Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
These flags are being superseded by fossa release-group commands, but for backwards compatibility they should still work with analyze. They do not, even though we document them as existing.
Acceptance criteria
These flags work again.
The CLI prints the deprecation message in when either option is used.
Testing plan
git checkout fix-analyze
Shows the help message for release group options of fossa analyze
cabal run fossa -- analyze -h
Fossa analyze with release group options. This will show a warning message when the release group options are used
[x] I added tests for this PR's change (or explained in the PR description why tests don't make sense).
[x] If this PR introduced a user-visible change, I added documentation into docs/.
[x] If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
[x] If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
[x] If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
[x] If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.
Previously I hid the help messages for the release group options. I made them visible again and added a deprecation message. Let me know if this is sufficient or if I should keep them hidden.
Overview
These flags are being superseded by fossa release-group commands, but for backwards compatibility they should still work with analyze. They do not, even though we document them as existing.
Acceptance criteria
These flags work again.
The CLI prints the deprecation message in when either option is used.
Testing plan
git checkout fix-analyze
Shows the help message for release group options of
fossa analyze
cabal run fossa -- analyze -h
Fossa analyze with release group options. This will show a warning message when the release group options are used
cabal run fossa -- analyze --debug --release-group-name <name> --release-group-release <release> /path/
Risks
Metrics
References
Example:
Checklist
docs/
.docs/README.ms
and gave consideration to how discoverable or not my documentation is.Changelog.md
. If this PR did not mark a release, I added my changes into an# Unreleased
section at the top..fossa.yml
orfossa-deps.{json.yml}
, I updateddocs/references/files/*.schema.json
AND I have updated example files used byfossa init
command. You may also need to update these if you have added/removed new dependency type (e.g.pip
) or analysis target type (e.g.poetry
).docs/references/subcommands/<subcommand>.md
.