Skip to content

Resolve "Fixed vulnerabilities should not be actionable in the report"

What does this MR do?

Removes the action button from the vulnerabilities modal if the vulnerability has been resolved.

In order to do this, it adds a resolved key to the vulnerability object during the creation of the resolvedIssues collection.

Are there points in the code the reviewer needs to double check?

Code

It seems wrong adding the resolved data in the front-end but that seems to be how the codebase works.

UI/UX

The original issue asked for the removal of all the buttons, I thought it would be better to leave the close button intact. Happy to remove this too if necessary.

Why was this MR needed?

Because resolved issues are not actionable.

Screenshots (if relevant)

image

Does this MR meet the acceptance criteria?

  • Changelog entry added, if necessary
  • Documentation created/updated
  • API support added
  • Tests added for this feature/bug
  • Conform by the code review guidelines
    • Has been reviewed by a UX Designer
    • Has been reviewed by a Frontend maintainer
    • Has been reviewed by a Backend maintainer
    • Has been reviewed by a Database specialist
  • EE specific content should be in the top level /ee folder
  • Conform by the merge request performance guides
  • Conform by the style guides
  • If you have multiple commits, please combine them into a few logically organized commits by squashing them
  • Internationalization required/considered
  • If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan
  • End-to-end tests pass (package-qa manual pipeline job)

What are the relevant issue numbers?

Closes #6017 (closed)

Edited by Filipa Lacerda

Merge request reports

Loading