chore(deps): bump github.com/github/go-spdx/v2 from 2.6.0 to 2.7.0 in the go-deps group

[dependabot]

Bumps the go-deps group with 1 update: github.com/github/go-spdx/v2.

Updates github.com/github/go-spdx/v2 from 2.6.0 to 2.7.0

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

Release v2.7.0

Overview

This release makes one changes:

• new validation function that returns the normalized/deduped list of valid licenses

validate, normalize, and dedup licenses

A new function was added, ValidateAndNormalizeLicensesWithOptions. It is functionally equivalent to ValidateLicensesWithOptions with options:

• FailComplexExpressions - rejects license that includes a conjunctive (e.g. "MIT AND Apache-2.0")
• FailDeprecatedLicenses - rejects deprecated SPDX license identifiers (e.g. "eCos-2.0")
• FailAllLicenseRefs - rejects all SPDX license references (e.g. "LicenseRef-MyLicense")
• FailAllDocumentRefs - rejects all SPDX document references (e.g. "DocumentRef-MyDocument")

ValidateLicensesWithOptions returns a boolean indicating whether all licenses are valid (i.e. true) or one of more are invalid (i.e. false). It also returns a list of any licenses that were invalid.

ValidateAndNormalizeLicensesWithOptions does not return a boolean. It returns 2 lists. The first is the list of normalized valid licenses that have been deduped. The second is a list of of any licenses that were invalid. If the invalid list is empty, then all licenses are valid.

Normalization and Deduping

licenses: `"mit", "apache-2.0"`
normalized: `"MIT", "Apache-2.0"`
licenses: "mit", "MIT", " MIT ", "apache-2.0"

normalized: MIT, Apache-2.0

What's Changed

• add function ValidateAndNormalizeLicensesWithOptions (#149) @​elrayle
• license updates (#146)

Full Changelog: github/go-spdx@v2.6.0...v2.7.0

Commits

• 3c1ca93 Merge pull request #150 from github/v2.7.0-prep
• 9a7907a update version in prep to release 2.7.0
• 810a0d3 Merge pull request #146 from github/auto-update-licenses
• 13a7257 Merge branch 'main' into auto-update-licenses
• dbbda01 Merge pull request #149 from github/elr/normalize
• 74a38f6 no need to test for allValid for ValidateAndNormalize
• 7d11f4c do not dedup invalid licenses as this represents a behavior change
• 7c92c07 fix formatting
• 43cb893 Add ability to get normalized licenses when validating
• 4508074 add function to reconstruct expressions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions