Deletion of vulnerability-associated issuables prevents security report from loading
Summary
When an issue has been created from a security report, deleting that issue will prevent the Security report from rendering within the Pipeline view.
I have not yet tested if this is the case for issues created from the security dashboard, but expect the same
Steps to reproduce
- Run pipeline on project with vulnerability; i.e. https://gitlab.com/gitlab-org/security-products/demos/yarn-remediation/pipelines/44238707/security.
- Select vulnerability under "Security" tab
- Click "Create Issue" to create issue from vulnerability
- Go to "Edit" on issue page
- Delete issue
- Navigate back to pipeline page and see error
Dependency scanning: Loading resulted in an error
Example Project
https://gitlab.com/gitlab-org/security-products/demos/yarn-remediation/pipelines/44238707/security
What is the current bug behavior?
Error is shown on Security tab when linked issue gets deleted
What is the expected correct behavior?
- Security tab should render regardless of whether an issue is associated
- Issues should be re-creatable if deleted ("Create Issue") should reappear
Relevant logs and/or screenshots
Output of checks
This is not present on Gitlab.com as it will ship with 11.7
Possible fixes
- Vulnerabilities::FeedbackEntity should handle missing issues and merge_requests.
- When issues or merge_requests are deleted associated vulnerabilities are disassociated
Edited by Lucas Charles