Fix self-edge errors
What does this MR do?
Prevent panic: simple: adding self edge [recovered] errors when parsing DOT graphs (Sbt), and when creating the dependency graph used to generate the report (yarn, and possibly others).
- Change
sbtparser to skip self-edges when parsing DOT exports generated by thedependencyDottask. - Change
convert.NewGraphto skip self-edges.- See failing job before the change: https://gitlab.com/fcatteau/si_jrscol/-/jobs/1939057037#L37
- See successful job after the change: https://gitlab.com/fcatteau/si_jrscol/-/jobs/1939515579
In both cases, this is needed because the graph struct being used is a simple.DirectedGraph, and this type of graph doesn't support self-edges.
Self-edges can be safely ignored because they can't be used to explain why a vulnerable dependency is part of the dependency chain.
What are the relevant issue numbers?
gitlab-org/gitlab#333254 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau