Skip to content

chore(deps): bump tar and snyk#44

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-5701758ca0
Open

chore(deps): bump tar and snyk#44
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-5701758ca0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 6, 2026

Removes tar. It's no longer used after updating ancestor dependency snyk. These dependencies need to be updated together.

Removes tar

Updates snyk from 1.534.0 to 1.1303.1

Release notes

Sourced from snyk's releases.

v1.1303.1

1.1303.1 (2026-03-04)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

  • ui: Fixed an issue where JSON output was incorrectly printed to stdout when only --json-file-output was specified. (d6d465d)
  • language-server: Fixed an issue where scans would not trigger when Snyk Code was enabled in IDE settings. (7567881)
  • mcp: Fixed an issue where Snyk rules were not written locally. (7567881)

v1.1303.0

1.1303.0 (2026-02-26)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

  • iac: users can now exclude specific files and directories from IaC scans using the --exclude parameter (3acbc6b)
  • test, sbom: --json output of snyk test and snyk sbom test should now contain fields which were previously missing (isDisputed, proprietary, severityBasedOn, alternativeIds, mavenModuleName) (9996b27)
  • sbom: sbom generated output will contain maven/npm scope information for those organizations with the show-maven-build-scope/show-npm-scope feature flag enabled (89d26f0)
  • aibom: users can now pass the --upload and --repo flag to the experimental aibom command to persist their AI BOM into their Snyk organisation (e1fdae7)
  • redteam: users can now retrieve red team scan results using snyk redteam --experimental get --id=<scan-id>. The scan command also now shows progress during execution. (fba40cc)
  • redteam: users can now return an HTML report via --html or --html-file-output flags (aa76c04)
  • mcp: users can now use snyk_package_health to validate package health (2b0edd2)
  • mcp: users can now use profiles to select which tools are registered based on their use case, profiles can be configured via CLI flag (--profile=<lite|full|experimental>) or environment variable (SNYK_MCP_PROFILE). (2b0edd2)
  • mcp: users will now have their Secure At Inception rules written at the global level. (495a2e0)
  • container: snyk container sbom users can now use --username and --password to generate SBOMs for images in private registries (a7015a7)
  • container: snyk container sbom users can now use --exclude-node-modules to exclude node_modules directories from the SBOM (a7015a7)
  • container: snyk container sbom users can now use --nested-jars-depth to control the depth of nested JAR unpacking (a7015a7)
  • container: snyk container sbom users can now pass docker-archive:, oci-archive:, kaniko-archive: prefixed paths or bare .tar file paths as the image argument (a7015a7)
  • dependencies: updated minimum go version to v1.25.7 (5927337)

Bug Fixes

  • test correctly scan NuGet package names case-insensitively (44bf86b)
  • test handle absolute target file paths for poetry (d902590)
  • test: improved maven version detection for versions greater than 3.6.3 (87853a8)
  • test: fixes an issue where the runAutomationDetails field in sarif output is not unique (07dd36f)
  • test: the automationDetails field is now rendered correctly when using the --sarif flag (3191e4d)
  • test: improve error reporting when using --all-projects (6e3b5d5)
  • ignores: ignores created via the snyk ignore command are now correctly applied if an expiry is set or if using an absolute filepath (a61589c)
  • container use correct projectName value in container monitor JSON output (0e8feca)
  • container: the --target-reference option is now correctly applied to application scan results in container tests, not just the OS scan results (70db44f)
  • container: reverts previously introduced stricter validation that was a breaking change (rejecting true as a valid numeric argument) (70db44f)
  • network: fix a possible panic when TLS config is nil (f601681)
  • language-server: fixes an issue around API URL construction (35800c1)
  • ui: improve the readability of error messages (763ac26)
  • ui: some SNYK-CLI-0000 errors are now correctly categorised and displayed (3d02788)

... (truncated)

Commits
  • ff87b55 Merge pull request #6610 from snyk/release-candidate
  • 9047290 Merge pull request #6612 from snyk/fix/ls-hotfix-for-v1.1303.1
  • fb99505 chore: update release notes
  • 7567881 fix: upgrade LS for v1.1303.1
  • 7a3df7b Merge pull request #6608 from snyk/hotfix/v1.1303.1
  • 2845bfc chore: update release notes for 1.1303.1
  • d6d465d fix: json output printed to stdout on --json-file-output
  • 0e505ec chore: fix basic python acceptance test
  • d9309a7 Merge pull request #6599 from snyk/release/1.1303
  • 2a5adb9 Merge pull request #6594 from snyk/chore/cherry-pick_1.1303.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by snyk-admin, a new releaser for snyk since your current version.

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump tar and snyk
d10f91d 
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [snyk](https://github.com/snyk/snyk). These dependencies need to be updated together.


Removes `tar`

Updates `snyk` from 1.534.0 to 1.1303.1
- [Release notes](https://github.com/snyk/snyk/releases)
- [Commits](snyk/cli@v1.534.0...v1.1303.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 
  dependency-type: indirect
- dependency-name: snyk
  dependency-version: 1.1303.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 6, 2026
@dependabot dependabot Bot mentioned this pull request Mar 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants