Draft: Upgrade to Gemnasium v5 (!149851) · Merge requests · GitLab.org / GitLab

Philip Cunningham requested to merge philipcunningham-bump-dependency-scanning-version-to-version-5 into master Apr 17, 2024

What does this MR do and why?

Updated DS_MAJOR_VERSION from 4 to 5 in Dependency-Scanning.gitlab-ci.yml and Dependency-Scanning.latest.gitlab-ci.yml to align with the latest version of Gemnasium. This is a breaking change and should only be released during a breaking change window.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Manual QA

I tested out this change in this project. Once the v5 image of Dependency Scanning has been published I will link to the successful pipeline.

How to set up and validate locally

Create a new project
Add an example build.gradle file with the following contents:

group 'com.gitlab.security_products'
version '0.0.1'

apply plugin: 'java'

repositories {
    mavenCentral()
}

ext {
    junitVersion = '4.12'
}

dependencies {
    testImplementation "junit:junit:$junitVersion"
    implementation 'io.netty:netty:3.9.1.Final'
    implementation 'org.apache.maven:maven-artifact:3.3.9'
    implementation 'com.fasterxml.jackson.core:jackson-databind:2.9.2'
    implementation 'org.mozilla:rhino:1.7.10'
    implementation 'org.apache.geode:geode-core:1.1.1'
}

Enable dependency scanning by adding a .gitlab-ci.yml file:

include:
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml

Edited Apr 18, 2024 by Philip Cunningham

Draft: Upgrade to Gemnasium v5

What does this MR do and why?

Related Issues

MR acceptance checklist

Manual QA

How to set up and validate locally

Merge request reports