Skip to content

Fix for issues/533 (dual licensed dependency with one license on whitelist and the other on blacklist) #670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
slawekjaranowski merged 10 commits into from
Dec 7, 2025
Merged

Fix for issues/533 (dual licensed dependency with one license on whitelist and the other on blacklist) #670

slawekjaranowski merged 10 commits into from
Dec 7, 2025

Conversation

@wuwu2000
Copy link
Contributor

@wuwu2000 wuwu2000 commented Oct 8, 2025

See #533

If a project dependency has multiple licences I can choose the licence I want to use. So only 1 of the licences must be included in the whitelist.

@wuwu2000
Copy link
Contributor Author

wuwu2000 commented Oct 16, 2025

Hey @slawekjaranowski is something off with my pull request?

@slachiewicz slachiewicz requested a review from Copilot October 19, 2025 10:56
Copilot AI reviewed Oct 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes issue #533 by modifying the license validation logic to properly handle dual-licensed dependencies. When a dependency has multiple licenses, the new logic treats it as compliant if at least one of its licenses is whitelisted, even if another license appears on the blacklist.

Key Changes:

  • Refactored the checkForbiddenLicenses() method to store unsafe licenses in a LicenseMap instead of a Set<String>, enabling project-level tracking
  • Extracted duplicate whitelist checking logic into a new isDependencyWhitelisted() helper method
  • Added comprehensive test coverage for various license validation scenarios including dual-licensed dependencies

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.

File Description
AbstractAddThirdPartyMojo.java Refactored license checking logic to handle dual-licensed dependencies by tracking projects per license and validating each project individually against whitelist
AbstractAddThirdPartyMojoTest.java Added comprehensive test suite covering whitelist/blacklist scenarios, including edge cases for dual-licensed dependencies
pom.xml Added Mockito 5.20.0 test dependency to support the new test cases

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@wuwu2000
Copy link
Contributor Author

wuwu2000 commented Oct 20, 2025

thank you @slawekjaranowski for checking my pull request. I changed Britsh English licence to American English license in both files and downgraded mockito from 5 to 4 to be jdk 8 compatible.
Then I ran mvn --errors --batch-mode --show-version -D"invoker.streamLogsOnFailures" -P run-its verify with different JDKs to verify it's working, hopefully that way I verified all checks in advance

@wuwu2000
Copy link
Contributor Author

wuwu2000 commented Oct 31, 2025

Hello @slawekjaranowski
Do you plan to accept the pr? Is there something I can do for you? :)

@slawekjaranowski
Copy link
Member

slawekjaranowski commented Dec 1, 2025

Hello @slawekjaranowski Do you plan to accept the pr? Is there something I can do for you? :)

I will try to look 😄

@slawekjaranowski
Copy link
Member

slawekjaranowski commented Dec 1, 2025

merged with current master in order to run build

@slawekjaranowski slawekjaranowski linked an issue Dec 1, 2025 that may be closed by this pull request
fail because of forbidden licenses on dual licensed dependency with one license on whitelist and the other on blacklist #533
Closed
@slawekjaranowski slawekjaranowski merged commit d8cb983 into mojohaus:master Dec 7, 2025
17 checks passed
@github-actions github-actions bot added this to the 2.8.0 milestone Dec 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@slawekjaranowski slawekjaranowski

Labels

enhancement

Projects

None yet

Milestone

2.8.0

Development

Successfully merging this pull request may close these issues.

fail because of forbidden licenses on dual licensed dependency with one license on whitelist and the other on blacklist

2 participants

@wuwu2000 @slawekjaranowski