No cve field in all Dependency Scanning results but it's needed by MR widget
As for SAST, Dependency Scanning MR widget relies on the cve
property of a vulnerability to generate the diff between source and target branches.
See https://gitlab.com/gitlab-org/security-products/sast/issues/73
We need to fix it here too and ensure we provide a consistent cve
value to make comparison work.
This fix must be backported to older releases has we did for sast.
Then we can move on with https://gitlab.com/gitlab-org/gitlab-ee/issues/5678