Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Iris v12.0.1 brings in LGPL-licensed packages to module graph #297

Closed
rhcarvalho opened this issue Nov 13, 2020 · 1 comment · Fixed by #296
Closed

Iris v12.0.1 brings in LGPL-licensed packages to module graph #297

rhcarvalho opened this issue Nov 13, 2020 · 1 comment · Fixed by #296

Comments

@rhcarvalho
Copy link
Contributor

My main issue with the large dependency list is not concern over the size of the binary, but that in my organization I have to get the open source licenses reviewed and approved for all transitive dependencies. GPL/LGPL are problematic.

Starting from go.mod:

Those are the only 3 LGPLv3 licensed libraries in the entire graph. The rest are all generally permissive licenses (MIT, BSD, Apache, etc).

As a workaround, I added this to my go.mod to exclude v12.0.1 of Iris:

+exclude (
+       github.com/kataras/iris/v12 v12.0.1
+)

This forces Go to use a newer version instead, v12.1.0, which thankfully does not pull in the Juju depednencies.

Originally posted by @peplin in #156 (comment)

@peplin
Copy link

peplin commented Nov 13, 2020

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants