Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🌐 Web query:
Are AGPL-3.0-only, AGPL-3.0-or-later, SSPL-1.0, EUPL-1.1, EUPL-1.2, CPAL-1.0, and Watcom-1.0 valid SPDX license identifiers?💡 Result:
Yes—each of these is a valid SPDX License List short identifier:
AGPL-3.0-only(spdx.org)AGPL-3.0-or-later(spdx.org)SSPL-1.0(spdx.org)EUPL-1.1(spdx.org)EUPL-1.2(spdx.org)CPAL-1.0(spdx.org)Watcom-1.0(spdx.org)Citations:
🌐 Web query:
GitHub actions dependency-review-action v4 deny-licenses configuration syntax💡 Result:
In
actions/dependency-review-action@v4,deny-licensestakes SPDX license identifiers/expressions and is mutually exclusive withallow-licenses(setting both errors).deny-licensesis deprecated in v4 (may be removed in the next major version). [1] [2]Inline (workflow
with:)deny-licensesis passed as a comma-separated string: [1]External config file (
config-file:)In
dependency-review-config.yml, use a YAML list (same idea asallow-licensesshown in the README): [1]Consider migrating away from the deprecated
deny-licensesparameter.All SPDX license identifiers are valid and the comma-separated format is correct for
dependency-review-action@v4. However,deny-licensesis deprecated in v4 and may be removed in the next major version. Check the action's documentation for recommended alternatives or migration guidance before the deprecation period ends.🤖 Prompt for AI Agents