We are removing the support of python 3.6 as it is end of life and out of support.
You should comment on this issue if you need 3.6 support and ideally work with your account manager to include a salesforce link to help us figure out if and for how long we can extend support.
Proposal
Announce in 14.8 the deprecation of python 3.6 with a breaking change in 15.0 to no longer be default container
the removal of active support for python 3.6, but that it is available in the deprecated gemnasium-python:2 image. This means we will only offer backport for critical security issues. Though, we will ensure this image produces report that passes the schema validation, which will be enforced in GitLab 15.0
Nicole Schwartzchanged title from Announce Deprecation of 3.9 python - 3 release warning to Deprecation and Removal of 3.9 python for Dependency Scanning - 3 release warning
changed title from Announce Deprecation of 3.9 python - 3 release warning to Deprecation and Removal of 3.9 python for Dependency Scanning - 3 release warning
Nicole Schwartzchanged title from Deprecation and Removal of 3.9 python for Dependency Scanning - 3 release warning to Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning
changed title from Deprecation and Removal of 3.9 python for Dependency Scanning - 3 release warning to Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning
Nicole Schwartzchanged the descriptionCompare with previous version
Nicole Schwartzchanged the descriptionCompare with previous version
changed the description
Nicole Schwartzmarked the checklist item Announce in 14.8 the deprecation of python 3.6 with a breaking change in 15.0 to no longer be default container - see MR !78502 (merged) as completed
marked the checklist item Announce in 14.8 the deprecation of python 3.6 with a breaking change in 15.0 to no longer be default container - see MR !78502 (merged) as completed
Nicole Schwartzchanged title from Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning to [docs-only] Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning
changed title from Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning to [docs-only] Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning
Nicole Schwartzchanged the descriptionCompare with previous version
Just for clarity the proposal discussed in this thread has been discarded. Python 3.6 users will have to use the "old" gemnasium-python:2 analyzer image.
For users using Python 3.6, as of GitLab 15.0 you will no longer be able to use the default template for dependency scanning. You will need to switch to use the deprecated gemnasium-python:2 analyzer image.
Nicole Schwartzchanged title from [docs-only] Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning to [docs-only] Deprecation and Removal of 3.6 python for Dependency Scanning - swap for 3.9
changed title from [docs-only] Deprecation and Removal of 3.6 python for Dependency Scanning - 3 release warning to [docs-only] Deprecation and Removal of 3.6 python for Dependency Scanning - swap for 3.9
we are still using Python 3.6 with latest CentOS 7, so please delay removing the deprecated gemnasium-python:2-python-3.6 or gemnasium-python:3-python-3.6 images past 2022-05-22
we are still using Python 3.6 with latest CentOS 7, so please delay removing the deprecated gemnasium-python:2-python-3.6 or gemnasium-python:3-python-3.6 images past 2022-05-22
@nngo2 the change described in this issue is for removing python 3.6 as the default image for gemnasium-python. Currently, users of python 3.6 don't need to do anything special to use gemnasium-python, since v3.6 is the default, whereas if someone wants to use python 3.9, they need to explicitly reference the gemnasium-python:2-python-3.9 image.
The change that we're proposing in this issue is to reverse the behaviour, meaning that if you want to use python 3.9 you won't need to do anything special, whereas if you want to use python 3.6, you'll need to explicitly reference the gemnasium-python:2-python-3.6 image. So to reiterate, this image won't be removed, we're simply changing the default, meaning that once this change goes live, you'll need to update your .gitlab-ci.yml template to reference the non-default gemnasium-python:2-python-3.6 image.
Edit: See the response from @gonzoyumo below for the correct details
@adamcohen@nngo2 the plan is actually slightly different (we might have changed it since the initial discussions).
Starting with GitLab 15.0:
the default template will pull the next major of our analyzer which will use python 3.9: gemnasium-python:3
users of python 3.6 will have to use the old image gemnasium-python:2. In other words, there will be no dedicated image for python 3.6 in our next Major release.
The reason being that 3.6 has reached its end-of-life so we will no longer maintain an active image with that version, at least not until we revisit how we manage multiple versions with #328263 (closed)
@NicoleSchwartz I've removed the NOTE OF CLARIFICATION from the description per our slack discussion.
The proposal states that projects requirement python 3.6 will have to use explicitely the gemnasium-2 image. On our side we will ensure it works with gitlab 15.0 (schema validation) but will not push new features and fixes like on Major version 3.
1
Olivier Gonzalezchanged the descriptionCompare with previous version
Olivier Gonzalezmarked the checklist item the removal of active support for python 3.6, but that it is available in the deprecated gemnasium-python:2 image. This means we will only offer backport for critical security issues. Though, we will ensure this image produces report that passes the schema validation, which will be enforced in GitLab 15.0 as completed
marked the checklist item the removal of active support for python 3.6, but that it is available in the deprecated gemnasium-python:2 image. This means we will only offer backport for critical security issues. Though, we will ensure this image produces report that passes the schema validation, which will be enforced in GitLab 15.0 as completed
Olivier Gonzalezmarked the checklist item the removal of the temporary python 3.9 container as completed
marked the checklist item the removal of the temporary python 3.9 container as completed
Olivier Gonzalezmarked the checklist item Announce in 15.0 as completed
marked the checklist item Announce in 15.0 as completed