Adds transitive dependencies (Python) - DO NOT USE FOR INTERVIEWS

[pablo-snyk]

In order to extend our vulnerability scanning feature to support child dependencies for npm packages as described in #5 , this pull request updates the package service to return all nested dependencies on the internal /package endpoint for consumption by vulnerability service instead of just returning the versions for the first level.

It supports a GET request to the /package/:name/:version endpoint and will return a JSON structure representing the full tree of dependencies. We will always return the latest matching version of a package supported to mimic the behavior of a fresh npm install.

Testing

It can be tested locally by making a request for a package with sub-dependencies e.g. [email protected]

curl -s http://localhost:3000/package/react/16.13.0 | jq .

Related Ticket

• Support returning the full dependency tree for packages #5

[rachelcdavies]

This exercise was revised in 2023, see #15
If you are sent a link to this older PR then please reach out to our talent team to check whether you should prepare a solution for the newer one.

[rachelcdavies]

I'm closing this PR to make it even more obvious that no candidates should attempt this old version of the PR exercise.
If you are invited to a PR interview please refer to the open PR #15