Update common to v3.2.1 to fix gotestsum cmd
What does this MR do?
Add junit report for Go tests (gitlab-org/security-products/ci-templates!326 - merged) added gotestsum
to the go test
job, which has resulted in failures in the job output:
=== FAIL: . TestToolExecutionNotifications/testdata/reports/semgrep_js_syntax_error.sarif (unknown)
[WARN] [2022-09-23T17:29:28Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-non-literal-require on /builds/gitlab-com/gl-security/engineering-and-research/gib/reports/theme/static/js/chart.js: `5:` was unexpected
These failures do not cause the go test
job to fail, however, they cause gotestsum
to incorrectly populate the MR test widget with false positive failures.
The root cause of the issue is that gotestsum
is interpreting coloured log output which has been formatted by common/logutil/format.go as a failure, as described here.
This behaviour has been fixed in v3.2.1
of the common
package in Do not color newline in log messages (common!163 - merged).
This MR makes the following changes:
-
Updates
common
fromv3.0.1
tov3.2.1
to fix this issue and remove false-positives from the MR test widget. -
Updates
command
fromv1.6.0
tov1.9.1
, because this is necessary to remove references tocommon/v2
and switch tocommon/v3
. -
Updates
report
fromv3.10.0
tov3.14.0
. -
Adds a new
scan.analyzer
field to reports with the following details:"scan": { "analyzer": { "id": "gosec", "name": "Gosec", "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gosec", "vendor": { "name": "GitLab" }, "version": "3.5.6" }, "..." }
-
Updates all the expectations to include the new
scan.analyzer
field. -
Updates tracking calculator from
2.2.5
to2.2.6
in order to support the newscan.analyzer
field.
What are the relevant issue numbers?
Fix coloured log output in logutil package of s... (gitlab-org/gitlab#375625 - closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
/label Category:SAST backend devopssecure sectionsec groupcomposition analysis typemaintenance maintenancepipelines