Add deprecation note for Severity and Confidence levels

doc/api/vulnerability_findings.md

@@ -6,7 +6,7 @@ NOTE: **Note:**
 This API resource is renamed from Vulnerabilities to Vulnerability Findings because the Vulnerabilities are reserved
 for serving the upcoming [Standalone Vulnerability objects](https://gitlab.com/gitlab-org/gitlab/issues/13561).
 To fix any broken integrations with the former Vulnerabilities API, change the `vulnerabilities` URL part to be
-`vulnerability_findings`.  
+`vulnerability_findings`.
 
 Every API call to vulnerability findings must be [authenticated](README.md#authentication).
 
@@ -46,6 +46,9 @@ GET /projects/:id/vulnerability_findings?confidence=unknown,experimental
 GET /projects/:id/vulnerability_findings?pipeline_id=42
 ```
 
+CAUTION: **Deprecation:**
+Beginning with GitLab 12.9, the `undefined` severity level is deprecated and the `undefined` confidence level isn't reported for new vulnerabilities.
+
 | Attribute     | Type           | Required | Description                                                                                                                                                                         |
 | ------------- | -------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) which the authenticated user is a member of.                                                        |

doc/user/application_security/container_scanning/index.md

@@ -347,6 +347,9 @@ it highlighted:
 }
 ```
 
+CAUTION: **Deprecation:**
+Beginning with GitLab 12.9, container scanning no longer reports `undefined` severity and confidence levels.
+
 Here is the description of the report file structure nodes and their meaning. All fields are mandatory to be present in
 the report JSON unless stated otherwise. Presence of optional fields depends on the underlying analyzers being used.
 

doc/user/application_security/dependency_scanning/index.md

@@ -355,6 +355,9 @@ it highlighted:
 }
 ```
 
+CAUTION: **Deprecation:**
+Beginning with GitLab 12.9, dependency scanning no longer reports `undefined` severity and confidence levels.
+
 Here is the description of the report file structure nodes and their meaning. All fields are mandatory to be present in
 the report JSON unless stated otherwise. Presence of optional fields depends on the underlying analyzers being used.
 

doc/user/application_security/sast/index.md

@@ -413,6 +413,9 @@ it highlighted:
 }
 ```
 
+CAUTION: **Deprecation:**
+Beginning with GitLab 12.9, SAST no longer reports `undefined` severity and confidence levels.
+
 Here is the description of the report file structure nodes and their meaning. All fields are mandatory in
 the report JSON unless stated otherwise. Presence of optional fields depends on the underlying analyzers being used.