Stop auto updating removed analyzers with SASTBot
Problem to solve
In Report version bump to 15.1.0 breaks compatibil... (#468655 - closed) • Craig Smith • 17.2 we found that keeping removed analyzer up to date (as far as dependencies like report) using SASTBot caused those analyzers to break in previous versions of GitLab.
To prevent further updates from causing more problems, these analyzers should no longer be included in the SASTBot update cycle.
Security updates should continue to be applied to these removed projected until %17.3
Implementation Plan
-
Remove all analyzers removed in 17.0 from SASTBot upgrades - https://gitlab.com/gitlab-org/security-products/analyzers/sast-analyzer-deps-bot/-/merge_requests/22+s
Edited by Craig Smith