Breaking changes for DAST 14.0

Problem to solve

When release 14.0 comes out in 2021, there will be a bunch of DAST functionality that should be deprecated and removed.

This issue is a placeholder for items to add to that list. We can add to this issue as the year progresses.

Release a DAST Major Release

• We should release a DAST major release, 2.0.0.
• We can update the DAST template to use DAST_VERSION 2

Deprecated items

• Change the default browser from firefox to Chromium #289962 (closed)
• Remove the legacy ZAP format fields, #33915 (closed)
• Rename DAST_AUTH_EXCLUDE_URLS to DAST_EXCLUDE_URLS #289959 (closed)
• Look at removing renamed environment variables (e.g. AUTH_PASSWORD -> DAST_AUTH_PASSWORD) [DONE but not deprecated] Release Post Issue
• Remove the DAST Validation. #293595 (closed)
• This repository should be archived in 14.0, https://gitlab.com/gitlab-org/security-products/codequality
• -s configuration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!219 (comment 379548118)
• -n configuration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!253 (merged)
• -p configuration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!246 (merged)
• -D configuration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!291 (merged)
• -T should be replaced with --zap-max-connection-attempts and --passive-scan-max-wait-time
• Default DAST_SPIDER_START_AT_HOST to false #267403 (closed)
• Remove AUTH_DISPLAY and DAST_AUTH_DISPLAY

Items to deprecate if we have time

• vulnerability.cve is being removed, and will be replaced by vulnerability.id #209850 (closed)

Questions/Miscellaneous

• Do we need to apply patch updates to the DAST:1 image for a period of time?
• GitLab Rails should state which versions of the DAST schema are supported.