From af5716a0a640230cf8c4e1cf5c099f5d6a5114ad Mon Sep 17 00:00:00 2001 From: Nicole Schwartz Date: Tue, 7 Dec 2021 06:32:10 +0000 Subject: [PATCH 01/10] Announce deprecation of bundler-audit --- ...cure-dependency-scanning-bundler-audit.yml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml new file mode 100644 index 00000000000000..0aaa68e4bd8ebe --- /dev/null +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -0,0 +1,32 @@ +# This is a template for a feature deprecation +# A deprecation typically occurs when a feature or capability is planned to be removed in a future release. +# Deprecations should be announced at least two releases prior to removal. Any breaking changes should only be done in major releases. +# +# Below is an example of what a single entry should look like, it's required attributes, +# and what types we expect those attribute values to be. +# +# For more information please refer to the handbook documentation here: +# https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations +# +# Please delete this line and above before submitting your merge request. + +- name: "Feature name" # The name of the feature to be deprecated + announcement_milestone: "XX.YY" # The milestone when this feature was first announced as deprecated. + announcement_date: "YYYY-MM-DD" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "XX.YY" # The milestone when this feature is planned to be removed + body: | # Do not modify this line, instead modify the lines below. + +# The following items are not published on the docs page, but may be used in the future. + stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth + tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] + issue_url: # (optional) This is a link to the deprecation issue in GitLab + documentation_url: # (optional) This is a link to the current documentation page + image_url: # (optional) This is a link to a thumbnail image depicting the feature + video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg + removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed -- GitLab From a94cf497362d7cc9abdd606084048d185d37f3d1 Mon Sep 17 00:00:00 2001 From: Nicole Schwartz Date: Tue, 7 Dec 2021 06:39:00 +0000 Subject: [PATCH 02/10] Update 14-6-deprecation-secure-dependency-scanning-bundler-audit.yml --- ...cure-dependency-scanning-bundler-audit.yml | 33 +++++-------------- 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index 0aaa68e4bd8ebe..2e90c323c75ec1 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -1,32 +1,17 @@ -# This is a template for a feature deprecation -# A deprecation typically occurs when a feature or capability is planned to be removed in a future release. -# Deprecations should be announced at least two releases prior to removal. Any breaking changes should only be done in major releases. -# -# Below is an example of what a single entry should look like, it's required attributes, -# and what types we expect those attribute values to be. -# -# For more information please refer to the handbook documentation here: -# https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations -# -# Please delete this line and above before submitting your merge request. - - name: "Feature name" # The name of the feature to be deprecated - announcement_milestone: "XX.YY" # The milestone when this feature was first announced as deprecated. - announcement_date: "YYYY-MM-DD" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. - removal_milestone: "XX.YY" # The milestone when this feature is planned to be removed + announcement_milestone: "14.6" # The milestone when this feature was first announced as deprecated. + announcement_date: "2021-12-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "15.0" # The milestone when this feature is planned to be removed body: | # Do not modify this line, instead modify the lines below. - # The following items are not published on the docs page, but may be used in the future. - stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth - tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] - issue_url: # (optional) This is a link to the deprecation issue in GitLab + stage: secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth + tiers: ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/289832 # (optional) This is a link to the deprecation issue in GitLab documentation_url: # (optional) This is a link to the current documentation page image_url: # (optional) This is a link to a thumbnail image depicting the feature video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg - removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed + removal_date: 2022-05-22 # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed -- GitLab From 4d40294e10e560f6b49ff0bf54058e547532af3f Mon Sep 17 00:00:00 2001 From: Nicole Schwartz Date: Thu, 9 Dec 2021 02:26:50 +0000 Subject: [PATCH 03/10] Update 14-6-deprecation-secure-dependency-scanning-bundler-audit.yml --- ...-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index 2e90c323c75ec1..f1f4000f71cf29 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -5,8 +5,7 @@ body: | # Do not modify this line, instead modify the lines below. As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal please be aware that Ruby is still covered by gemnasium. -If you have explicitly excluded, using DS_EXCLUDED_ANALYZERS, bundler-audit you will want to update your pipeline ci template before it’s removal, and we recommend doing this as soon as possible. If you have not used the DS_EXCLUDED_ANALYZERS or customized your template specifically for bundler-audit you will not need to take action. - +If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline, for example to specifically have a bundler-audit job, you will want to remove this before its removal in 15.0 to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit or customized your template specifically for bundler-audit you will not need to take action. # The following items are not published on the docs page, but may be used in the future. stage: secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth tiers: ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] -- GitLab From cdc297734d342206636bf99685ab09b6d56b25e4 Mon Sep 17 00:00:00 2001 From: Nicole Schwartz Date: Thu, 9 Dec 2021 02:28:40 +0000 Subject: [PATCH 04/10] Apply 1 suggestion(s) to 1 file(s) --- ...4-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index f1f4000f71cf29..4788342d13642b 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -1,4 +1,4 @@ -- name: "Feature name" # The name of the feature to be deprecated +- name: "Deprecation of bundler-audit Dependency Scanning tool" # The name of the feature to be deprecated announcement_milestone: "14.6" # The milestone when this feature was first announced as deprecated. announcement_date: "2021-12-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "15.0" # The milestone when this feature is planned to be removed -- GitLab From 93dc6519b6304ab4ad42ce15e7e44409bd5f5cf6 Mon Sep 17 00:00:00 2001 From: Igor Frenkel Date: Thu, 9 Dec 2021 21:07:33 +0000 Subject: [PATCH 05/10] Apply 1 suggestion(s) to 1 file(s) --- ...4-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index 4788342d13642b..3067e951c4be6a 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -3,7 +3,7 @@ announcement_date: "2021-12-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "15.0" # The milestone when this feature is planned to be removed body: | # Do not modify this line, instead modify the lines below. - As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal please be aware that Ruby is still covered by gemnasium. + As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by gemnasium. If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline, for example to specifically have a bundler-audit job, you will want to remove this before its removal in 15.0 to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit or customized your template specifically for bundler-audit you will not need to take action. # The following items are not published on the docs page, but may be used in the future. -- GitLab From a437e1478fe58dc8023eb7b0e94c953c148aca3c Mon Sep 17 00:00:00 2001 From: Igor Frenkel Date: Thu, 9 Dec 2021 21:07:55 +0000 Subject: [PATCH 06/10] Apply 1 suggestion(s) to 1 file(s) --- ...4-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index 3067e951c4be6a..c0a86646b49864 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -5,7 +5,7 @@ body: | # Do not modify this line, instead modify the lines below. As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by gemnasium. -If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline, for example to specifically have a bundler-audit job, you will want to remove this before its removal in 15.0 to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit or customized your template specifically for bundler-audit you will not need to take action. +If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline's Dependency Scanning configuration, for example to edit the `bundler-audit-dependency_scanning` job, you will want to switch to gemnasium-dependency_scanning before removal in 15.0, to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit or customized your template specifically for bundler-audit you will not need to take action. # The following items are not published on the docs page, but may be used in the future. stage: secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth tiers: ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] -- GitLab From e50388f888a79e85206701ea9d88b7ffa868cdf7 Mon Sep 17 00:00:00 2001 From: Igor Frenkel Date: Thu, 9 Dec 2021 21:08:36 +0000 Subject: [PATCH 07/10] Apply 1 suggestion(s) to 1 file(s) --- ...4-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index c0a86646b49864..3cd40e4e0eeb5a 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -10,7 +10,7 @@ If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you wi stage: secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth tiers: ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/289832 # (optional) This is a link to the deprecation issue in GitLab - documentation_url: # (optional) This