Output unresolved dependency list in gemnasium-gradle-plugin
Problem to solve
After Silenced errors in gemnasium-gradle-plugin was completed, it changed the gemnasium-gradle-plugin so that when unresolved dependencies exist, it outputs an error Project has unresolved dependencies and the process fails with an exception.
This is an improvement over the previous behaviour of the gemnasium-gradle-plugin, however, users are now requesting that instead of just outputting the Project has unresolved dependencies error, it would be helpful to know which dependencies are unresolved (see here and here).
The purpose of this issue is to update the gemnasium-gradle-plugin so that it outputs the following error message when there are unresolved dependencies (using fluff and fuzz as examples):
Project has 2 unresolved dependencies: fluff:invalid:1.0.10, fuzz:broken:2.1.20Implementation Plan
-
Update the walk function of the gemnasium-gradle-plugin to output a list of unresolved dependencies in the GradleExceptionif the project has unresolved dependencies.gitlab-org/security-products/analyzers/gemnasium-gradle-plugin!16 (merged)
-
Add unit tests for the above behaviour. gitlab-org/security-products/analyzers/gemnasium-gradle-plugin!16 (merged)
-
Add manual test to https://gitlab.com/gitlab-org/security-products/tests/java-gradle test project to demonstrate the new behaviour. https://gitlab.com/adamcohen/348716-java-gradle/-/jobs/1981131349
-
Bump version of the gemnasium-gradle-pluginand publish this new version. -
Update gemnasium-maven to use the new version of the gemnasium-gradle-pluginpublished in step5.above.
Intended users
User experience goal
Users will receive better feedback when gemnasium-maven fails due to unresolved dependencies
What does success look like, and how can we measure that?
When a project has unresolved dependencies, the following error message will be output:
Project has 2 unresolved dependencies: fluff:invalid:1.0.10, fuzz:broken:2.1.20