ci: Remove deprecated retire.js dependency scanning
What does this MR do?
Removes retire.js scanner from Dependency Scanning CI.
retire.js scanner was deprecated in %14.8 and removed in %15.0. See also gitlab-org/gitlab#289830 (closed).
We are getting deprecation warning message like https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile/-/jobs/2579911502
[...]
$ echo "This job was deprecated in GitLab 14.8 and removed in GitLab 15.0"
This job was deprecated in GitLab 14.8 and removed in GitLab 15.0
$ echo "For more information see https://gitlab.com/gitlab-org/gitlab/-/issues/289830"
For more information see https://gitlab.com/gitlab-org/gitlab/-/issues/289830
$ exit 1
Uploading artifacts for failed job
Uploading artifacts...
WARNING: gl-dependency-scanning-report.json: no matching files
ERROR: No files to upload
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1References
Closes #20 (closed)
Similar to gitlab-org/gitlab-ui!2834 (merged)
Official docs
https://docs.gitlab.com/ee/update/removals.html#retire-js-dependency-scanning-tool
Retire-JS Dependency Scanning tool
This is a breaking change. Review the details carefully before upgrading.
We have removed support for retire.js from Dependency Scanning as of May 22, 2022 in GitLab 15.0. JavaScript scanning functionality will not be affected as it is still being covered by Gemnasium.
If you have explicitly excluded retire.js using the DS_EXCLUDED_ANALYZERS variable, then you will be able to remove the reference to retire.js. If you have customized your pipeline’s Dependency Scanning configuration related to the retire-js-dependency_scanning job, then you will want to switch to gemnasium-dependency_scanning. If you have not used the DS_EXCLUDED_ANALYZERS to reference retire.js, or customized your template specifically for retire.js, you will not need to take any action.
Signed-off-by: Takuya Noguchi takninnovationresearch@gmail.com