Remove the dependency_files property from DS schema (!154) · Merge requests · GitLab.org / security-products / Security Report Schemas

Olivier Gonzalez requested to merge remove_dependency_files_property_from_DS into master Mar 26, 2024

What does this MR do?

This removes the dependency_files property from the Dependency Scanning schema according to the changes in gitlab-org/gitlab#439770 (closed).

The content of the dependency_files property has been replaced by the SBoM components in CycloneDX reports and starting with GitLab 17.0 the rails application will no longer process this data.

The MR also re-arrange tests to ensure we properly verify the dependency object has the expected content.

This MR can be merged and a new version of the schema can be released in 16.11. Though, it only should be vendored in the rails application in 17.0 as it aligns with a breaking change. See https://docs.gitlab.com/ee/update/deprecations.html?removal_milestone=17.0#dependency_files-is-deprecated

What are the relevant issue numbers?

gitlab-org/gitlab#439770 (closed)

Checklist

Ensure changes can be built upon without requiring a breaking change, see Building for Extensibility.
Review and add/update tests for this feature/bug.
Add an entry to the CHANGELOG if required, with the appropriate version. See Classifying Changes.
Assign the MR to the appropriate person/people for review.

Edited Mar 28, 2024 by Olivier Gonzalez

Remove the dependency_files property from DS schema

What does this MR do?

What are the relevant issue numbers?

Checklist

Merge request reports