Skip to content

build(deps): bump snyk from 1.1303.2 to 1.1304.0#3445

Merged
github-actions[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/snyk-1.1304.0
Apr 10, 2026
Merged

build(deps): bump snyk from 1.1303.2 to 1.1304.0#3445
github-actions[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/snyk-1.1304.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 10, 2026

Bumps snyk from 1.1303.2 to 1.1304.0.

Release notes

Sourced from snyk's releases.

v1.1304.0

1.1304.0 (2026-04-09)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

  • aibom: Introduces the snyk aibom test command. (2978044)
  • test, monitor, sbom: Introduce --maven-skip-wrapper flag to force the use of a globally installed mvn command. (0ee90ca, ff31066)
  • general: Introduce explicit configuration for network retry max-attempts. (1fbdf38)
  • container: Add deprecation warnings for -shaded-jars-depth and non-numeric values for --nested-jars-depth. (321b6f5)
  • container: Extend support for java runtime binary scanning (b60473a)
  • mcp: Improves auto-enable behavior for Snyk Code, promotes package health checks to stable. (5f5898f)
  • redteam: Adds a vulnerability summary to scanned output. (52eaf5a)
  • redteam: Add --json flag support for list commands, exhaustive and eager modes. (e962c4d)

Bug Fixes

  • general: Fix printing JSON output on stdout when only --json-file-output is specified. (32f65f0)
  • test: Fixes an issue where no files were uploaded when using --skip-unresolved. (71ca761)
  • test: Prevents scan failures when Maven builds succeed with non-fatal errors. (b30db97)
  • test: Fixes Go PackageURL generation and import path normalization for projects using replace directives. (7c7a366, ee7d72b)
  • test: Improves SDK detection when host and SDK versions differ. (96d0817)
  • test: Ensures project names are populated when scanning NuGet projects from repository root. (c043553)
  • container: Snyk Container scans of tar files on Windows should now report vulnerabilities for Python application package files. (9b86790)
  • container: Override packages with inaccurate pom.properties files (b60473a)
  • test: Ensure Yarn workspace pacakges matches are actual members defined in the root package.json. (0dd6581)
  • test: Fix increased scan times when testing Golang projects. (f2f5ba2)
  • code: Snyk Code scans now return clearer error message and exit codes when testing unsupported projects (6f5b4e3)
  • test: Fix a bug where aliased packages were being resolved with the target name insted of the alias for yarn projects. (dcbec6f)
  • test: Fix a bug where Python packages with . characters in their name were incorrectly parsed to include - characters. (9a2a36e)
  • deps: Updates dependencies to fix vulnerabilities:
Commits
  • 28558dc Merge pull request #6711 from snyk/chore/update_rc_1.1304.0
  • b3f5daa chore: update release notes
  • 7a37b57 fix: add tests for container scanner updates
  • 09fff83 fix: upgrade cli-extension-secrets to strip credentials from repo URLs and no...
  • b01218d chore: Ensure to update tar in package.json
  • a6f66e5 fix: Fix CVE-2026-32283
  • eb24c0b fix: Fix multiple vulnerabilities
  • b60473a fix: handles inproper pom properties files for jars
  • 0370dd2 fix(ci): Avoid fetching sarif schema in tests
  • 59ac528 chore: update dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump snyk from 1.1303.2 to 1.1304.0
fdf0fc1 
Bumps [snyk](https://github.com/snyk/snyk) from 1.1303.2 to 1.1304.0.
- [Release notes](https://github.com/snyk/snyk/releases)
- [Commits](snyk/cli@v1.1303.2...v1.1304.0)

---
updated-dependencies:
- dependency-name: snyk
  dependency-version: 1.1304.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@github-actions github-actions bot merged commit ed0536b into master Apr 10, 2026
2 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/snyk-1.1304.0 branch April 10, 2026 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants