Investigate flora-sql-parser deep dependency

FOSSA found a possible licensing error in a deep dependency. Here's a list of the libraries, starting at the problematic leaf and working up.

flora-sql-parser, version 0.9.4

our package-lock | npm package page | github project | LICENSE (GPLv2)

This package was previously MIT licensed (at version 0.8.1), but that is too old to satisfy the winnow requirements.

winnow, version 2.3.0

our package-lock | npm package page | github project | LICENSE (Apache 2.0)

Apache 2.0 is a fine license -- no issue from this package directly. However, it depends on flora-sql-parser: ^0.9.3, which is likely not compatible with its own Apache 2.0 license claim. The winnow project appears to have addressed this issue in PR 209, first available in version 2.4.0

featureserver, version 3.2.0 / 3.5.0

3.2.0

our package-lock | npm package page | github project | LICENSE (Apache 2.0)

3.5.0

our package-lock | npm package page | github project | LICENSE (Apache 2.0)

These packages depend on winnow: ^2.2.2. That means that the fixed version of winnow (2.4.0) is compatible with the version requirements of these packages. Should be able to force the use of the newer winnow version to resolve the licensing problem.

And more...

I didn't analyze dependencies any further than this, since it looked like it was solvable from the featureserver level.