License challenge with nodiacritic (GPLv2)

[simaotwx]

Is your feature request related to a problem? Please describe.
The license requirement of GPL-2.0 in the nodiacritic library (see https://github.com/publishpress/PublishPress-Planner/blob/development/composer.lock#L10096) is problematic for WordPress instances where GPL-3.0 components are used since the GPLv2 is not forward-compatible to the GPLv3 unless it is licensed "GPLv2 or later".

Describe the solution you'd like
I'd like this dependency to be either removed, rewritten or relicensed to allow distribution with GPLv3.

Describe alternatives you've considered
The alternative is to not use PublishPress when GPL-3.0 components are used.

Additional context
Using WordPress in a business means that we must comply with license requirements. Using GPL-3.0 components implies licensing everything as GPL-3.0. But that is only possible when "GPLv2 or later" or "GPLv3" is used.

[stevejburge]

OK, thanks for letting us know, @simaotwx

We'll take a look to see what alternatives are feasible and available.

[simaotwx]

Any news on this topic so far? Thank you

[stevejburge]

Hi @simaotwx

Sorry, not yet. I'll be honest and say that I see problem, but with everything on our team's plate, I don't expect a super-quick resolution to this.

[simaotwx]

@stevejburge alright, thank you!

[simaotwx]

This is being used as a dev dependency so if I understand correctly, as long as the GPLv2 dependency does not end up being deployed, it should be fine. It would still be better if the library was GPLv2-or-later or GPLv3 or not used at all as it would prevent the library from being detected by scanners and it would avoid accidental inclusion of it in the final package.