You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My main issue with the large dependency list is not concern over the size of the binary, but that in my organization I have to get the open source licenses reviewed and approved for all transitive dependencies. GPL/LGPL are problematic.
Starting from go.mod:
github.com/kataras/iris/v12 v12.0.1 is BSD-3-Clause
depends on github.com/flosch/[email protected], MIT licensed
My main issue with the large dependency list is not concern over the size of the binary, but that in my organization I have to get the open source licenses reviewed and approved for all transitive dependencies. GPL/LGPL are problematic.
Starting from
go.mod
:github.com/kataras/iris/v12 v12.0.1
is BSD-3-Clausegithub.aaakk.us.kg/flosch/[email protected]
, MIT licensedgithub.aaakk.us.kg/juju/[email protected]
github.com/juju/[email protected]
github.com/juju/[email protected]
Those are the only 3 LGPLv3 licensed libraries in the entire graph. The rest are all generally permissive licenses (MIT, BSD, Apache, etc).
As a workaround, I added this to my
go.mod
to excludev12.0.1
of Iris:This forces Go to use a newer version instead,
v12.1.0
, which thankfully does not pull in the Juju depednencies.Originally posted by @peplin in #156 (comment)
The text was updated successfully, but these errors were encountered: