Report EoL products

[dev-zzo]

I believe many users would appreciate having Retire.js reporting EoL stuff as well. For example:

• Bootstrap prior to 4.x was declared EoL: Getting to v4 twbs/bootstrap#20631
• jQuery 1.x and 2.x were quietly EoL'd as well: Are jQuery 1.x and 2.x officially end of life? jquery/jquery.com#162

Please let me know whether you find this worth spending time on.

[Elointz]

Totally agree. While there may not be any known vulnerabilities for now, I agree it should at least be classified as "low" (Retire.js doesn't have "informational").

[eoftedal]

I can certainly see how this could be useful, and we could always add "Informational" as a severity. The biggest issues I see though is the need to maintain the data, not adding the functionality it self.

[willc]

@Elointz As I understand it, there are known vulnerabilities in jQuery 1.x, 2.x, and Bootstrap <=3.x that will not be fixed or back-ported, so these should continue to show up as vulnerable. Also adding a note about EOL libraries would still be good though.

jQuery:
https://nodesecurity.io/advisories/328
jquery/jquery#2432

Bootsrap:
twbs/bootstrap#20184

[calve]

hoping here to list jsencrypt/jsbn as non-maintained critical libraries