Set version to "unknown" for packages without a version
What does this MR do?
"Invalid" dependencies are removed from the security report's dependencies
list, but not from the dependency graphs causing an invalid iid
reference. This MR brings the skipped dependency back and sets its version to unknown
in order to pass the security report schema validation.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Igor Frenkel