Update dependency snyk to v1.685.0 - abandoned #1854

mend-for-github-com · 2022-02-05T02:08:58Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
snyk	`1.464.0` -> `1.685.0`

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	10.0	CVE-2020-26301	#1708
High	9.8	CVE-2021-23406	#1709
High	9.8	CVE-2021-23406	#1709
High	9.1	CVE-2021-28918	#98
High	7.5	CVE-2021-23490	#1713
Medium	5.3	CVE-2021-23413	#1715
Medium	5.3	CVE-2021-29418	#52
Medium	5.3	CVE-2021-23362	#121

Release Notes

snyk/snyk

`v1.685.0`

Compare Source

Features

Snyk CLI is bundled with Webpack (e22e94f)

`v1.684.0`

Compare Source

Bug Fixes

protect: catch and log unexpected errors (ca2177a)
protect: skip previously patched files (5e824c0)

`v1.683.0`

Compare Source

Bug Fixes

support quoted keys in inline tables (7973015)

`v1.682.0`

Compare Source

Bug Fixes

upgrade snyk-nuget-plugin 1.22.1 (78f8e68)

`v1.681.0`

Compare Source

Features

bump snyk-docker-plugin to 4.23.0 (a91457b)

`v1.680.0`

Compare Source

Bug Fixes

use OAUTH token if set for analytics (14a0b76)

`v1.679.0`

Compare Source

Features

Enable IaC analytics for ignores (b2f5f11)

`v1.678.0`

Compare Source

Bug Fixes

help docs to include iac ignores (6c18b2b)

`v1.677.0`

Compare Source

Bug Fixes

match IaC ignore paths exactly (7dc4f7c)
more context in some IaC output (f30b7f4)

Features

CLI ignores (ac10cdd)

`v1.676.0`

Compare Source

Features

if snyk fix throws unsupported error, show how to enable (34ea269)

`v1.675.0`

Compare Source

Bug Fixes

corrected codeowners for sast-team (a102ba4)
support of the new Code API (bfa6493)
updated dependency on @snyk/code-client (5b49f5c)

Features

display dockerfile warnings (3ba4273)
expose scan result to formatters (2bd48e8)

`v1.674.0`

Compare Source

`v1.673.0`

Compare Source

Bug Fixes

update tar dependency (cf031e7)

`v1.672.0`

Compare Source

Bug Fixes

return correct exit code when using --exclude-base-image-vulns (2c5b41d)

`v1.671.0`

Compare Source

Bug Fixes

use correct exit codes for docker entrypoint (73174f5)

`v1.670.0`

Compare Source

Bug Fixes

IaC path parsing (8566273)

`v1.669.0`

Compare Source

Bug Fixes

IaC multi-doc yaml indexing (b4e6c18)

`v1.668.0`

Compare Source

Features

add --help to snyk protect (7580e9f)

`v1.667.0`

Compare Source

Bug Fixes

update plugins package versions (e686299)

`v1.666.0`

Compare Source

Features

track IaC local execution tests [CC-972] (f7f2961)

`v1.665.0`

Compare Source

Features

central colors theme (e3c3ac0)
Centralize icons and err messages by theme (3292ffb)

`v1.664.0`

Compare Source

Bug Fixes

propagate userMessage to 404 errors (42288e0)

`v1.663.0`

Compare Source

Bug Fixes

bump docker plugin version with fixes (cb2ecf1)

`v1.662.0`

Compare Source

Features

drop bold formatting based on design feedback. (8166a62)
suggest snyk fix for fixable pip & poetry projects (79f8e55)

`v1.661.0`

Compare Source

Bug Fixes

make sure we suggest --all-sub-projects only when appropriate (bb22dcb)

`v1.660.0`

Compare Source

Features

add JSON to the CDN hosting (eb6e147)

`v1.659.0`

Compare Source

Features

Update the bst plugin to 2.11.3 (6a0dd20)
This new version of the sbt plugin reports the sbt version used to run the analysis.
It also adds a fallback method of determining the project folder.
The sbt plugin PR for this version: snyk/snyk-sbt-plugin#98

`v1.658.0`

Compare Source

Bug Fixes

ensure tip to use --all-sub-projects is shown (93d1d4c)

`v1.657.0`

Compare Source

Bug Fixes

Handle container test/monitor commands without provided image name (81b0d34)

