Group-level dependency list shows duplicate entries with empty vulnerability details when expanded.

Summary

Group-level dependency list shows duplicate entries with a vulnerability badge, but an empty vulnerability list when expanded.

• Related issues #568028 (closed) and #568063
• Customer reported via ZD 649656

Steps to reproduce

1. Complete the scenario from the previous related issue #568063.
2. Navigate to the parent group level
3. Go to Secure > Dependency list
4. Search for the target vulnerable component
5. Observe duplicate entries for the same component
6. Click to expand the entry that shows "yellow 1 vulnerability detected label"
7. One of the duplicates is missing a vulnerability.

Example Group:

1. https://gitlab.com/gl-demo-ultimate-udokmeci/b-asdasdasd/

What is the current bug behavior?

1. The group-level dependency list displays duplicate entries for the same component.
2. One duplicate shows a yellow badge indicating "1 vulnerability detected", but when expanded, the vulnerability list is empty.

What is the expected correct behavior?

The group-level dependency list should:

• Show a single entry per component with all vulnerabilities consolidated,
• Show accurate vulnerability counts and details when expanded for each duplicate entry

Relevant screenshots

Output of checks

Patch release information for backports

No security or high impact bug.