Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(build): without non deterministic vendor-LICENSE.txt #6539

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

max-nextcloud
Copy link
Collaborator

@max-nextcloud max-nextcloud commented Oct 17, 2024

The content of vendor.LICENSE.txt is not deterministic.

If two versions of one library are imported
one of them will be picked and listed in the file.

This results in arbitrary changes to the file
which in turn create npm fix audit PRs such as #6534.

See also: https://nextcloud-libraries.github.io/nextcloud-vite-config/interfaces/BaseOptions.html#thirdPartyLicense

@juliusknorr
Copy link
Member

I think we added that on purpose for compliance reasons, but I'm unsure what the current state there is.

activity for example also has this disabled and a separate flag but commented out: https://github.com/nextcloud/activity/blame/master/vite.config.ts#L16-L18

@susnux Any hint there? Is this fine to turn off for now?

@susnux
Copy link
Contributor

susnux commented Oct 17, 2024

It is ok to do so, but instead enabled extractLicenseInformation to keep us compliant.

@juliusknorr
Copy link
Member

@max-nextcloud Can you adjust that?

Copy link
Member

@juliusknorr juliusknorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants