12 files changed, 73 insertions, 37 deletions

diff --git a/data/deprecations/15-10-gitaly-legacy-config.yml b/data/deprecations/15-10-gitaly-legacy-config.yml
index 77f045defb1..cbfc923a16f 100644
--- a/data/deprecations/15-10-gitaly-legacy-config.yml
+++ b/data/deprecations/15-10-gitaly-legacy-config.yml
@@ -30,6 +30,6 @@
   # OTHER OPTIONAL FIELDS
   #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-10-helm-chart-updates.yml b/data/deprecations/15-10-helm-chart-updates.yml
index edfdf1b7ae0..08be6fd477c 100644
--- a/data/deprecations/15-10-helm-chart-updates.yml
+++ b/data/deprecations/15-10-helm-chart-updates.yml
@@ -23,7 +23,7 @@
   breaking_change: true  # (required) Change to false if this is not a breaking change.
   reporter: twk3  # (required) GitLab username of the person reporting the change
   stage: enablement  # (required) String value of the stage that the feature was created in. e.g., Growth
-  issue_url: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3442 # (required) Link to the deprecation issue in GitLab
+  issue_url: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3442  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     To coincide with GitLab 16.0, the GitLab Helm Chart will release the 7.0 major version. The following major bundled chart updates will be included:
 
diff --git a/data/deprecations/15-11-geo-project-redownload.yml b/data/deprecations/15-11-geo-project-redownload.yml
index 6b53a0fb6f8..229bab04b0a 100644
--- a/data/deprecations/15-11-geo-project-redownload.yml
+++ b/data/deprecations/15-11-geo-project-redownload.yml
@@ -39,7 +39,7 @@
   #
   # OTHER OPTIONAL FIELDS
   #
-  tiers: ["Premium", "Ultimate"] # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  tiers: ["Premium", "Ultimate"]  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
   documentation_url:  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml b/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml
index 493b3807aae..d9cd4bfb262 100644
--- a/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml
+++ b/data/deprecations/15-11-runner-images-alpine-3.12-3.13-3.14.yml
@@ -2,11 +2,11 @@
   announcement_milestone: "15.11"  # (required) The milestone when this feature was first announced as deprecated.
   announcement_date: "2023-04-22"  # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
   removal_milestone: "16.1"  # (required) The milestone when this feature is planned to be removed
-  removal_date: "2023-06-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  removal_date: "2023-06-22"  # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
   breaking_change: false  # (required) If this deprecation is a breaking change, set this value to true
   reporter: DarrenEastman  # (required) GitLab username of the person reporting the deprecation
-  stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth
-  issue_url: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29639 # (required) Link to the deprecation issue in GitLab
+  stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29639  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     We will stop publishing runner images based on the following, end-of-life Alpine versions:
 
@@ -14,11 +14,11 @@
     - Alpine 3.13
     - Alpine 3.14 (end-of-life on 2023-05-23)
   end_of_support_milestone: "16.1"  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
-  end_of_support_date: "2023-06-22" # (optional) The date of the milestone release when support for this feature will end.
+  end_of_support_date: "2023-06-22"  # (optional) The date of the milestone release when support for this feature will end.
 
-# OTHER OPTIONAL FIELDS
-#
+  # OTHER OPTIONAL FIELDS
+  #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/runner/install/docker.html#gitlab-runner-container-images-support-lifecycle # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/runner/install/docker.html#gitlab-runner-container-images-support-lifecycle  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/15-8-third-party-registries.yml b/data/deprecations/15-8-third-party-registries.yml
index 6d583cd3d19..83380581505 100644
--- a/data/deprecations/15-8-third-party-registries.yml
+++ b/data/deprecations/15-8-third-party-registries.yml
@@ -21,4 +21,4 @@
 # If an End of Support period applies, the announcement should be shared with GitLab Support
 # in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
 #
-  end_of_support_milestone: 16.0 # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_milestone: 16.0  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
diff --git a/data/deprecations/15-9-JWT-OIDC.yml b/data/deprecations/15-9-JWT-OIDC.yml
index 1afd5056104..48e1b862032 100644
--- a/data/deprecations/15-9-JWT-OIDC.yml
+++ b/data/deprecations/15-9-JWT-OIDC.yml
@@ -7,22 +7,36 @@
   stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366798  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
-    Now that we have released [ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html)
-    with OIDC support, the old JSON web tokens are deprecated.
-    Both the `CI_JOB_JWT` and `CI_JOB_JWT_V2` tokens, exposed to jobs as predefined variables, will:
+    [ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html) with OIDC support
+    were introduced in GitLab 15.7. These tokens are more configurable than the old JSON web tokens (JWTs), are OIDC compliant,
+    and only available in CI/CD jobs that explictly have ID tokens configured.
+    ID tokens are more secure than the old `CI_JOB_JWT*` JSON web tokens which are exposed in every job,
+    and as a result these old JSON web tokens are deprecated:
 
-    - Not be creatable in GitLab 16.0 and later.
-    - Be removed in GitLab 16.5.
+    - `CI_JOB_JWT`
+    - `CI_JOB_JWT_V1`
+    - `CI_JOB_JWT_V2`
 
-    To prepare for this change:
+    To prepare for this change, configure your pipelines to use [ID tokens](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens)
+    instead of the deprecated tokens. For OIDC compliance, the `iss` claim now uses
+    the fully qualified domain name, for example `https://example.com`, previously
+    introduced with the `CI_JOB_JWT_V2` token.
 
-    - Before the release of GitLab 16.5, configure your pipelines to use the fully configurable and more secure
-      [`id_token`](https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens) keyword instead.
-    - [Enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
-      setting, which prevents the old tokens from being exposed to any jobs.
+    In GitLab 15.9 to 15.11, you can [enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
+    setting, which prevents the old tokens from being exposed to any jobs and enables
+    [ID token authentication for the `secrets:vault` keyword](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+
+    In GitLab 16.0 and later:
+
+    - This setting will be removed.
+    - CI/CD jobs that use the `id_tokens` keyword can use ID tokens with `secrets:vault`,
+      and will not have any `CI_JOB_JWT*` tokens available.
+    - Jobs that do not use the `id_tokens` keyword will continue to have the `CI_JOB_JWT*`
+      tokens available until GitLab 16.5.
+
+    In GitLab 16.5, the deprecated tokens will be completely removed and will no longer
+    be available in CI/CD jobs.
 
-      In GitLab 16.0 and later, the ability to set this option will be removed and all new projects will have the option
-      enabled.
 #
 # If an End of Support period applies, the announcement should be shared with GitLab Support
 # in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
diff --git a/data/deprecations/16-0-CiRunner-projects-default-sort.yml b/data/deprecations/16-0-CiRunner-projects-default-sort.yml
index 871406058e6..d462afb757b 100644
--- a/data/deprecations/16-0-CiRunner-projects-default-sort.yml
+++ b/data/deprecations/16-0-CiRunner-projects-default-sort.yml
@@ -7,7 +7,7 @@
   breaking_change: true  # (required) Change to false if this is not a breaking change.
   reporter: pedropombeiro  # (required) GitLab username of the person reporting the change
   stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
-  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372117 # (required) Link to the deprecation issue in GitLab
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372117  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     The `CiRunner.projects`'s field default sort order value will change from `id_asc` to `id_desc`.
     If you rely on the order of the returned projects to be `id_asc`, change your scripts to make the choice explicit.
@@ -22,6 +22,6 @@
   # OTHER OPTIONAL FIELDS
   #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerprojects # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerprojects  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/16-0-Vault-integration.yml b/data/deprecations/16-0-Vault-integration.yml
index e08666e67ff..987ac2bed3c 100644
--- a/data/deprecations/16-0-Vault-integration.yml
+++ b/data/deprecations/16-0-Vault-integration.yml
@@ -19,20 +19,28 @@
 #
 - title: "HashiCorp Vault integration will no longer use CI_JOB_JWT by default"
   announcement_milestone: "15.9"  # (required) The milestone when this feature was first announced as deprecated.
-  removal_milestone: "16.0"  # (required) The milestone when this feature is planned to be removed
+  removal_milestone: "16.5"  # (required) The milestone when this feature is planned to be removed
   breaking_change: true  # (required) Change to false if this is not a breaking change.
   reporter: dhershkovitch  # (required) GitLab username of the person reporting the change
-  stage: stage  # (required) String value of the stage that the feature was created in. e.g., Growth
+  stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366798  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
-    As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+    As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use the ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication). ID tokens were introduced in 15.7.
 
-    To be prepared for this change, you should do the following before GitLab 16.0:
+    To prepare for this change, use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens)
+    keyword and configure the `aud` claim. Ensure the bound audience is prefixed with `https://`.
 
-    - [Disable the use of JSON web tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication) in the pipeline.
-    - Ensure the bound audience is prefixed with `https://`.
-    - Use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens) keyword
-      and configure the `aud` claim.
+    In GitLab 15.9 to 15.11, you can [enable the **Limit JSON Web Token (JWT) access**](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication)
+    setting, which prevents the old tokens from being exposed to any jobs and enables
+    [ID token authentication for the `secrets:vault` keyword](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+
+    In GitLab 16.0 and later:
+
+    - This setting will be removed.
+    - CI/CD jobs that use the `id_tokens` keyword can use ID tokens with `secrets:vault`,
+      and will not have any `CI_JOB_JWT*` tokens available.
+    - Jobs that do not use the `id_tokens` keyword will continue to have the `CI_JOB_JWT*`
+      tokens available until GitLab 16.5.
 # If an End of Support period applies, the announcement should be shared with GitLab Support
 # in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
 #
diff --git a/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml b/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml
index 4f17f60fc85..cfe4b39deac 100644
--- a/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml
+++ b/data/deprecations/16-0-graphql-CiRunnerUpgradeStatusType-renamed.yml
@@ -19,6 +19,6 @@
   # OTHER OPTIONAL FIELDS
   #
   tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerupgradestatus # (optional) This is a link to the current documentation page
+  documentation_url: https://docs.gitlab.com/ee/api/graphql/reference/index.html#cirunnerupgradestatus  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/deprecations/templates/_deprecation_template.md.erb b/data/deprecations/templates/_deprecation_template.md.erb
index 4733e8bd515..bbca07fbd3c 100644
--- a/data/deprecations/templates/_deprecation_template.md.erb
+++ b/data/deprecations/templates/_deprecation_template.md.erb
@@ -59,7 +59,10 @@ and [GraphQL](https://docs.gitlab.com/ee/api/graphql/removed_items.html) depreca
 - End of Support: GitLab <span class="milestone"><%= deprecation["end_of_support_milestone"]%></span>
 <% end -%>
 <% if deprecation["breaking_change"] -%>
-- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
+- This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+<%- end -%>
+<% if deprecation["issue_url"] -%>
+- To discuss this change or learn more, see the [deprecation issue](<%= deprecation["issue_url"]%>).
 <%- end -%>
 </div>
 
diff --git a/data/removals/15_10/15_10-non-public-artifacts.yml b/data/removals/15_10/15_10-non-public-artifacts.yml
index bea672d2f22..4a21cf8b612 100644
--- a/data/removals/15_10/15_10-non-public-artifacts.yml
+++ b/data/removals/15_10/15_10-non-public-artifacts.yml
@@ -19,7 +19,7 @@
 #
 # OPTIONAL FIELDS
 #
-  tiers: Free # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
-  documentation_url: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic # (optional) This is a link to the current documentation page
+  tiers: Free  # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic  # (optional) This is a link to the current documentation page
   image_url:  # (optional) This is a link to a thumbnail image depicting the feature
   video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/removals/16_0/16-0-job_age.yml b/data/removals/16_0/16-0-job_age.yml
new file mode 100644
index 00000000000..8a31b1ad870
--- /dev/null
+++ b/data/removals/16_0/16-0-job_age.yml
@@ -0,0 +1,11 @@
+- title: "Removal of job_age parameter in `POST /jobs/request` Runner endpoint"
+  announcement_milestone: "15.2"  # (required) The milestone when this feature was deprecated.
+  removal_milestone: "16.0"  # (required) The milestone when this feature is being removed.
+  breaking_change: true  # (required) Change to false if this is not a breaking change.
+  reporter: jreporter  # (required) GitLab username of the person reporting the removal
+  stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334253  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    The `job_age` parameter, returned from the `POST /jobs/request` API endpoint used in communication with GitLab Runner, has been removed in GitLab 16.0.
+
+    This could be a breaking change for anyone that developed their own runner that relies on this parameter being returned by the endpoint. This is not a breaking change for anyone using an officially released version of GitLab Runner, including public shared runners on GitLab.com.