Merge pull request #6042 from snyk/tmp/150725-rc

chore: Update Release Candidate

Author: j-luong

binary-releases/RELEASE_NOTES.md

@@ -22,8 +22,7 @@ The Snyk CLI is being deployed to different deployment channels, users can selec
 
 ### Bug Fixes
 
-* Bump `snyk-mvn-plugin` to require Node 20 ([c91cfbb](https://github.com/snyk/snyk/commit/c91cfbbb02a7319454a306f1889fd443288abf75))
-* Fixes incorrect SARIF schema link for Code, Container, IAC and Open Source product line output ([f283dd9](https://github.com/snyk/snyk/commit/f283dd9b4e8bf9bba298b4ff40204b599d738da5))
+* **general:** Fixes incorrect SARIF schema link for Code, Container, IAC and Open Source product line output ([f283dd9](https://github.com/snyk/snyk/commit/f283dd9b4e8bf9bba298b4ff40204b599d738da5))
 * **language-server:** MCP tool description and params ([bb88287](https://github.com/snyk/snyk/commit/bb882876e47bfc721b9c2451ac5dee2d5c513cf6))
 * **language-server:** Update IAW wording to match web UI ([bb88287](https://github.com/snyk/snyk/commit/bb882876e47bfc721b9c2451ac5dee2d5c513cf6))
 * **language-server:** General MCP extension improvements ([e8fe9f8](https://github.com/snyk/snyk/commit/e8fe9f8e6beb9ce00571883da880c170bc724e78))
@@ -40,6 +39,7 @@ The Snyk CLI is being deployed to different deployment channels, users can selec
 * **langauge-server:**  Read locks when running auth command ([420d62a](https://github.com/snyk/snyk/commit/420d62ad518d79fcb8a3c0414dc8892ff5f502f1))
 * **language-server:** Authentication command is now cancellable ([35eb9a8](https://github.com/snyk/snyk/commit/35eb9a88fc47a26a62a490be88d951e456b2d7c8))
 * **language-server:** MCP command for SCA ([c6f1203](https://github.com/snyk/cli/commit/c6f12035639d09023dcaaafdb38a134b0953b0f9))
+* **language-server:** Send auth analytics when token updated ([6916af8](https://github.com/snyk/cli/commit/6916af848ea3dc3e79d7e7e9f07089461e6f5ebf))
 * **test, monitor, sbom:** Maven Dverbose algorithm adds only the dependencies resolved by maven in the dependency graph/sbom ([9b6abd3](https://github.com/snyk/snyk/commit/9b6abd3ccbf75490d9741d4db3de71ebacb3b822))
 * **test, monitor, sbom:** `-- -Dverbose` affecting scope collisions from the maven Dverbose command output (parentNodeId does not exist error). ([0a48b96](https://github.com/snyk/snyk/commit/0a48b965f2b26c68b091ef23692058f1f81b544a))
 * **test, monitor:** Misleading `OutOfSync` error in npm projects for top-level bundled dependencies ([8ac67c6](https://github.com/snyk/snyk/commit/8ac67c67bc68d2e0a6b24c613458042e9b880dee))
@@ -48,6 +48,7 @@ The Snyk CLI is being deployed to different deployment channels, users can selec
 * **test:** Imports that failed when that file contained special content such as URLs will no longer fail because of it ([164618c](https://github.com/snyk/snyk/commit/164618cf3b98da98dd2e109f9a94e24354cd8c5e))
 * **test:** Scanning open source dependencies of PHP projects when composer is installed on the user machine works again ([39e3379](https://github.com/snyk/snyk/commit/39e337965740f6242a22f998cc433d7842468490))
 * **test:** Bump nodejs parser to handle manual aliases on indirct deps. ([15f693a](https://github.com/snyk/snyk/commit/15f693a1e47ba15cc264ba6d21c1230cd061ebf6))
+* **test** Bump `snyk-mvn-plugin` to require Node 20 ([c91cfbb](https://github.com/snyk/snyk/commit/c91cfbbb02a7319454a306f1889fd443288abf75))
 * **test:** Performance improvements running `snyk test --print-graph` on gradle projects ([156fdb2](https://github.com/snyk/snyk/commit/156fdb2802faf6248e129d1869f2b7aa37374cd2))
 * **test:** Fixed error `Could not scan C/C++ project: RangeError: Maximum call stack size exceeded` which was sometimes seen when scanning very large archives using `snyk test --unmanaged` ([5ab0676](https://github.com/snyk/snyk/commit/5ab06769a80005a87f2f8264a96c145aca013a34))
 * **code:** In the golang native code test implementation (CCI), fix hash mismatch errors when uploading non UTF-8 content ([33d33e9](https://github.com/snyk/snyk/commit/33d33e92bba76cff694cc5ee9e9b2e4b9274a673))
@@ -58,3 +59,4 @@ The Snyk CLI is being deployed to different deployment channels, users can selec
 * **sbom:** Performance improvements running `snyk sbom` on gradle projects ([156fdb2](https://github.com/snyk/snyk/commit/156fdb2802faf6248e129d1869f2b7aa37374cd2))
 * **ignore:** Align handling for invalid ignore expiry across Snyk product lines ([54b4f56](https://github.com/snyk/snyk/commit/54b4f56f41497f6da97c651e65b23798809e53b5))
 * **logging:** Redact negotiate in debug logs ([8daa112](https://github.com/snyk/snyk/commit/8daa112ff747f2e83c0dabe94426dc99574c9892))
+* **logging:** Fixes some crashes when the CLI was used with debug and trace logging level enabled ([92fa8be](https://github.com/snyk/cli/commit/92fa8be2bae46a9d5efe7a3538efe1f9aedc21d1))

