Empty bundler-audit vulnerability in GitLab UI

Summary

In rare cases, some vulnerabilities reported by the bundler-audit analyzer (Dependency Scanning) appear as empty in the GitLab UI.

Steps to reproduce

TODO

Example Project

TODO

What is the current bug behavior?

In the vulnerability modal view, the vulnerability reported by bundler-audit has no title, no severity, and no links.

What is the expected correct behavior?

The vulnerability has a title, a severity, and at least one link.

Relevant logs and/or screenshots

Possible fixes

It's possibly a bug in convert.to when parsing the human readable text output of the bundle audit command. If that's the case then we could fix that bug but we should probably upgrade to a newer version of bundler-audit instead, and leverage the new JSON output. See project README.

See #325324 (closed) which is about upgrading to a version of bundler-audit that provides JSON output.