SASTBot: Monthly dependency updates for %15.3
What does this MR do?
- upgrade
Kics
version [1.5.12
=>1.5.13
] - upgrade
github.com/google/go-cmp
version [v0.5.6
=>v0.5.8
] - upgrade
github.com/sirupsen/logrus
version [v1.8.1
=>v1.9.0
] - upgrade
github.com/urfave/cli/v2
version [v2.11.0
=>v2.11.1
] - upgrade
gitlab.com/gitlab-org/security-products/analyzers/command
version [v1.8.2
=>v1.9.1
] -
upgrade. Excluding this update because v3.13.0gitlab.com/gitlab-org/security-products/analyzers/report/v3
version [v3.12.2
=>v3.13.0
]omitempty
's thecve
property of the vulnerabilities in the report (see report!38 (merged)). This causes the QA tests to fail as we expect"cve": "",
throughout the report. Removing this also causes the QA tests to fail because the latest report schema enforces this as a mandatory field. We cannot upgrade thereport
package until version 15.0.0 of the schema is released.
Note: Changelog is autogenerated by SASTBot.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Zach Rice