Module requires "giggsey/libphonenumber-for-php" but this package uses Apache 2.0 licenses. This license doesn't compatible with GPLv2 what is a critical issue here.
- Remove "giggsey/libphonenumber-for-php" from module requirements.
- Add to the description of the module that it can use the functionality of the "giggsey/libphonenumber-for-php" package, but the user must install it on their own.
- Make it possible to use the module without "giggsey/libphonenumber-for-php" (extra check conditions to determine whether the package was installed or not)
Closed: works as designed
1.0
Miscellaneous
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
This tag is to be applied to issues where an official security release has been made, but the fix needs to be ported to the development version of the code.
Closed the ticket.
Including a file in the composer.json is NOT committing the library to the Drupal Git Repository service and as such is NOT a violation of the "Policy on 3rd party assets on Drupal.org"