static/frontend: condense vuln display on module pages

When a module is affected by many vulnerabilities, the current
display can become overwhelming because details are listed for
each vuln.

If there are 2 or more vulns, condense the the message to
"Affected by GO-XXXX-YYYY and N other vulnerabilities",
with the option to click a button and see all the vulns.

Change-Id: I5e4e6712aa6038d390ed70b339a982f7684a986f
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/595561
kokoro-CI: kokoro <noreply+kokoro@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

static/frontend/unit/_header.tmpl

@@ -237,7 +237,28 @@
       />&nbsp; Redirected from <span data-test-id="redirected-banner-text">{{.}}</span>.
     </div>
   {{- end -}}
-  {{range .Vulns}}{{template "vuln-message" .}}{{end}}
+   {{- with $vs := .Vulns -}}
+      {{if eq (len $vs) 1}}
+        <div>{{template "vuln-message" (index $vs 0)}}</div>
+      {{else}}
+        <details class="js-versionDetails">
+            <summary class="go-Message go-Message--alert">
+            <img
+                class="go-Icon"
+                height="24"
+                width="24"
+                src="/static/shared/icon/alert_gm_grey_24dp.svg"
+                alt="Alert"
+            />&nbsp;
+            Affected by <a href="/vuln/{{(index $vs 0).ID}}">{{(index $vs 0).ID}}</a>
+            {{with $more := subtract (len $vs) 1}} and {{$more}} other vulnerabilities{{end}}
+          </summary>
+          <div>
+            {{range .}}{{template "vuln-message" .}}{{end}}
+          </div>
+        </details>
+    {{end}}
+  {{- end -}}
   {{- if .Unit.Deprecated -}}
     <div class="go-Message go-Message--warning">
       <img

tests/screentest/seed.txt

@@ -17,6 +17,7 @@ github.com/hashicorp/vault/api/auth/kubernetes@latest
 github.com/jackc/pgx/v4@v4.11.0
 github.com/jba/bit@v0.2.0
 github.com/julieqiu/api-demo@all
+github.com/stacklok/minder@v0.0.47
 github.com/tendermint/tendermint@v0.34.10
 github.com/tendermint/tendermint@v0.34.11
 gocloud.dev@v0.22.0

tests/screentest/testcases.ci.txt

@@ -4,6 +4,10 @@ output tests/screentest/testdata/ci
 # Prevent dynamic readme bages from rendering
 block https://codecov.io/* https://travis-ci.com/*
 
+{{$ready := "[role='treeitem'][aria-selected='true']"}}
+{{$hideElements := "document.querySelector(\"[data-test-id='UnitHeader-importedby']\")?.remove();document.querySelector(\"[data-test-id='meta-link-depsdev']\")?.remove();"}}
+{{$scrollTop := "window.scrollTo({top:0});"}}
+
 test vuln
 pathname /vuln/
 capture fullscreen
@@ -58,3 +62,11 @@ test vuln no results
 pathname /search?q=github.com%2Fnoresults&m=vuln
 capture viewport
 capture viewport 540x1080
+
+test module with one vuln
+pathname /github.com/stacklok/minder@v0.0.47
+wait {{$ready}}
+eval {{$scrollTop}}
+eval {{$hideElements}}
+capture viewport
+capture viewport 540x1080