Update nuget lockfile parsing to remove Project nodes
What does this MR do?
This MR updates the way nuget dependencies are handled by removing all nodes of type Project
from the list of packages and dependencies. This ensures that the dependency graph is consistent with the list of packages.
Project
nodes are extracted in the following way:
- All project nodes are excluded from the list of packages.
- Transitive dependencies which are children of a project now become
Direct
and their version range gets updated to use what was resolved rather than requested by project.
In order to manage removal of nodes more efficiently, the parsing is switched to use a simple graph.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau