Christopher Phillips
549f526de0
fix: remove old generated capabilities
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
4eaf583526
review: remove and refactor implementation for easier review
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
4352ac4691
test: test cleanup
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
e88d6d019e
chore: refactor interface with new naming
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
b234d3eb2f
chore: comments
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:37 -04:00
Christopher Phillips
5d80168a5d
test: update originator supplier
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:36 -04:00
Christopher Phillips
b731aa4f33
lint: lintfix
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:23 -04:00
Christopher Phillips
9644340981
fix: license frontmatter
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:23 -04:00
Christopher Phillips
15bd509e15
fix: remove index parsing
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:23 -04:00
Christopher Phillips
19ea799cd2
test: tensor package naming precedence test
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:22 -04:00
Christopher Phillips
a75c3086f6
fix: move non safetensor layer fetch to post
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:22 -04:00
Christopher Phillips
69b7c5e3d0
fix: make MetadataHash consistent across oci/dir source
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:22 -04:00
Christopher Phillips
d12cf9a3e2
fix: update userMetadata to use KeyValue
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:46:21 -04:00
Christopher Phillips
1a1f2af92b
test: fixture test with real safetensor data
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:53 -04:00
Christopher Phillips
324fecf4a4
fix: allow both dir/oci paths to parse safetensor files
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:53 -04:00
Christopher Phillips
58b6f5807e
fix: support v0.2
...
<optional footer>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:53 -04:00
Christopher Phillips
1f035bc369
fix: non deterministic name on iteration
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:52 -04:00
Christopher Phillips
52653e24fc
fix: rename SafeTensorsMetadata -> SafeTensorsModelInfo
...
<optional body>
<optional footer>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:51 -04:00
Christopher Phillips
dbee104681
feat: safe tensors
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-22 11:45:21 -04:00
Keith Zantow
9c321691d4
feat: SPDX 3 ( #4269 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-22 10:59:34 -04:00
Alex Goodman
0e8d6deabe
require tmpdir to exist for fingerprints ( #5002 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 10:54:26 -04:00
dependabot[bot]
deb2fd92ef
chore(deps): bump github.com/containerd/containerd/v2 ( #5001 )
...
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v2.3.1...v2.3.2 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
dependency-version: 2.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 14:12:11 +00:00
Alex Goodman
80d3b62de4
bump go-make to v0.7.0 ( #4999 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 09:47:58 -04:00
anchore-oss-update-bot
b71afc87fc
chore(deps): update tool versions ( #4994 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-06-19 11:51:05 +00:00
Alex Goodman
efe3174b5f
Preserve dependency edges when a compliance stub changes a package ID ( #4993 )
...
* fix relationship rewrites for isolated nodes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* cover dangling pointers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-18 19:50:30 -04:00
Rez Moss
58e4dbbf01
feat: added bin classifier elastic-agent ( #4968 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-17 15:29:07 +00:00
Sebastiaan van Stijn
b70fa899cb
golangci-lint: enable gci formatter ( #4828 )
...
This allows linting the imports to be grouped correctly, and provides
an auto-fix (`golangci-lint run --fix`).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-06-17 10:34:22 -04:00
Alex Goodman
951fbd454a
add purl types to cataloger info cmd ( #4984 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-16 12:13:34 -04:00
Rez Moss
92ae4d44c5
fix: .net deps.json cataloger no longer shows phantom pkgs ( #4971 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-16 12:02:42 -04:00
Alex Goodman
8d48a8b8c2
ensure we have a snapshot build for cli tests ( #4981 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-16 10:41:33 -04:00
David Dashti
cff5a05681
fix(dpkg): extract License field for opkg/ipkg entries ( #4963 )
...
* fix(dpkg): extract License field for opkg/ipkg entries
opkg and ipkg use the dpkg cataloger but declare the package License
inline in the status DB (unlike Debian dpkg, where licenses live in
copyright files). The cataloger silently dropped the License field at
mapstructure decode time, so all opkg-managed packages reported empty
licenses.
This adds the field to the intermediate decode struct and the public
DpkgDBEntry, and populates licenses in newDpkgPackage using the alpine
cataloger's pattern: try license.ParseExpression first to keep valid
SPDX expressions whole, fall back to whitespace splitting for
space-separated lists.
Standard Debian dpkg status files never carry a License field per
Debian policy, so the new path is a no-op for them; the existing
copyright-file lookup in addLicenses is unaffected.
Closes #4940
Signed-off-by: David Dashti <47575784+Dashtid@users.noreply.github.com>
* remove license from dpkg metadata struct
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore format snapshot files
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add additional tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: David Dashti <47575784+Dashtid@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-15 16:15:32 -04:00
Kursat Topcuoglu
00ca43d24a
fix: catalog uv PEP 723 script lockfiles (*.py.lock) ( #4950 )
...
Signed-off-by: Kursat Topcuoglu <7313835+ktopcuoglu@users.noreply.github.com>
Co-authored-by: Kursat Topcuoglu <7313835+ktopcuoglu@users.noreply.github.com>
2026-06-15 11:34:02 -04:00
dependabot[bot]
6a27678036
chore(deps): bump the actions-minor-patch group across 2 directories with 6 updates ( #4975 )
...
Bumps the actions-minor-patch group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
| [actions/checkout](https://github.com/actions/checkout ) | `6.0.2` | `6.0.3` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [anchore/go-make](https://github.com/anchore/go-make ).
Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](de0fac2e45...df4cb1c069 )
Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `anchore/go-make` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/anchore/go-make/releases )
- [Commits](9de27be11e...39fe5f7111 )
---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 13:29:23 +00:00
Keith Zantow
89773c0a12
fix: support CycloneDX 1.7 ( #4967 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-11 09:40:42 -04:00
Yoonho Hann
b08d3c2970
feat: add support for Bun lockfile ( #4625 )
...
---------
Signed-off-by: Yoonho Hann <hnnynh125@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-09 13:22:43 -04:00
Keith Zantow
63232bf725
fix: local version identifiers in python requirements parsing ( #4959 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-08 11:12:47 -04:00
Marcus
908eb57890
feat: add .bpl extension to PE cataloger ( #4954 )
...
BPL (Borland Package Library) files are standard PE/DLL format used by
Delphi and C++Builder. Adding the extension to the glob list so syft
picks them up during directory scans without users needing to rename
to .dll first.
---------
Signed-off-by: jfjrh2014 <jfjrh2014@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-08 10:07:15 -04:00
Arpit Jain
c5c423ab37
fix: detect mariadb version from RHEL build path ( #4952 )
...
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
2026-06-07 13:28:18 -04:00
anchore-oss-update-bot
d4496b05aa
chore(deps): update anchore dependencies ( #4934 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
v1.45.1
2026-06-05 13:55:57 +00:00
dependabot[bot]
adc55cdb3a
chore(deps): bump the go-minor-patch group across 1 directory with 3 updates ( #4957 )
...
Bumps the go-minor-patch group with 3 updates in the / directory: [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ), [github.com/gpustack/gguf-parser-go](https://github.com/gpustack/gguf-parser-go ) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ).
Updates `github.com/gkampitakis/go-snaps` from 0.5.21 to 0.5.22
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.21...v0.5.22 )
Updates `github.com/gpustack/gguf-parser-go` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/gpustack/gguf-parser-go/releases )
- [Commits](https://github.com/gpustack/gguf-parser-go/compare/v0.24.0...v0.24.1 )
Updates `modernc.org/sqlite` from 1.50.1 to 1.51.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.1...v1.51.0 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.22
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/gpustack/gguf-parser-go
dependency-version: 0.24.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
dependency-version: 1.51.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-05 13:28:05 +00:00
anchore-oss-update-bot
00d0bb59cc
chore(deps): update tool versions ( #4724 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-06-05 11:22:28 +00:00
dependabot[bot]
f474308783
chore(deps): bump the go-minor-patch group across 2 directories with 14 updates ( #4947 )
...
* chore(deps): bump the go-minor-patch group across 2 directories with 14 updates
Bumps the go-minor-patch group with 9 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) | `0.10.0` | `0.11.0` |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) | `3.4.0` | `3.5.0` |
| [github.com/diskfs/go-diskfs](https://github.com/diskfs/go-diskfs ) | `1.7.0` | `1.9.3` |
| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) | `2.4.0` | `2.7.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) | `0.21.5` | `0.21.6` |
| [github.com/gookit/color](https://github.com/gookit/color ) | `1.6.0` | `1.6.1` |
| [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema ) | `0.13.0` | `0.14.0` |
| [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) | `6.7.8` | `6.7.10` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) | `1.46.2` | `1.50.1` |
Bumps the go-minor-patch group with 1 update in the /.make directory: [github.com/anchore/go-make](https://github.com/anchore/go-make ).