`v1.656.0`

Compare Source

Bug Fixes

bump sbt plugin version (ed78770)

`v1.655.0`

Compare Source

Features

ignore unrecognised IaC types [CC-947] (86da4c9)

`v1.654.0`

Compare Source

Bug Fixes

upgrade docker plugin with lib pull bug fix (eecaf6e)

`v1.653.0`

Compare Source

Bug Fixes

update of new version of snyk python plugin (57bc7a8)

`v1.652.0`

Compare Source

Features

send snyk fix specific analytics (5411c8e)

`v1.651.0`

Compare Source

Features

track, check and enforce test limit for snyk code in cli (9f562cb)

`v1.650.0`

Compare Source

Features

send back meta on fixed, failed & total issues (f857d9a)

`v1.649.0`

Compare Source

Features

release @snyk/fix with improved output (8768c2e)

`v1.648.0`

Compare Source

Bug Fixes

absolute path provided (09d5388)
absolute path provided (1d0f1c2)
always use forward slash for URIs (e2ac082)
fix SARIF locations in edge cases (1928489)

Features

filter out non-vulnerable from summary (9381ba7)

`v1.647.0`

Compare Source

Features

filter out non-vulnerable from summary (9381ba7)

`v1.646.0`

Compare Source

Bug Fixes

leak less sensitive Snyk internal process details (303e35f)

`v1.645.0`

Compare Source

Bug Fixes

dry run in bol & newline after fixed items (7052888)
only show fixable issues count when larger than 0 (a1e80d5)
only show fixed/failed when there is at least one (82afc00)

Features

display dry run mode warning (1a13190)
update issue summary wording to put issues first (a422f14)
Update the message to Processed once done (48cc0c0)

`v1.644.0`

Compare Source

Bug Fixes

handle large trees when using json and print-deps flags (d11d185)

`v1.643.0`

Compare Source

Bug Fixes

print warning to stderr instead of stdout (de824b8)

Features

update snyk-sbt-plugin to fix stdout output (c017483)

`v1.642.0`

Compare Source

Bug Fixes

drop prettier as prod dep from @snyk/fix (8923c96)

`v1.641.0`

Compare Source

Bug Fixes

@snyk/fix: drop prod prettier from fix packages (1f177ce)

`v1.640.0`

Compare Source

Bug Fixes

check for template directive YAML warning (ab32249)

`v1.639.0`

Compare Source

Features

release @snyk/fix Poetry support (94f65df)

`v1.638.0`

Compare Source

Bug Fixes

do not modify Pipfile.lock #1487 (bdbac4a)

`v1.637.0`

Compare Source

Features

add Python 3.8 and 3.9 Docker images (dfa7565)

`v1.636.0`

Compare Source

Features

upgrade node in Snyk cli images (f68289a)

`v1.635.0`

Compare Source

Features

adjust sast sarif output to github standard (9f959ff)

`v1.634.0`

Compare Source

Features

support --command for Poetry fix (0210956)

`v1.633.0`

Compare Source

Features

protect: add successful message for protect (357e05e)

`v1.632.0`

Compare Source

Features

introduce Poetry fix support (25970df)

`v1.631.0`

Compare Source

Bug Fixes

protect: handle package paths in quotes (038a63c)

`v1.630.0`

Compare Source

Features

@snyk/fix: make tool version check generic (c639350)

`v1.629.0`

Compare Source

Bug Fixes

partition by fixable before handlers (120f8e4)

Features

use latest version of @snyk/fix-pipenv-pipfile package (b0a45f8)

`v1.628.0`

Compare Source

Bug Fixes

use classifier in maven package name (acfc9b2)

`v1.627.0`

Compare Source

Bug Fixes

upgrade chalk from 4.1.0 to 4.1.1 (84b66a6)

`v1.626.0`

Compare Source

Bug Fixes

upgrade chalk from 4.1.0 to 4.1.1 (84b66a6)

`v1.625.0`

Compare Source

Bug Fixes

updated code-client version to remove deprecated dependency (7a3b303)

`v1.624.0`

Compare Source

Bug Fixes

Skip specific errors when parsing yaml IaC files (49c184d)

`v1.623.0`

Compare Source

Bug Fixes

paths in json and sarif output (2a98fc8)

`v1.622.0`

Compare Source

Features

add CodePipeline integration to allow list (ef2de3c)
protect analytics (346a6be)
re-introduce snyk code feature flags (a5d7def)

