Merge branch 'bug-dependency-path-iid' into 'master'

Prevent augmenting for orphan dependencies

See merge request gitlab-org/gitlab!47321

ee/lib/gitlab/ci/reports/dependency_list/report.rb

@@ -51,7 +51,7 @@ module Gitlab
 
           def augment_ancestors!
             @dependencies.each_value do |dep|
-              next unless dep.iid
+              next unless dep.location[:ancestors]
               next if dep.location[:top_level]
 
               if dep.vulnerabilities.empty?

ee/spec/lib/gitlab/ci/reports/dependency_list/report_spec.rb

@@ -44,6 +44,19 @@ RSpec.describe Gitlab::Ci::Reports::DependencyList::Report do
         expect(ancestors.last).to eq({ name: direct[:name], version: direct[:version] })
       end
 
+      context 'when dependency path info is not full' do
+        let(:orphan_dependency) { build :dependency, :with_vulnerabilities, iid: 3 }
+
+        before do
+          report.add_dependency(orphan_dependency)
+        end
+
+        it 'returns array of hashes' do
+          expect(dependencies).to be_an(Array)
+          expect(dependencies.first).to be_a(Hash)
+        end
+      end
+
       context 'with multiple dependency files matching same package manager' do
         let(:indirect_other) { build :dependency, :with_vulnerabilities, iid: 32 }
         let(:direct_other) { build :dependency, :direct, :with_vulnerabilities }