Update Vulnerabilities Confirm Service

After the https://gitlab.com/gitlab-org/gitlab/-/issues/324860 is merged, a Vulnerability will be created when a user interacts with a finding. There will be no Vulnerability Feedback object to be destroyed when a vulnerability is confirmed. Changelog: fixed EE: true

Update Vulnerabilities Confirm Service
0a0d2e1a · mc_rocha · Sean McGivern · 52036352 · 0a0d2e1a · 0a0d2e1a
--- a/ee/app/services/vulnerabilities/confirm_service.rb
+++ b/ee/app/services/vulnerabilities/confirm_service.rb
@@ -7,8 +7,14 @@ class ConfirmService < BaseService
    def execute
      raise Gitlab::Access::AccessDeniedError unless authorized?

-      update_vulnerability_with(state: Vulnerability.states[:confirmed], confirmed_by: @user, confirmed_at: Time.current) do
-        DestroyDismissalFeedbackService.new(@user, @vulnerability).execute
+      if Feature.enabled?(:deprecate_vulnerabilities_feedback, @vulnerability.project)
+        update_vulnerability_with(state: Vulnerability.states[:confirmed], confirmed_by: @user,
+                                  confirmed_at: Time.current)
+      else
+        update_vulnerability_with(state: Vulnerability.states[:confirmed], confirmed_by: @user,
+                                  confirmed_at: Time.current) do
+          DestroyDismissalFeedbackService.new(@user, @vulnerability).execute
+        end
      end

      @vulnerability

--- a/ee/spec/services/vulnerabilities/confirm_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/confirm_service_spec.rb
@@ -23,7 +23,14 @@
    end

    it_behaves_like 'calls vulnerability statistics utility services in order'
-    it_behaves_like 'removes dismissal feedback from associated findings'
+
+    context 'when feature flag deprecate_vulnerabilities_feedback is disabled' do
+      before do
+        stub_feature_flags(deprecate_vulnerabilities_feedback: false)
+      end
+
+      it_behaves_like 'removes dismissal feedback from associated findings'
+    end

    it 'confirms a vulnerability' do
      freeze_time do
@@ -40,6 +47,12 @@
      confirm_vulnerability
    end

+    it 'does not remove the feedback from associated findings' do
+      expect(Vulnerabilities::DestroyDismissalFeedbackService).not_to receive(:new).with(user, vulnerability)
+
+      confirm_vulnerability
+    end
+
    context 'when security dashboard feature is disabled' do
      before do
        stub_licensed_features(security_dashboard: false)