Fix dependency scanning report with vulnerability without CVE
What does this MR do?
Generate sha1 fingerprint from
cve is empty
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
Frontend expect Dependency Scanning report to always provide a CVE but this is not true. To avoid breaking existing reports the fingerprint will be generated using another property.
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
Changelog entry added, if necessary
API support added
- Tests added for this feature/bug
- Conform by the code review guidelines
Has been reviewed by a UX Designer
- Has been reviewed by a Frontend maintainer
Has been reviewed by a Backend maintainer
Has been reviewed by a Database specialist
EE specific content should be in the top level
- Conform by the merge request performance guides
- Conform by the style guides
- If you have multiple commits, please combine them into a few logically organized commits by squashing them
If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan
End-to-end tests pass (
package-qamanual pipeline job)