Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix(deps): update all core dependencies #719

Merged
merged 1 commit into from
Jan 25, 2025
Merged

fix(deps): update all core dependencies #719

merged 1 commit into from
Jan 25, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 3, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@babel/core (source) 7.26.0 -> 7.26.7 age adoption passing confidence
@babel/preset-env (source) 7.26.0 -> 7.26.7 age adoption passing confidence
@babel/runtime (source) 7.26.0 -> 7.26.7 age adoption passing confidence
@types/lodash (source) 4.17.13 -> 4.17.14 age adoption passing confidence
snyk 1.1294.3 -> 1.1295.2 age adoption passing confidence

Release Notes

babel/babel (@​babel/core)

v7.26.7

Compare Source

🐛 Bug Fix
snyk/snyk (snyk)

v1.1295.2

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes
  • general: revert dependencies upgrade which introduced a regression on a number of Linux installations

v1.1295.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes
  • security: Upgrades goproxy to 1.5 to address a high severity vulnerability
  • security: Upgrades dependencies in IaC plugin to address CVE-2025-21614

v1.1295.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features
  • iac: include evidence field in json output [IAC-3161] (9487a08)
  • auth: auto detect API Url during OAuth authentication (6884511)
Bug Fixes
  • test: support verbose gradle graphs for sbom generation (600ef50)
  • general: prevent snyk-policy lib from interrupting stdout to ensure valid --json --sarif output (469edf5)
  • general: improved error messages around network requests (f6fc5f7)
  • general: only read SNYK_ prefixed env vars (5bfcbe8)
  • instrumentation: add default oss product for monitor as well (83cabc3)
  • container: optional dependencies are properly connected in the dep-graph (3205e66)
  • container: package-lock v3 missing sub-dependencies 94c9b7f)
  • container: support --exclude-app-vulns with oauth (73a75fa)
  • monitor: use error catalog messages for monitor commands (4e58601)
  • iac: extra error handling and debugging [IAC-3138] (7fbae0f)
  • iac: snyk-iac-test security update [IAC-3171] (fac22bb)
  • iac: update snyk-iac-parsers version [IAC-3138] (5326d9d)
  • iac: use proxy aware snyk-iac-test [INC-1647] (d5d1e2e)
  • test: do not treat warnings as errors on restore (d0113eb)
  • test:fix mismatch/off-by-one on unmanagedDependencyCount in the analytics logs UNIFY-340 (75d8e6d)
  • test: update snyk-nodejs-plugin to fix micromatch vuln (766bd1d)
  • test: upgrade mvn-plugin to handle jar scanning sha-not-found error (060380a)
  • test: fix runtime versions overwriting nuget versions (5e715cf)
  • instrumentation: stop sending CLI args in analytics (6d183fb)
  • policy update policy library to fix valid json output (0bc0aed)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security Socket Security
Copy link

socket-security bot commented Jan 3, 2025
edited
Loading

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/core@7.26.7 🔁 npm/@babel/core@7.26.0 None +38 16.9 MB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/preset-env@7.26.7 🔁 npm/@babel/preset-env@7.26.0 Transitive: filesystem, unsafe +126 21.8 MB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/runtime@7.26.7 🔁 npm/@babel/runtime@7.26.0 None +1 276 kB existentialism, hzoo, jlhwung, ...1 more
npm/@types/lodash@4.17.14 🔁 npm/@types/lodash@4.17.13 None 0 868 kB types

View full report↗︎

@renovate renovate bot force-pushed the renovate/all-core branch from e561bad to 5669b56 Compare January 8, 2025 22:39
@renovate renovate bot changed the title fix(deps): update dependency @types/lodash to v4.17.14 fix(deps): update all core dependencies Jan 8, 2025
@renovate renovate bot force-pushed the renovate/all-core branch 2 times, most recently from b0d9c0e to 371cc03 Compare January 24, 2025 16:48
@renovate renovate bot force-pushed the renovate/all-core branch from 371cc03 to 6f0d0c3 Compare January 24, 2025 20:37
@juanpicado juanpicado merged commit d8b490a into main Jan 25, 2025
22 checks passed
@renovate renovate bot deleted the renovate/all-core branch January 25, 2025 15:01
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@juanpicado