Add SBoM ingestion tasks
What does this MR do and why?
Describe in detail what your merge request does and why.
Issue: #364709 (closed) Epic: &8024 (closed)
The ingestion tasks to the SbomIngestionService. The pre-processing for this service is implemented in !92583 (merged), which retrieves SBoM reports from a pipeline and converts the JSON report objects into batches of OccurrenceMaps. This MR implements the bulk insertion tasks which takes the OccurrenceMaps and uses them to perform bulk upserts into the database. The tasks will be invoked one at a time via IngestReportsSliceService, and will be wrapped in a transaction. The tasks are executed in the following order:
- IngestComponents
- IngestComponentVersions
- IngestSources
- IngestOccurrences
The after_ingest
method is executed after the task performs its insertions, but before the next
task is executed. This allows us to pass the id
foreign keys to each dependent relation.
If one of the tasks were to fail, the transaction will be rolled back and the changes from all tasks will be undone. None of the objects in the current batch will be persisted if the transaction is rolled back.
The following DDL diagram shows the relations and the order in which they are created:
All relations tie back to a single sbom_occurrence
record, so an OccurenceMap
data structure is used to hold all attributes which are related to each other during processing. The service takes the report data, turns it into OccurenceMap
s, and then passes the OccurrenceMap
s into the ingestion pipeline for performing bulk upserts for each model. The following diagram illustrates the flow of data:
flowchart TD
IngestReportsWorker[IngestReportsWorker: Executes IngestReportsService when pipelines complete];
IngestReportsService[IngestReportsService: Collects reports from pipeline];
IngestReportService[IngestReportService: Turns a single report into batches of OccurenceMaps];
IngestReportSliceService[IngestReportSliceService: Passes a batch of OccurenceMaps into the ingestion pipeline];
IngestReportsWorker-- pipeline -->IngestReportsService
IngestReportsService-- sbom_report -->IngestReportService
IngestReportService-- "occurrence_maps (batched)" -->IngestReportSliceService
IngestReportSliceService-- "occurence_maps (batched)" -->IngestComponents
subgraph Ingestion Pipeline
IngestComponents-- component_ids -->IngestComponentVersions
IngestComponentVersions-- component_version_ids -->IngestSources
IngestSources-- source_ids -->IngestOccurrences
end
Queries
sbom_components
Bulk Insert INSERT INTO "sbom_components" ("component_type", "name", "created_at", "updated_at")
VALUES (0, 'github.com/astaxie/beego', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/davecgh/go-spew', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/konsorten/go-windows-terminal-sequences', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/minio/minio', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/minio/minio-go', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/minio/sha256-simd', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/pmezard/go-difflib', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/sirupsen/logrus', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/stretchr/objx', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'github.com/stretchr/testify', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'golang.org/x/sys', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'gopkg.in/check.v1', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'gopkg.in/fake-package', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678'), (0, 'gopkg.in/yaml.v2', '2022-08-30 18:46:25.174678', '2022-08-30 18:46:25.174678')