`v1.621.0`

Compare Source

Features

use latest @snyk/fix with child_process package (d44681a)

`v1.620.0`

Compare Source

Features

use latest pipfile fix package (9bc0207)

`v1.619.0`

Compare Source

Features

handle new monitor response from registry (f3511b5)

`v1.618.0`

Compare Source

Bug Fixes

snyk code performance improvement (2e52ba9)

`v1.617.0`

Compare Source

Bug Fixes

Skip empty files on IaC scanning (0fd970f)

`v1.616.0`

Compare Source

Features

add support for resolutions in yarn2 (d2a23e0)

`v1.615.0`

Compare Source

Bug Fixes

Update IaC help docs with CloudFormation (e5070a0)

`v1.614.0`

Compare Source

Bug Fixes

code test json output should not print stack trace (f1b665c)

`v1.613.0`

Compare Source

Bug Fixes

Analytics show correct number of issues found by cloudformationconfig. (cd03695)

`v1.612.0`

Compare Source

Bug Fixes

extract line numbers if sarif-file-output or json-file-output (9546313)

`v1.611.0`

Compare Source

Bug Fixes

Update snyk-docker-plugin to fix exception (2b4fa64)

`v1.610.0`

Compare Source

Features

Add cloudformation support for IaC scanning (74d2efd)

`v1.609.0`

Compare Source

Bug Fixes

upgrade snyk-docker-plugin from 4.20.2 to 4.20.3 (444e132)

`v1.608.0`

Compare Source

Features

update gradle plugin to close gradle reachability parity gaps (1482d43)

`v1.607.0`

Compare Source

Features

upgrade docker and binary runtimes to node@14 (58c58a8)

`v1.606.0`

Compare Source

Features

check for sast/snyk code setting on org before running code test (ef25549)
support config attributes for reachability in gradle (ebbb434)

`v1.605.0`

Compare Source

Features

protect: use new patches endpoint (75d9237)

`v1.604.0`

Compare Source

Bug Fixes

protect: handle carriage returns when parsing .snyk file (63e4818)
protect: keep the same line endings when patching (c5b208c)

`v1.603.0`

Compare Source

Features

add support for --org flag to snyk iac (e07de81)

`v1.602.0`

Compare Source

Bug Fixes

latest @snyk/fix with engines 10+ (e6ec890)

`v1.601.0`

Compare Source

Bug Fixes

@snyk/pipfile-fix with node 10+ engines (40fce71)

`v1.600.0`

Compare Source

Bug Fixes

protect: correctly extract patches from direct dependencies (7d59bbe)

`v1.599.0`

Compare Source

Features

release snyk fix Pipfile support (f05acca)

`v1.598.0`

Compare Source

Features

install @snyk/fix-pipenv-pipfile (6788fd6)
Pipfile fix support via pipenv (a843d1a)

`v1.597.0`

Compare Source

Features

show only unique vulnerabilities in sarif format (713edf3)

`v1.596.0`

Compare Source

Bug Fixes

total issues count calculation (404245f)
use nullish operator instead of OR (fc1cc36)

`v1.595.0`

Compare Source

Bug Fixes

tf plan project mismatch (1592998)

`v1.594.0`

Compare Source

Features

iac new flow ga (c72484d)

`v1.593.0`

Compare Source

Bug Fixes

upgrade ora from 5.3.0 to 5.4.0 (c13ce2d)

`v1.592.0`

Compare Source

Bug Fixes

yarn2 displays a correct error for out of sync (d30776b)

`v1.591.0`

Compare Source

Bug Fixes

gradle project name being empty string (3f66b8c)

`v1.590.0`

Compare Source

Features

iac performance analytics CC-831 (ba5b38a)

`v1.589.0`

Compare Source

Features

support oauth token for monitor (da076f9)

`v1.588.0`

Compare Source

Bug Fixes

redundant line number extraction call (e62c8c9)

`v1.587.0`

Compare Source

Features

Update snyk-mvn-plugin version. (d3fe710)

`v1.586.0`

Compare Source

Bug Fixes

be able to scan huge yarn 2 lockfiles (356c329)

`v1.585.0`

Compare Source

Bug Fixes

fix invalid poetry detection (ee3d0d2)

`v1.584.0`

Compare Source

Bug Fixes

tf plan full scan (ac6208d)

