Finding is marked as dismissed before actually pressing the button
Summary
In the Merge Request Security Widget, when I want to dismiss a finding with a comment in the modal, the audit trail shows the finding as already dismissed, with an incorrect timestamp.
Steps to reproduce
- Go to https://staging.gitlab.com/groups/secure-team-test/-/security/dashboard/?page=1&days=90
- Click on the first non-dismissed finding
- Click on the Dismiss vulnerability comment icon
Example Project
https://staging.gitlab.com/groups/secure-team-test/-/security/dashboard/?page=1&days=90
What is the current bug behavior?
The audit trail now shows that I dismissed the vulnerability 4h ago, while I haven't submitted anything yet
What is the expected correct behavior?
- Audit trail is created only when "Add comment & dismiss" is pressed
- Timestamp is correct
Proposal
When user selects the comment icon, the input appears active. The current states that shows text stating "dismissed.." does not display. Then user may select CTA "Add comment & dismiss"; once selected CTA it's a completed task.
/cc @leipert for prioritization
Edited by Kyle Mann