ON CONFLICT ("component_type", "name")
DO UPDATE SET
"updated_at" = excluded. "updated_at"
RETURNING
"component_type", "name", "id"
sbom_component_versions
Bulk Insert INSERT INTO "sbom_component_versions" ("component_id", "version", "created_at", "updated_at")
VALUES (1090, 'v1.10.0', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1091, 'v1.1.1', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1092, 'v1.0.1', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1093, 'v0.0.0-20180419184637-5a16671f721f', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1094, 'v6.0.14', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1095, 'v0.1.1', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1096, 'v1.0.0', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1097, 'v1.4.2', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1098, 'v0.1.1', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1099, 'v1.2.2', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1100, 'v0.0.0-20190422165155-953cdadca894', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1100, 'v0.0.0-20191026070338-33540a1f6037', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1101, 'v0.0.0-20161208181325-20d25e280405', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1102, 'v0.0.0-20161208181325-20d25e280405', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890'), (1103, 'v2.2.2', '2022-08-30 18:46:25.182890', '2022-08-30 18:46:25.182890')
ON CONFLICT ("component_id", "version")
DO UPDATE SET
"updated_at" = excluded. "updated_at"
RETURNING
id
Sbom::Source
Find or create SELECT
"sbom_sources".*
FROM
"sbom_sources"
WHERE
"sbom_sources"."source_type" = 0
AND "sbom_sources"."source" = '{"category":"development","input_file":{"path":"subproject/package-lock.json"},"source_file":{"path":"subproject/package.json"},"package_manager":{"name":"npm"},"language":{"name":"JavaScript"}}'
LIMIT 1;
BEGIN
INSERT INTO "sbom_sources" ("created_at", "updated_at", "source_type", "source", "fingerprint")
VALUES ('2022-08-30 19:35:16.601244', '2022-08-30 19:35:16.601244', 0, '{"category":"development","input_file":{"path":"subproject/package-lock.json"},"source_file":{"path":"subproject/package.json"},"package_manager":{"name":"npm"},"language":{"name":"JavaScript"}}', '\x30623433616361656332623838616133613531323937373238666530303630623166363831356137346232383766383534336631633731303032303531303739')
RETURNING
"id"
COMMIT;
sbom_occurrences
Bulk Insert INSERT INTO "sbom_occurrences" ("project_id", "pipeline_id", "component_id", "component_version_id", "source_id", "commit_sha", "created_at", "updated_at")
