Update module gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning to v1 (master)

This MR contains the following updates:

Package	Type	Update	Change
gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning	require	major	v0.44.2 -> v1.2.3

---

⚠️ Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

gitlab-org/security-products/analyzers/dependency-scanning (gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning)

v1.2.3

Compare Source

Fixed

• Align Static Reachability Analysis and SBOM path exclusion (dependency-scanning!373 (merged))

v1.2.2

Compare Source

Maintenance

• Update gitlab.com/gitlab-org/security-products/analyzers/events from v0.4.2 to v0.5.0 (dependency-scanning!380 (merged))

v1.2.1

Compare Source

Fixed

• Parse NPM lock files that contain engine object arrays (dependency-scanning!379 (merged))

v1.2.0

Compare Source

Added

• Add Static Reachability Java Coverage event (dependency-scanning!371 (merged))

v1.1.3

Compare Source

Maintenance

• Update golang.org/x/mod from v0.28.0 to v0.29.0 (dependency-scanning!365 (merged))

v1.1.2

Compare Source

Fixed

• Fix order-dependent SRA by correcting root dir depth (dependency-scanning!375 (merged))

v1.1.1

Compare Source

Maintenance

• Update gitlab.com/gitlab-org/security-products/analyzers/events from v0.1.0 to v0.4.2 (dependency-scanning!363 (merged))

v1.1.0

Compare Source

Added

• Update DS_FF_LINK_COMPONENTS_TO_GIT_FILES flag to be to true by default (dependency-scanning!368 (merged))

v1.0.6

Compare Source

Maintenance

• Remove experimental application component flag. This feature was enabled by default in v0.24.0, and is now considered stable. (dependency-scanning!370 (merged))

v1.0.5

Compare Source

Maintenance

• Update registry.gitlab.com/gitlab-org/ci-cd/runner-tools/base-images/ubi-go from 0.0.18 to 0.0.26 (dependency-scanning!336 (merged))

v1.0.4

Compare Source

Maintenance

• Don't fail on vulnerability scanning errors. (dependency-scanning!360 (merged))

v1.0.3

Compare Source

Fixed

• Continue processing when static reachability enrichment fails and return original SBOM instead of failing (dependency-scanning!345 (merged))

v1.0.2

Compare Source

Maintenance

• Update github.com/samber/lo from v1.51.0 to v1.52.0 (dependency-scanning!364 (merged))

v1.0.1

Compare Source

Maintenance

• Use events registry for events definitions (dependency-scanning!362 (merged))

v1.0.0

Compare Source

Changed

• Build support and language runtime dependencies have been removed. Lock files and dependency graph files are now the only dependency sources analyzed. (dependency-scanning!361 (merged))
• Static Reachability Analysis (SRA) is now built into the analyzer. SRA helps identify dependencies that your application uses which aids in vulnerability management prioritization. (dependency-scanning!361 (merged))
• Vulnerability scanning now leverages the Package Metadata Database as the single source of truth. (dependency-scanning!361 (merged))

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.