chore: update release candidate for 1.1304.0 by PeterSchafer · Pull Request #6711 · snyk/cli

PeterSchafer · 2026-04-07T15:32:42Z

Pull Request Submission Checklist

Follows CONTRIBUTING guidelines
Commit messages
are release-note ready, emphasizing
what was changed, not how.
Includes detailed description of changes
Contains risk assessment (Low | Medium | High)
Highlights breaking API changes (if applicable)
Links to automated tests covering new functionality
Includes manual testing instructions (if necessary)
Updates relevant GitBook documentation (PR link: ___)
Includes product update to be announced in the next stable release notes

What does this PR do?

Where should the reviewer start?

How should this be manually tested?

What's the product update that needs to be communicated to CLI users?

snyk-io · 2026-04-07T15:33:41Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

github-actions · 2026-04-07T15:37:03Z

	Warnings
⚠️	There are multiple commits on your branch, please squash them locally before merging!
⚠️	"[fix: upgrade cli-extension-secrets to strip credentials from repo URLs and normalize for consistent IDs PS-536](https://api.github.com/repos/snyk/cli/git/commits/09fff83be8af14e057aabebd7182c16033678676)" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against b3f5daa

SNYK-GOLANG-GOOPENTELEMETRYIOOTELBAGGAGE-15928416 SNYK-GOLANG-GOOPENTELEMETRYIOOTELINTERNALGLOBAL-15928418 SNYK-GOLANG-GOOPENTELEMETRYIOOTELPROPAGATION-15928420

SNYK-GOLANG-STDCRYPTOTLS-15928849

…s and normalize for consistent IDs [PS-536]

chore: update release notes

snyk-pr-review-bot · 2026-04-09T07:24:58Z

PR Reviewer Guide 🔍

🧪 PR contains tests
🔒 No security concerns identified
⚡ Recommended focus areas for review Missing Test Fixture 🟠 [major] The new test case added to `container.spec.ts` references a fixture at `test/fixtures/container-projects/stripped-go-binaries-minimal.tar.gz`. However, this file is not included in the PR file list. Since other new tests in this PR (like `jvm-release-detection.spec.ts`) correctly include their new `.tar` fixtures, it appears this specific Go binary fixture was accidentally omitted, which will cause the acceptance test to fail in CI. `container test docker-archive:test/fixtures/container-projects/stripped-go-binaries-minimal.tar.gz --print-deps`, Improper Error Handling 🟡 [minor] In `getSarifSchema`, the call to `response.json()` is returned directly without being awaited inside the `try` block. If the response contains malformed JSON, the resulting rejection will bypass the local `catch` block (which adds descriptive context to the error) and propagate directly to the caller. Adding `await` before `response.json()` ensures that parsing errors are caught locally and reported with the intended context. return response.json();
📚 Repository Context Analyzed This review considered 25 relevant code sections from 4 files (average relevance: 0.88) dangerfile.js (lines 1-111) CONTRIBUTING.md (2 segments, lines 1-218) package-lock.json (11 segments, lines 18640-18951) help/cli-commands/container-test.md (lines 1-174)

chore: update dependencies

59ac528

fix(ci): Avoid fetching sarif schema in tests

0370dd2

PeterSchafer marked this pull request as ready for review April 7, 2026 16:59

PeterSchafer requested review from a team as code owners April 7, 2026 16:59

PeterSchafer enabled auto-merge April 7, 2026 17:00