Deprecate retire.js analyzer
Problem to solve
retire.js
analyzer will be removed in 15.0
and this deprecation has to be announced.
Same process as for bundler-audit deprecation: #289832 (closed)
Proposal
Warn users about this deprecation in the analyzer itself and the DS documentation.
Implementation plan
-
update Dependency Scanning docs with a warning about deprecation (see similar MR for bundler-audit: !76408 (merged)) -
also update the documentation about Javascript projects: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#javascript
-
-
update the retire.js
analyzer with a warning in the job output (see similar MR for bundler-audit: gitlab-org/security-products/analyzers/bundler-audit!88 (merged)) -
add a deprecation items in Gitlab docs following https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations and if users customized yml to update it and coverage is continued through gemnasium (see similar MR for bundler-audit: !76191 (merged)) -
communicate to support slack channels and link to issue
Testing
-
Confirm Dependency Scanning docs have a warning about retire.js deprecation: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#javascript -
Confirm the retire.js
analyzer displays a deprecation warning in the job output -
Confirm retire.js
is added to Deprecated items: https://docs.gitlab.com/ee/update/deprecations#retire-js-dependency-scanning-tool -
Confirm #support has been informed that retire.js
has been deprecated, with a link to this issue: https://gitlab.slack.com/archives/C01AQRPQ58C/p1645029909339809
Edited by Olivier Gonzalez