Merge branch '218497-vulnerabilities-undefined' into 'master'

Make sure that `vulnerabilities` is always defined in the Dependency List See merge request gitlab-org/gitlab!35171

Merge branch '218497-vulnerabilities-undefined' into 'master'
Make sure that `vulnerabilities` is always defined in the Dependency List See merge request gitlab-org/gitlab!35171
cded1bcd · Paul Slaughter · d721b719 · 635d09f3 · cded1bcd · cded1bcd
Commit cded1bcd authored Jun 26, 2020 by Paul Slaughter
3 changed files
--- a/ee/app/assets/javascripts/dependencies/components/dependencies_table.vue
+++ b/ee/app/assets/javascripts/dependencies/components/dependencies_table.vue
@@ -63,8 +63,13 @@ export default {
    // passed to it in order to track the visibilty of each row's `row-details`
    // slot. So, create a deep clone of them here to avoid mutating the
    // `dependencies` prop.
+    // We also make sure that `vulnerabilities` is always defined to prevent rendering
+    // errors when the user is allowe to see dependencies but not their vulnerabilities.
    transformDependenciesForUI(dependencies) {
-      return cloneDeep(dependencies);
+      return dependencies.map(({ vulnerabilities, ...dep }) => ({
+        ...cloneDeep(dep),
+        vulnerabilities: vulnerabilities ? cloneDeep(vulnerabilities) : [],
+      }));
    },
  },
  fields: [

--- a/ee/changelogs/unreleased/218497-vulnerabilities-undefined.yml
+++ b/ee/changelogs/unreleased/218497-vulnerabilities-undefined.yml
+---
+title: Fixes a bug that would prevent the dependencies list from rendering for user that aren't authorized to see the vulnerabilities
+merge_request: 35171
+author:
+type: fixed
--- a/ee/spec/frontend/dependencies/components/dependencies_table_spec.js
+++ b/ee/spec/frontend/dependencies/components/dependencies_table_spec.js
@@ -54,7 +54,7 @@ describe('DependenciesTable component', () => {
    });

    const isVulnerableCellText = normalizeWhitespace(isVulnerableCell.text());
-    if (dependency.vulnerabilities.length) {
+    if (dependency?.vulnerabilities?.length) {
      expect(isVulnerableCellText).toContain(`${dependency.vulnerabilities.length} vuln`);
    } else {
      expect(isVulnerableCellText).toBe('');
@@ -105,13 +105,17 @@ describe('DependenciesTable component', () => {
    });
  });

-  describe('given dependencies with no vulnerabilities', () => {
+  describe.each`
+    description                                                             | vulnerabilitiesPayload
+    ${'given dependencies with no vulnerabilities'}                         | ${{ vulnerabilities: [] }}
+    ${'given dependencies when user is not allowed to see vulnerabilities'} | ${{}}
+  `('$description', ({ vulnerabilitiesPayload }) => {
    let dependencies;

    beforeEach(() => {
      dependencies = [
-        makeDependency({ vulnerabilities: [] }),
-        makeDependency({ name: 'foo', vulnerabilities: [] }),
+        makeDependency({ ...vulnerabilitiesPayload }),
+        makeDependency({ name: 'foo', ...vulnerabilitiesPayload }),
      ];

      createComponent({