Continue parsing if unmet peer dependencies
What does this MR do?
This is a fix for bug that causes parsing failure if unmet peer dependencies met for npm project.
When an npm package-lock.json contains unmet peer dependencies, the license scanning fails for that file, but the license-scanning job "succeeds".
When there are unmet peer dependencies, the LicenseFinder gem attempts to continue: https://github.com/pivotal/LicenseFinder/blob/master/lib/license_finder/package_managers/npm.rb#L39
The license-finder image monkey patches this class. It ignores the error and returns an empty hash here: https://gitlab.com/gitlab-org/security-products/analyzers/license-finder/-/blob/main/lib/license/finder/ext/npm.rb#L37
In this MR we continue parsing the package file if code 1
for unmet peer dependencies is met, same as in the LicenseFinder gem.
What are the relevant issue numbers?
gitlab-org/gitlab#298825 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added - [-] Documentation created/updated for GitLab EE, if necessary
- [-] Documentation created/updated for this project, if necessary
- [-] Documentation reviewed by technical writer or follow-up review issue created
-
Tests added for this feature/bug - [-] Job definition updated, if necessary
-
Job definition example -
CI Templates (to be removed) -
Vendored CI Templates (also in CE) -
Ensure that all of the ENV vars supported are propagated to Docker containers upon docker run
in job definitions
-
-
Conforms to the code review guidelines -
Security reports checked/validated by reviewer