is a link to the current documentation page + documentation_url: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/analyzers.html # (optional) This is a link to the current documentation page image_url: # (optional) This is a link to a thumbnail image depicting the feature video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg removal_date: 2022-05-22 # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed -- GitLab From c5aabc146b34bf17e6b5da8f47e44a173b42860d Mon Sep 17 00:00:00 2001 From: Russell Dickenson Date: Thu, 9 Dec 2021 21:42:44 +0000 Subject: [PATCH 08/10] Apply 1 suggestion(s) to 1 file(s) --- ...4-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index 3cd40e4e0eeb5a..7b216ad223bf5b 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -3,7 +3,7 @@ announcement_date: "2021-12-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "15.0" # The milestone when this feature is planned to be removed body: | # Do not modify this line, instead modify the lines below. - As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by gemnasium. + As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI/CD template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by Gemnasium. If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline's Dependency Scanning configuration, for example to edit the `bundler-audit-dependency_scanning` job, you will want to switch to gemnasium-dependency_scanning before removal in 15.0, to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit or customized your template specifically for bundler-audit you will not need to take action. # The following items are not published on the docs page, but may be used in the future. -- GitLab From 68f1ef7f189cc3781f45f9407a4dcf860710ae81 Mon Sep 17 00:00:00 2001 From: Russell Dickenson Date: Thu, 9 Dec 2021 21:44:03 +0000 Subject: [PATCH 09/10] Apply 1 suggestion(s) to 1 file(s) --- ...4-6-deprecation-secure-dependency-scanning-bundler-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml index 7b216ad223bf5b..23e59da21e4541 100644 --- a/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml +++ b/data/deprecations/14-6-deprecation-secure-dependency-scanning-bundler-audit.yml @@ -5,7 +5,7 @@ body: | # Do not modify this line, instead modify the lines below. As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI/CD template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by Gemnasium. -If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline's Dependency Scanning configuration, for example to edit the `bundler-audit-dependency_scanning` job, you will want to switch to gemnasium-dependency_scanning before removal in 15.0, to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit or customized your template specifically for bundler-audit you will not need to take action. + If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline's Dependency Scanning configuration, for example to edit the `bundler-audit-dependency_scanning` job, you will want to switch to gemnasium-dependency_scanning before removal in 15.0, to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit, or customized your template specifically for bundler-audit, you will not need to take action. # The following items are not published on the docs page, but may be used in the future. stage: secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth tiers: ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] -- GitLab From 3098eacdbdf168b2d34eead9c7d7b2d9af40b455 Mon Sep 17 00:00:00 2001 From: Russell Dickenson Date: Fri, 10 Dec 2021 07:57:37 +1000 Subject: [PATCH 10/10] Add deprecation from MR76191 --- doc/update/deprecations.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index aafaabad81f480..7c035c7750fd00 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -116,6 +116,14 @@ Long term service and support (LTSS) for SUSE Linux Enterprise Server (SLES) 12 Announced: 2021-11-22 +### Deprecation of bundler-audit Dependency Scanning tool + +As of 14.6 bundler-audit is being deprecated from Dependency Scanning. It will continue to be in our CI/CD template while deprecated. We are removing bundler-audit from Dependency Scanning on May 22, 2022 in 15.0. After this removal Ruby scanning functionality will not be affected as it is still being covered by Gemnasium. + +If you have explicitly excluded bundler-audit using DS_EXCLUDED_ANALYZERS you will need to clean up (remove the reference) in 15.0. If you have customized your pipeline's Dependency Scanning configuration, for example to edit the `bundler-audit-dependency_scanning` job, you will want to switch to gemnasium-dependency_scanning before removal in 15.0, to prevent your pipeline from failing. If you have not used the DS_EXCLUDED_ANALYZERS to reference bundler-audit, or customized your template specifically for bundler-audit, you will not need to take action. + +Announced: 2021-12-22 + ### GitLab Serverless [GitLab Serverless](https://docs.gitlab.com/ee/user/project/clusters/serverless/) is a feature set to support Knative-based serverless development with automatic deployments and monitoring. -- GitLab