Skip to content

chore(deps): update dependency @snyk/protect to v1.1301.0 #768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 25, 2025
Merged

chore(deps): update dependency @snyk/protect to v1.1301.0 #768

merged 1 commit into from
Nov 25, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 25, 2025

This PR contains the following updates:

Package Change Age Confidence
@snyk/protect 1.1300.2 -> 1.1301.0 age confidence

Release Notes

snyk/snyk (@​snyk/protect)

v1.1301.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features
  • container: The Snyk CLI now supports scanning Ubuntu Chisel images for vulnerabilities (9328757)
  • container: The Snyk CLI now supports scanning container images with zstd-compressed layers (5080e42)
  • container: Added a new parameter, --include-system-jars, to support scanning of usr/lib JARs (57078b6)
  • test(maven): Initial maven 4 support, testing against the most recent release candidate (88cf47e)
  • test(maven): A new experimental flag --include-provenance that will produce DepGraphs containing purls with checksum qualifiers for each package. Primarily to be used via --print-graph, not yet used in the main testing flow (5b8fe0a)
  • sbom(maven): A new experimental flag --include-provenance that will produce an SBOM with checksum qualifiers in each purl (5b8fe0a)
  • language-server: Automatic selection of the organization for IDEs based on workspace folder (EA). (2cc554e)
  • language-server: Analytics for configuration and folder trust (2cc554e)
  • mcp: Support for writing scan output into a file (2cc554e)
  • mcp: Service Account support (2cc554e)
Bug Fixes
  • general: Fix incorrect error mapping for varying status codes (5829500)
  • general: Some invalid flag combinations are now correctly handled (ca5903b)
  • test: The Snyk CLI now correctly handles optional dependencies without separate package entries
    (bfcbda7)
  • test: The Snyk CLI now correctly handles aliased packages with nested dependencies (bfcbda7)
  • test: The Snyk CLI now correctly handles bundled dependencies with non-hoisted bundle owners (bfcbda7)
  • test: Fixes issue where sub packages were getting grouped incorrectly, leading to deps getting marked as missing. (b904e8c)
  • test, sbom: Stops misclassifying NX Build project.json as a NuGet project (ff6860f)
  • test(npm): Improve npm alias support (cb37da7)
  • test(npm): The Snyk CLI now correctly handles npm packages with bundled dependencies (7d93b86)
  • test(python): Scanning projects using Python 2.7 will no longer fail with a string formatting error (4effc7f)
  • test(python): Fixed JSON parsing error for Python projects with missing packages (4effc7f)
  • test(maven): Underlying maven commands adjusted slightly to make aggregate projects that encounter issues when rebuilding more likely to succeed (3b72d86)
  • test(dotnet): Fix an issue with NuGet v3 scanner where the netstandard and netcoreapp TargetFrameworks were treated as .netx.x (227b50c)
  • test(dotnet): Fix an issue with NuGet v3 scanner where the pinned dependencies were not discovered (0d9b0c4)
  • container: Fixed a bug where scanning docker images with very large files would result in the CLI crashing with no message (57078b6)
  • container: Fix rare crash when scanning large Docker images (195ed78)
  • container: Fix issue where go binaries in Linux images with complex paths were not properly detected as go binaries when scanning on Windows (be8098b)
  • code: Add missing explicit error handling (755d01f)
  • unmanaged: Ignored vulnerabilities in unmanaged (C/C++) projects are now properly excluded from JSON output when using .snyk policy files. This ensures that snyk-to-html and other tools that consume JSON output will correctly respect vulnerability ignores. (fa808c1)
  • dependencies: Fix CVE-2025-58058 and CVE-2025-11065 (d7e87e2)
  • dependencies: Upgrade golang to 1.24.10 to fix vulnerabilities (c039f99)
  • dependencies: Upgrade to golang 1.24.8 (4dcf97a)
  • dependencies: Upgrade xcode to avoid flaky signing (bdcb991)
  • dependencies: Fix CVE-2025-47913 (a00b0dc)
  • language-server: Various Language Server related fixes (2cc554e)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@JP-Ellis JP-Ellis merged commit dcf89bb into master Nov 25, 2025
10 of 11 checks passed
@JP-Ellis JP-Ellis deleted the renovate/snyk-protect-1.x branch November 25, 2025 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JP-Ellis