Update MR security widget to read from new properties (!116077) · Merge requests · GitLab.org / GitLab

Daniel Tian requested to merge 390074-fix-mr-security-widget-data into master Mar 29, 2023

What does this MR do and why?

When the vulnerability_feedback_deprecation feature flag is enabled, we can no longer read from the merge_request_feedback, issue_feedback, and dismissal_feedback properties on a security finding, and must switch to merge_request_links, issue_links, and state_transitions. This MR does the switch for the MR security widget:

How to set up and validate locally

Disable the deprecate_vulnerabilities_feedback feature flag.
Clone this project: https://gitlab.com/svedova/test-remediations-v2
Create a MR for the main-patch-b708 branch. A pipeline should automatically for the branch, but if it doesn't, manually run it.
Refresh the MR widget so that the security widget shows 2 results.
Create a MR, create an issue, and dismiss the finding with a comment. All 3 operations should complete successfully. It's best to do these for just one finding so that the other one can be used for the next test.
Repeat the above, but this time with the deprecate_vulnerabilities_feedback feature flag enabled.

Feature flag off

Feature flag on

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #390074 (closed)

Edited Mar 29, 2023 by Daniel Tian

Update MR security widget to read from new properties

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports