[SR-10860] SwiftPM package deprecation feature

[weissi]

Previous ID	SR-10860
Radar	rdar://problem/51669638
Original Reporter	@weissi
Type	Bug

Additional Detail from JIRA

| | | |------------------|-----------------| |Votes | 2 | |Component/s | Package Manager | |Labels | Bug | |Assignee | None | |Priority | Medium | md5: 29247768d0b83ae5382b87405fa454b4

relates to:

• SR-11190 SwiftPM should integrate with Github's security advisories

Issue Description:

For a healthy ecosystem it would be important for a package to be able to mark certain versions as unsupported/deprecated. It's a reasonable assumption that package authors ship for security updates for a number of releases but it's probably unreasonable to always expect them to ship security updates for all releases ever released.

One idea would be to push tags such as 1.0-unsupported which could signify that 1.0.x is now totally unsupported and SwiftPM should output a warning if it is required to build a deprecated version given the constraints.

Another option would be to put a file on the default branch (usually master) that contains all deprecated versions.

[weissi]

@neonichu apparently I hadn't filed it yet 🙂

[weissi]

@swift-ci create