You need to sign in or sign up before continuing.
Deprecate retire.js analyzer
Problem to solve
retire.js analyzer will be removed in 15.0 and this deprecation has to be announced.
Same process as for bundler-audit deprecation: #289832 (closed)
Proposal
Warn users about this deprecation in the analyzer itself and the DS documentation.
Implementation plan
-
update Dependency Scanning docs with a warning about deprecation (see similar MR for bundler-audit: !76408 (merged)) -
also update the documentation about Javascript projects: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#javascript
-
-
update the retire.jsanalyzer with a warning in the job output (see similar MR for bundler-audit: gitlab-org/security-products/analyzers/bundler-audit!88 (merged)) -
add a deprecation items in Gitlab docs following https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations and if users customized yml to update it and coverage is continued through gemnasium (see similar MR for bundler-audit: !76191 (merged)) -
communicate to support slack channels and link to issue
Testing
-
Confirm Dependency Scanning docs have a warning about retire.js deprecation: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#javascript -
Confirm the retire.jsanalyzer displays a deprecation warning in the job output -
Confirm retire.jsis added to Deprecated items: https://docs.gitlab.com/ee/update/deprecations#retire-js-dependency-scanning-tool -
Confirm #support has been informed that retire.jshas been deprecated, with a link to this issue: https://gitlab.slack.com/archives/C01AQRPQ58C/p1645029909339809