Overview

Delivers ANE-2299

The problem is happening when we scan a Package.swift file with a path dependency that has a name specified:

// swift-tools-version:5.5

import PackageDescription

let package = Package(
        name: "QueryCpuData",
        platforms: [
            .macOS(.v10_15)
        ],
        products: [
            .executable(name: "query-cpu-data", targets: ["QueryCpuData"])
        ],
        dependencies: [
            .package(name: "influxdb-client-swift", path: "../.."),
            .package(url: "https://github.com/apple/swift-argument-parser", from: "1.1.2")
        ],
        targets: [
            .executableTarget(name: "QueryCpuData", dependencies: [
                .product(name: "InfluxDBSwiftApis", package: "influxdb-client-swift"),
                .product(name: "ArgumentParser", package: "swift-argument-parser"),
            ])
        ]
)

The name option was introduced in SwiftPM 5.2: https://developer.apple.com/documentation/packagedescription/package/dependency/package(name:path:)

This PR adds the ability to parse path dependencies with names.

Acceptance criteria

• We can parse path dependencies with names

Testing plan

git clone https://github.com/influxdata/influxdb-client-swift.git 
cd influxdb-client-swift/Examples/QueryCpuData/ 
fossa analyze --output

That analysis will fail on master but should pass using this branch. It won't find the path dependencies, but it won't fail to analyze.

Edit Package.swift and remove the name field from the path dependency. Analyze again. It should still work.

Risks

This seems low risk.

Metrics

References

ANE-2299

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense).
• If this PR introduced a user-visible change, I added documentation into docs/.
• If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
• If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
• If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
• If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.