build(deps): bump snyk from 1.1302.1 to 1.1303.0 by dependabot[bot] · Pull Request #3169 · pierreb-devkit/Node

dependabot · 2026-02-27T04:03:19Z

Bumps snyk from 1.1302.1 to 1.1303.0.

Release notes

v1.1303.0

1.1303.0 (2026-02-26)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

iac: users can now exclude specific files and directories from IaC scans using the --exclude parameter (3acbc6b)

test, sbom: --json output of snyk test and snyk sbom test should now contain fields which were previously missing (isDisputed, proprietary, severityBasedOn, alternativeIds, mavenModuleName) (9996b27)

sbom: sbom generated output will contain maven/npm scope information for those organizations with the show-maven-build-scope/show-npm-scope feature flag enabled (89d26f0)

aibom: users can now pass the --upload and --repo flag to the experimental aibom command to persist their AI BOM into their Snyk organisation (e1fdae7)

redteam: users can now retrieve red team scan results using snyk redteam --experimental get --id=<scan-id>. The scan command also now shows progress during execution. (fba40cc)

redteam: users can now return an HTML report via --html or --html-file-output flags (aa76c04)

mcp: users can now use snyk_package_health to validate package health (2b0edd2)

mcp: users can now use profiles to select which tools are registered based on their use case, profiles can be configured via CLI flag (--profile=<lite|full|experimental>) or environment variable (SNYK_MCP_PROFILE). (2b0edd2)

mcp: users will now have their Secure At Inception rules written at the global level. (495a2e0)

container: snyk container sbom users can now use --username and --password to generate SBOMs for images in private registries (a7015a7)

container: snyk container sbom users can now use --exclude-node-modules to exclude node_modules directories from the SBOM (a7015a7)

container: snyk container sbom users can now use --nested-jars-depth to control the depth of nested JAR unpacking (a7015a7)

container: snyk container sbom users can now pass docker-archive:, oci-archive:, kaniko-archive: prefixed paths or bare .tar file paths as the image argument (a7015a7)

dependencies: updated minimum go version to v1.25.7 (5927337)

Bug Fixes

test correctly scan NuGet package names case-insensitively (44bf86b)

test handle absolute target file paths for poetry (d902590)

test: improved maven version detection for versions greater than 3.6.3 (87853a8)

test: fixes an issue where the runAutomationDetails field in sarif output is not unique (07dd36f)

test: the automationDetails field is now rendered correctly when using the --sarif flag (3191e4d)

test: improve error reporting when using --all-projects (6e3b5d5)

ignores: ignores created via the snyk ignore command are now correctly applied if an expiry is set or if using an absolute filepath (a61589c)

container use correct projectName value in container monitor JSON output (0e8feca)

container: the --target-reference option is now correctly applied to application scan results in container tests, not just the OS scan results (70db44f)

container: reverts previously introduced stricter validation that was a breaking change (rejecting true as a valid numeric argument) (70db44f)

network: fix a possible panic when TLS config is nil (f601681)

language-server: fixes an issue around API URL construction (35800c1)

ui: improve the readability of error messages (763ac26)

ui: some SNYK-CLI-0000 errors are now correctly categorised and displayed (3d02788)

dependencies: update dependencies to fix SNYK-JS-AXIOS-15252993 (1e80d74)

dependencies: update dependencies to fix SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758 [IAC-3497] (4b3d826)

dependencies: update dependencies to fix SNYK-JS-TAR-15307072 (fbc5cb4)

dependencies: update dependencies to fix SNYK-JS-MINIMATCH-15309438 (8e7873f)

dependencies: update dependencies to fix SNYK-GOLANG-GOLANGORGXCRYPTOSSH-14059803 and SNYK-GOLANG-GITHUBCOMULIKUNITZXZLZMA-12230262 [IAC-3478] (1d2d723)

Commits

2a5adb9 Merge pull request #6594 from snyk/chore/cherry-pick_1.1303.0
355bc69 fix(dependencies): Fix SNYK-JS-TAR-15307072
d0f7143 Merge branch 'chore/cherry-pick_1.1303.0' of github.com:snyk/cli into chore/c...
2d7d979 fix(dependencies): Fix SNYK-JS-MINIMATCH-15309438 and SNYK-JS-TAR-15307072
19b93d6 chore: update release notes
8126d81 chore: update release notes
3bc73bf fix(dependencies): Fix SNYK-JS-TAR-15307072
55420e6 fix(dependencies): Fix SNYK-JS-MINIMATCH-15309438
3fbae34 Merge pull request #6592 from snyk/chore/update-docs-for-release
daac88b docs: synchronizing help from snyk/user-docs
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [snyk](https://github.com/snyk/snyk) from 1.1302.1 to 1.1303.0. - [Release notes](https://github.com/snyk/snyk/releases) - [Commits](snyk/cli@v1.1302.1...v1.1303.0) --- updated-dependencies: - dependency-name: snyk dependency-version: 1.1303.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

coderabbitai · 2026-02-27T04:04:24Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch dependabot/npm_and_yarn/snyk-1.1303.0

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 27, 2026

github-actions bot approved these changes Feb 27, 2026

View reviewed changes

github-actions bot merged commit cc6144f into master Feb 27, 2026
3 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/snyk-1.1303.0 branch February 27, 2026 04:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump snyk from 1.1302.1 to 1.1303.0#3169

build(deps): bump snyk from 1.1302.1 to 1.1303.0#3169
github-actions[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/snyk-1.1303.0

dependabot bot commented on behalf of github Feb 27, 2026

Uh oh!

Uh oh!

coderabbitai bot commented Feb 27, 2026

Review skipped

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 27, 2026

v1.1303.0

1.1303.0 (2026-02-26)

Features

Bug Fixes

Uh oh!

Uh oh!

coderabbitai bot commented Feb 27, 2026

Review skipped

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants