Make a Vulnerability a proper todo target

Lukas Eipertrequested to merge
leipert-vulnerabilities-are-todos into master

What does this MR do and why?

Make a Vulnerability a proper todo target

Currently we cannot search for todos on vulnerabilities and the GraphQL endpoint errors out if it encounters a Todo on a vulnerability. Now both should work just fine.

Changelog: fixed EE: true

MR acceptance checklist

Screenshots or screen recordings

Screen_Recording_2024-09-24_at_16.49.25

How to set up and validate locally

The steps are a little involved, have a look at the recording above

  1. Create a vulnerability manually: https://docs.gitlab.com/ee/user/application_security/vulnerability_report/#manually-add-a-vulnerability
  2. Resolve the vulnerability
  3. Leave a comment on the vulnerability @-mentioning the user
  4. Run the query:
query todos {
  currentUser {
    id
    todos(action: [directly_addressed], state: [pending, done]) {
      nodes {
        id
        state
        createdAt
        action
        targetType
        targetUrl
      }
    }
  }
}

Before it should have errored, now it should work.

Merge request reports