From 51f38d9a249683ffa9a78cf856e7e75c7fd40aeb Mon Sep 17 00:00:00 2001 From: Phill Date: Thu, 19 Dec 2024 12:01:08 +0000 Subject: [PATCH] feat: pkg id provenance labels Add 'pkgIdProvenance' labels to dependency graph nodes when the package identity has been changed from what has been discovered in the manifest files. This can happen in ecosystems like Python where package names are case insensitive, and Snyk needs to normalize them to match vulnerabilities. This new lable allows users to see what the package was originally called. --- package-lock.json | 44 ++++++++++++++++++++++---------------------- package.json | 4 ++-- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8219147b59..fa322f7575 100644 --- a/package-lock.json +++ b/package-lock.json @@ -70,7 +70,7 @@ "snyk-cpp-plugin": "2.24.0", "snyk-docker-plugin": "6.13.18", "snyk-go-plugin": "1.23.0", - "snyk-gradle-plugin": "4.7.0", + "snyk-gradle-plugin": "4.9.0", "snyk-module": "3.1.0", "snyk-mvn-plugin": "3.6.1", "snyk-nodejs-lockfile-parser": "1.58.10", @@ -78,7 +78,7 @@ "snyk-nuget-plugin": "2.7.12", "snyk-php-plugin": "1.10.0", "snyk-policy": "4.1.4", - "snyk-python-plugin": "2.2.1", + "snyk-python-plugin": "2.3.0", "snyk-resolve-deps": "4.8.0", "snyk-sbt-plugin": "2.18.1", "snyk-swiftpm-plugin": "1.4.1", @@ -20594,9 +20594,9 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-gradle-plugin": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.7.0.tgz", - "integrity": "sha512-BtjhM6UhH4+TjOgXPdU0mPTTCLHjCysMqH0u/EYi+XMErzl7RK7kgwgFuH6nwokItK5JvX/+HpCu/Jy41IDxIQ==", + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.9.0.tgz", + "integrity": "sha512-yRqr2//8Jdoy3uLm7aGk3qTHjZrmK5r1FPQz7/233Vyw3ZIW1iccL+aFT49WnM+VhLsspnJQFLaxEgs0lpA9Ag==", "dependencies": { "@snyk/cli-interface": "2.11.3", "@snyk/dep-graph": "^1.28.0", @@ -21256,9 +21256,9 @@ } }, "node_modules/snyk-poetry-lockfile-parser": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/snyk-poetry-lockfile-parser/-/snyk-poetry-lockfile-parser-1.4.2.tgz", - "integrity": "sha512-EIUWYmw4sNnUUEQZMBXMUEXwk5sk4KzXMbrUtcoQLaha6XLqk1qneRpCDtGdbf0qlXHHs9VxfajxBZZcuq7vIA==", + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/snyk-poetry-lockfile-parser/-/snyk-poetry-lockfile-parser-1.6.1.tgz", + "integrity": "sha512-wMVazbWz7/6bI51gKJ63OPgCa0gmBcqgQPWX8Jq+ka3N0i1iP4wuWN5TAs8f0PXJNI29hc2TNaDYQ47b00XYJA==", "dependencies": { "@iarna/toml": "^2.2.5", "@snyk/cli-interface": "^2.9.2", @@ -21345,14 +21345,14 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-python-plugin": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-2.2.1.tgz", - "integrity": "sha512-L4piOWEzwJv7IuI8FuP6dh48svLDIjGeBTvjcdKVg4cFdrCS8JXA45ePWZOGysHxo7T0rw3w+ZJ61TlfR4WH1Q==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-2.3.0.tgz", + "integrity": "sha512-awJ/D59FfIQNXDBStHMgx6jqpWoShTaga64d0dXAtPhloMS6Wm7q39uqi2UN1zNem/Vsu+tm0iXdSX56G/2bEw==", "dependencies": { "@snyk/cli-interface": "^2.11.2", "@snyk/dep-graph": "^1.28.1", "shescape": "1.6.1", - "snyk-poetry-lockfile-parser": "^1.4.2", + "snyk-poetry-lockfile-parser": "^1.6.1", "tmp": "0.2.1" } }, @@ -40048,9 +40048,9 @@ } }, "snyk-gradle-plugin": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.7.0.tgz", - "integrity": "sha512-BtjhM6UhH4+TjOgXPdU0mPTTCLHjCysMqH0u/EYi+XMErzl7RK7kgwgFuH6nwokItK5JvX/+HpCu/Jy41IDxIQ==", + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.9.0.tgz", + "integrity": "sha512-yRqr2//8Jdoy3uLm7aGk3qTHjZrmK5r1FPQz7/233Vyw3ZIW1iccL+aFT49WnM+VhLsspnJQFLaxEgs0lpA9Ag==", "requires": { "@snyk/cli-interface": "2.11.3", "@snyk/dep-graph": "^1.28.0", @@ -40580,9 +40580,9 @@ } }, "snyk-poetry-lockfile-parser": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/snyk-poetry-lockfile-parser/-/snyk-poetry-lockfile-parser-1.4.2.tgz", - "integrity": "sha512-EIUWYmw4sNnUUEQZMBXMUEXwk5sk4KzXMbrUtcoQLaha6XLqk1qneRpCDtGdbf0qlXHHs9VxfajxBZZcuq7vIA==", + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/snyk-poetry-lockfile-parser/-/snyk-poetry-lockfile-parser-1.6.1.tgz", + "integrity": "sha512-wMVazbWz7/6bI51gKJ63OPgCa0gmBcqgQPWX8Jq+ka3N0i1iP4wuWN5TAs8f0PXJNI29hc2TNaDYQ47b00XYJA==", "requires": { "@iarna/toml": "^2.2.5", "@snyk/cli-interface": "^2.9.2", @@ -40655,14 +40655,14 @@ } }, "snyk-python-plugin": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-2.2.1.tgz", - "integrity": "sha512-L4piOWEzwJv7IuI8FuP6dh48svLDIjGeBTvjcdKVg4cFdrCS8JXA45ePWZOGysHxo7T0rw3w+ZJ61TlfR4WH1Q==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-2.3.0.tgz", + "integrity": "sha512-awJ/D59FfIQNXDBStHMgx6jqpWoShTaga64d0dXAtPhloMS6Wm7q39uqi2UN1zNem/Vsu+tm0iXdSX56G/2bEw==", "requires": { "@snyk/cli-interface": "^2.11.2", "@snyk/dep-graph": "^1.28.1", "shescape": "1.6.1", - "snyk-poetry-lockfile-parser": "^1.4.2", + "snyk-poetry-lockfile-parser": "^1.6.1", "tmp": "0.2.1" }, "dependencies": { diff --git a/package.json b/package.json index 080f6acfc3..1d5b931e16 100644 --- a/package.json +++ b/package.json @@ -118,7 +118,7 @@ "snyk-cpp-plugin": "2.24.0", "snyk-docker-plugin": "6.13.18", "snyk-go-plugin": "1.23.0", - "snyk-gradle-plugin": "4.7.0", + "snyk-gradle-plugin": "4.9.0", "snyk-module": "3.1.0", "snyk-mvn-plugin": "3.6.1", "snyk-nodejs-lockfile-parser": "1.58.10", @@ -126,7 +126,7 @@ "snyk-nuget-plugin": "2.7.12", "snyk-php-plugin": "1.10.0", "snyk-policy": "4.1.4", - "snyk-python-plugin": "2.2.1", + "snyk-python-plugin": "2.3.0", "snyk-resolve-deps": "4.8.0", "snyk-sbt-plugin": "2.18.1", "snyk-swiftpm-plugin": "1.4.1",