Place Vulnerabilities::FindingsPreloader behind feedback deprecation FF

Gregory Havenga (is on PTO from 15 December 2025 to 02 January 2026)requested to merge
384221-adjust-the-use-of-vulnerabilities-findingspreloader-which-is-dependent-on-feedback into master

What does this MR do and why?

Vulnerabilities::FindingsPreloader preloads vulnerability_feedbacks on serialised requests for performance improvements. This behaviour is not required with the deprecation of Vulnerability Feedbacks, so this MR checks if the deprecation FF is enabled, and prevents the preload accordingly.

Validation

  1. The following graphql query should function successfully whether the flag is enabled or not, as the flag does not currently disable the serialisation of vulnerability feedbacks.
{
  group(fullPath: "flightjs") {
    projects {
      nodes {
        pipelines {
          nodes {
            securityReportFindings {
              nodes {
                uuid
              }
            }
          }
        }
      }
    }
  }
}
  1. Requests to http://localhost:3000/api/v4/projects/6/vulnerability_findings Should work with the flag enabled or not when supplied with a valid api token.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #384221 (closed)

Edited by Gregory Havenga (is on PTO from 15 December 2025 to 02 January 2026)

Merge request reports