Skip to content

chore(deps-dev): bump snyk from 1.1303.2 to 1.1304.0#505

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/snyk-1.1304.0
Open

chore(deps-dev): bump snyk from 1.1303.2 to 1.1304.0#505
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/snyk-1.1304.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026

Bumps snyk from 1.1303.2 to 1.1304.0.

Release notes

Sourced from snyk's releases.

v1.1304.0

1.1304.0 (2026-04-09)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

  • aibom: Introduces the snyk aibom test command. (2978044)
  • test, monitor, sbom: Introduce --maven-skip-wrapper flag to force the use of a globally installed mvn command. (0ee90ca, ff31066)
  • general: Introduce explicit configuration for network retry max-attempts. (1fbdf38)
  • container: Add deprecation warnings for -shaded-jars-depth and non-numeric values for --nested-jars-depth. (321b6f5)
  • container: Extend support for java runtime binary scanning (b60473a)
  • mcp: Improves auto-enable behavior for Snyk Code, promotes package health checks to stable. (5f5898f)
  • redteam: Adds a vulnerability summary to scanned output. (52eaf5a)
  • redteam: Add --json flag support for list commands, exhaustive and eager modes. (e962c4d)

Bug Fixes

  • general: Fix printing JSON output on stdout when only --json-file-output is specified. (32f65f0)
  • test: Fixes an issue where no files were uploaded when using --skip-unresolved. (71ca761)
  • test: Prevents scan failures when Maven builds succeed with non-fatal errors. (b30db97)
  • test: Fixes Go PackageURL generation and import path normalization for projects using replace directives. (7c7a366, ee7d72b)
  • test: Improves SDK detection when host and SDK versions differ. (96d0817)
  • test: Ensures project names are populated when scanning NuGet projects from repository root. (c043553)
  • container: Snyk Container scans of tar files on Windows should now report vulnerabilities for Python application package files. (9b86790)
  • container: Override packages with inaccurate pom.properties files (b60473a)
  • test: Ensure Yarn workspace pacakges matches are actual members defined in the root package.json. (0dd6581)
  • test: Fix increased scan times when testing Golang projects. (f2f5ba2)
  • code: Snyk Code scans now return clearer error message and exit codes when testing unsupported projects (6f5b4e3)
  • test: Fix a bug where aliased packages were being resolved with the target name insted of the alias for yarn projects. (dcbec6f)
  • test: Fix a bug where Python packages with . characters in their name were incorrectly parsed to include - characters. (9a2a36e)
  • deps: Updates dependencies to fix vulnerabilities:
Commits
  • 28558dc Merge pull request #6711 from snyk/chore/update_rc_1.1304.0
  • b3f5daa chore: update release notes
  • 7a37b57 fix: add tests for container scanner updates
  • 09fff83 fix: upgrade cli-extension-secrets to strip credentials from repo URLs and no...
  • b01218d chore: Ensure to update tar in package.json
  • a6f66e5 fix: Fix CVE-2026-32283
  • eb24c0b fix: Fix multiple vulnerabilities
  • b60473a fix: handles inproper pom properties files for jars
  • 0370dd2 fix(ci): Avoid fetching sarif schema in tests
  • 59ac528 chore: update dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump snyk from 1.1303.2 to 1.1304.0
3a5b385 
Bumps [snyk](https://github.com/snyk/snyk) from 1.1303.2 to 1.1304.0.
- [Release notes](https://github.com/snyk/snyk/releases)
- [Commits](snyk/cli@v1.1303.2...v1.1304.0)

---
updated-dependencies:
- dependency-name: snyk
  dependency-version: 1.1304.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants