Do not output dependency files in jsonout
What does this MR do?
Dependency files will be removed as of security report schemas version 15-1-0. This MR removes the attribute from the json output generated by the jsonout command. report.DependencyFiles will no longer be available. When included in gemnasium a build error is thrown when the analyzer resolves its report version to the newest (as opposed to v4.1.0 in this project's go.mod).
This is the simplest approach to remove the attribute. Another option is to explicitly change the version of report for this project. However, this requires a few changes to downstream dependency because both this project and report rely on ruleset (v1 vs v2). For completeness see the more extensive MR: Draft: Use v4.4.0 of report module (!52 - closed) • Igor Frenkel
What are the relevant issue numbers?
- Remove the `dependency_files` property from the... (gitlab-org/gitlab#439770 - closed) • Olivier Gonzalez • 17.0 • On track
- Update Gemnasium analyzer to adopt the new secu... (gitlab-org/gitlab#439777 - closed) • Igor Frenkel • 17.0
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Igor Frenkel