chore(attack-paths): pin cartography to 0.126.1

[josema-xyz]

Description

Upgrading Cartography to Prowler's 0.126.1 version, a commit ahead of original 0.126.0.

Steps to review

Pass the tests and run a local scan.

Checklist

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the README.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[Copilot]

Pull request overview

This PR pins the Cartography dependency to version 0.126.1 from Prowler's fork, moving from the master branch to a specific tagged release. The new version adds support for scanning additional Azure services and AWS services like SageMaker, CloudFront, and Bedrock.

Changes:

• Pinned Cartography dependency from @master to @0.126.1 tag in pyproject.toml
• Updated poetry.lock to reflect the new version and additional Azure dependencies
• Added CHANGELOG entry documenting the dependency update

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File	Description
api/pyproject.toml	Updated cartography dependency reference from @master to @0.126.1
api/poetry.lock	Updated cartography version, resolved reference hash, and added new Azure dependencies (keyvault-certificates, keyvault-secrets, mgmt-eventhub, mgmt-synapse, synapse-artifacts)
api/CHANGELOG.md	Added entry documenting the Cartography version update and new service support

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🔒 Container Security Scan

Image: prowler-api:3a291df
Last scan: 2026-02-04 16:07:47 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	13
Total	13

12 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.10%. Comparing base (cb9ab03) to head (2c47675).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #9893       +/-   ##
===========================================
+ Coverage   42.30%   93.10%   +50.80%     
===========================================
  Files        1520      198     -1322     
  Lines       47880    26678    -21202     
===========================================
+ Hits        20254    24838     +4584     
+ Misses      27626     1840    -25786     

Flag	Coverage Δ
api	93.10% <ø> (?)
prowler-py3.10-aws	?
prowler-py3.10-azure	?
prowler-py3.10-config	?
prowler-py3.10-gcp	?
prowler-py3.10-github	?
prowler-py3.10-iac	?
prowler-py3.10-kubernetes	?
prowler-py3.10-lib	?
prowler-py3.10-m365	?
prowler-py3.10-mongodbatlas	?
prowler-py3.10-nhn	?
prowler-py3.10-openstack	?
prowler-py3.10-oraclecloud	?
prowler-py3.11-aws	?
prowler-py3.11-azure	?
prowler-py3.11-config	?
prowler-py3.11-gcp	?
prowler-py3.11-github	?
prowler-py3.11-iac	?
prowler-py3.11-kubernetes	?
prowler-py3.11-lib	?
prowler-py3.11-m365	?
prowler-py3.11-mongodbatlas	?
prowler-py3.11-nhn	?
prowler-py3.11-openstack	?
prowler-py3.11-oraclecloud	?
prowler-py3.12-aws	?
prowler-py3.12-azure	?
prowler-py3.12-config	?
prowler-py3.12-gcp	?
prowler-py3.12-github	?
prowler-py3.12-iac	?
prowler-py3.12-kubernetes	?
prowler-py3.12-lib	?
prowler-py3.12-m365	?
prowler-py3.12-mongodbatlas	?
prowler-py3.12-nhn	?
prowler-py3.12-openstack	?
prowler-py3.12-oraclecloud	?
prowler-py3.9-aws	?
prowler-py3.9-azure	?
prowler-py3.9-config	?
prowler-py3.9-gcp	?
prowler-py3.9-github	?
prowler-py3.9-iac	?
prowler-py3.9-kubernetes	?
prowler-py3.9-lib	?
prowler-py3.9-m365	?
prowler-py3.9-mongodbatlas	?
prowler-py3.9-nhn	?
prowler-py3.9-openstack	?
prowler-py3.9-oraclecloud	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	∅ <ø> (∅)
api	93.10% <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.