Force location to package.json, ignore node_modules, when installing dependencies
What does this MR do?
- Force vulnerability location to
package.json
when reported location isnode_modules
, and dependencies have been installed during the scan by runningnpm install
oryarn install
. This fixes broken links to missingnode_modules
directory in GitLab UI. - Add a QA job for this, using the new
node_modules
branch of the tests/js-npm project - Upgrade
common
library - Fix indentation of GitLab CI file
The analyze
function communicates with the convert
function using an environment variable because convert
must match the ConvertFunc
type defined in the common
library, so it's not possible to pass extra arguments.
What are the relevant issue numbers?
gitlab-org/gitlab#13827 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added - [-] Documentation created/updated for GitLab EE, if necessary
- [-] Documentation created/updated for this project, if necessary
- [-] Documentation reviewed by technical writer or follow-up review issue created
-
Tests added for this feature/bug - [-] Job definition updated, if necessary
- [-] Conforms to the code review guidelines
- [-] Conforms to the Go guidelines
- [-] Security reports checked/validated by reviewer
Edited by Fabien Catteau