Skip to content

fix(deps): Allow LicenseRef-scancode-google-patent-license-golang in dependency review#52

Merged
yunseo-kim merged 1 commit into
mainfrom
fix/allow-google-patent-license-golang
Jun 26, 2026
Merged

fix(deps): Allow LicenseRef-scancode-google-patent-license-golang in dependency review#52
yunseo-kim merged 1 commit into
mainfrom
fix/allow-google-patent-license-golang

Conversation

@yunseo-kim

@yunseo-kim yunseo-kim commented Jun 26, 2026

Copy link
Copy Markdown
Member

Summary

Adds "LicenseRef-scancode-google-patent-license-golang" to the organization-wide dependency-review allow-list.

  • What changed? Added LicenseRef-scancode-google-patent-license-golang to allow-licenses in .github/dependency-review-config.yml.
  • Why is this needed? PR chore(release): Prepare v1.0.0 release actionlint-hardened-action#3 failed dependency-review because golang.org/x/sys@0.42.0 and golang.org/x/term@0.41.0 are licensed as BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang. The Google patent license grant is a permissive patent clause, not a restrictive license, and should not block merges of Go dependencies that are otherwise BSD-3-Clause.

Related Issues

Change Type

  • Bug fix
  • Feature
  • Refactor
  • Documentation
  • Test/CI
  • Breaking change
  • Other

Changelog

  • Category: Fixed
  • User-facing note: Resolved false-positive dependency-review failures for Go dependencies carrying the Google patent license grant.

Changelog update:

  • updated
  • Not needed because this change is not user-facing

Checklist

General

  • PR title follows Conventional Commits format:
  • This PR does not expose backend/internal implementation details in a public repo.
  • No secrets, tokens, keys, or private endpoints are included.
  • Changes stay within this repository's intended scope.

CI/Workflow Changes (if applicable)

N/A - this change only updates the dependency-review configuration file.

Protocol / Compatibility Impact

  • No protocol/spec impact
  • Protocol/spec updated
  • Conformance tests updated
  • Breaking change is versioned and migration notes are included

Testing

  • Unit tests added/updated
  • Integration or conformance tests added/updated
  • Tests pass
  • Lint and format pass
  • Type check passes
  • Manual verification performed

Describe test evidence:

  • Checking formatting...
    All matched files use Prettier code style! passes.
  • Diff reviewed: only two lines added to the allow-list.

Documentation

  • README updated
  • Spec/docs updated
  • Changelog decision completed above

Rollout / Risk

  • Risk level: Low
  • Rollback plan: Revert this PR to restore the previous allow-list.

Reviewer Checklist

  • Scope is clear and minimal
  • Security and boundary checks passed
  • Tests and docs are sufficient
  • Compatibility impact is correctly handled

…dependency review

Signed-off-by: Yunseo Kim <git@yunseo.kim>
@yunseo-kim yunseo-kim merged commit 6f340e1 into main Jun 26, 2026
7 checks passed
@yunseo-kim yunseo-kim deleted the fix/allow-google-patent-license-golang branch June 26, 2026 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant