Clarify comment when vulnerabilities are auto-resolved
What does this MR do and why?
This MR updates the canned text that GitLab-Security-Bot adds to vulnerability findings when they're automatically resolved.
The reason to change it is to:
- avoid confusion with "deprecated", which, at GitLab, means a feature is scheduled for removal but not yet removed
- clarify that auto-resolution happens in two cases:
- The user disables the rule by using ruleset customization.
- GitLab removes the rule from the default ruleset.
This is based on discussion in #368284 (comment 1206945048).
This feature is currently behind feature flag; see rollout issue: #375128 (closed).
Screenshots or screen recordings
Click to expand
| Before | After |
|---|---|
From !101704 (merged): 
|
Same, with new text. |
How to set up and validate locally
See !101704 (merged)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.