Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Deprecate the sorting of vulnerabilities by "report_type"

Deprecation Summary

The GraphQL API for requesting Vulnerabilities from GitLab was updated to use the Vulnerability::Read model to optimise vulnerability retrieval times from the API given the increasing mass of the vulnerabilities tracked. However certain aspects of the Vulnerability model API were not transitioned across entirely. One such behaviour is the sorting of reports by "report_type" which silently results in the default sort of severity when used.

As this functionality was deemed reasonably unused and not very useful in any case, it was decided to deprecate sorting by "report_type" rather then re-implement it on the Vulnerability::Read model. As the functionality is already effectively not working, deprecation is a case of removing sorting by report_type from the GraphQL documentation and front end.

Breaking Change

Sorting by report_type already results in the response being sorted by severity, so there should be little to no affect upon users current workflows.

Affected Topology

This affects all GitLab users, self-managed and SaaS.

Affected Tier

GitLab Ultimate

Checklists

Labels

This issue is labeled deprecation, and with the relevant ~devops::, ~group::, and ~Category: labels.
This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.

Timeline

Please add links to the relevant merge requests.

As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: 14.8, 14.9, 14.10, 15.0 – 14.8 is the third milestone preceding the major release):
- A deprecation entry has been created so the deprecation will appear in release posts and on the general deprecation page.
- Documentation has been updated to add a note about the end-of-life and to mark the feature as deprecated.
On or before the major milestone: A removal entry has been created so the removal will appear on the removals by milestones page and be announced in the release post.
On the major milestone:
- The deprecated item has been removed.
- If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change.

Mentions

Your stage's stable counterparts have been @mentioned on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager.
- To see who the stable counterparts are for a product team visit product categories
  - If there is no stable counterpart listed for Sales/CS please mention @timtams
  - If there is no stable counterpart listed for Support please mention @gitlab-com/support/managers
  - If there is no stable counterpart listed for Marketing please mention @cfoster3
Your GPM has been @mentioned so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change.

Deprecation Milestone

Planned Removal Milestone

Links

#348151 (closed)

#354503 (comment 918378597)

Implementation Plan

backend Deprecate the report_type_desc and report_type_asc sorting parameters for the VulnerabilitySort GraphQL type.

Edited May 19, 2022 by Gregory Havenga (Is On PTO From 21 April to 02 May)

Assignee Loading

Time tracking Loading