I cloned this repository and used the Eclipse Dash License Tool to vet the dependencies. I had a little trouble getting poetry to generate a list of dependencies (mostly due to a lack of familiarity with the technology), so I just parsed the poetry.lock file (a little inelegant, but it appears to work):
$ awk -F '"' '/^name = / {name=$2} /^version = / {print "pypi/pypi/-/" name "/" $2}' poetry.lock | uniq \
| java -jar org.eclipse.dash.licenses-1.1.1-SNAPSHOT.jar - -review -project technology.csi -token $GITLAB_TOKEN
It identified a number of this project's dependencies that require vetting via the Eclipse IP Due Diligence Process. While I was in here, I created the review records on your behalf. They're in the queue and will be processed by the IP Team in due course.
Please engage regularly in the IP Due Diligence Process.
I cloned this repository and used the Eclipse Dash License Tool to vet the dependencies. I had a little trouble getting
poetryto generate a list of dependencies (mostly due to a lack of familiarity with the technology), so I just parsed thepoetry.lockfile (a little inelegant, but it appears to work):It identified a number of this project's dependencies that require vetting via the Eclipse IP Due Diligence Process. While I was in here, I created the review records on your behalf. They're in the queue and will be processed by the IP Team in due course.
Please engage regularly in the IP Due Diligence Process.