Add package dependencies cleanup migration
What does this MR do?
When adding the support of NPM dependencies (see !20549 (merged)), different type of dependencies were added. One of them was deprecated
.
It turns out, deprecated
is not a type of dependency but a flag on the described npm package (see #198645 (closed)). The code (rails side) supporting this type has been removed (see !23745 (merged)). This MR is part two of the solution: make sure that no dependencies exists in the database with dependency_type = 5
. (see #198645 (comment 285102753))
In short, uploading a npm package with deprecated
dependencies is not possible using the npm
CLI command. However, the backend could receive a malformed request and create these. This MR provides a "safeguard" migration that removes those dependencies. The risk here is that, the dependency type 5
could be reused in the future and if currently, there are dependencies with dependency_type = 5
, those will be improperly interpreted by the backend.
To ensure the accuracy of the migration, a corresponding spec has been added.
Note that currently, on GitLab.com, there are 0
dependencies of this deprecated
type (see #198645 (comment 285090619) and #198645 (comment 276552291)).
Screenshots
Running the migration:
$ rails db:migrate
== 20200210135504 RemovePackagesDeprecatedDependencies: migrating =============
-- execute("DELETE FROM packages_dependency_links WHERE dependency_type = 5")
-> 0.0061s
== 20200210135504 RemovePackagesDeprecatedDependencies: migrated (0.0062s) ====
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team