Extracted classic and berry parser modules
What does this MR do?
This MR does the following things:
- Extracts berry and classic yarn parser into different modules.
- Refactored berry code so that we follow a bit more OO approach. Follow up of this comment
- Do not take into account
@patch
packages since these will create duplicates in the SBOM report - Added a Yarn v3 integration test
File changes related to point (1), (2) and (3):
-
scanner/parser/testutil
: Had to add a new function that is not usingfixture
in the path of the file that opens. This is needed since we have unit tests in a directory which is deeper than the fixtures directory. -
scanner/parser/yarn/berry
: Contains the berry package with all the related code required to parse a lock file that is compatible with yarn v2 and v3. Both versions of Yarn use a yaml lock.file -
scanner/parser/yarn/classic
: Contains the classic package with code required to parse a Yarn v1 lock file -
scanner/parser/yarn/expect
: Had to update the expected values after removing the duplicates. Point (3). -
remediate
: Just renamed the function call since this is in a different package now
File changes related to point (4):
-
qa/
: Added fixtures and expected values for Yarn v3 integration test -
spec/gemnasium_image_spec.rb
: Added one test for Yarn v3. Same as the integration test for Yarn v2.
What are the relevant issue numbers?
Parent Issue: 263358 This is a follow up MR from: !473 (merged) Also relates to: gitlab-org/gitlab#351841 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Nick Ilieskou