oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2026-02-12 02:26:42 +01:00

Author	SHA1	Message	Date
Christopher Phillips	57ec3a6561	feat: apply HandleCompundArchiveAliases across syft Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-12-01 11:05:59 -05:00
Yuntao Hu	4bbceb09c1	handle compound aliases like tar.gz when cataloging archives Signed-off-by: Yuntao Hu <victorhu493@gmail.com>	2025-12-01 21:45:22 +08:00
Adam Chovanec	5b96d1d69d	chore: rename test func for CPE decoder (#4379 ) Signed-off-by: Adam Chovanec <git@adamchovanec.cz> Co-authored-by: Adam Chovanec <git@adamchovanec.cz>	2025-11-25 23:05:31 -05:00
dependabot[bot]	6c666383e7	chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 (#4381 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.9 to 0.20.10. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`8e94d75ddd...fbfd9c6c18`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 23:05:05 -05:00
dependabot[bot]	b9710a1e79	chore(deps): bump modernc.org/sqlite from 1.40.0 to 1.40.1 (#4382 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.40.0 to 1.40.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.40.0...v1.40.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.40.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 23:04:56 -05:00
dependabot[bot]	023a14f869	chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4396 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`08c6903cd8...1af3b93b68`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 23:03:02 -05:00
dependabot[bot]	439a063d08	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.3 to 6.7.5 (#4397 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.7.3 to 6.7.5. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.3...v6.7.5) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 10:20:59 -05:00
Will Murphy	c95893209d	fix: normalize python package names from dependency lists (#4408 ) Because package names in METADATA files may have upper case like Werkzeug or Jinja2, but Syft artifacts have normalized names and are lower case, like werkzeug or jinja2, Syft would miss emitting dependency relationships. Therefore, normalize dependency names before comparing with existing artifacts. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-11-25 10:20:21 -05:00
anchore-actions-token-generator[bot]	7e02bdfe45	chore(deps): update tools to latest versions (#4398 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-25 10:17:33 -05:00
dependabot[bot]	479cf5aff2	chore(deps): bump github.com/google/go-containerregistry (#4409 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.6 to 0.20.7. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.20.6...v0.20.7) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 10:16:54 -05:00
dependabot[bot]	f12788da78	chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#4386 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`014f16e7ab...e12f017898`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:40:21 -05:00
dependabot[bot]	67709362b6	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.2 to 6.7.3 (#4387 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.7.2 to 6.7.3. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.2...v6.7.3) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:01:21 -05:00
dependabot[bot]	55526dbde0	chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 (#4391 ) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.44.0 to 0.45.0. - [Commits](https://github.com/golang/crypto/compare/v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:01:05 -05:00
dependabot[bot]	af167ba0c1	chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#4392 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`4469467582...4dc6199c7b`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:00:56 -05:00
dependabot[bot]	00e1329bd1	chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#4393 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`4469467582...4dc6199c7b`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:00:44 -05:00
Christopher Angelo Phillips	9aca8167b8	chore: drop cpe from gguf (#4383 ) --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-19 05:37:40 -05:00
Will Murphy	759909f611	fix: emit lua rockspec dependencies in metadata (#4376 ) The types / schema allowed for this field to begin with but it wasn't set. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-11-18 09:19:41 -05:00
Keith Zantow	7014cb023f	chore: options to run release-install-script without release (#4377 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-11-17 22:12:04 +00:00
anchore-actions-token-generator[bot]	a033ae525f	chore(deps): update anchore dependencies (#4374 ) v1.38.0	2025-11-17 12:17:15 -05:00
Will Murphy	1c22325385	ci: output oras path (#4373 ) * ci: output oras path Some workflows expect bootstrap to output the oras path. This seems like a reasonable thing for it to do. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * ci: use path to oras from binny Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-11-17 15:36:45 +00:00
dependabot[bot]	75ad5c6c74	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.1 to 6.7.2 (#4372 )	2025-11-17 08:47:47 -05:00
dependabot[bot]	d2641dfa39	chore(deps): bump golang.org/x/tools from 0.38.0 to 0.39.0 (#4364 ) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2025-11-17 13:41:45 +00:00
anchore-actions-token-generator[bot]	365325376a	chore(deps): update tools to latest versions (#4370 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-15 06:47:23 -05:00
Alex Goodman	153f2321ce	Fix test-fixture publish (#4369 ) * pin python dependencies Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pin rust dependencies Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pin php deps Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update and pin http and curl fixtures Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-14 15:41:23 -05:00
Alex Goodman	7bf7bcc461	Support `extras` statements in Python PDM cataloger (#4352 ) * fix pdm Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test for metadata construction Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add missing test fixture Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * conserve markers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add additional tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-14 15:13:10 -05:00
anchore-actions-token-generator[bot]	6a21b5e5e2	chore(deps): update tools to latest versions (#4365 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-14 09:25:27 -05:00
dependabot[bot]	6480c8a425	chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#4366 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`0499de31b9...014f16e7ab`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-14 09:25:08 -05:00
