue Feb 27, 2019
@honzajavorek @boneskull
Update to correctly licensed browser-stdout version
7de6e54 
Fixes mochajs#3248. Thanks @Bamieh and @kumavis!
@snyk-bot snyk-bot mentioned this issue Mar 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: browser browser-specific status: accepting prs Mocha can use your help with this one! type: chore generally involving deps, tooling, configuration, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update to correctly licensed browser-stdout version honzajavorek/mocha
3 participants
@honzajavorek @kumavis @Bamieh