Add dismissal reason to vulnerability state dropdown

What does this MR do and why?

This MR allows a user to specify a dismissal reason when dismissing a vulnerability. This allows more fine-grained control of the status of a vulnerability.

The feature is behind a feature flag dismissal_reason.

Related:

• Issue: Dismissal Types(FE): Implement the new design t... (#285470 - closed) • Samantha Ming, Lorenz van Herwaarden • 15.11
• Epic: &4942 (closed)
• Documentation: !115852 (merged)
• MR to show dismissal reason in header status: !112468 (merged)
• Upcoming issue to show dismissal reason descriptions on hover: #393043 (closed)
• Feature flag rollout issue: #393005 (closed)

Screenshots or screen recordings

This screen recording shows how the dropdown works with a nested dropdown for dismissal reasons. It showcases the following:

• showing and hiding of the nested dropdown when hovering over the dismiss action
• being able to select a dismissal reason and see it selected
• change status to dismissed with a dismissal reason and see the change reflected in the header and in the discussions
• being able to go from dismissed with dismissal reason x to dismissed with dismissal reason y
• correctly handle initial/selected status and dismissal reason

vulnerability-state-dropdown-dismissal-reason

How to set up and validate locally

Prerequisites

1. You'll need an EE license
2. You'll need to have runners enabled (See $2408961 for setting up a runner)
3. Import https://gitlab.com/gitlab-examples/security/security-reports
4. Run a pipeline on master

Validate tests

yarn jest ee/spec/frontend/vulnerabilities/vulnerability_state_dropdown_spec.js
yarn jest ee/spec/frontend/vulnerabilities/vulnerability_state_dropdown_deprecated_spec.js
yarn jest ee/spec/frontend/vulnerabilities/header_spec.js

Validate original dropdown

Sanity check for when feature flag is turned off

1. Go to the details page of a vulnerability in the security-reports project
2. Change the status of the vulnerability and notice that it still behaves as before

Validate new dropdown

1. Enable feature flag: echo "Feature.enable(:dismissal_reason)" | rails c
2. Go to the details page of a vulnerability (one with detected status) in the security-reports project
3. Click on the status dropdown
4. Validate that the subtext for dismiss action shows "Select a reason"
5. Validate that clicking the dismiss action does not select it
6. Nested dropdown:
   1. Move you mouse over the dismiss action
   2. Validate that a nested dropdown appears with the dismissal reasons
   3. Validate that if your browser is narrow it appears to the left of the standard dropdown
   4. Validate that if your browser is wide it appears to the right of the standard dropdown
   5. Validate that if you move your mouse to the nested dropdown it stays visible
   6. Validate that if you move your move to another status action the nested dropdown disappears
7. Changing state and selection:
   1. Select a dismissal reason
   2. Validate that the dismissal reason and the dismiss action become selected
   3. Validate that the Change status button becomes enabled
   4. Select the needs triage status and validate that the Change status button is disabled again
   5. Select a dismissal reason again and click the Cancel button
   6. Click on the status dropdown again
   7. Validate that the Needs triage status is selected again
8. Select dismissal reason:
   1. Select any dismissal reason
   2. Click the Change status button
   3. Validate that dropdown closes and loading icon is shown
   4. Validate the status description in header is updated to reflect dismissed status and the chosen dismissal reason
   5. Validate that an entry in the discussions at the bottom is added
9. Change dismissal reason:
   1. Click on the status dropdown
   2. Select another dismissal reason
   3. Click the Change status button
   4. Validate that status description in header shows dismissed status with the newly chosen dismissal reason
   5. Note: suspected bug in backend does not add another entry in the discussions with the updated dismissal reason. I left a comment here

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Closes #285470 (closed)