Black Duck is reporting policy violation issue (GPL) against Jakarta Annotations API which is part of Spring Boot Starter package. Please upgrade the same to the long term recommended version.
Comment From: bclozel
I don't understand.
Can you share more about this report? What's the exact message? Which policy is violated? What's the exact artifact coordinates here?
Comment From: paranjayBhanot
The summary I get via Black Duck is as follows: Policies Violated: License Policy (GPL) Dependency: Jakarta Annotations API 2.1.1 Licenses: Eclipse Public License 2.0 GNU General Public License v2.0 w/Classpath exception Long term recommended upgrade: 62
When I looked into dependency tree then Jakarta Annotations API was pointing to spring boot starter package. So if the recommended upgrade is done for the transitive dependency, then this policy violation can be handled.
Comment From: bclozel
jakarta-annotations-api is licensed under EPL 2.0 and GPL with classpath exception as far as I can tell. If you have a problem with this report I think you should reach out for help with the vendor. If you have a problem interpreting those licenses I would suggest requesting legal support.
jakarta.annotation:jakarta.annotation-api:2.1.1 is the latest version available so I don't see to which version we're supposed to upgrade to fix this warning. I'm closing this issue as there's nothing actionable on our side.