cliv2/cmd/cliv2/debug.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	"github.com/rs/zerolog"
-
 	"github.com/snyk/go-application-framework/pkg/configuration"
 	"github.com/snyk/go-application-framework/pkg/logging"
 	"github.com/snyk/go-application-framework/pkg/ui"
@@ -35,7 +34,14 @@ func initDebugLogger(config configuration.Configuration) *zerolog.Logger {
 		},
 		FieldsExclude: []string{"ext", "separator"},
 		FormatTimestamp: func(i interface{}) string {
-			t, _ := time.Parse(time.RFC3339, i.(string))
+			timeString, ok := i.(string)
+			if !ok {
+				return ""
+			}
+			t, err := time.Parse(time.RFC3339, timeString)
+			if err != nil {
+				return ""
+			}
 			return strings.ToUpper(t.UTC().Format(time.RFC3339))
 		},
 	}

cliv2/go.mod

@@ -12,15 +12,15 @@ require (
 	github.com/rs/zerolog v1.34.0
 	github.com/snyk/cli-extension-ai-bom v0.0.0-20250616112001-3bba91586896
 	github.com/snyk/cli-extension-dep-graph v0.0.0-20250321153619-9390ab5e348e
-	github.com/snyk/cli-extension-iac v0.0.0-20250521122953-52bf59414647
+	github.com/snyk/cli-extension-iac v0.0.0-20250711122243-0de490b44873
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20250227121450-6e14346dbd1a
 	github.com/snyk/cli-extension-sbom v0.0.0-20250422133603-a5ae6fdf0934
 	github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7
 	github.com/snyk/error-catalog-golang-public v0.0.0-20250520155934-078275889e2c
-	github.com/snyk/go-application-framework v0.0.0-20250711115946-e64056bc2173
+	github.com/snyk/go-application-framework v0.0.0-20250715120239-cdd02bd0c1eb
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
 	github.com/snyk/snyk-iac-capture v0.6.5
-	github.com/snyk/snyk-ls v0.0.0-20250711095549-3a7ebaa41ec0
+	github.com/snyk/snyk-ls v0.0.0-20250714110339-41e841b099e2
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
 	github.com/stretchr/testify v1.10.0
@@ -181,7 +181,7 @@ require (
 	github.com/shirou/gopsutil v3.21.11+incompatible // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
-	github.com/snyk/code-client-go v1.22.1 // indirect
+	github.com/snyk/code-client-go v1.22.2 // indirect
 	github.com/snyk/policy-engine v0.33.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd // indirect

cliv2/go.sum

@@ -792,28 +792,28 @@ github.com/snyk/cli-extension-ai-bom v0.0.0-20250616112001-3bba91586896 h1:psBmU
 github.com/snyk/cli-extension-ai-bom v0.0.0-20250616112001-3bba91586896/go.mod h1:t4YJQ7GhCpk4Nt6z0ziFFcQ6Sc921MhUtFtPJov6S6c=
 github.com/snyk/cli-extension-dep-graph v0.0.0-20250321153619-9390ab5e348e h1:lYBeDqyAmb7NPfcLZJb1rcc+BrWhX5Ct9isQO1O4mSc=
 github.com/snyk/cli-extension-dep-graph v0.0.0-20250321153619-9390ab5e348e/go.mod h1:9Zpe+B8SCkWFjpDR3ckFJl1XuMyxysWebKhyAIj7EyI=
-github.com/snyk/cli-extension-iac v0.0.0-20250521122953-52bf59414647 h1:HNuJNUtoJHgaVE514+7gaLTRZj0yl+MBPp0diDgqH34=
-github.com/snyk/cli-extension-iac v0.0.0-20250521122953-52bf59414647/go.mod h1:7O90So5PPqTRMpcs8BY14+jX+J8BixqZQyXQiRZW7ws=
+github.com/snyk/cli-extension-iac v0.0.0-20250711122243-0de490b44873 h1:D2LsRbi9qFm8NsWXHmS29vC1mzTg7uoXi9ewQ7NC+Ig=
+github.com/snyk/cli-extension-iac v0.0.0-20250711122243-0de490b44873/go.mod h1:HHOvlKnJfypPCYNP+yG7FLu0ii02UwumpkWlSLy5pYc=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20250227121450-6e14346dbd1a h1:SJ+Ts7e1EYcGJXeENR5inTGwPNRlNVgmMN2itO3+yj8=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20250227121450-6e14346dbd1a/go.mod h1:IqfQCIkyC26mkwa+aM6d6yxIh5+tCm4fSQG+Ogq3Qbc=
 github.com/snyk/cli-extension-sbom v0.0.0-20250422133603-a5ae6fdf0934 h1:0RCTH9C0zaTrnqpKLaLXTmP7suwWEHBNVwQSaR8Aifo=
 github.com/snyk/cli-extension-sbom v0.0.0-20250422133603-a5ae6fdf0934/go.mod h1:Q8dmRgcpHTk711dkLVtpkTF5RvLkQVcExGuv1cyx/zU=
-github.com/snyk/code-client-go v1.22.1 h1:bgMaShTO+zoCGNp7SRT6tKSngfhVBn0IRK2QEvpj4Vs=
-github.com/snyk/code-client-go v1.22.1/go.mod h1:Jx3Jpo8kHlqHjhGa7a0ROQzPu+X15TBN0zRD+wNcUds=
+github.com/snyk/code-client-go v1.22.2 h1:ECEg8LLLP8+fXIw1W1tsKpBeMtCdK9QNT8VTUDn11TQ=
+github.com/snyk/code-client-go v1.22.2/go.mod h1:Jx3Jpo8kHlqHjhGa7a0ROQzPu+X15TBN0zRD+wNcUds=
 github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7 h1:/2+2piwQtB9fEJCkXEOjboZjY+77lQfnvqBZ/60xNHk=
 github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
 github.com/snyk/error-catalog-golang-public v0.0.0-20250520155934-078275889e2c h1:rXUCGepwK38Xn00MKwfJRd5ecQ7ylvkudoMFBycIJUk=
 github.com/snyk/error-catalog-golang-public v0.0.0-20250520155934-078275889e2c/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
-github.com/snyk/go-application-framework v0.0.0-20250711115946-e64056bc2173 h1:w8uZgvG3arvDPwWd5V3IF1+lU3gLf1sQtoMCFmW37c8=
-github.com/snyk/go-application-framework v0.0.0-20250711115946-e64056bc2173/go.mod h1:4DSu9PL2hypUjZhrT+zaMh3H5stAerMVfUs5XP1ST8U=
+github.com/snyk/go-application-framework v0.0.0-20250715120239-cdd02bd0c1eb h1:xV/Y1VMTkUax/WFeb9MSGP4VjaODvioY6i3EqkbADfM=
+github.com/snyk/go-application-framework v0.0.0-20250715120239-cdd02bd0c1eb/go.mod h1:4DSu9PL2hypUjZhrT+zaMh3H5stAerMVfUs5XP1ST8U=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
 github.com/snyk/policy-engine v0.33.2 h1:ZxD6/RQ4vqUAXa64V72SsGjZ8vmnBgZNGYQxMIqctYo=
 github.com/snyk/policy-engine v0.33.2/go.mod h1:YTZq3GMRbXcHOXQQrFRVEg+MQiIGCGZ1met6KlpruNo=
 github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E=
 github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk=
-github.com/snyk/snyk-ls v0.0.0-20250711095549-3a7ebaa41ec0 h1:nGsPWMA991A8Xy9zXj/0TX0+/h/2mxp49KPbjD3oBaY=
-github.com/snyk/snyk-ls v0.0.0-20250711095549-3a7ebaa41ec0/go.mod h1:KICSlUZ6ueogFjCl1OkBytkUXT+5gMWNXKjl1qn6znU=
+github.com/snyk/snyk-ls v0.0.0-20250714110339-41e841b099e2 h1:2hR0i4ab7AhLnnnx3EGRMWpBwrG7viUtN9JCmcXpLsw=
+github.com/snyk/snyk-ls v0.0.0-20250714110339-41e841b099e2/go.mod h1:KICSlUZ6ueogFjCl1OkBytkUXT+5gMWNXKjl1qn6znU=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ=

package-lock.json

@@ -121,7 +121,7 @@
     "snyk-go-plugin": "1.23.0",
     "snyk-gradle-plugin": "5.0.4",
     "snyk-module": "3.1.0",
-    "snyk-mvn-plugin": "4.0.1",
+    "snyk-mvn-plugin": "4.1.0",
     "snyk-nodejs-lockfile-parser": "2.2.2",
     "snyk-nodejs-plugin": "1.4.4",
     "snyk-nuget-plugin": "2.10.1",

package.json

@@ -52,6 +52,7 @@ import { hasFeatureFlag } from '../../../lib/feature-flags';
 import {
   PNPM_FEATURE_FLAG,
   DOTNET_WITHOUT_PUBLISH_FEATURE_FLAG,
+  MAVEN_DVERBOSE_EXHAUSTIVE_DEPS_FF,
 } from '../../../lib/package-managers';
 import { normalizeTargetFile } from '../../../lib/normalize-target-file';
 
@@ -165,6 +166,7 @@ export default async function monitor(...args0: MethodArgs): Promise<any> {
 
   let hasPnpmSupport = false;
   let hasImprovedDotnetWithoutPublish = false;
+  let enableMavenDverboseExhaustiveDeps = false;
   try {
     hasPnpmSupport = (await hasFeatureFlag(
       PNPM_FEATURE_FLAG,
@@ -180,6 +182,26 @@ export default async function monitor(...args0: MethodArgs): Promise<any> {
     hasPnpmSupport = false;
   }
 
+  try {
+    const args = options['_doubleDashArgs'] || [];
+    const verboseEnabled =
+      args.includes('-Dverbose') ||
+      args.includes('-Dverbose=true') ||
+      !!options['print-graph'];
+    if (verboseEnabled) {
+      enableMavenDverboseExhaustiveDeps = (await hasFeatureFlag(
+        MAVEN_DVERBOSE_EXHAUSTIVE_DEPS_FF,
+        options,
+      )) as boolean;
+      if (enableMavenDverboseExhaustiveDeps) {
+        options.mavenVerboseIncludeAllVersions =
+          enableMavenDverboseExhaustiveDeps;
+      }
+    }
+  } catch (err) {
+    enableMavenDverboseExhaustiveDeps = false;
+  }
+
   const featureFlags = hasPnpmSupport
     ? new Set<string>([PNPM_FEATURE_FLAG])
     : new Set<string>();

src/cli/commands/monitor/index.ts

@@ -401,6 +401,7 @@ export enum IaCErrorCodes {
   NoLoadableInput = 2114,
   FailedToMakeResourcesResolvers = 2115,
   ResourcesResolverError = 2116,
+  TestLimitReached = 2117,
   FailedToProcessResults = 2200,
   EntitlementNotEnabled = 2201,
   ReadSettings = 2202,

src/cli/commands/test/iac/local-execution/types.ts

@@ -37,6 +37,8 @@ const snykIacTestErrorsUserMessages = {
   MissingRemoteSubmodulesError: `Could not load some remote modules. Run 'terraform init' if you would like to include them in the evaluation`,
   EvaluationError: 'Skipping evaluation',
   MissingTermError: 'Missing term - term has been assigned as the name itself',
+  TestLimitReached:
+    'Test limit reached! You have exceeded your infrastructure as code test allocation for this billing period.',
 };
 
 export function getErrorUserMessage(code: number, error: string): string {

src/lib/iac/test/v2/errors.ts

@@ -1,6 +1,8 @@
 export const PNPM_FEATURE_FLAG = 'enablePnpmCli';
 export const DOTNET_WITHOUT_PUBLISH_FEATURE_FLAG =
   'useImprovedDotnetWithoutPublish';
+export const MAVEN_DVERBOSE_EXHAUSTIVE_DEPS_FF =
+  'enableMavenDverboseExhaustiveDeps';
 
 export type SupportedPackageManagers =
   | 'rubygems'