Skip to content

Update all non-major dependencies

Florentrequested to merge
renovate/all-minor-patch into master

This MR contains the following updates:

Package Type Update Change OpenSSF
@babel/cli (source) dependencies minor 7.7.7 -> 7.23.4 OpenSSF Scorecard
@babel/core (source) dependencies minor 7.7.7 -> 7.23.6 OpenSSF Scorecard
@babel/plugin-proposal-class-properties (source) dependencies minor 7.7.4 -> 7.18.6 OpenSSF Scorecard
@babel/plugin-proposal-decorators (source) dependencies minor 7.7.4 -> 7.23.6 OpenSSF Scorecard
@babel/plugin-proposal-do-expressions (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
@babel/plugin-proposal-export-default-from (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
@babel/plugin-proposal-export-namespace-from (source) dependencies minor 7.7.4 -> 7.18.9 OpenSSF Scorecard
@babel/plugin-proposal-function-bind (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
@babel/plugin-proposal-function-sent (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
@babel/plugin-proposal-json-strings (source) dependencies minor 7.7.4 -> 7.18.6 OpenSSF Scorecard
@babel/plugin-proposal-logical-assignment-operators (source) dependencies minor 7.7.4 -> 7.20.7 OpenSSF Scorecard
@babel/plugin-proposal-nullish-coalescing-operator (source) dependencies minor 7.7.4 -> 7.18.6 OpenSSF Scorecard
@babel/plugin-proposal-numeric-separator (source) dependencies minor 7.7.4 -> 7.18.6 OpenSSF Scorecard
@babel/plugin-proposal-optional-chaining (source) dependencies minor 7.7.5 -> 7.21.0 OpenSSF Scorecard
@babel/plugin-proposal-pipeline-operator (source) dependencies minor 7.7.7 -> 7.23.3 OpenSSF Scorecard
@babel/plugin-proposal-throw-expressions (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
@babel/plugin-syntax-dynamic-import (source) dependencies minor 7.7.4 -> 7.8.3 OpenSSF Scorecard
@babel/plugin-syntax-import-meta (source) dependencies minor 7.7.4 -> 7.10.4 OpenSSF Scorecard
@babel/preset-env (source) dependencies minor 7.7.7 -> 7.23.6 OpenSSF Scorecard
@babel/preset-flow (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
@babel/preset-react (source) dependencies minor 7.7.4 -> 7.23.3 OpenSSF Scorecard
github.com/urfave/cli require minor v1.20.0 -> v1.22.14 OpenSSF Scorecard
gitlab.com/gitlab-org/security-products/analyzers/common/v2 require minor v2.6.1 -> v2.24.1
node final minor 18.12.1 -> 18.19.0 OpenSSF Scorecard

Important

Release Notes retrieval for this MR were skipped because no github.com credentials were available. If you are self-hosted, please see this instruction.

Release Notes

gitlab-org/security-products/analyzers/common (gitlab.com/gitlab-org/security-products/analyzers/common/v2)

v2.24.1

Compare Source

Fixed
  • Fix git certificate error with ADDITIONAL_CA_CERT_BUNDLE by changing DefaultBundlePath (!154)

v2.24.0

Compare Source

Changed
  • Add warning to issue and command modules to alert on maintenance mode (!152)

v2.23.0

Compare Source

Removed
  • Removed ruleset package in favor of analyzers/ruleset (!141)

v2.22.1

Compare Source

Changed
  • Fix CA Certificate bug by appending a newline when writing CA Certificate file (!140)

v2.22.0

Compare Source

Changed
  • Bump urfave/cli to v2.3.0 (!135)

v2.21.4

Compare Source

Added
  • Add missing patch and pre-release segments to report version (!134)

v2.21.3

Compare Source

Fixed
  • Fixed a bug in the ruleset package that caused ruleset disablement not to be enforced (!136)

v2.21.2

Compare Source

Added
  • Add debug logging for surfacing excluded findings based on path exclusions (!130)

v2.21.1

Compare Source

Fixed
  • Fixed bug where null vulnerabilities could be reported (!131)

v2.21.0

Compare Source

Added
  • Added ability to ignore vulnerabilities using rulesets (!129)

v2.20.5

Compare Source

Removed
  • Drop unused issue.Mitigations field (!127)

v2.20.4

Compare Source

Added
  • Added hackerone identifier type (!125)

v2.20.3

Compare Source

Added
  • Added default path for Secret Detection rulesets config (!127)

v2.20.2

Compare Source

Added
  • Added issue.raw_source_code_extract to report (!126)

v2.20.1

Compare Source

Changed
  • Warn if no files match instead of returning error (!122)

v2.20.0

Compare Source

Removed
  • Remove orchestrator package, since Docker-in-Docker for SAST and Dependency Scanning are no longer supported (!120)

v2.19.1

Compare Source

Changed
  • Enable feature availability enforcement for ruleset package (!118)

v2.19.0

Compare Source

Changed
  • Updated golang dependencies to latest versions (!119)

v2.18.0

Compare Source

Added
  • Added location.crash_address, location.crash_type, location.crash_state, location.stacktrace_snippet to report(!114)

v2.17.0

Compare Source

Added
  • Add ruleset package (!115)

v2.16.0

Compare Source

Added
  • Added iid,dependency_path, and direct to the dependency objects of the dependency list (!116)

v2.15.0

Compare Source

Added
  • Added scan.start_time, scan.end_time and scan.status to report (!113)

v2.14.0

Compare Source

Changed
  • Allow git to use the CA certificate bundle to verify peers when fetching/pushing via HTTPS (!112)

v2.13.0

Compare Source

Changed
  • Switch to the MIT Expat license (!104)

v2.12.0

Compare Source

Added
  • Add NewApp() function for initializing cli (!108)

v2.11.0

Compare Source

Changed
  • Automatically output scan object with scanner and type in report (!107)

v2.10.4

Compare Source

Added
  • Added scan object with scanner and type to report (!105)

v2.10.3

Compare Source

Added
  • Added info logs to the CLI commands (!101)

v2.10.2

Compare Source

Changed
  • Changed logutil format to use RFC3339 for date time stamps, which is a profile of ISO 8601 (!100)

v2.10.1

Compare Source

Changed
  • Use logrus instead of the log package (!96)
  • Use logrus instead of the print functions of the fmt package (!96)
Added
  • Add init() to logutil that will set log level based on SECURE_LOG_LEVEL env var (!96)

v2.10.0

Compare Source

Changed
  • Change Location.Dependency to a pointer, so that it's omitted in the JSON output when it's nil (!92)
Added
  • Add commit JSON field to vulnerability location (!92)
  • Add secret_detection to the report categories (!92)

v2.9.2

Compare Source

v2.9.1

Compare Source

Changed
  • make cacert.DefaultBundlePath public

v2.9.0

Compare Source

v2.9.0

v2.8.0

Compare Source

Changed
  • CA bundle writer to append to existing files (!86)
  • cacert.Import function to accept cacert.ImportOptions to specify where to write the CA certificate bundle (!86)
  • command.Config now accepts cacert.ImportOptions (!86)

v2.7.0

Compare Source

Added
  • Common logrus format (!73)

v2.6.2

Compare Source

Removed
  • Remove unused structs and types introduced for DAST (!75)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports