Suggest fix for dependency scanning (gemnasium) security vulnerabilities
Problem to solve
Gemnasium detects and reports vulnerable versions for dependencies used in a project.
Along with this information, sometimes it is possible also to know which is the closest version that fixed the vulnerability. The tentative fix is to bump the version used in the project to that number, and see if tests are still green.
We should pass this information from Gemnasium to the vulnerability detail windows and to the issue created from there.
Further details
If possible, we should be able to elaborate this information in a structured way, so we can reuse this information when creating an auto-remediate merge request.
Proposal
Expose the solution from Gemnasium to the modal popup, and to the related issue. Parse and store this information in a way it can be reused for auto-remediate MRs.
What does success look like, and how can we measure that?
Issues created in this way are closed by a MR.