Replace broken eastwood Clojure fixture with clj-http

[spatten]

Overview

Analysis.Clojure.eastwood has been failing on master because the pinned eastwood Release-1.0.0 tarball ships a secondary project.clj under .circleci/nvd/ whose OWASP dependency-check transitive deps are no longer resolvable from Maven Central / Clojars. Newer eastwood tags ship even more nested example projects, so bumping the tag doesn't help.

This PR replaces the eastwood fixture with clj-http 3.13.1, which has a single project.clj at the root and depends only on widely-mirrored Apache HttpComponents and commons artifacts.

Acceptance criteria

Analysis.Clojure.clj-http and Analysis.Clojure.ring pass in the Integration Tests workflow.

Testing plan

CI integration-tests run on this branch goes green for the Clojure tests.

Risks

The dependency-count assertion (DependencyResultsSummary) is currently a placeholder; needs to be updated with the real numbers reported by CI before this is ready to merge.

References

Supersedes #1709.

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense). This is a test-fixture replacement; the integration test it repairs is the test.
• If this PR introduced a user-visible change, I added documentation into docs/. Not user-visible.
• If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
• If this change is externally visible, I updated Changelog.md. Not externally visible.
• If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command.
• If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

[zlav]

Thanks!

[coderabbitai]

Walkthrough

This PR updates FOSSA CLI to version 3.17.6 and modifies the Clojure analysis test suite. The changelog documents a fix for two incorrect GPL license matches. The integration test file replaces the eastwood Leiningen test fixture with a new clj-http fixture, including fixture definition and corresponding test dependency summary updates to reflect the new test artifact.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main change: replacing the eastwood fixture with clj-http in the Clojure test suite.
Description check	✅ Passed	The PR description comprehensively covers all template sections with concrete details about the problem, solution, testing plan, and known risks.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@integration-test/Analysis/ClojureSpec.hs`:
- Line 43: The DependencyResultsSummary values in the test assertion (the line
calling testSuiteDepResultSummary NonStrict cljHttp LeiningenProjectType
(DependencyResultsSummary 71 27 44 1 Complete)) are placeholders that must match
CI; run the Integration Tests workflow, confirm the dependency counts CI reports
for DependencyResultsSummary (total, direct, edges, manifests), and update the
tuple in that test assertion to the exact CI numbers if they differ, then re-run
the Integration Tests to ensure the workflow passes before merging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1172019a-2d27-48eb-8aba-2e080279589c

📥 Commits

Reviewing files that changed from the base of the PR and between ae690f8 and c0caea7.

📒 Files selected for processing (2)

• Changelog.md
• integration-test/Analysis/ClojureSpec.hs