dependabot[bot]
13986b7cea
chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 ( #4056 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.41.0 to 0.42.0.
- [Commits](https://github.com/golang/net/compare/v0.41.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-14 10:27:10 -04:00
dependabot[bot]
1c0ed133a3
chore(deps): bump github.com/olekukonko/tablewriter from 1.0.7 to 1.0.8 ( #4049 )
...
Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter ) from 1.0.7 to 1.0.8.
- [Commits](https://github.com/olekukonko/tablewriter/compare/v1.0.7...v1.0.8 )
---
updated-dependencies:
- dependency-name: github.com/olekukonko/tablewriter
dependency-version: 1.0.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:27:02 -04:00
dependabot[bot]
9dd06981b4
chore(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to 2.24.0 ( #4051 )
...
Bumps [github.com/hashicorp/hcl/v2](https://github.com/hashicorp/hcl ) from 2.23.0 to 2.24.0.
- [Release notes](https://github.com/hashicorp/hcl/releases )
- [Changelog](https://github.com/hashicorp/hcl/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/hcl/compare/v2.23.0...v2.24.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/hcl/v2
dependency-version: 2.24.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:26:34 -04:00
dependabot[bot]
f88be457ef
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.5 to 1.3.6 ( #4052 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.5...v1.3.6 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-08 15:26:26 -04:00
anchore-actions-token-generator[bot]
e8b62ab9ac
chore(deps): update anchore dependencies ( #4047 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-02 16:09:46 +00:00
anchore-actions-token-generator[bot]
2af1bca83f
chore(deps): update anchore dependencies ( #4045 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-07-02 11:50:29 -04:00
Carlos Tadeu Panato Junior
2111d4d0e4
chore: upgrade tablewriter dependency to use new API ( #3990 )
...
* upgrade tablewriter
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* remove header line whitespace
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix static analysis
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 16:16:16 -04:00
dependabot[bot]
179cc70a36
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 ( #4040 )
...
* chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* update error message expectations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-01 19:21:02 +00:00
dependabot[bot]
421afac532
chore(deps): bump github.com/mholt/archives from 0.1.2 to 0.1.3 ( #4032 )
...
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.2...v0.1.3 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 17:58:41 -04:00
Alex Goodman
2bda086423
Add ability to scan snaps (as a source) ( #3929 )
2025-06-25 16:53:35 -04:00
dependabot[bot]
32a30f76c6
chore(deps): bump github.com/go-viper/mapstructure/v2 ( #4014 )
...
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases )
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0 )
---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
dependency-version: 2.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 11:35:09 -04:00
dependabot[bot]
72f9c42562
chore(deps): bump github.com/google/go-containerregistry ( #4009 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.5...v0.20.6 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 11:15:22 -04:00
dependabot[bot]
cfa7cc5be9
chore(deps): bump github.com/anchore/stereoscope ( #3991 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.5-0.20250604132324-344e29f37f05 to 0.1.5.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.5 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 11:47:40 -04:00
dependabot[bot]
1396a14550
chore(deps): bump modernc.org/sqlite from 1.37.1 to 1.38.0 ( #3979 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.37.1 to 1.38.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.37.1...v1.38.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 10:31:10 -04:00
dependabot[bot]
592bc0af7d
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.1 to 5.16.2 ( #3978 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.1 to 5.16.2.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.1...v5.16.2 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 10:26:47 -04:00
dependabot[bot]
12c8003317
chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 ( #3970 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/net/compare/v0.40.0...v0.41.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.41.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-06 10:23:02 -04:00
dependabot[bot]
0a25c0ec5c
chore(deps): bump github.com/sergi/go-diff ( #3971 )
...
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff ) from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0.
