Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
[x] I added tests for this PR's change (or explained in the PR description why tests don't make sense).
[x] If this PR introduced a user-visible change, I added documentation into docs/.
[x] If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
[x] If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
[x] If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
[x] If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.
Overview
Fixes ANE-1737:
Acceptance criteria
Testing plan
I manually tested the repro case in https://fossa.atlassian.net/browse/ANE-1737 and validated it works.
I am relying on tests and Haskell's strong typing to validate nothing breaks.
Risks
I don't think it's very risky.
Metrics
None.
References
Resolves https://fossa.atlassian.net/browse/ANE-1737.
Checklist
docs/
.docs/README.ms
and gave consideration to how discoverable or not my documentation is.Changelog.md
. If this PR did not mark a release, I added my changes into an# Unreleased
section at the top..fossa.yml
orfossa-deps.{json.yml}
, I updateddocs/references/files/*.schema.json
AND I have updated example files used byfossa init
command. You may also need to update these if you have added/removed new dependency type (e.g.pip
) or analysis target type (e.g.poetry
).docs/references/subcommands/<subcommand>.md
.