`v1.583.0`

Compare Source

Features

exit code 0 if nothing is vulnerable (a04a1a9)

`v1.582.0`

Compare Source

Bug Fixes

propagate argument to all modules (b68c688)

`v1.581.0`

Compare Source

Bug Fixes

propagate argument to all modules (b68c688)

`v1.580.0`

Compare Source

Features

tf plan full scan flag support (8800697)

`v1.579.0`

Compare Source

Bug Fixes

exclude gradle/cache path when extracting jars (6aec789)

`v1.578.0`

Compare Source

Bug Fixes

upgrade ora from 5.3.0 to 5.4.0 (623c49c)

`v1.577.0`

Compare Source

Features

@snyk/fix: propagate cli test options (d2e7533)

`v1.576.0`

Compare Source

Bug Fixes

enable --insecure in snyk code (b4f0d1e)

`v1.575.0`

Compare Source

Bug Fixes

gradle scanning error due of mishandled root value (41bc189)

`v1.574.0`

Compare Source

Bug Fixes

change how we check for success under the --json flag (3048dcf)

`v1.573.0`

Compare Source

Bug Fixes

excluding gradle root project name from allSubProjectNames (8b125fa)

`v1.572.0`

Compare Source

Bug Fixes

wasm bundle url to snyk domain (b708c62)

`v1.571.0`

Compare Source

Features

Update snyk-docker-plugin to v4.20.1 (0f863e3)

`v1.570.0`

Compare Source

Features

roll-out experimental flow using feature flag (b80810e)

`v1.569.0`

Compare Source

Features

publish analytics for nodejs lockfile version (2975899)

`v1.568.0`

Compare Source

Features

lockfile version reported from nodejs parser (d231ef6)

`v1.567.0`

Compare Source

Bug Fixes

prevent update notifications to older versions (1b4dc80)

`v1.566.0`

Compare Source

Bug Fixes

run with no vulnerabilities and --json flag is successful (242c03a)

`v1.565.0`

Compare Source

Features

allow peerDeps and optionalDeps from manifests in npm projects (373b87a)

`v1.564.0`

Compare Source

Bug Fixes

hcl-to-json parsing with gopher js bundle (fdf485e)

`v1.563.0`

Compare Source

Features

include org details in JSON file output (c3807ba)

`v1.562.0`

Compare Source

Features

show full relative file path (95f09ff)

`v1.561.0`

Compare Source

Features

add auto detect feature for hex package manager (2da9740)

`v1.560.0`

Compare Source

Bug Fixes

nuget: invalid "file not found" logging (dd354f5)

`v1.559.0`

Compare Source

Bug Fixes

include code in FlagError (e60a5c6)

`v1.558.0`

Compare Source

Features

release @snyk/fix error messaging improvements (e333538)

`v1.557.0`

Compare Source

Bug Fixes

bump gradle plugin to fix macOS issue (c0bb9df)

Features

Add support for severity overrides for IaC. (4e8b4b8)

`v1.556.0`

Compare Source

Bug Fixes

bump gradle plugin to fix macOS issue (c0bb9df)

`v1.555.0`

Compare Source

Bug Fixes

supports using --project-name flag with hex umbrella projects (2aa3a11)

`v1.554.0`

Compare Source

Features

errored items can show a tip (5e52bc5)

`v1.553.0`

Compare Source

Features

send path & test options to @snyk/fix (d642f06)

`v1.552.0`

Compare Source

Features

show debug mode tip if something failed (091f9e8)

`v1.551.0`

Compare Source

Bug Fixes

hex pm homebrew support (5900690)

`v1.550.0`

Compare Source

Bug Fixes

bail early if no fixable projects (1dfad93)
@snyk/fix: simplify requirements.txt check (89afd4a)

Features

@snyk/fix: check if targetFile is a Pipfile (69c6f81)

`v1.549.0`

Compare Source

Bug Fixes

bail early if no fixable projects (1dfad93)
@snyk/fix: simplify requirements.txt check (89afd4a)

Features

@snyk/fix: check if targetFile is a Pipfile (69c6f81)

`v1.548.0`

Compare Source

Features

release @snyk/fix with fix summary data (2307bd6)

`v1.547.0`

Compare Source

Bug Fixes

formatting & vuln colors (cfd5698)

Features

return fixed issueIds (7f9c9f6)

`v1.546.0`

Compare Source

Features

do not check for hardcoded tf-plan.json file (953139b)

`v1.545.0`

Compare Source

Features

@snyk/fix: issues breakdown by severity (8bb9198)

`v1.544.0`

Compare Source

Features

add pip-requirements handler folder (00a4ad3)

`v1.543.0`

Compare Source

Bug Fixes

support proxy env vars for code (16dce6d)

`v1.542.0`

Compare Source

Features

@snyk/fix: send issue data to @snyk/fix for summary (7520584)

`v1.541.0`

Compare Source

Bug Fixes

snyk code respecting HTTPS_PROXY env vars (963465c)

`v1.540.0`

Compare Source

Bug Fixes

@snyk/fix: stop spinner on errors too (9e97a18)

Features

improve snyk fix output (34c9a60)

`v1.539.0`

Compare Source

Bug Fixes

@snyk/fix: stop spinner on errors too (c845bd3)

`v1.538.0`

Compare Source

Features

enhance JSON file output for IaC (ea451b9)

`v1.537.0`

Compare Source

Features

limit the depth of directories in IaC local exec (a440d8d)

`v1.536.0`

Compare Source

Bug Fixes

JSON output for IaC shows line number (54867ce)

`v1.535.0`

Compare Source

Bug Fixes

add support for Pipfiles nested in a project (2932c8e)

`v1.534.0`

Compare Source

Features

better naming for umbrella's apps in hex pm (80e6019)

`v1.533.0`

Compare Source

Bug Fixes

@snyk/fix: hide summary unless any failed, fixed or unresolved (de348c8)

`v1.532.0`

Compare Source

Features

@snyk/fix: show which parent manifest fixes occurred in (3a68874)

`v1.531.0`

Compare Source

Bug Fixes

bubble up auth error on fix (52e7bd7)

`v1.530.0`

Compare Source

Features

include full path to files to match targetFiles (25969aa)

`v1.529.0`

Compare Source

Bug Fixes

display current folder instead of . for fix (be27cf8)

`v1.528.0`

Compare Source

Bug Fixes

improved error messages in elixir (c0278f1)

`v1.527.0`

Compare Source

Features

@snyk/fix version with constraints support (1d95247)

`v1.526.0`

Compare Source

Features

add back yarn2 support (511d839)

`v1.525.0`

Compare Source

Features

-c directive is supported (120485b)
add pins to constraints.txt if present (eae3c87)

`v1.524.0`

Compare Source

Features

expose --dry-run & --quiet snyk fix arg (101dbfd)

`v1.523.0`

Compare Source

Features

adds oauth token support for the test command (015a2d1)

`v1.522.0`

Compare Source

Features

add analytics to code client (4e8e35b)

`v1.521.0`

Compare Source

Bug Fixes

standardize pip package names (28ff8f4)

`v1.520.0`

Compare Source

Features

add elixir support (9572d2e)

`v1.519.0`

Compare Source

Features

@snyk/fix supports -r directive (65c2e4f)

`v1.518.0`

Compare Source

Bug Fixes

replace vulnerable proxy dependency (6d67579)

Features

support lowercase http_proxy envvars (0d0c76a)

`v1.517.0`

Compare Source

Features

add @snyk/fix as a dep (c68c7da)
improve sny

mend-for-github-com · 2022-06-22T03:25:53Z

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

mend-for-github-com · 2023-03-26T20:06:20Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Update dependency snyk to v1.685.0

d7d95aa

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 5, 2022

mend-for-github-com bot changed the title ~~Update dependency snyk to v1.685.0~~ Update dependency snyk to v1.685.0 - abandoned Jan 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency snyk to v1.685.0 - abandoned #1854

Update dependency snyk to v1.685.0 - abandoned #1854

Uh oh!

mend-for-github-com bot commented Feb 5, 2022 •

edited

Loading

Uh oh!

mend-for-github-com bot commented Jun 22, 2022 •

edited

Loading

Uh oh!

mend-for-github-com bot commented Mar 26, 2023 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Update dependency snyk to v1.685.0 - abandoned #1854

Are you sure you want to change the base?

Update dependency snyk to v1.685.0 - abandoned #1854

Uh oh!

Conversation

mend-for-github-com bot commented Feb 5, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Features

Features

Features

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Features

Features

Features

Features

Features

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

mend-for-github-com bot commented Feb 5, 2022 •

edited

Loading