Alex Goodman
a909e3cec9
fix considering base path when ignoring known bad unix paths ( #2644 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 15:57:38 -05:00
Alex Goodman
8e62ff9831
test for field conventions in json schema ( #2642 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 11:11:53 -05:00
Alexandr Hacicheant
96ee2db875
feat: Add Wordpress cataloger ( #2218 )
...
* Closes #1911 Wordpress cataloger
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed a few unit tests and static analizer notices
Signed-off-by: disc <a.hacicheant@gmail.com>
* Updated `README.md`
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed `golangci-lint` notices
Added integration test for `wordpress-plugin`
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed `gosimports` notices
Signed-off-by: disc <a.hacicheant@gmail.com>
* Updated `json schema` version
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed CLI tests, increased expected package count
Signed-off-by: disc <a.hacicheant@gmail.com>
* Read first 4Kb of a plugins file's content
Signed-off-by: disc <a.hacicheant@gmail.com>
* replace JSON schema version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change wording on source info for wordpress packages
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Minor changes after a huge refactoring
Signed-off-by: disc <a.hacicheant@gmail.com>
* Removed unused files
Signed-off-by: disc <a.hacicheant@gmail.com>
* Updated schema
Signed-off-by: disc <a.hacicheant@gmail.com>
* Fixed integration tests
Signed-off-by: disc <a.hacicheant@gmail.com>
* fix integration tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Renamed `metadata.Name` to `metadata.PluginInstallDirectory`
Signed-off-by: disc <a.hacicheant@gmail.com>
* rename fields to be compliant with json conventions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: disc <a.hacicheant@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 16:03:25 +00:00
Alex Goodman
98b700e83c
rename binary cataloger to be more unique ( #2633 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-14 11:01:55 -05:00
Christopher Angelo Phillips
9803db2949
fix: update runner size to use larger HD for codeql ( #2641 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 10:31:05 -05:00
anchore-actions-token-generator[bot]
17ef243956
chore(deps): update tools to latest versions ( #2616 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* fix: update to new linter rules
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-14 14:59:49 +00:00
dependabot[bot]
3ac7369068
chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 ( #2638 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.0 to 3.24.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e8893c57a1...e675ced7a7
2024-02-14 09:21:21 -05:00
dependabot[bot]
4d4efa4963
chore(deps): bump dawidd6/action-homebrew-bump-formula ( #2639 )
...
Bumps [dawidd6/action-homebrew-bump-formula](https://github.com/dawidd6/action-homebrew-bump-formula ) from 3.10.1 to 3.11.0.
- [Release notes](https://github.com/dawidd6/action-homebrew-bump-formula/releases )
- [Commits](75ed025ff3...baf2b60c51
2024-02-14 09:21:05 -05:00
dependabot[bot]
a7da2270c7
chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 ( #2640 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.29.0 to 1.29.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.0...v1.29.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-14 09:20:54 -05:00
Keith Zantow
6288530835
fix: add BOMRef to CycloneDX OS Component ( #2634 )
2024-02-14 08:18:16 -05:00
dependabot[bot]
25d3c06962
chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 ( #2629 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.5.0...v1.5.2 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:23:35 -05:00
dependabot[bot]
79b71be0ee
chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 ( #2630 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.28.0 to 1.29.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.28.0...v1.29.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:23:22 -05:00
Alex Goodman
25ae7bf55f
fix getting union reader for sif images ( #2631 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-13 15:12:31 +00:00
dependabot[bot]
e72dec8e9e
chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 ( #2607 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 14:31:44 -05:00
dependabot[bot]
3398e72066
chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 ( #2625 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.8 to 1.5.0.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.8...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 14:31:31 -05:00
Keith Zantow
d26a5c4d30
fix: ensure version output to stdout ( #2621 )
2024-02-09 20:59:25 +00:00
Alex Goodman
84576b93e1
Guess go main module version based on binary contents ( #2608 )
...
* guess go main module version based on binary contents
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add configuration options for golang main module version heuristics
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix test setup for go bin cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix unit test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix incorrect test assert ordering
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* handle error from seek
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 19:52:42 +00:00
anchore-actions-token-generator[bot]
737c4e44c5
chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 ( #2617 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-09 14:06:28 -05:00
Alex Goodman
7444a9f976
fix readme around templating options ( #2612 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 13:44:41 -05:00
Alex Goodman
8683cba081
suppress executable parsing issues ( #2614 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-09 17:13:58 +00:00
Christopher Angelo Phillips
c0f43e5e2d
chore: update license list, cpe dictionary ( #2620 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-09 11:31:42 -05:00
anchore-actions-token-generator[bot]
397cf210de
chore(deps): update tools to latest versions ( #2606 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-08 10:39:18 -05:00
Christopher Angelo Phillips
bd0cb916df
fix: incorrect conversion between integer types ( #2605 )
...
* chore: match strconv.ParseInt to file mode type
if a string is parsed into an int using strconv.Atoi,
and subsequently that int is converted into another integer type of a smaller size,
the result can produce unexpected values.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-02-07 20:41:00 +00:00
dependabot[bot]
da31eed637
chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 ( #2602 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:31:49 -05:00
dependabot[bot]
704155eb22
chore(deps): bump github.com/docker/docker ( #2601 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.2+incompatible to 25.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 11:31:41 -05:00
William Murphy
ce67927a98
Fix: unmarshal key values in Java, Go, and Conan metadata ( #2603 )
...
