Bump github.com/github/go-spdx/v2 from 2.6.0 to 2.7.0

[dependabot]

Bumps github.com/github/go-spdx/v2 from 2.6.0 to 2.7.0.

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

Release v2.7.0

Overview

This release makes one changes:

• new validation function that returns the normalized/deduped list of valid licenses

validate, normalize, and dedup licenses

A new function was added, ValidateAndNormalizeLicensesWithOptions. It is functionally equivalent to ValidateLicensesWithOptions with options:

• FailComplexExpressions - rejects license that includes a conjunctive (e.g. "MIT AND Apache-2.0")
• FailDeprecatedLicenses - rejects deprecated SPDX license identifiers (e.g. "eCos-2.0")
• FailAllLicenseRefs - rejects all SPDX license references (e.g. "LicenseRef-MyLicense")
• FailAllDocumentRefs - rejects all SPDX document references (e.g. "DocumentRef-MyDocument")

ValidateLicensesWithOptions returns a boolean indicating whether all licenses are valid (i.e. true) or one of more are invalid (i.e. false). It also returns a list of any licenses that were invalid.

ValidateAndNormalizeLicensesWithOptions does not return a boolean. It returns 2 lists. The first is the list of normalized valid licenses that have been deduped. The second is a list of of any licenses that were invalid. If the invalid list is empty, then all licenses are valid.

Normalization and Deduping

licenses: `"mit", "apache-2.0"`
normalized: `"MIT", "Apache-2.0"`
licenses: "mit", "MIT", " MIT ", "apache-2.0"

normalized: MIT, Apache-2.0

What's Changed

• add function ValidateAndNormalizeLicensesWithOptions (#149) @​elrayle
• license updates (#146)

Full Changelog: github/go-spdx@v2.6.0...v2.7.0

Commits

• 3c1ca93 Merge pull request #150 from github/v2.7.0-prep
• 9a7907a update version in prep to release 2.7.0
• 810a0d3 Merge pull request #146 from github/auto-update-licenses
• 13a7257 Merge branch 'main' into auto-update-licenses
• dbbda01 Merge pull request #149 from github/elr/normalize
• 74a38f6 no need to test for allValid for ValidateAndNormalize
• 7d11f4c do not dedup invalid licenses as this represents a behavior change
• 7c92c07 fix formatting
• 43cb893 Add ability to get normalized licenses when validating
• 4508074 add function to reconstruct expressions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)