Updates `github.com/CycloneDX/cyclonedx-go` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.10.0...v0.11.0 )
Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.4.0...v3.5.0 )
Updates `github.com/diskfs/go-diskfs` from 1.7.0 to 1.9.3
- [Commits](https://github.com/diskfs/go-diskfs/compare/v1.7.0...v1.9.3 )
Updates `github.com/github/go-spdx/v2` from 2.4.0 to 2.7.0
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.4.0...v2.7.0 )
Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6 )
Updates `github.com/gookit/color` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.6.0...v1.6.1 )
Updates `github.com/invopop/jsonschema` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/invopop/jsonschema/releases )
- [Commits](https://github.com/invopop/jsonschema/compare/v0.13.0...v0.14.0 )
Updates `github.com/jedib0t/go-pretty/v6` from 6.7.8 to 6.7.10
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.8...v6.7.10 )
Updates `github.com/klauspost/compress` from 1.18.5 to 1.18.6
- [Release notes](https://github.com/klauspost/compress/releases )
- [Commits](https://github.com/klauspost/compress/compare/v1.18.5...v1.18.6 )
Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](https://github.com/golang/mod/compare/v0.35.0...v0.36.0 )
Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](https://github.com/golang/net/compare/v0.53.0...v0.54.0 )
Updates `golang.org/x/tools` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.44.0...v0.45.0 )
Updates `modernc.org/sqlite` from 1.46.2 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.2...v1.50.1 )
Updates `github.com/anchore/go-make` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/anchore/go-make/releases )
- [Commits](https://github.com/anchore/go-make/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-version: 0.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/diskfs/go-diskfs
dependency-version: 1.9.3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/github/go-spdx/v2
dependency-version: 2.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.21.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/gookit/color
dependency-version: 1.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/invopop/jsonschema
dependency-version: 0.14.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.7.10
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/klauspost/compress
dependency-version: 1.18.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: golang.org/x/mod
dependency-version: 0.36.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: golang.org/x/net
dependency-version: 0.54.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: golang.org/x/tools
dependency-version: 0.45.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
dependency-version: 1.50.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/anchore/go-make
dependency-version: 0.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: update signatures to return fs.FileInfo after breaking changes
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: lint-fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-04 17:06:25 -04:00
Will Murphy
bf67072246
chore: bump golang.org/x/crypto ( #4955 )
...
* chore: bump golang.org/x/crypto
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* also bump golang.org/x/net
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-06-04 16:06:08 -04:00
Will Murphy
9673f867e5
Pass contents: read to check-gate ( #4951 )
...
Otherwise check-gate doesn't have enough permissions to do its job and
fails.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
v1.45.0
2026-06-02 16:05:42 -04:00
Matias Insaurralde
a4fb2c0396
perf(python): hoist name normalization regexp to package level ( #4926 )
...
Avoid recompiling the separator pattern on every normalize() call during cataloging.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
2026-06-01 21:17:43 -04:00
witchcraze
cf2ce643c3
update helm classifier ( #4922 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-06-01 10:21:57 -04:00
dependabot[bot]
524a44b70d
chore(deps): bump the actions-minor-patch group across 1 directory with 6 updates ( #4946 )
...
Bumps the actions-minor-patch group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `4.1.0` | `4.2.0` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) | `0.5.5` | `0.5.6` |
Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](4907a6ddec...650006c6eb )
Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `zizmorcore/zizmor-action` from 0.5.5 to 0.5.6
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](a16621b09c...5f14fd08f7 )
---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: docker/login-action
dependency-version: 4.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
dependency-version: 0.5.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-29 16:35:04 +00:00
witchcraze
4e86715c1a
fix: improve julia classifier to find shared libs and beta versions ( #4945 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-05-29 12:05:46 -04:00
Alex Goodman
e8c6b7151e
swap postgres signature check for rocky linux baseline rpm ( #4941 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-26 10:11:38 -04:00
witchcraze
0fb8762f41
fix: improve deno classifier ( #4939 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-05-25 11:58:10 -04:00