ESCALATED: Dependency List shows dependency vulnerability status as safe to not logged in users

Summary

When a person is not logged in and views the vulnerable components list they see them all as safe

Steps to reproduce

be not logged in and view a list with vulnerable dependencies

Example Project

What is the current bug behavior?

I am not logged in and can see the vulnerable dependencies

https://gitlab.com/gitlab-org/gitlab/dependencies - click "vulnerable components"

What is the expected correct behavior?

At a minimum, they shouldn't all say safe because they are not, but also can we not show a count for that tab and also disable clicking / viewing the tab?

@andyvolpe can you confirm in line with #13247 (comment 219462485) that although we want guests to see the dependency list (though perhaps not the safe/unsafe), the vulnerable dependency list should not be available to not logged in persons?

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Results of GitLab application Check

Possible fixes