Kudryavcev Nikolay	89842bd2f6	chore: migrate syft to use mholt/archives instead of anchore fork (#4029 ) --------- Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com> Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-13 23:04:43 +00:00
Christopher Angelo Phillips	4a60c41f38	feat: 4184 gguf parser (ai artifact cataloger) part 1 (#4279 ) --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>	2025-11-13 17:43:48 -05:00
anchore-actions-token-generator[bot]	2e100f33f3	chore(deps): update tools to latest versions (#4358 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-12 13:27:47 -05:00
dependabot[bot]	b444f0c2ed	chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 (#4359 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.29.0 to 0.30.0. - [Commits](https://github.com/golang/mod/compare/v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 13:27:33 -05:00
Adam Chovanec	102d362daf	feat: CPEs format decoder (#4207 ) Signed-off-by: Adam Chovanec <git@adamchovanec.cz>	2025-11-12 10:45:09 -05:00
Alex Goodman	66c78d44af	Document additional json schema fields (#4356 ) * add documentation to key fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-10 16:29:06 -05:00
dependabot[bot]	78a4ab8ced	chore(deps): bump github.com/olekukonko/tablewriter from 1.0.9 to 1.1.1 (#4354 ) Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter) from 1.0.9 to 1.1.1. - [Commits](https://github.com/olekukonko/tablewriter/compare/v1.0.9...v1.1.1) --- updated-dependencies: - dependency-name: github.com/olekukonko/tablewriter dependency-version: 1.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-10 13:31:15 -05:00
dependabot[bot]	25ca33d20e	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.0 to 6.7.1 (#4355 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.7.0 to 6.7.1. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.0...v6.7.1) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-10 13:30:56 -05:00
anchore-actions-token-generator[bot]	60ca241593	chore(deps): update tools to latest versions (#4347 ) * chore: new tool checks --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2025-11-07 20:56:44 +00:00
dependabot[bot]	0f475c8bcd	chore(deps): bump github.com/opencontainers/selinux (#4349 ) Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.11.0 to 1.13.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.11.0...v1.13.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-07 15:21:35 -05:00
Alex Goodman	199394934d	preserve --from order (#4350 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-07 10:17:10 -05:00
dependabot[bot]	8a22d394ed	chore(deps): bump golang.org/x/time from 0.12.0 to 0.14.0 (#4348 ) Bumps [golang.org/x/time](https://github.com/golang/time) from 0.12.0 to 0.14.0. - [Commits](https://github.com/golang/time/compare/v0.12.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/time dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-07 08:48:20 -05:00
Tim Olshansky	bbef262b8f	feat: Add license enrichment from pypi to python packages (#4295 ) * feat: Add license enrichment from pypi to python packages * Implement license caching and improve test coverage --------- Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>	2025-11-06 16:05:08 -05:00
Tim Olshansky	4e06a7ab32	feat(javascript): Add dependency parsing (#4304 ) * feat: Add dependency parsing to javascript package locks Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Bump schema version Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Add support for yarn and pnpm, excl. yarn v1 Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Add support for dependencies for v1 yarn lock files Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Ensure schema is correctly generated Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * Fix tests Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> * PR feedback Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com> --------- Signed-off-by: Tim Olshansky <456103+timols@users.noreply.github.com>	2025-11-06 16:03:43 -05:00
Alex Goodman	e5711e9b42	Update CPE processing to use NVD API (#4332 ) * update NVD CPE dictionary processor to use API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pass linting with exceptions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-06 16:02:26 -05:00
Rez Moss	f69b1db099	feat: detect elixir bin (#4334 ) * Elixir detection, fixed #4333 --------- Signed-off-by: Rez Moss <hi@rezmoss.com>	2025-11-06 16:02:02 -05:00
dependabot[bot]	fe1ea443c2	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.9 to 6.7.0 (#4337 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.9 to 6.7.0. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.9...v6.7.0) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-06 15:47:49 -05:00
dependabot[bot]	bfcbf266df	chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#4340 ) Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.28 to 1.7.29. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.28...v1.7.29) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-version: 1.7.29 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-06 15:46:32 -05:00
Keith Zantow	a400c675fc	feat: license file search (#4327 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-11-03 14:16:05 -05:00
Alex Goodman	7c154e7c37	use official action for token generation (#4331 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-03 13:08:42 -05:00
anchore-actions-token-generator[bot]	4c93394bc2	chore(deps): update anchore dependencies (#4330 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com> v1.37.0	2025-11-03 12:44:07 -05:00
kdt523	3e4e82f03e	Canonicalize Ghostscript CPE/PURL for ghostscript packages from PE Binaries (#4308 ) * binary(pe): canonicalize Ghostscript CPE to artifex:ghostscript and add generic purl for PE (#4275)\n\n- Detect Ghostscript via PE version resources and set purl pkg:generic/ghostscript@<version>\n- Add PE-specific CPE candidates: vendor 'artifex', product 'ghostscript'\n- Add focused unit tests for purl and CPE generation Signed-off-by: kdt523 <krushna.datir231@vit.edu> * fix: gofmt formatting for static analysis pass (pe-ghostscript-cpe-purl-4275) Signed-off-by: kdt523 <krushna.datir231@vit.edu> --------- Signed-off-by: kdt523 <krushna.datir231@vit.edu>	2025-11-03 14:54:48 +00:00
dependabot[bot]	793b0a346f	chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 (#4325 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.1 to 4.31.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`5fe9434cd2...0499de31b9`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-03 09:11:20 -05:00

1 2 3 4 5 ...

3090 Commits