Parse development dependencies in Pipfile.lock [gemnasium-python only]
What does this MR do?
This MR adds the ability for the pipenv parser to optionally exclude Pipenv development dependencies at build and parse time. When scanning Pipenv projects, gemnasium-python will only exclude parsed development dependencies if the DS_INCLUDE_DEV_DEPENDENCIES
env variable or --include-dev-deps
flag is set to false
. By default, these settings are true
and all dependencies are reported. At this time the pipenv parser is not registered and the change will not impact reports.
What are the relevant issue numbers?
gitlab-org/gitlab#364585 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau