Draft: Format nuget package manager in Dependency List
What does this MR do?
Update the Dependency List formatter in order to properly format the nuget package type.
This was not covered by #225219 (closed) even thought NuGet support has already been deployed.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Merge request reports
Activity
changed milestone to %13.3
@adamcohen I just remembered about this missing bit. Could you finish the work? I'm sure the specs need to be updated as well. cc @gonzoyumo
removed workflowproduction label
-
@gonzoyumo I'm not sure how to frame this. It's a ~bug since we've already deployed the feature, but we can also say it's not yet a bug since the feature has not been shipped. I lean towards the latter, in which case we should reopen the issue until this is completed. cc @adamcohen
mentioned in issue #225219 (closed)
changed milestone to %13.4
added missed-deliverable missed:13.3 labels
-
@adamcohen @gonzoyumo It looks like this MR was in limbo. Since we shipped NuGet support for Dependency Scanning without fixing the way the
nugetpackage manager is presented in the dependency list, I'll reassign to myself, and create a ~bug issue for this. assigned to @fcatteau and unassigned @adamcohen
added sectionsec label
changed milestone to %13.5
added missed:13.4 label
changed milestone to %13.6
added missed:13.5 label
changed milestone to %13.7
added missed:13.6 label
changed milestone to %13.8
added missed:13.7 label
changed milestone to %13.9
added missed:13.8 label
@fcatteau do we have any spec for that piece of code?
-
@gonzoyumo Yes, specs for this are in /ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb. cc @brytannia
@fcatteau this test https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/spec/lib/gitlab/ci/parsers/security/formatters/dependency_list_spec.rb#L106 should be updated to test new change
-
@gonzoyumo I keep skipping this one because:
- it's marked as a draft, and I exclude draft MRs because there are too many of them
- it's not attached to any open issue at this point, since the feature was shipped long ago
- I've got a TODO when you pinged me, but then I got many TODOs when I was OOO, and I'm still late going through them.
I recommend we open a ~bug issue about package managers not being properly displayed in the dependency list, and maybe there are other package managers impacted by this - to be checked. In any case, having a ~bug issue will ensure this draft MR don't get ignored.
Edited by Fabien Catteau
changed milestone to %13.10
added missed:13.9 label
changed milestone to %13.11
added missed:13.10 label
changed milestone to %13.12
changed milestone to %14.0
added missed:13.12 label
changed milestone to %14.1
added missed:14.0 label
changed milestone to %14.2
added missed:14.1 label
changed milestone to %14.3
added missed:14.2 label
mentioned in issue #338252 (closed)
-
NuGet isn't the only package manager that's missing. Also, this MR doesn't update the constant defined in the
DependencyListServiceand used in the Dependencies API.All this will be addressed in #339015 (closed) and #339012 (closed).
Closing this.
