3396 Commits

Author SHA1 Message Date
Christopher Phillips
16d0449cc8
pr: review
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:47:11 -04:00
Christopher Phillips
b216dad4a7
fix: schema drift
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:47:09 -04:00
Christopher Phillips
4e79519d33
lint: fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:57 -04:00
Christopher Phillips
0dc4abc0e1
pr: refactor
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:57 -04:00
Christopher Phillips
fe392a490b
pr: first pass refactor
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:57 -04:00
Christopher Phillips
dd179eb8a7
tests: clean up and add complete dir tests
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:57 -04:00
Alex Goodman
b85b50001d
remove oci artifact interface
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 11:46:57 -04:00
Christopher Phillips
dbf6dd2eb3
fix: trim fields to only be ones from safetensor header
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:55 -04:00
Christopher Phillips
549f526de0
fix: remove old generated capabilities
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
4eaf583526
review: remove and refactor implementation for easier review
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
4352ac4691
test: test cleanup
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
e88d6d019e
chore: refactor interface with new naming
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
b234d3eb2f
chore: comments
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
5d80168a5d
test: update originator supplier
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:36 -04:00
Christopher Phillips
b731aa4f33
lint: lintfix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:23 -04:00
Christopher Phillips
9644340981
fix: license frontmatter
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:23 -04:00
Christopher Phillips
15bd509e15
fix: remove index parsing
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:23 -04:00
Christopher Phillips
19ea799cd2
test: tensor package naming precedence test
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:22 -04:00
Christopher Phillips
a75c3086f6
fix: move non safetensor layer fetch to post
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:22 -04:00
Christopher Phillips
69b7c5e3d0
fix: make MetadataHash consistent across oci/dir source
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:22 -04:00
Christopher Phillips
d12cf9a3e2
fix: update userMetadata to use KeyValue
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:21 -04:00
Christopher Phillips
1a1f2af92b
test: fixture test with real safetensor data
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:53 -04:00
Christopher Phillips
324fecf4a4
fix: allow both dir/oci paths to parse safetensor files
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:53 -04:00
Christopher Phillips
58b6f5807e
fix: support v0.2
<optional footer>

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:53 -04:00
Christopher Phillips
1f035bc369
fix: non deterministic name on iteration
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:52 -04:00
Christopher Phillips
52653e24fc
fix: rename SafeTensorsMetadata -> SafeTensorsModelInfo
<optional body>

<optional footer>

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:51 -04:00
Christopher Phillips
dbee104681
feat: safe tensors
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:21 -04:00
Keith Zantow
9c321691d4
feat: SPDX 3 (#4269)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-22 10:59:34 -04:00
Alex Goodman
0e8d6deabe
require tmpdir to exist for fingerprints (#5002)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 10:54:26 -04:00
dependabot[bot]
deb2fd92ef
chore(deps): bump github.com/containerd/containerd/v2 (#5001)
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.3.1...v2.3.2)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 14:12:11 +00:00
Alex Goodman
80d3b62de4
bump go-make to v0.7.0 (#4999)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 09:47:58 -04:00
anchore-oss-update-bot
b71afc87fc
chore(deps): update tool versions (#4994)
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-06-19 11:51:05 +00:00
Alex Goodman
efe3174b5f
Preserve dependency edges when a compliance stub changes a package ID (#4993)
* fix relationship rewrites for isolated nodes

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* cover dangling pointers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-18 19:50:30 -04:00
Rez Moss
58e4dbbf01
feat: added bin classifier elastic-agent (#4968)
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-17 15:29:07 +00:00
Sebastiaan van Stijn
b70fa899cb
golangci-lint: enable gci formatter (#4828)
This allows linting the imports to be grouped correctly, and provides
an auto-fix (`golangci-lint run --fix`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-06-17 10:34:22 -04:00
Alex Goodman
951fbd454a
add purl types to cataloger info cmd (#4984)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-16 12:13:34 -04:00
Rez Moss
92ae4d44c5
fix: .net deps.json cataloger no longer shows phantom pkgs (#4971)
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-16 12:02:42 -04:00
Alex Goodman
8d48a8b8c2
ensure we have a snapshot build for cli tests (#4981)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-16 10:41:33 -04:00
David Dashti
cff5a05681
fix(dpkg): extract License field for opkg/ipkg entries (#4963)
* fix(dpkg): extract License field for opkg/ipkg entries

opkg and ipkg use the dpkg cataloger but declare the package License
inline in the status DB (unlike Debian dpkg, where licenses live in
copyright files). The cataloger silently dropped the License field at
mapstructure decode time, so all opkg-managed packages reported empty
licenses.

This adds the field to the intermediate decode struct and the public
DpkgDBEntry, and populates licenses in newDpkgPackage using the alpine
cataloger's pattern: try license.ParseExpression first to keep valid
SPDX expressions whole, fall back to whitespace splitting for
space-separated lists.

Standard Debian dpkg status files never carry a License field per
Debian policy, so the new path is a no-op for them; the existing
copyright-file lookup in addLicenses is unaffected.

Closes #4940

Signed-off-by: David Dashti <47575784+Dashtid@users.noreply.github.com>

* remove license from dpkg metadata struct

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restore format snapshot files

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add additional tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: David Dashti <47575784+Dashtid@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-15 16:15:32 -04:00
Kursat Topcuoglu
00ca43d24a
fix: catalog uv PEP 723 script lockfiles (*.py.lock) (#4950)
Signed-off-by: Kursat Topcuoglu <7313835+ktopcuoglu@users.noreply.github.com>
Co-authored-by: Kursat Topcuoglu <7313835+ktopcuoglu@users.noreply.github.com>
2026-06-15 11:34:02 -04:00
dependabot[bot]
6a27678036
chore(deps): bump the actions-minor-patch group across 2 directories with 6 updates (#4975)
Bumps the actions-minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows) | `0.7.0` | `0.7.2` |

Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [anchore/go-make](https://github.com/anchore/go-make).


Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](b3e328b5ae...b0c30a8040)

Updates `anchore/go-make` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/anchore/go-make/releases)
- [Commits](9de27be11e...39fe5f7111)

---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 13:29:23 +00:00
Keith Zantow
89773c0a12
fix: support CycloneDX 1.7 (#4967)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-11 09:40:42 -04:00
Yoonho Hann
b08d3c2970
feat: add support for Bun lockfile (#4625)
---------
Signed-off-by: Yoonho Hann <hnnynh125@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-09 13:22:43 -04:00
Keith Zantow
63232bf725
fix: local version identifiers in python requirements parsing (#4959)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-08 11:12:47 -04:00
Marcus
908eb57890
feat: add .bpl extension to PE cataloger (#4954)
BPL (Borland Package Library) files are standard PE/DLL format used by
Delphi and C++Builder. Adding the extension to the glob list so syft
picks them up during directory scans without users needing to rename
to .dll first.
---------
Signed-off-by: jfjrh2014 <jfjrh2014@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-08 10:07:15 -04:00
Arpit Jain
c5c423ab37
fix: detect mariadb version from RHEL build path (#4952)
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
2026-06-07 13:28:18 -04:00
anchore-oss-update-bot
d4496b05aa
chore(deps): update anchore dependencies (#4934)
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
v1.45.1
2026-06-05 13:55:57 +00:00
dependabot[bot]
adc55cdb3a
chore(deps): bump the go-minor-patch group across 1 directory with 3 updates (#4957)
Bumps the go-minor-patch group with 3 updates in the / directory: [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps), [github.com/gpustack/gguf-parser-go](https://github.com/gpustack/gguf-parser-go) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/gkampitakis/go-snaps` from 0.5.21 to 0.5.22
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.21...v0.5.22)

Updates `github.com/gpustack/gguf-parser-go` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/gpustack/gguf-parser-go/releases)
- [Commits](https://github.com/gpustack/gguf-parser-go/compare/v0.24.0...v0.24.1)

Updates `modernc.org/sqlite` from 1.50.1 to 1.51.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.1...v1.51.0)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-version: 0.5.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/gpustack/gguf-parser-go
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
  dependency-version: 1.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-05 13:28:05 +00:00
anchore-oss-update-bot
00d0bb59cc
chore(deps): update tool versions (#4724)
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-06-05 11:22:28 +00:00
dependabot[bot]
f474308783
chore(deps): bump the go-minor-patch group across 2 directories with 14 updates (#4947)
* chore(deps): bump the go-minor-patch group across 2 directories with 14 updates

Bumps the go-minor-patch group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.10.0` | `0.11.0` |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.4.0` | `3.5.0` |
| [github.com/diskfs/go-diskfs](https://github.com/diskfs/go-diskfs) | `1.7.0` | `1.9.3` |
| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) | `2.4.0` | `2.7.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.6` |
| [github.com/gookit/color](https://github.com/gookit/color) | `1.6.0` | `1.6.1` |
| [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema) | `0.13.0` | `0.14.0` |
| [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) | `6.7.8` | `6.7.10` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.46.2` | `1.50.1` |

Bumps the go-minor-patch group with 1 update in the /.make directory: [github.com/anchore/go-make](https://github.com/anchore/go-make).

Updates `github.com/CycloneDX/cyclonedx-go` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.10.0...v0.11.0)

Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Masterminds/semver/compare/v3.4.0...v3.5.0)

Updates `github.com/diskfs/go-diskfs` from 1.7.0 to 1.9.3
- [Commits](https://github.com/diskfs/go-diskfs/compare/v1.7.0...v1.9.3)

Updates `github.com/github/go-spdx/v2` from 2.4.0 to 2.7.0
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](https://github.com/github/go-spdx/compare/v2.4.0...v2.7.0)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6)

Updates `github.com/gookit/color` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/gookit/color/releases)
- [Commits](https://github.com/gookit/color/compare/v1.6.0...v1.6.1)

Updates `github.com/invopop/jsonschema` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/invopop/jsonschema/releases)
- [Commits](https://github.com/invopop/jsonschema/compare/v0.13.0...v0.14.0)

Updates `github.com/jedib0t/go-pretty/v6` from 6.7.8 to 6.7.10
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.8...v6.7.10)

Updates `github.com/klauspost/compress` from 1.18.5 to 1.18.6
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.5...v1.18.6)

Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](https://github.com/golang/mod/compare/v0.35.0...v0.36.0)

Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](https://github.com/golang/net/compare/v0.53.0...v0.54.0)

Updates `golang.org/x/tools` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.44.0...v0.45.0)

Updates `modernc.org/sqlite` from 1.46.2 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.2...v1.50.1)

Updates `github.com/anchore/go-make` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/anchore/go-make/releases)
- [Commits](https://github.com/anchore/go-make/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/Masterminds/semver/v3
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/diskfs/go-diskfs
  dependency-version: 1.9.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/github/go-spdx/v2
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/gookit/color
  dependency-version: 1.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/invopop/jsonschema
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-version: 6.7.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/tools
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/anchore/go-make
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* fix: update signatures to return fs.FileInfo after breaking changes

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* fix: lint-fix

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-04 17:06:25 -04:00