anchore-actions-token-generator[bot]
190f3068d8
chore(deps): update tools to latest versions ( #4261 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-08 16:44:05 -04:00
Sebastien Dionne
bd013fe99a
docs: Fix typos and linguistic errors in documentation ( #4257 )
...
Signed-off-by: Sebastien Dionne <survivant00@gmail.com>
2025-10-06 14:22:22 +00:00
Parthib Mukherjee
c732052cf1
feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation ( #4093 )
...
* feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13 to 0.5.14 (#4089 )
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.13 to 0.5.14.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.13...v0.5.14 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.14
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump modernc.org/sqlite from 1.38.1 to 1.38.2 (#4088 )
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.38.1 to 1.38.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.1...v1.38.2 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/docker/docker (#4092 )
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.2.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.2.2...v28.3.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-version: 28.3.3+incompatible
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github.com/anchore/stereoscope (#4091 )
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.7-0.20250716200927-94c6f92877d4 to 0.1.7.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.7 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* migrate to get.anchore.io (#4095 )
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update anchore dependencies (#4098 )
* chore(deps): update anchore dependencies
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* address reader close operations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update anchore dependencies (#4104 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 (#4096 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e828ff8d4...51f77329af#4108 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update CPE dictionary index (#4112 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update tools to latest versions (#4111 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump actions/cache in /.github/actions/bootstrap (#4120 )
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644#4119 )
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644#4115 )
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072#4118 )
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat: add binary classifier for hashicorp vault (#4121 )
* add binary classifier for hashicorp vault
The Go Binary Cataloger isn't able to parse the version out of the
binary shipped in the DockerHub images of hashicorp/vault because the
version of the main module isn't set in the binary. Therefore, add a
binary classifier cataloger for this binary.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: add test fixtures, update vault
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: set binary classifier package type based on PURL
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: use github.com/hashicorp/vault as package name
Signed-off-by: Keith Zantow <kzantow@gmail.com>
* chore: update tests
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4124 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.7 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...76621b61de#4123 )
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.27.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 (#4122 )
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): update CPE dictionary index (#4126 )
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore: update GoReleaser configurations (#4128 )
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4130 )
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8#4129 )
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* fix: support multiple letters in openssl patch version (#4106 )
Signed-off-by: honigbot <thesoftbear@gmail.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 (#4134 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...df559355d5#4132 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat: add package supplier flag (#4131 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 (#4135 )
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47#4003 )
Fixes #2250
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* feat(cpegentereate): added test for the addBinaryPackageDigitVariation function
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* docs(cpegenerate): made the comment more verbose
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
* nit: separate digit variation concerns from case of use
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Signed-off-by: honigbot <thesoftbear@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Parthib Mukherjee <109328510+hawkaii@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
Co-authored-by: honigbot <34426443+honigbot@users.noreply.github.com>
Co-authored-by: Alan Pope <alan.pope@anchore.com>
2025-10-06 10:09:38 -04:00
dependabot[bot]
8f1d45830d
chore(deps): bump github.com/iancoleman/orderedmap ( #4258 )
...
Bumps [github.com/iancoleman/orderedmap](https://github.com/iancoleman/orderedmap ) from 0.0.0-20190318233801-ac98e3ecb4b0 to 0.3.0.
- [Commits](https://github.com/iancoleman/orderedmap/commits/v0.3.0 )
---
updated-dependencies:
- dependency-name: github.com/iancoleman/orderedmap
dependency-version: 0.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 10:06:28 -04:00
dependabot[bot]
ea7dc8f468
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.3 ( #4259 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.2 to 5.16.3.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 10:06:17 -04:00
anchore-actions-token-generator[bot]
ff6a8b1802
chore(deps): update tools to latest versions ( #4248 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-10-03 14:53:27 -04:00
Alex Goodman
a77d24e379
Improve struct and field comments and incorporate into json schema ( #4252 )
...
