dependabot[bot]
dacc2f61f9
chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 ( #4218 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8
2025-09-15 14:29:53 -04:00
dependabot[bot]
06b01aaa40
chore(deps): bump modernc.org/sqlite from 1.38.2 to 1.39.0 ( #4219 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.38.2 to 1.39.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.2...v1.39.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.39.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-15 14:29:45 -04:00
dependabot[bot]
e1762a2dda
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.8 to 1.3.9 ( #4214 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.8 to 1.3.9.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.8...v1.3.9 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-12 10:21:20 -04:00
Rafał Maj
c5cbc89cb1
fix: include RpmDBEntry modularityLabel in CycloneDX ( #4212 )
...
Signed-off-by: sfc-gh-rmaj <rafal.maj@snowflake.com>
2025-09-11 17:22:12 -04:00
Joel Rudsberg
7bc15e3d82
Native Image SBOM: Add Support for Locations Data ( #4186 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2025-09-11 14:16:09 -04:00
dependabot[bot]
c6cd66357a
chore(deps): bump github.com/spf13/afero from 1.14.0 to 1.15.0 ( #4202 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.14.0...v1.15.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-version: 1.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 13:27:42 -04:00
dependabot[bot]
04e989d761
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.6 to 1.3.8 ( #4203 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.6 to 1.3.8.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.6...v1.3.8 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 13:27:33 -04:00
dependabot[bot]
b6f7532b0f
chore(deps): bump github.com/vbatts/go-mtree from 0.5.4 to 0.6.0 ( #4204 )
...
Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree ) from 0.5.4 to 0.6.0.
- [Release notes](https://github.com/vbatts/go-mtree/releases )
- [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md )
- [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.4...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/vbatts/go-mtree
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 13:27:24 -04:00
anchore-actions-token-generator[bot]
2531bfd8cb
chore(deps): update tools to latest versions ( #4200 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-11 12:55:39 -04:00
dependabot[bot]
1fcdb67698
chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 ( #4210 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861
2025-09-11 12:50:41 -04:00
dependabot[bot]
f986327257
chore(deps): bump golang.org/x/tools from 0.36.0 to 0.37.0 ( #4211 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.36.0 to 0.37.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.36.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.37.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 12:50:33 -04:00
anchore-actions-token-generator[bot]
67e0f7e3f9
chore(deps): update tools to latest versions ( #4194 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-08 09:55:06 -04:00
dependabot[bot]
169220ba81
chore(deps): bump github.com/hashicorp/go-getter from 1.7.10 to 1.8.0 ( #4197 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.10 to 1.8.0.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/commits/v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.8.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 09:50:54 -04:00
dependabot[bot]
1df4779b48
chore(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 ( #4198 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/mod/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.28.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 09:50:09 -04:00
dependabot[bot]
3a7f1f27a6
chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 ( #4182 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.9.1 to 1.10.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-version: 1.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:36:59 -04:00
dependabot[bot]
8e78fd57b8
chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 ( #4188 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:22 -04:00
dependabot[bot]
b503690889
chore(deps): bump actions/setup-go in /.github/actions/bootstrap ( #4189 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:08 -04:00
dependabot[bot]
cc07df0347
chore(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.7.10 ( #4190 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.9 to 1.7.10.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.9...v1.7.10 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.7.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:05:46 -04:00
dependabot[bot]
2b8f4bc028
chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 ( #4191 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.0 to 3.30.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...f1f6e5f6af
2025-09-08 02:05:35 -04:00
dependabot[bot]
98c97e24a2
chore(deps): bump actions/github-script from 7 to 8 ( #4192 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:05:27 -04:00
dependabot[bot]
6f4da8c797
chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 ( #4173 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-version: 1.11.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-03 12:22:38 -04:00
anchore-actions-token-generator[bot]
647196055d
chore(deps): update tools to latest versions ( #4185 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-03 12:22:11 -04:00
dependabot[bot]
39441f1999
chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 ( #4178 )
...
Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz ) from 0.5.12 to 0.5.14.
- [Commits](https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14 )
---
updated-dependencies:
- dependency-name: github.com/ulikunitz/xz
dependency-version: 0.5.14
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-02 00:26:54 -04:00
dependabot[bot]
507987c193
chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.0 ( #4180 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.9.1 to 1.10.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-version: 1.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-02 00:26:42 -04:00
dependabot[bot]
7e4bf7f8c2
chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 ( #4181 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.11 to 3.30.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3c3833e0f8...2d92b76c45
2025-09-02 00:26:33 -04:00
dependabot[bot]
bc18e3ab8c
chore(deps): bump github.com/anchore/stereoscope ( #4174 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.9-0.20250826202322-ef061ea78385 to 0.1.9.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.9 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-28 13:43:20 -04:00
dependabot[bot]
c4eb071324
chore(deps): bump github.com/gookit/color from 1.5.4 to 1.6.0 ( #4176 )
...
