Suppose you have top level Dependency A.
Dependency A is licensed under MIT.
Dependency A packages Dependency B as part of its distribution.
Dependency B is licensed under GPL.
In order to use Dependency A, do you need to agree to the terms of both MIT as well as GPL, or just MIT.
2
The GPL license is written in such a way that you are not allowed to use GPL-licensed code in a product unless the users of the product have the same rights that are granted by applying the GPL license. This is even the case if only a small portion of the complete product is actually licensed under the GPL.
Due to this “infectious” nature of the GPL, if you indirectly/transitively depend on some code that is licensed under the GPL, then you are also required to release your project under a license that is compatible with the GPL.
So, if you want to use Dependency A (MIT licensed), which in turn depends on Dependency B (GPL licensed), then your code must be licensed in a way that is compatible with the terms of the GPL, which essentially means that you have to use an open-source license.
4