Use mergeRequestLinks on vulnerability details page
What does this MR do and why?
We are deprecating the usage of a vulnerability's *_feedback properties and switching to some new properties:
| Old | New |
|---|---|
dismissal_feedback |
state_transitions |
issue_feedback |
issue_links |
merge_request_feedback |
merge_request_links |
On the vulnerability details page, we are only using merge_request_feedback from the vulnerability. This MR switches it to use merge_request_links instead. There are no UI changes. The MR feedback/link is used to control whether the create MR button and the MR info card are shown:
| MR info card | Create MR button |
|---|---|
 |
 |
How to set up and validate locally
-
This is behind the feature flag
deprecate_vulnerabilities_feedback, but don't enable it yet. -
Clone https://gitlab.com/svedova/test-remediations-v2 and run a pipeline against the main branch.
-
Go to the vulnerability report. You should see 2 vulnerabilities. Click on one of them to go to the vulnerability details page.
-
This is where it gets a bit tricky. Both the old and new properties are in the vulnerability:
 |
They mirror each other, so if there's an object for one, there's an object for the other. This means that the code could be using the wrong property but still work. The best way I can come up with to verify that the correct property is being used, is to manually modify the property and see if the UI responds:
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #390070 (closed)