* improve struct and field comments and incorporate into json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address review feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-03 17:01:56 +00:00
dependabot[bot]
b96d3d20af
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #4253 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.5 to 3.30.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3599b3baa1...64d10c1313
2025-10-03 12:07:20 -04:00
dependabot[bot]
5461a92337
chore(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 ( #4254 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.8.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-03 12:07:13 -04:00
dependabot[bot]
b9604cbf30
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.2 to 0.9.3 ( #4251 )
2025-10-02 13:24:25 +00:00
Keith Zantow
9217f2099f
chore: update ffmpeg tests ( #4249 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-10-01 13:11:36 +00:00
dependabot[bot]
605a275dd3
chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 ( #4246 )
2025-09-30 17:06:10 -04:00
Alan Pope
e1483e0285
Add support for identifying ffmpeg/libav libraries ( #4227 )
...
* Add support for identifying ffmpeg/libav libraries
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Undo my snippet-based confusion
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* Put test fixture config back
Signed-off-by: Alan Pope <alan.pope@anchore.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2025-09-26 10:43:47 -04:00
Alan Pope
0a36dabf23
feat(cataloger): add snap package cataloger for metadata extraction ( #4151 )
...
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-09-26 10:42:29 -04:00
dependabot[bot]
64b71ec04c
chore(deps): bump github.com/quasilyte/go-ruleguard/dsl ( #4245 )
...
Bumps [github.com/quasilyte/go-ruleguard/dsl](https://github.com/quasilyte/go-ruleguard ) from 0.3.22 to 0.3.23.
- [Release notes](https://github.com/quasilyte/go-ruleguard/releases )
- [Commits](https://github.com/quasilyte/go-ruleguard/compare/dsl/v0.3.22...dsl/v0.3.23 )
---
updated-dependencies:
- dependency-name: github.com/quasilyte/go-ruleguard/dsl
dependency-version: 0.3.23
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-26 10:27:13 -04:00
anchore-actions-token-generator[bot]
8629080e80
chore(deps): update tools to latest versions ( #4238 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-25 12:08:37 -04:00
dependabot[bot]
f0998de717
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 ( #4239 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.3 to 3.30.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...303c0aef88
2025-09-25 12:06:49 -04:00
dependabot[bot]
261ab7c1fd
chore(deps): bump actions/cache from 4.2.4 to 4.3.0 ( #4240 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfa
2025-09-25 12:02:41 -04:00
dependabot[bot]
8232f5bd1b
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #4241 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfa
2025-09-25 12:02:30 -04:00
Saleem Abdulrasool
21d50d7c31
feat: add ARM64 Windows build target ( #4237 )
...
Signed-off-by: Saleem Abdulrasool <compnerd@compnerd.org>
2025-09-24 15:29:03 -04:00
anchore-actions-token-generator[bot]
c28b90717b
chore(deps): update tools to latest versions ( #4236 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-24 15:07:58 -04:00
Keith Zantow
323fd3e34c
docs: add GitHub actions to supported ecosystems ( #4235 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-09-23 10:08:41 -04:00
anchore-actions-token-generator[bot]
af4d19f81d
chore(deps): update tools to latest versions ( #4230 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-22 11:08:30 -04:00
dependabot[bot]
d820c3436b
chore(deps): bump github.com/charmbracelet/bubbletea ( #4228 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.9 to 1.3.10.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.9...v1.3.10 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-18 15:15:52 -04:00
dependabot[bot]
409642c8f0
chore(deps): bump github.com/hashicorp/go-getter from 1.8.0 to 1.8.1 ( #4229 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.8.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-18 15:15:43 -04:00
dependabot[bot]
3abbd940e3
chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 ( #4222 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8ac
2025-09-18 10:58:53 -04:00
anchore-actions-token-generator[bot]
22f6f8f880
chore(deps): update tools to latest versions ( #4221 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-18 07:16:16 -04:00
dependabot[bot]
6005fb3c20
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.14 to 0.5.15 ( #4225 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.14 to 0.5.15.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.14...v0.5.15 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-17 10:07:37 -04:00
anchore-actions-token-generator[bot]
b87b919149
chore(deps): update anchore dependencies ( #4220 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-15 20:22:09 +00:00
anchore-actions-token-generator[bot]
a51994d102
chore(deps): update tools to latest versions ( #4215 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-15 14:38:28 -04:00
dependabot[bot]
333b951be3
chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 ( #4216 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.2 to 0.2.0.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](5ca5fc7a47...e673c3917a
2025-09-15 14:30:16 -04:00
dependabot[bot]
90c733d24d
chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 ( #4217 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](1750b5085f...77eaa4f1c6
2025-09-15 14:30:03 -04:00
dependabot[bot]
dacc2f61f9
chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 ( #4218 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8
2025-09-15 14:29:53 -04:00
dependabot[bot]
06b01aaa40
chore(deps): bump modernc.org/sqlite from 1.38.2 to 1.39.0 ( #4219 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.38.2 to 1.39.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.2...v1.39.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.39.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-15 14:29:45 -04:00
dependabot[bot]
e1762a2dda
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.8 to 1.3.9 ( #4214 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.8 to 1.3.9.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.8...v1.3.9 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-12 10:21:20 -04:00
Rafał Maj
c5cbc89cb1
fix: include RpmDBEntry modularityLabel in CycloneDX ( #4212 )
...
Signed-off-by: sfc-gh-rmaj <rafal.maj@snowflake.com>
2025-09-11 17:22:12 -04:00
Joel Rudsberg
7bc15e3d82
Native Image SBOM: Add Support for Locations Data ( #4186 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2025-09-11 14:16:09 -04:00
dependabot[bot]
c6cd66357a
chore(deps): bump github.com/spf13/afero from 1.14.0 to 1.15.0 ( #4202 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.14.0...v1.15.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-version: 1.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 13:27:42 -04:00
dependabot[bot]
04e989d761
chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.6 to 1.3.8 ( #4203 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.3.6 to 1.3.8.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.3.6...v1.3.8 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-version: 1.3.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 13:27:33 -04:00
dependabot[bot]
b6f7532b0f
chore(deps): bump github.com/vbatts/go-mtree from 0.5.4 to 0.6.0 ( #4204 )
...
Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree ) from 0.5.4 to 0.6.0.
- [Release notes](https://github.com/vbatts/go-mtree/releases )
- [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md )
- [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.4...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/vbatts/go-mtree
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 13:27:24 -04:00
anchore-actions-token-generator[bot]
2531bfd8cb
chore(deps): update tools to latest versions ( #4200 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-11 12:55:39 -04:00
dependabot[bot]
1fcdb67698
chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 ( #4210 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861
2025-09-11 12:50:41 -04:00
dependabot[bot]
f986327257
chore(deps): bump golang.org/x/tools from 0.36.0 to 0.37.0 ( #4211 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.36.0 to 0.37.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.36.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.37.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-11 12:50:33 -04:00
anchore-actions-token-generator[bot]
67e0f7e3f9
chore(deps): update tools to latest versions ( #4194 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-09-08 09:55:06 -04:00
dependabot[bot]
169220ba81
chore(deps): bump github.com/hashicorp/go-getter from 1.7.10 to 1.8.0 ( #4197 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.10 to 1.8.0.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/commits/v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.8.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 09:50:54 -04:00
dependabot[bot]
1df4779b48
chore(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 ( #4198 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/mod/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.28.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 09:50:09 -04:00
dependabot[bot]
3a7f1f27a6
chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 ( #4182 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.9.1 to 1.10.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-version: 1.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:36:59 -04:00
dependabot[bot]
8e78fd57b8
chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 ( #4188 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:22 -04:00
dependabot[bot]
b503690889
chore(deps): bump actions/setup-go in /.github/actions/bootstrap ( #4189 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:08 -04:00
dependabot[bot]
cc07df0347
chore(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.7.10 ( #4190 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.9 to 1.7.10.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.9...v1.7.10 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.7.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:05:46 -04:00
