feat: pkg id provenance labels

Add 'pkgIdProvenance' labels to dependency graph nodes when the package identity has been changed from what has been discovered in the manifest files. This can happen in ecosystems like Python where package names are case insensitive, and Snyk needs to normalize them to match vulnerabilities. This new lable allows users to see what the package was originally called.
snyk · Dec 19, 2024 · 51f38d9 · 51f38d9
1 parent a813940
commit 51f38d9
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 24 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -118,15 +118,15 @@
     "snyk-cpp-plugin": "2.24.0",
     "snyk-docker-plugin": "6.13.18",
     "snyk-go-plugin": "1.23.0",
-    "snyk-gradle-plugin": "4.7.0",
+    "snyk-gradle-plugin": "4.9.0",
     "snyk-module": "3.1.0",
     "snyk-mvn-plugin": "3.6.1",
     "snyk-nodejs-lockfile-parser": "1.58.10",
     "snyk-nodejs-plugin": "1.3.4",
     "snyk-nuget-plugin": "2.7.12",
     "snyk-php-plugin": "1.10.0",
     "snyk-policy": "4.1.4",
-    "snyk-python-plugin": "2.2.1",
+    "snyk-python-plugin": "2.3.0",
     "snyk-resolve-deps": "4.8.0",
     "snyk-sbt-plugin": "2.18.1",
     "snyk-swiftpm-plugin": "1.4.1",