VALUES (9, 22, 1090, 1205, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1091, 1206, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1092, 1207, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1093, 1208, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1094, 1209, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1095, 1210, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1096, 1211, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1097, 1212, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1098, 1213, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1099, 1214, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1100, 1215, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1100, 1216, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1101, 1217, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1102, 1218, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424'), (9, 22, 1103, 1219, 1, '\x65636637623562363365366661393538356366343836323936313639363239336166623631326364', '2022-08-30 18:46:25.193424', '2022-08-30 18:46:25.193424')
ON CONFLICT ("project_id", "component_id", "component_version_id", "source_id", "commit_sha")
DO UPDATE SET
"pipeline_id" = excluded. "pipeline_id", "updated_at" = excluded. "updated_at"
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
-
Enabled the feature flag using the rails console:
Feature.enable(:cyclonedx_sbom_ingestion)
-
Create a new project
-
Add the following
.gitlab-ci.yml
to the project:persist_sbom: image: alpine:latest script: - wget https://gitlab.com/-/snippets/2378046/raw/main/gl-sbom-npm-npm.cdx.json - wget https://gitlab.com/-/snippets/2378046/raw/main/gl-sbom-go-go.cdx.json artifacts: reports: cyclonedx: - gl-sbom-npm-npm.cdx.json - gl-sbom-go-go.cdx.json
-
The pipeline should run and succeed. Note down the pipeline ID.
-
Connect to postgres:
gdk psql
-
Run this query and verify that data is returned:
select name, version, component_type, source_id from sbom_components inner join sbom_component_versions on sbom_components.id = sbom_component_versions.component_id inner join sbom_occurrences on sbom_component_versions.id = sbom_occurrences.component_version_id where pipeline_id = YOUR_PIPELINE_ID;
Example data
name | version | component_type | source_id
----------------------------------------------------+------------------------------------+----------------+-----------
github.com/astaxie/beego | v1.10.0 | 0 | 1
github.com/davecgh/go-spew | v1.1.1 | 0 | 1
github.com/konsorten/go-windows-terminal-sequences | v1.0.1 | 0 | 1
github.com/minio/minio | v0.0.0-20180419184637-5a16671f721f | 0 | 1
github.com/minio/minio-go | v6.0.14 | 0 | 1
github.com/minio/sha256-simd | v0.1.1 | 0 | 1
github.com/pmezard/go-difflib | v1.0.0 | 0 | 1
github.com/sirupsen/logrus | v1.4.2 | 0 | 1
github.com/stretchr/objx | v0.1.1 | 0 | 1
github.com/stretchr/testify | v1.2.2 | 0 | 1
golang.org/x/sys | v0.0.0-20190422165155-953cdadca894 | 0 | 1
golang.org/x/sys | v0.0.0-20191026070338-33540a1f6037 | 0 | 1
gopkg.in/check.v1 | v0.0.0-20161208181325-20d25e280405 | 0 | 1
gopkg.in/fake-package | v0.0.0-20161208181325-20d25e280405 | 0 | 1
gopkg.in/yaml.v2 | v2.2.2 | 0 | 1
abab | 2.0.3 | 0 | 2
acorn | 5.7.3 | 0 | 2
acorn | 6.4.0 | 0 | 2
acorn-globals | 4.3.4 | 0 | 2
acorn-walk | 6.2.0 | 0 | 2
ajv | 6.10.2 | 0 | 2
align-text | 0.1.4 | 0 | 2
amdefine | 1.0.1 | 0 | 2
ansi-regex | 2.1.1 | 0 | 2
ansi-regex | 3.0.0 | 0 | 2
ansi-styles | 2.2.1 | 0 | 2
append-transform | 0.4.0 | 0 | 2
archy | 1.0.0 | 0 | 2
arr-diff | 4.0.0 | 0 | 2
arr-flatten | 1.1.0 | 0 | 2
arr-union | 3.1.0 | 0 | 2
array-equal | 1.0.0 | 0 | 2
array-unique | 0.3.2 | 0 | 2
arrify | 1.0.1 | 0 | 2
asn1 | 0.2.4 | 0 | 2
assert-plus | 1.0.0 | 0 | 2
assign-symbols | 1.0.0 | 0 | 2
async | 1.5.2 | 0 | 2
async-limiter | 1.0.1 | 0 | 2
asynckit | 0.4.0 | 0 | 2
atob | 2.1.1 | 0 | 2
aws-sign2 | 0.7.0 | 0 | 2
aws4 | 1.9.0 | 0 | 2
babel-code-frame | 6.26.0 | 0 | 2
babel-generator | 6.26.1 | 0 | 2
babel-messages | 6.23.0 | 0 | 2
babel-runtime | 6.26.0 | 0 | 2
babel-template | 6.26.0 | 0 | 2
babel-traverse | 6.26.0 | 0 | 2
babel-types | 6.26.0 | 0 | 2
babylon | 6.18.0 | 0 | 2
balanced-match | 1.0.0 | 0 | 2
base | 0.11.2 | 0 | 2
bcrypt-pbkdf | 1.0.2 | 0 | 2
brace-expansion | 1.1.11 | 0 | 2
braces | 2.3.2 | 0 | 2
browser-process-hrtime | 0.1.3 | 0 | 2
builtin-modules | 1.1.1 | 0 | 2
cache-base | 1.0.1 | 0 | 2
caching-transform | 1.0.1 | 0 | 2
camelcase | 1.2.1 | 0 | 2
camelcase | 4.1.0 | 0 | 2
caseless | 0.12.0 | 0 | 2
center-align | 0.1.3 | 0 | 2
chalk | 1.1.3 | 0 | 2
class-utils | 0.3.6 | 0 | 2
cliui | 2.1.0 | 0 | 2
cliui | 4.1.0 | 0 | 2
code-point-at | 1.1.0 | 0 | 2
collection-visit | 1.0.0 | 0 | 2
combined-stream | 1.0.8 | 0 | 2
commondir | 1.0.1 | 0 | 2
component-emitter | 1.2.1 | 0 | 2
concat-map | 0.0.1 | 0 | 2
convert-source-map | 1.5.1 | 0 | 2
copy-descriptor | 0.1.1 | 0 | 2
core-js | 2.5.6 | 0 | 2
core-util-is | 1.0.2 | 0 | 2
cross-spawn | 4.0.2 | 0 | 2
cross-spawn | 5.1.0 | 0 | 2
cssom | 0.3.8 | 0 | 2
cssstyle | 1.4.0 | 0 | 2
dashdash | 1.14.1 | 0 | 2
data-urls | 1.1.0 | 0 | 2
debug | 2.6.9 | 0 | 2
debug | 3.1.0 | 0 | 2
debug-log | 1.0.1 | 0 | 2
decamelize | 1.1.1 | 0 | 2
decamelize | 1.2.0 | 0 | 2
decode-uri-component | 0.2.0 | 0 | 2
deep-is | 0.1.3 | 0 | 2
default-require-extensions | 1.0.0 | 0 | 2
define-property | 0.2.5 | 0 | 2
define-property | 1.0.0 | 0 | 2
define-property | 2.0.2 | 0 | 2
delayed-stream | 1.0.0 | 0 | 2
detect-indent | 4.0.0 | 0 | 2
domexception | 1.0.1 | 0 | 2
ecc-jsbn | 0.1.2 | 0 | 2
error-ex | 1.3.1 | 0 | 2
escape-string-regexp | 1.0.5 | 0 | 2
escodegen | 1.12.0 | 0 | 2
esprima | 3.1.3 | 0 | 2
estraverse | 4.3.0 | 0 | 2
esutils | 2.0.2 | 0 | 2
esutils | 2.0.3 | 0 | 2
execa | 0.7.0 | 0 | 2
expand-brackets | 2.1.4 | 0 | 2
extend | 3.0.2 | 0 | 2
extend-shallow | 2.0.1 | 0 | 2
extend-shallow | 3.0.2 | 0 | 2
extglob | 2.0.4 | 0 | 2
extsprintf | 1.3.0 | 0 | 2
fast-deep-equal | 2.0.1 | 0 | 2
fast-json-stable-stringify | 2.0.0 | 0 | 2
fast-levenshtein | 2.0.6 | 0 | 2
fill-range | 4.0.0 | 0 | 2
find-cache-dir | 0.1.1 | 0 | 2
find-up | 1.1.2 | 0 | 2
find-up | 2.1.0 | 0 | 2
for-in | 1.0.2 | 0 | 2
foreground-child | 1.5.6 | 0 | 2
forever-agent | 0.6.1 | 0 | 2
form-data | 2.3.3 | 0 | 2
fragment-cache | 0.2.1 | 0 | 2
fs.realpath | 1.0.0 | 0 | 2
get-caller-file | 1.0.2 | 0 | 2
get-stream | 3.0.0 | 0 | 2
get-value | 2.0.6 | 0 | 2
getpass | 0.1.7 | 0 | 2
glob | 7.1.2 | 0 | 2
globals | 9.18.0 | 0 | 2
graceful-fs | 4.1.11 | 0 | 2
handlebars | 4.0.11 | 0 | 2
har-schema | 2.0.0 | 0 | 2
har-validator | 5.1.3 | 0 | 2
has-ansi | 2.0.0 | 0 | 2
has-flag | 1.0.0 | 0 | 2
has-value | 0.3.1 | 0 | 2
has-value | 1.0.0 | 0 | 2
has-values | 0.1.4 | 0 | 2
has-values | 1.0.0 | 0 | 2
highlight.js | 9.16.2 | 0 | 2
hosted-git-info | 2.6.0 | 0 | 2
html-encoding-sniffer | 1.0.2 | 0 | 2
http-signature | 1.2.0 | 0 | 2
iconv-lite | 0.4.24 | 0 | 2
imurmurhash | 0.1.4 | 0 | 2
inflight | 1.0.6 | 0 | 2
inherits | 2.0.3 | 0 | 2
invariant | 2.2.4 | 0 | 2
invert-kv | 1.0.0 | 0 | 2
is-accessor-descriptor | 0.1.6 | 0 | 2
is-accessor-descriptor | 1.0.0 | 0 | 2
is-arrayish | 0.2.1 | 0 | 2
is-buffer | 1.1.6 | 0 | 2
is-builtin-module | 1.0.0 | 0 | 2
is-data-descriptor | 0.1.4 | 0 | 2
is-data-descriptor | 1.0.0 | 0 | 2
is-descriptor | 0.1.6 | 0 | 2
is-descriptor | 1.0.2 | 0 | 2
is-extendable | 0.1.1 | 0 | 2
is-extendable | 1.0.1 | 0 | 2
is-finite | 1.0.2 | 0 | 2
is-fullwidth-code-point | 1.0.0 | 0 | 2
is-fullwidth-code-point | 2.0.0 | 0 | 2
is-number | 3.0.0 | 0 | 2
is-number | 4.0.0 | 0 | 2
is-odd | 2.0.0 | 0 | 2
is-plain-object | 2.0.4 | 0 | 2
is-stream | 1.1.0 | 0 | 2
is-typedarray | 1.0.0 | 0 | 2
is-utf8 | 0.2.1 | 0 | 2
is-windows | 1.0.2 | 0 | 2
isarray | 1.0.0 | 0 | 2
isexe | 2.0.0 | 0 | 2
isobject | 2.1.0 | 0 | 2
isobject | 3.0.1 | 0 | 2
isstream | 0.1.2 | 0 | 2
istanbul-lib-coverage | 1.2.0 | 0 | 2
istanbul-lib-hook | 1.1.0 | 0 | 2
istanbul-lib-instrument | 1.10.1 | 0 | 2
istanbul-lib-report | 1.1.3 | 0 | 2
istanbul-lib-source-maps | 1.2.3 | 0 | 2
istanbul-reports | 1.4.0 | 0 | 2
js-tokens | 3.0.2 | 0 | 2
jsbn | 0.1.1 | 0 | 2
jsdom | 11.12.0 | 0 | 2
jsesc | 1.3.0 | 0 | 2
json-schema | 0.2.3 | 0 | 2
json-schema-traverse | 0.4.1 | 0 | 2
json-stringify-safe | 5.0.1 | 0 | 2
jsprim | 1.4.1 | 0 | 2
kind-of | 3.2.2 | 0 | 2
kind-of | 4.0.0 | 0 | 2
kind-of | 5.1.0 | 0 | 2
kind-of | 6.0.2 | 0 | 2
lazy-cache | 1.0.4 | 0 | 2
lcid | 1.0.0 | 0 | 2
left-pad | 1.3.0 | 0 | 2
levn | 0.3.0 | 0 | 2
load-json-file | 1.1.0 | 0 | 2
locate-path | 2.0.0 | 0 | 2
lodash | 4.17.10 | 0 | 2
lodash | 4.17.15 | 0 | 2
lodash.sortby | 4.7.0 | 0 | 2
longest | 1.0.1 | 0 | 2
loose-envify | 1.3.1 | 0 | 2
lru-cache | 4.1.3 | 0 | 2
map-cache | 0.2.2 | 0 | 2
map-visit | 1.0.0 | 0 | 2
md5-hex | 1.3.0 | 0 | 2
md5-o-matic | 0.1.1 | 0 | 2
mem | 1.1.0 | 0 | 2
merge-source-map | 1.1.0 | 0 | 2
micromatch | 3.1.10 | 0 | 2
mime-db | 1.42.0 | 0 | 2
mime-types | 2.1.25 | 0 | 2
mimic-fn | 1.2.0 | 0 | 2
minimatch | 3.0.4 | 0 | 2
minimist | 0.0.8 | 0 | 2
mixin-deep | 1.3.1 | 0 | 2
mkdirp | 0.5.1 | 0 | 2
moment | 2.24.0 | 0 | 2
ms | 2.0.0 | 0 | 2
nanomatch | 1.2.9 | 0 | 2
normalize-package-data | 2.4.0 | 0 | 2
normalize.css | 7.0.0 | 0 | 2
npm-run-path | 2.0.2 | 0 | 2
number-is-nan | 1.0.1 | 0 | 2
nwsapi | 2.2.0 | 0 | 2
nyc | 11.9.0 | 0 | 2
oauth-sign | 0.9.0 | 0 | 2
object-assign | 4.1.1 | 0 | 2
object-copy | 0.1.0 | 0 | 2
object-visit | 1.0.1 | 0 | 2
object.pick | 1.3.0 | 0 | 2
once | 1.4.0 | 0 | 2
optimist | 0.6.1 | 0 | 2
optionator | 0.8.3 | 0 | 2
os-homedir | 1.0.2 | 0 | 2
os-locale | 2.1.0 | 0 | 2
p-finally | 1.0.0 | 0 | 2
p-limit | 1.2.0 | 0 | 2
p-locate | 2.0.0 | 0 | 2
p-try | 1.0.0 | 0 | 2
parse-json | 2.2.0 | 0 | 2
parse5 | 4.0.0 | 0 | 2
pascalcase | 0.1.1 | 0 | 2
path-exists | 2.1.0 | 0 | 2
path-exists | 3.0.0 | 0 | 2
path-is-absolute | 1.0.1 | 0 | 2
path-key | 2.0.1 | 0 | 2
path-parse | 1.0.5 | 0 | 2
path-type | 1.1.0 | 0 | 2
performance-now | 2.1.0 | 0 | 2
pify | 2.3.0 | 0 | 2
pinkie | 2.0.4 | 0 | 2
pinkie-promise | 2.0.1 | 0 | 2
pkg-dir | 1.0.0 | 0 | 2
pn | 1.1.0 | 0 | 2
posix-character-classes | 0.1.1 | 0 | 2
prelude-ls | 1.1.2 | 0 | 2
pseudomap | 1.0.2 | 0 | 2
psl | 1.5.0 | 0 | 2
punycode | 1.4.1 | 0 | 2
punycode | 2.1.1 | 0 | 2
qs | 6.5.2 | 0 | 2
read-pkg | 1.1.0 | 0 | 2
read-pkg-up | 1.0.1 | 0 | 2
regenerator-runtime | 0.11.1 | 0 | 2
regex-not | 1.0.2 | 0 | 2
repeat-element | 1.1.2 | 0 | 2
repeat-string | 1.6.1 | 0 | 2
repeating | 2.0.1 | 0 | 2
request | 2.88.0 | 0 | 2
request-promise-core | 1.1.3 | 0 | 2
request-promise-native | 1.0.8 | 0 | 2
require-directory | 2.1.1 | 0 | 2
require-main-filename | 1.0.1 | 0 | 2
resolve-from | 2.0.0 | 0 | 2
resolve-url | 0.2.1 | 0 | 2
ret | 0.1.15 | 0 | 2
right-align | 0.1.3 | 0 | 2
rimraf | 2.6.2 | 0 | 2
safe-buffer | 5.1.2 | 0 | 2
safe-regex | 1.1.0 | 0 | 2
safer-buffer | 2.1.2 | 0 | 2
sax | 1.2.4 | 0 | 2
semver | 5.5.0 | 0 | 2
set-blocking | 2.0.0 | 0 | 2
set-value | 0.4.3 | 0 | 2
set-value | 2.0.0 | 0 | 2
shebang-command | 1.2.0 | 0 | 2
shebang-regex | 1.0.0 | 0 | 2
signal-exit | 3.0.2 | 0 | 2
slide | 1.1.6 | 0 | 2
snapdragon | 0.8.2 | 0 | 2
snapdragon-node | 2.1.1 | 0 | 2
snapdragon-util | 3.0.1 | 0 | 2
source-map | 0.4.4 | 0 | 2
source-map | 0.5.7 | 0 | 2
source-map | 0.6.1 | 0 | 2
source-map-resolve | 0.5.1 | 0 | 2
source-map-url | 0.4.0 | 0 | 2
spawn-wrap | 1.4.2 | 0 | 2
spdx-correct | 3.0.0 | 0 | 2
spdx-exceptions | 2.1.0 | 0 | 2
spdx-expression-parse | 3.0.0 | 0 | 2
spdx-license-ids | 3.0.0 | 0 | 2
split-string | 3.1.0 | 0 | 2
sshpk | 1.16.1 | 0 | 2
static-extend | 0.1.2 | 0 | 2
stealthy-require | 1.1.1 | 0 | 2
string-width | 1.0.2 | 0 | 2
string-width | 2.1.1 | 0 | 2
strip-ansi | 3.0.1 | 0 | 2
strip-ansi | 4.0.0 | 0 | 2
strip-bom | 2.0.0 | 0 | 2
strip-eof | 1.0.0 | 0 | 2
supports-color | 2.0.0 | 0 | 2
supports-color | 3.2.3 | 0 | 2
symbol-tree | 3.2.4 | 0 | 2
test-exclude | 4.2.1 | 0 | 2
to-fast-properties | 1.0.3 | 0 | 2
to-object-path | 0.3.0 | 0 | 2
to-regex | 3.0.2 | 0 | 2
to-regex-range | 2.1.1 | 0 | 2
tough-cookie | 2.4.3 | 0 | 2
tr46 | 1.0.1 | 0 | 2
trim-right | 1.0.1 | 0 | 2
tunnel-agent | 0.6.0 | 0 | 2
tweetnacl | 0.14.5 | 0 | 2
type-check | 0.3.2 | 0 | 2
uglify-js | 2.8.29 | 0 | 2
uglify-to-browserify | 1.0.2 | 0 | 2
union-value | 1.0.0 | 0 | 2
unset-value | 1.0.0 | 0 | 2
uri-js | 4.2.2 | 0 | 2
urix | 0.1.0 | 0 | 2
use | 3.1.0 | 0 | 2
uuid | 3.3.3 | 0 | 2
validate-npm-package-license | 3.0.3 | 0 | 2
verror | 1.10.0 | 0 | 2
w3c-hr-time | 1.0.1 | 0 | 2
webidl-conversions | 4.0.2 | 0 | 2
whatwg-encoding | 1.0.5 | 0 | 2
whatwg-mimetype | 2.3.0 | 0 | 2
whatwg-url | 6.5.0 | 0 | 2
whatwg-url | 7.1.0 | 0 | 2
which | 1.3.0 | 0 | 2
which-module | 2.0.0 | 0 | 2
window-size | 0.1.0 | 0 | 2
word-wrap | 1.2.3 | 0 | 2
wordwrap | 0.0.2 | 0 | 2
wordwrap | 0.0.3 | 0 | 2
wrap-ansi | 2.1.0 | 0 | 2
wrappy | 1.0.2 | 0 | 2
write-file-atomic | 1.3.4 | 0 | 2
ws | 5.2.2 | 0 | 2
xml-name-validator | 3.0.0 | 0 | 2
y18n | 3.2.1 | 0 | 2
yallist | 2.1.2 | 0 | 2
yargs | 11.1.0 | 0 | 2
yargs | 3.10.0 | 0 | 2
yargs-parser | 8.1.0 | 0 | 2
yargs-parser | 9.0.2 | 0 | 2
(367 rows)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.