Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(deps): bump @snyk/protect from 1.1295.0 to 1.1295.2 (#11299)
Bumps [@snyk/protect](https://github.com/snyk/snyk) from 1.1295.0 to 1.1295.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/snyk/snyk/releases"><code>@snyk/protect</code>'s releases</a>.</em></p> <blockquote> <h2>v1.1295.2</h2> <h2><a href="https://github.com/snyk/snyk/compare/v1.1295.1...v1.1295.2">1.1295.2</a> (2025-01-24)</h2> <p>The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see <a href="https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli">this documentation</a></p> <h3>Bug Fixes</h3> <ul> <li><strong>general:</strong> revert dependencies upgrade which introduced a regression on a number of Linux installations</li> </ul> <h2>v1.1295.1</h2> <h2><a href="https://github.com/snyk/snyk/compare/v1.1295.0...v1.1295.1">1.1295.1</a> (2025-01-23)</h2> <p>The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see <a href="https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli">this documentation</a></p> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> Upgrades goproxy to 1.5 to address a high severity vulnerability</li> <li><strong>security:</strong> Upgrades dependencies in IaC plugin to address <a href="https://security.snyk.io/vuln/golang?search=CVE-2025-21614">CVE-2025-21614</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/snyk/cli/commit/f6668a365cde7c655335db29d083ca66c117906a"><code>f6668a3</code></a> Merge pull request <a href="https://redirect.github.com/snyk/snyk/issues/5690">#5690</a> from snyk/chore/hotfix-cli</li> <li><a href="https://github.com/snyk/cli/commit/843d64309460e73654f056181f2c9debd5273bf3"><code>843d643</code></a> fix: empty commit to bump publication machinery</li> <li><a href="https://github.com/snyk/cli/commit/d2068d51e612a22f2c12c077fe98bebd6f5b3d91"><code>d2068d5</code></a> Merge pull request <a href="https://redirect.github.com/snyk/snyk/issues/5688">#5688</a> from snyk/fix/revert-dependency-upgrades</li> <li><a href="https://github.com/snyk/cli/commit/67f71fec8bedbd982ce0236a8753e294261ac72c"><code>67f71fe</code></a> chore: ignore SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247 vulnerability</li> <li><a href="https://github.com/snyk/cli/commit/6d91ae172199f878853aad9857684b333db1370e"><code>6d91ae1</code></a> Revert "fix: fix CVE-2025-21614 and CVE-2025-21614 (iac)"</li> <li><a href="https://github.com/snyk/cli/commit/ac4a721488298a416290de968944c47c7e592a98"><code>ac4a721</code></a> Revert "fix: upgrade cli-extension-iac-rules to address vulns [IAC-3195]"</li> <li><a href="https://github.com/snyk/cli/commit/bcfd63549f1db4123773daa2e61d125d627608e3"><code>bcfd635</code></a> Revert "chore(deps): upgrade go proxy 1.5"</li> <li><a href="https://github.com/snyk/cli/commit/36ee374230a0caf2b4e4f1703de6d6baa262cdce"><code>36ee374</code></a> Merge pull request <a href="https://redirect.github.com/snyk/snyk/issues/5680">#5680</a> from snyk/release-candidate</li> <li><a href="https://github.com/snyk/cli/commit/8792d774cd1f27d0c6ccb1ccb9d34edaf57b9bb3"><code>8792d77</code></a> Merge pull request <a href="https://redirect.github.com/snyk/snyk/issues/5678">#5678</a> from snyk/hotfix/v1.1295.0-address-iac-vulnerabilities</li> <li><a href="https://github.com/snyk/cli/commit/faff294a159ba90b7b732460f91e071cf4c5bd37"><code>faff294</code></a> fix: upgrade cli-extension-iac-rules to address vulns [IAC-3195]</li> <li>Additional commits viewable in <a href="https://github.com/snyk/snyk/compare/v1.1295.0...v1.1295.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
6367eea
commit 7f913b9