SASTBot: Monthly dependency updates for 15.6
What does this MR do?
Along with the SASTBot updates below, I've tweaked the Dockerfile to reduce the analyzer image size by almost half. This was done by:
- Using the
php:alpine
base image instead ofcomposer:2.0
, and copying only thecomposer
binary that's needed to fetch dependencies. The binary is copied from the binary-onlycomposer
image that was released recently. - Reducing the number of layers by consolidating some RUN commands into a single command.
- upgrade
github.com/stretchr/testify
version [v1.8.0
=>v1.8.1
] - upgrade
github.com/urfave/cli/v2
version [v2.19.2
=>v2.23.5
] - upgrade
gitlab.com/gitlab-org/security-products/analyzers/command
version [v1.9.2
=>v1.10.0
] - upgrade
gitlab.com/gitlab-org/security-products/analyzers/report/v3
version [v3.15.2
=>v3.16.0
]
Note: Changelog is autogenerated by SASTBot.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by James Liu