Bumps [github.com/gookit/color](https://github.com/gookit/color ) from 1.5.4 to 1.6.0.
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.5.4...v1.6.0 )
---
updated-dependencies:
- dependency-name: github.com/gookit/color
dependency-version: 1.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-28 13:42:38 -04:00
dependabot[bot]
cbcf8bd542
chore(deps): bump golang.org/x/tools from 0.35.0 to 0.36.0 ( #4172 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.35.0...v0.36.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.36.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-27 13:09:28 -04:00
anchore-actions-token-generator[bot]
2d8e337d34
chore(deps): update anchore dependencies ( #4169 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-08-26 17:04:20 -04:00
Christopher Angelo Phillips
13ffeeb3d0
feat: combine go module file and go source discovery into single cataloger ( #4127 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-08-26 19:35:44 +00:00
n-bes
170c4c41f4
use go.yaml.in/yaml ( #4157 )
...
Signed-off-by: Nikita Besperstov <n.bes@pm.me>
2025-08-26 11:24:23 -04:00
dependabot[bot]
7dc7c01c5c
chore(deps): bump github.com/diskfs/go-diskfs ( #4159 )
...
Bumps [github.com/diskfs/go-diskfs](https://github.com/diskfs/go-diskfs ) from 1.6.1-0.20250601133945-2af1c7ece24c to 1.7.0.
- [Commits](https://github.com/diskfs/go-diskfs/commits/v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/diskfs/go-diskfs
dependency-version: 1.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-26 09:00:02 -04:00
dependabot[bot]
9f07fa4a68
chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 ( #4160 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.10.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-version: 1.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-26 08:59:49 -04:00
anchore-actions-token-generator[bot]
37b2c0391b
chore(deps): update tools to latest versions ( #4154 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-08-25 09:57:45 -04:00
Alan Pope
ada74a8121
Feature: Add ffmpeg binary cataloger ( #3994 )
...
* Add ffmpeg binary cataloger
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* add linux-amd64 snippet and test
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Widen scope of regex to two digit version numbers
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Add full test fixtures for ffmpeg
Signed-off-by: Alan Pope <alan.pope@anchore.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2025-08-25 07:50:04 -04:00
Keith Zantow
ca21ccf21d
chore: redhat cataloger error when sqlite not regsitered ( #4150 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-21 14:55:47 +00:00
dependabot[bot]
26792fc12d
chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 ( #4149 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.10 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](96f518a34f...3c3833e0f8
2025-08-21 10:43:25 -04:00
Simeon Stoykov
a433045d51
feat: basic Conda ecosystem support ( #4002 )
...
----------------------------------------------------------------
Signed-off-by: Simeon Stoykov <simeon.stoykov@quantco.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-19 22:37:27 -04:00
dependabot[bot]
8e51e8d995
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 ( #4145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.9 to 3.29.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df559355d5...96f518a34f
2025-08-18 15:29:36 -04:00
anchore-actions-token-generator[bot]
ba2eb5701f
chore(deps): update CPE dictionary index ( #4143 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-08-18 10:14:39 -04:00
dependabot[bot]
c4292ad79b
chore(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 ( #4144 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.8 to 1.7.9.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.7.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18 11:42:13 +01:00
dependabot[bot]
0e669faecd
chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 ( #4141 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91
2025-08-15 10:22:24 -04:00
anchore-actions-token-generator[bot]
10ea022fe7
chore(deps): update tools to latest versions ( #4139 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-08-14 13:34:24 -04:00
Alan Pope
87e1d8cb87
feat: add support for authors, maintainers, and contributors in package.json. ( #4003 )
...
Fixes #2250
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-13 17:55:15 -04:00
dependabot[bot]
ab9db0024e
chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 ( #4135 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47
2025-08-13 10:07:03 -04:00
Christopher Angelo Phillips
6b48bd4b5e
feat: add package supplier flag ( #4131 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:49:41 -04:00
Christopher Angelo Phillips
89470ecdd3
feat: update syft license construction to be able to look up by URL ( #4132 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-08-12 14:30:32 -04:00
dependabot[bot]
104df88143
chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 ( #4134 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...df559355d5
2025-08-12 18:23:39 +00:00
honigbot
80e61175ad
fix: support multiple letters in openssl patch version ( #4106 )
...
Signed-off-by: honigbot <thesoftbear@gmail.com>
2025-08-12 10:30:41 -04:00
Keith Zantow
9f956dca8f
fix: closed reader during java binary detection ( #4129 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-08-12 08:58:28 -04:00
