Update module gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning to v0.44.2 (master)
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning | require | minor |
v0.34.0 -> v0.44.2
|
⚠️ WarningSome dependencies could not be looked up. Check the warning logs for more information.
Release Notes
gitlab-org/security-products/analyzers/dependency-scanning (gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning)
v0.44.2
Fixed
- Fix panic when vulnerability scanning is enabled and non-fatal error is returned by API (dependency-scanning!358 (merged))
v0.44.1
Fixed
- Reduce risk of failure due to sbom scan taking longer than expected by increasing retry backoff (dependency-scanning!356 (merged))
v0.44.0
Added
- Add observability events (dependency-scanning!343 (merged))
v0.43.0
Added
- Prevent scan failure when the SBOM scan API returns a generic 403 (dependency-scanning!355 (merged))
v0.42.3
Maintenance
- Update gitlab.com/gitlab-org/security-products/analyzers/report/v5 from v5.12.0 to v6.2.1 (dependency-scanning!299 (merged))
v0.42.2
Fixed
- Trim trailing forward slashes in Swift package names to ensure valid PURL creation (dependency-scanning!353 (merged))
v0.42.1
Fixed
- Continue parsing package-lock.json files when npm dependencies do not have separate entries (dependency-scanning!351 (merged))
v0.42.0
Added
- Enable vulnerability scanning by default with GitLab >= 18.5 and temporarily skip its execution when SBOM scan API feature flag is disabled or rate limit is reached (dependency-scanning!349 (merged))
v0.41.3
Fixed
- Reverted previous commit (dependency-scanning!350 (merged))
v0.41.2
Fixed
- Continue parsing package-lock.json files when bundled npm dependencies do not have separate entries (dependency-scanning!340 (merged))
v0.41.1
Fixed
- Revert default enablement of vulnerability scanning (dependency-scanning!348 (merged))
v0.41.0
Added
- Enable vulnerability scanning by default and temporarily skip it when SBOM scan API feature flag is disabled (dependency-scanning!347 (merged))
v0.40.0
Added
- Update releasing image to public repo without the v prefix (dependency-scanning!346 (merged))
v0.39.5
Fixed
- Fix scan failure when poetry project depends on setuptools or pip. (dependency-scanning!342 (merged))
v0.39.4
Maintenance
- Update github.com/urfave/cli/v2 from v2.27.6 to v2.27.7 (dependency-scanning!262 (merged))
v0.39.3
Maintenance
- Update golang.org/x/sync from v0.16.0 to v0.17.0 (dependency-scanning!337 (merged))
v0.39.2
Fixed
- Fix issue opening go.mod and go.graph files (dependency-scanning!341 (merged))
v0.39.1
Fixed
- Fix golang dependency graph generation (dependency-scanning!326 (merged))
v0.39.0
Added
- Introduce static reachability analysis for Java (dependency-scanning!320 (merged))
v0.38.1
Fixed
- Correctly handle scan.scanner values from API (dependency-scanning!338 (merged))
v0.38.0
Added
- Warn user when project has reached the soft rate limit for the SBOM vulnerability scanning API. (dependency-scanning!332 (merged))
v0.37.0
Added
- Add vulnerability scanning capability to the run command. After generating SBOM files, the command now sends these files to a dedicated endpoint in the GitLab API to scan them for vulnerabilities. Once all scan results have been downloaded, a single dependency scanning security report is generated. (dependency-scanning!221 (merged))
v0.36.5
Fixed
- Ignore dependencies marked as evicted in ivy-report.xml artifacts (dependency-scanning!330 (merged))
v0.36.4
Maintenance
- Update golang.org/x/mod from v0.26.0 to v0.28.0 (dependency-scanning!315 (merged))
v0.36.3
Maintenance
- Update gitlab-dangerfiles from 4.9.2 to 4.10.0 (dependency-scanning!304 (merged))
v0.36.2
Maintenance
- Fixed Static Reachability log statements (dependency-scanning!327 (merged))
v0.36.1
Maintenance
- Update github.com/stretchr/testify from v1.11.0 to v1.11.1 (dependency-scanning!325 (merged))
v0.36.0
Added
- Add mjs and cjs to supported js files (dependency-scanning!316 (merged))
v0.35.0
Added
- Add package hash information in the generated SBOM for NuGet (dependency-scanning!237 (merged))
v0.34.2
Maintenance
- Update github.com/stretchr/testify from v1.10.0 to v1.11.0 (dependency-scanning!323 (merged))
v0.34.1
Fixed
- Deduplicate Javascript and Typescript SBOMs when Static Reachability is enabled (dependency-scanning!319 (merged))
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by GitLab Dependency Bot