Previously, Syft represented several metadata fields as map[string]string,
however this representation erased ordering, so Syft now represents these values
as []KeyValue. Add custom unmarshaling so that JSON that was written by
older versions of Syft using the map[string]string representation can be parsed
into the new []KeyValue representation.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-07 11:26:23 -05:00
Weston Steimel
bbd34f61fd
fix(dotnet): prefer portable executable product version when semantically greater than file version ( #2600 )
...
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2024-02-07 13:28:37 +00:00
Alex Goodman
c61f59e7b7
Finalize Conan v2 support ( #2587 )
...
* Add support for conan lock v2 (#2461 )
* conan lock 2.x requires field support
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
* PR review, struct renaming
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
---------
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
* decompose conanlock parser + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: mikey strauss <mdstrauss91@gmail.com>
2024-02-07 08:24:02 -05:00
anchore-actions-token-generator[bot]
00d6269e3c
chore(deps): update tools to latest versions ( #2595 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-06 10:48:01 -05:00
dependabot[bot]
0bc5971085
chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 ( #2597 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-02-06 10:44:51 -05:00
anchore-actions-token-generator[bot]
91d7a8a992
chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c ( #2589 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-02-05 10:27:12 -05:00
dependabot[bot]
05fa8ba4e9
chore(deps): bump actions/cache from 3.3.2 to 4.0.0 ( #2592 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.2 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.3.2...13aacd865c20de90d75de3b17ebe84f7a17d57d2 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 10:26:55 -05:00
dependabot[bot]
e813a427b9
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 ( #2591 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.2 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 10:26:39 -05:00
dependabot[bot]
0618b2cb35
chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 ( #2593 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.23.2 to 3.24.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b7bf0a3ed3...e8893c57a1
2024-02-05 09:46:22 -05:00
Alex Goodman
fd3844853a
labeler should ignore latest version ( #2588 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 18:08:15 -05:00
William Murphy
b735106848
chore: copy latest schema to stable path for easier diff ( #2586 )
...
Because we generate a new JSON schema file every time the schema version
changes, the git diff always shows that the file is completely new.
Therefore, every time the file is re-generated, also write the schema to
a stable path, so that the actual changes to the schema are easily
visible in the git diff of the latest schema file.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-02 17:09:28 -05:00
Asi Greenholts
98de2e2f62
Adding metadata fields when parsing yarn.lock and poetry.lock ( #2350 )
...
* Adding the resolved and integrity fields of yarn.lock to the parsed metadata. This addition is similar to the metadata added when parsing package-lock.json.
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* fix comment
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* Adding the Index field to metadeta when parsing poetry.lock similarly to the existing Pipfile metadata
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* fixing struct accoding to tests
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
* remove old schema change
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove empty constants
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* re-generate JSON schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update document ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: asi-cider <88270351+asi-cider@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 19:53:42 +00:00
Laurent Goderre
d7b9cc70b0
Add Erlang OTP Application cataloger ( #2403 )
...
* Add cataloger for Erlang OTP applications
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* Add OTP Package type and Purl for ErLang
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
* remove erlang OTP metadata type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use OTP purl type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore otp fixture and adjust tests for dir-only results
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 13:40:18 -05:00
Alex Goodman
3023a5a7bc
Detect ELF security features ( #2443 )
...
* add detection of ELF security features
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with file executable data
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update expected fixure when no tty present
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* more detailed differ
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use json differ
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove json schema addition
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* regenerate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix mimtype set ref
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 16:51:18 +00:00
Alex Goodman
3da679066e
Add API examples ( #2517 )
...
* [wip] initial syft api examples
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* smooth over some rough edges in the API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* embed example file
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change name of builder function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-02 16:26:44 +00:00
William Murphy
b7a6d5e946
feat: Record where CPEs come from ( #2552 )
...
Syft can get CPEs from several source, including generating them based on
package data, finding them in the NVD CPE dictionary, or finding them declared
in a manifest or existing SBOM. Record where Syft got CPEs so that consumers of
SBOMs can reason about how trustworthy they are.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-02-02 16:17:52 +00:00
anchore-actions-token-generator[bot]
4fe50f4169
chore(deps): update stereoscope to 37291e81936d2b43b3cef56667a741ef715fbfe4 ( #2583 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-02-02 10:27:26 -05:00
dependabot[bot]
78d362f91a
chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1 to 0.18.0 ( #2584 )
...
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles ) from 0.17.1 to 0.18.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases )
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.17.1...v0.18.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-02 10:27:09 -05:00
Alex Goodman
5a9b664fef
swap format readseekers for readers ( #2581 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-01 14:18:13 -05:00
Alex Goodman
6107e5e2ad
translate maps to sequences in pkg metadata ( #2553 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-02-01 11:58:10 -05:00
anchore-actions-token-generator[bot]
fef0e54c0f
chore(deps): update tools to latest versions ( #2576 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-02-01 10:27:01 -05:00
dependabot[bot]
4a98f9fbd3
chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8 ( #2578 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.7 to 0.15.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](767b08fd88...b6a39da807
2024-02-01 10:26:47 -05:00
dependabot[bot]
db49c145f0
chore(deps): bump marocchino/sticky-pull-request-comment ( #2579 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](efaaab3fd4...331f8f5b42
2024-02-01 10:26:37 -05:00
dependabot[bot]
3ac7e43e3e
chore(deps): bump github.com/docker/docker ( #2580 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 25.0.1+incompatible to 25.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 10:26:25 -05:00
anchore-actions-token-generator[bot]
216e211dc8
chore(deps): update stereoscope to db7a4bedaba6ad93becf22ce794f306dfb07fcb9 ( #2577 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-02-01 08:32:13 +00:00
