Add license approvals for prawn pdf gems

Michael Beckerrequested to merge
524059-legal-review-of-prawn-licensing-2 into master

What does this MR do and why?

Context

We want to use prawn, prawn-table, and prawn-svg to build out PDF reporting features for our security features.

We previously built a proof of concept, and have decided to move forward implementing the report with prawn1

Before beginning the development work, we need to:2

This MR

This adds the license approvals. It is broken out from the MR where the gems are being added. The docs are a bit vague on what order everything needs to be done. It seems like having the approvals in master first will simplify the rest of the process

References

Screenshots or screen recordings

This MR only adds the dependencies. Below is a screen-recording from the proof of concept provided for context.

Proof of concept demo
demo

We will be building out a version of this report going forward

How to set up and validate locally

  1. You can pull in the gemfile changes in Add `prawn` and `prawn-svg` to Gemfile for PDFs (!184931 - merged)

  2. then with the branch pulled down and the Gemfile updated, run bundle

    bundle

  3. Verify the license check passes

    bundle exec license_finder
     # expected output
 ~/gdk/gitlab$ bundle exec license_finder
 LicenseFinder::Bundler: is active
 LicenseFinder::NPM: is active
 LicenseFinder::Yarn: is active
 LicenseFinder::Pipenv: is active
 
 All dependencies are approved for use

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

related to: #524059 (closed)
Changelog: added

  1. The proof of concept MR builds out a demo using the gems

  2. These steps come from the "Getting an Unknown Licensed Software Approved" and Legal's handbook page on "Using Open Souce Software"

  3. License approval was already obtained here

Edited by Michael Becker

Merge request reports