Force location to package.json, ignore node_modules, when installing dependencies (!24) · Merge requests · GitLab.org / security-products / analyzers / retire.js

Fabien Catteau requested to merge 13827-fix-location-node_modules into master Jan 07, 2020

What does this MR do?

Force vulnerability location to package.json when reported location is node_modules, and dependencies have been installed during the scan by running npm install or yarn install. This fixes broken links to missing node_modules directory in GitLab UI.
Add a QA job for this, using the new node_modules branch of the tests/js-npm project
Upgrade common library
Fix indentation of GitLab CI file

The analyze function communicates with the convert function using an environment variable because convert must match the ConvertFunc type defined in the common library, so it's not possible to pass extra arguments.

What are the relevant issue numbers?

gitlab-org/gitlab#13827 (closed)

Does this MR meet the acceptance criteria?

Changelog entry added
[-] Documentation created/updated for GitLab EE, if necessary
[-] Documentation created/updated for this project, if necessary
[-] Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
[-] Job definition updated, if necessary
[-] Conforms to the code review guidelines
[-] Conforms to the Go guidelines
[-] Security reports checked/validated by reviewer

Edited Jan 09, 2020 by Fabien Catteau

Force location to package.json, ignore node_modules, when installing dependencies

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports