SASTBot: Monthly dependency updates for 15.10
What does this MR do?
- upgrade
Semgrep
version [1.3.0
=>1.14.0
] - go modules updates
- upgrade
github.com/stretchr/testify
version [v1.8.1
=>v1.8.2
] - upgrade
github.com/urfave/cli/v2
version [v2.23.7
=>v2.25.0
] - upgrade
gitlab.com/gitlab-org/security-products/analyzers/report/v3
version [v3.17.0
=>v3.18.0
] - upgrade
gitlab.com/gitlab-org/security-products/analyzers/ruleset
version [v1.4.0
=>v1.4.1
] - upgrade
golang.org/x/crypto
version [v0.5.0
=>v0.7.0
]
- upgrade
- update QA expectation artifacts
- add
engine_kind
to the exclusion duringsemgrep_rules_check
Note: Changelog is autogenerated by SASTBot.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Vishwa Bhat