MIT is an invalid SPDX license identifier?

I have dependency-review setup to deny a whole slew of licenses:

```
fail-on-severity: high
comment-summary-in-pr: never
warn-only: true
license-check: true
deny-licenses: 
  - Abstyles
  - AdaCore-doc
  - Adobe-2006
  - Adobe-Glyph
  - Adobe-Utopia
  -  ......
```

It's failing to recognize MIT as a valid SPDX license identifier:

`  
 Warning: 
  The validity of the licenses of the dependencies below could not be determined. Ensure that they are valid SPDX licenses:
  .github/workflows/dependency-check.yml » actions/checkout@4.*.* – License: MIT
  Error: Dependency review could not detect the validity of all licenses.
`

This doesn't seem right.  MIT is very common, not on the deny list, on the complete [list](https://spdx.org/licenses/) and this is a github action it's failing on.  Additionally, why is it failing the job for this?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

MIT is an invalid SPDX license identifier? #742

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

MIT is an invalid SPDX license identifier? #742

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions