Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(container): support --exclude-app-vulns with oauth #5563

Merged
merged 3 commits into from
Nov 4, 2024
Merged

fix(container): support --exclude-app-vulns with oauth #5563

merged 3 commits into from
Nov 4, 2024

Conversation

thisislawatts
Copy link
Member

@thisislawatts thisislawatts commented Oct 31, 2024
edited by jira bot
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)

What does this PR do?

Upgrades snyk-docker-plugin to pull in this fix: snyk/snyk-docker-plugin#610, which ensures --exclude-app-vulns works correctly if you are authed with OAuth.

How should this be manually tested?

Build locally and run the following command:

~/snyk/cli/binary-releases/snyk-macos container monitor --exclude-app-vulns mathiasconradt/goof

If it completes successfully then the fix is working as expected.

Ref: CLI-543

Additionally this upgrade to snyk-docker-plugin addresses the following:

  • UNIFY-243 - fix: dependencies detection from container removed layers
  • UNIFY-264 - fix: ignore npm/yarn cache directories

@thisislawatts thisislawatts marked this pull request as ready for review October 31, 2024 14:59
@thisislawatts thisislawatts requested a review from a team as a code owner October 31, 2024 14:59
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 31, 2024
edited
Loading

Warnings
⚠️ There are multiple commits on your branch, please squash them locally before merging!

Generated by 🚫 dangerJS against 8d1b12c

@thisislawatts
Copy link
Member Author

Its not ready for merging yet, the tests are failing with 6.13.10 , we are currently on 6.13.2 . So there are a few changes which need to come in as well. Stepping through each dep upgrades to see if the test failure comes from one of those earlier fixes or from my own bug fix…

@thisislawatts thisislawatts force-pushed the fix/deps-do-not-overwrite-values branch from dd13206 to c2dc060 Compare November 1, 2024 12:43
@thisislawatts
Copy link
Member Author

Closing until breaking change in snyk-docker-plugin is resolved.

@thisislawatts thisislawatts reopened this Nov 1, 2024
@thisislawatts thisislawatts force-pushed the fix/deps-do-not-overwrite-values branch 2 times, most recently from 5648e30 to 3cfe78d Compare November 1, 2024 15:59
@thisislawatts thisislawatts force-pushed the fix/deps-do-not-overwrite-values branch from b23f8ae to 8d1b12c Compare November 4, 2024 14:11
@thisislawatts thisislawatts merged commit b854d95 into main Nov 4, 2024
9 checks passed
@thisislawatts thisislawatts deleted the fix/deps-do-not-overwrite-values branch November 4, 2024 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandor-trombitas sandor-trombitas Awaiting requested review from sandor-trombitas

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thisislawatts @sandor-trombitas