- [Commits](https://github.com/sergi/go-diff/commits/v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/sergi/go-diff
dependency-version: 1.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-06 10:22:54 -04:00
dependabot[bot]
c36c69779a
chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 ( #3963 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/mod/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.25.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 13:46:58 +00:00
dependabot[bot]
cd23ccc6e6
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.12 to 0.5.13 ( #3964 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.12 to 0.5.13.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.12...v0.5.13 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.13
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 13:45:40 +00:00
Keith Zantow
71d84603c1
fix: bump stereoscope to fix symlink performance issue ( #3953 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-04 15:50:03 +00:00
dependabot[bot]
f2118b568d
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.0 to 5.16.1 ( #3960 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.0 to 5.16.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.0...v5.16.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-04 14:02:45 +00:00
dependabot[bot]
8cc808f8f6
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.11 to 0.5.12 ( #3943 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.11 to 0.5.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.11...v0.5.12 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 10:46:30 -04:00
dependabot[bot]
b3e8926025
chore(deps): bump github.com/google/go-containerregistry ( #3933 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.4...v0.20.5 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-28 12:45:51 -04:00
dependabot[bot]
31c1be6d4d
chore(deps): bump modernc.org/sqlite from 1.37.0 to 1.37.1 ( #3926 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.37.0 to 1.37.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.37.0...v1.37.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.37.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 10:47:26 -04:00
dependabot[bot]
b5e9f75ef1
chore(deps): bump github.com/google/go-containerregistry ( #3925 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.3 to 0.20.4.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.3...v0.20.4 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-21 10:55:48 -04:00
Alex Goodman
db77b54c01
finalize go mod ref ( #3908 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 17:36:26 +00:00
Ralph Bean
b369b02f4f
Expose RPM signature information (for RPM DB and RPM archives) ( #3179 )
...
* feat: expose rpm signature information
This helps with more confident identification of an rpm.
In theory, two rpms can be built that have the same purl string, and
otherwise look identical in syft's output, but the PGP information
would distinguish them as signed either by different keys, or signed at
different times.
In practice, this usually makes no difference since rpms tend to have
unique name/version/release strings. This just gives increased
confidence about the identity of the rpm found in the db.
Signed-off-by: Ralph Bean <rbean@redhat.com>
* chore: generate json schema
Signed-off-by: Ralph Bean <rbean@redhat.com>
* re-generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename to a more generic signature field
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename rpm.pgp to rpm.signatures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split out signature fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* include RPM archives
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont fail on unknown signature type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Ralph Bean <rbean@redhat.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 16:01:00 +00:00
dependabot[bot]
5effed06a8
chore(deps): bump github.com/mholt/archives from 0.1.1 to 0.1.2 ( #3898 )
...
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.1...v0.1.2 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-15 10:23:30 -04:00
dependabot[bot]
8aaf36b1ad
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.2 to 2.3.3 ( #3863 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.2...v2.3.3 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-version: 2.3.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-07 10:00:05 -04:00
dependabot[bot]
af273002b8
chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 ( #3859 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/net/compare/v0.39.0...v0.40.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-06 12:12:58 -04:00
Alex Goodman
d47a6c3a6d
Improve support for cataloging nix package relationships ( #3837 )
...
* add nix DB cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add derivation path to nix store pkg metadata
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* go mod tidy
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for derivation path to be optional
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* repin build image and disable syscall filtering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump storage capacity
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* track nix derivation details on packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* image fixture should have derivation examples
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-05 15:35:13 +00:00
dependabot[bot]
4999de4114
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 ( #3843 )
...
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 10:06:11 -04:00
Alan Pope
baa1080ef6
Update github.com/Masterminds/semver to v3 ( #3836 )
...
