winget install --id FOSSA.FOSSA-cliAbout fossa-cli
Fast, portable and reliable dependency analysis for any codebase.
What's new in 3.17.7
What's Changed - [ANE-2523] NuGet: analyze every .csproj in a directory by @zlav in #1712 Full Changelog: v3.17.6...v3.17.7
Version history
| Version | Updated | Notes |
|---|---|---|
| 3.17.7 | Unknown | What's Changed - [ANE-2523] NuGet: analyze every .csproj in a directory by @zlav in #1712 Full Changelog: v3.17.6...v3.17.7 |
| 3.17.6 | Unknown | - Config: paths.only and paths.exclude in .fossa.yml now accept glob patterns. (#1703) - Licensing - Fix two bad GPL matches [No PR] |
| 3.17.5 | Unknown | What's Changed - [ANE-2724] Pass --debug to Ficus when CLI is in debug mode by @nficca in #1706 Full Changelog: v3.17.4...v3.17.5 |
| 3.17.2 | Unknown | What's Changed - [ANE-2877] Support PEP 621 project.dependencies in Poetry 2.x strategy by @zlav in #1683 - [ANE-2908] Swift Package.swift parser improvements by @tjugdev in #1695 - [ANE-2809] Add NuGet Central Package M... |
| 3.17.1 | Unknown | What's Changed - [ANE-2900] Omit unset fields from project edit request body by @nficca in #1688 - [ANE-2655] Expose yarn and npm workspace packages as individual build targets by @jagonalez in #1643 - [ANE-2901] UV: Add... |
| 3.17.0 | Unknown | What's Changed - [ANE-2886] Handle missing version field in uv.lock editable packages by @zlav in #1682 - add a comment about who has access to macos signing stuff by @spatten in #1681 - Gradle: Add additional developmen... |
| 3.16.7 | Unknown | - Cargo: Deal with git-backed cargo locators properly (#1670) |
| 3.16.6 | Unknown | What's Changed - Bump tar crate to 0.4.45 to fix CVE-2026-33055 and CVE-2026-33056 by @spatten in #1679 - [ANE-2795] Fix UTF-8 encoding for ficus output on Windows by @Conor-FOSSA in #1646 Full Changelog: v3.16.5...v3.16... |
| 3.16.5 | Unknown | - PNPM: Fix pnpm v9 lockfile transitive devDependency classification. Dependencies of devDependencies were incorrectly reported as production dependencies in pnpm v9 projects. (#1668) |
| 3.16.4 | Unknown | Mac OS: Resolve an issue with dynamic linking on some Mac OS systems. |
| 3.16.3 | Unknown | - Elixir: Use MIX_ENV=prod for accurate production dependency resolution, with fallback to --only prod for projects lacking config/prod.exs (#1662) - Infrastructure: Add cmdEnvVars field to Command type for setting envir... |
| 3.16.2 | Unknown | - Conda: Make conda analysis work on versions of conda where the --force flag is deprecated for conda env create (#1661) - Bug fix: fail early if the --output flag is combined with --snippet-scan or --x-vendetta flags (#... |
| 3.16.1 | Unknown | - Licensing: Add standalone detection for Solace proprietary licenses (solace-software-2021, solace-non-production-1.0, solace-api-1.1) (#1660) - Licensing: Add support for SPDX tag-value format license declarations |
| 3.16.0 | Unknown | What's Changed - add bun support by @jagonalez in #1648 - Cut release 3.16.0 by @nficca in #1650 Full Changelog: v3.15.9...v3.16.0 |
| 3.15.9 | Unknown | - Improvements for licensing and snippet scanning (#1649) - Licensing: Additional proprietary license detection - Snippet scanning: Support TLS operation with platform native certificate store |
| 3.15.8 | Unknown | What's Changed - Prep for release 3.15.8 by @spatten in #1645 Full Changelog: v3.15.7...v3.15.8 |
| 3.15.7 | Unknown | - PNPM: Fixes an issue where transitive dependencies with peer dependencies weren't detected in lockfile v6. (#1642) |
| 3.15.6 | Unknown | - Docs: Document ALLOW_INVALID_CERTS environment variable for TLS certificate errors (#1639) - Golang: Fix a bug where we did not correctly parse old-style go.mod files with quoted package names (#1636) - Archive uploads... |
| 3.15.5 | Unknown | No notes |
| 3.15.4 | Unknown | - Scala fix: Prefer MiniDependencyTreePlugin over explicit DependencyTreePlugin (#1627). |