Make `vulnerability-details` receive a vulnerability as a prop
Summary
The vulnerability-details
Vue component currently receives a details
prop, which is a processed form of the modal data set by the security reports store and the security dashboard store, which is based almost entirely on a given vulnerability.
That indirection is unnecessary, and it'd be simpler for the vulnerability-details
component to receive the vulnerability directly and do whatever processing it needs. This indirection also makes it more likely for there to be inconsistencies (see https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15682/diffs#d4be8977041303fda2557b41f39409d48f67a3c2_110_113 for an example).
This might also be a good opportunity to make it less dynamic and "smart" (unless https://gitlab.com/gitlab-org/gitlab-ee/issues/11940 makes this all redundant). In the interests of iteration, this issue does not include the effort to make the vulnerability-details
component less "smart".
Improvements
- Less indirection
- Simpler (fewer?) store mutations
- Less inconsistency
Risks
- We might rewrite all of this anyway when we move to inline vulnerability management.
-
This is heavily touched in a big upcoming MR: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14608.That MR has been abandoned in favour of this approach. - Some of the inconsistency may be irrelevant as we phase out the security reports store, by using the security dashboard instead.
Involved components
- ee/app/assets/javascripts/vue_shared/security_reports/components/vulnerability_details.vue
- ee/app/assets/javascripts/vue_shared/security_reports/store/mutations.js#L215-250
- ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/mutations.js#L66-146
- ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue#L118-133