* Update semver to v3. Fixes #3829
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* use single instance of regex obj
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-04-30 20:38:12 +00:00
dependabot[bot]
20ca60de8b
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.4 to 1.3.5 ( #3838 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.4 to 1.3.5.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.4...v1.3.5 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-30 14:40:00 -04:00
anchore-actions-token-generator[bot]
4211d79667
chore(deps): update anchore dependencies ( #3827 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-04-24 16:03:09 -04:00
dependabot[bot]
e452cc7623
chore(deps): bump github.com/go-git/go-git/v5 from 5.15.0 to 5.16.0 ( #3807 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.15.0 to 5.16.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.15.0...v5.16.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 12:26:18 -04:00
dependabot[bot]
a5da154327
chore(deps): bump github.com/anchore/stereoscope from 0.1.2 to 0.1.3 ( #3803 )
2025-04-15 19:31:45 +00:00
dependabot[bot]
a5632c0044
chore(deps): bump github.com/mholt/archives from 0.1.0 to 0.1.1 ( #3778 )
...
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.0...v0.1.1 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-11 14:50:51 -04:00
dependabot[bot]
d145e80c20
chore(deps): bump github.com/magiconair/properties from 1.8.9 to 1.8.10 ( #3789 )
...
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/magiconair/properties/releases )
- [Commits](https://github.com/magiconair/properties/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
dependency-version: 1.8.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-11 12:42:57 -04:00
dependabot[bot]
05de0d2a1b
chore(deps): bump github.com/charmbracelet/bubbles from 0.20.0 to 0.21.0 ( #3790 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Changelog](https://github.com/charmbracelet/bubbles/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-version: 0.21.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-11 12:42:46 -04:00
dependabot[bot]
e7f0a602c2
chore(deps): bump github.com/go-git/go-git/v5 from 5.14.0 to 5.15.0 ( #3792 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.14.0 to 5.15.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.14.0...v5.15.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-11 10:12:05 -04:00
dependabot[bot]
97228af539
chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 ( #3787 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.38.0 to 0.39.0.
- [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.39.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-08 14:02:48 -04:00
anchore-actions-token-generator[bot]
9ab83874ed
chore(deps): update anchore dependencies ( #3772 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-04-01 14:09:34 +00:00
dependabot[bot]
b948f2e254
chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 ( #3766 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-31 15:02:30 +00:00
dependabot[bot]
72a0fa4aa3
chore(deps): bump modernc.org/sqlite from 1.36.1 to 1.37.0 ( #3771 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.36.1 to 1.37.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.36.1...v1.37.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-31 10:41:53 -04:00
Alex Goodman
ad9928cb2a
Merge the .NET deps.json and PE binary catalogers ( #3563 )
...
* add combined deps.json + pe binary cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* deprecate pe and deps standalone catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* parse resource names + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration and CLI tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add some helpful code comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for dropping Dep packages that are missing DLLs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate json schema changes to 24
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep application configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct config help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] detect claims of dlls within deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add assembly repack detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* .net package count is lower due to dll claim requirement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-27 14:38:16 -04:00
Keith Zantow
4a9437808e
feat: parallelize catalogers per-file and hash contents in parallel ( #3636 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-26 11:10:08 -04:00
Alex Goodman
e9b24a29d7
Remove mitchellh dependencies ( #3748 )
...
* remove mitchellh dependencies
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix failing unit tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-20 10:19:19 -04:00
dependabot[bot]
b036d75e8a
chore(deps): bump github.com/docker/docker ( #3749 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.0.1+incompatible to 28.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.0.1...v28.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 10:02:35 -04:00
Alan Pope
5fa8e9c6e9
feat: add Debian archive (.deb) file cataloger ( #3704 )
...
* feat: add Debian archive (.deb) file cataloger
Add a cataloger that parses Debian package (.deb) archive files directly,
allowing Syft to discover packages from .deb files without requiring
them to be installed on the system. This implements issue #3315 .
Key features:
- Parse .deb AR archives to extract package metadata
- Support for gzip, xz, and zstd compressed control files
- Extract package metadata from control files
- Process file information from md5sums files
- Mark configuration files from conffiles entries
- Handle trailing slashes in archive member names
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* chore: run go mod tidy to fix failing workflow
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* add license processing to dpkg archive cataloger + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with dpkg archive type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-19 20:03:21 +00:00
