oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,622 Commits 60 Branches 243 Tags
Commit Graph

617 Commits

Author SHA1 Message Date
Keith Zantow
46522bcc5d
chore: update packageurl-go (#3678) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2025-02-21 15:31:16 -05:00
dependabot[bot]
2317c5acfc
chore(deps): bump github.com/docker/docker (#3673) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.5.1+incompatible to 28.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.5.1...v28.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-20 10:41:49 -05:00
dependabot[bot]
59b84f3ffd
chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#3667) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-18 13:48:18 -05:00
dependabot[bot]
fb7444cb02
chore(deps): bump github.com/sanity-io/litter from 1.5.6 to 1.5.8 (#3668) 
Bumps [github.com/sanity-io/litter](https://github.com/sanity-io/litter) from 1.5.6 to 1.5.8.
- [Changelog](https://github.com/sanity-io/litter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sanity-io/litter/compare/v1.5.6...v1.5.8)

---
updated-dependencies:
- dependency-name: github.com/sanity-io/litter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-18 13:48:08 -05:00
dependabot[bot]
e8a4667db2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10 to 0.5.11 (#3669) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.10 to 0.5.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.10...v0.5.11)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-18 13:47:54 -05:00
Juan Ariza Toledano
bffe26bcc5
feat: add support for Bitnami cataloguer (#3341) 
* prototype: start bitnami cataloger

Bitnami images have spdx SBOMs at predictable paths, and Syft could more
accurately identify the software in these images by scanning those
SBOMs. Start work on this by forking the sbom-cataloger as a new
bitnami-cataloger.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* wire up bitnami cataloger to run on images by default

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* feat: add support for Bitnami cataloguer

Signed-off-by: juan131 <jariza@vmware.com>

* feat: use a better SPDX sample for unit tests

Signed-off-by: juan131 <jariza@vmware.com>

* bugfix: only report bitnami pkgs

Signed-off-by: juan131 <jariza@vmware.com>

* feat: adapt JSON schema, spdxutil and packagemetadata

Signed-off-by: juan131 <jariza@vmware.com>

* bugfix: integration tests

Signed-off-by: juan131 <jariza@vmware.com>

* feat: implement FileOwner interface

Signed-off-by: juan131 <jariza@vmware.com>

* bugfix: update json schema

Signed-off-by: juan131 <jariza@vmware.com>

* [wip] add bitnami owned files and fix binary package ownership filtering

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* feat: obtain bitnami pkg files based on SPDX relationships tree

Signed-off-by: juan131 <jariza@vmware.com>

* preserve type switches

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* rename bitnami entry metadata type

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restrict find main pkg logic

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add missing graalvm source info

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bugfix: integration tests

Signed-off-by: juan131 <jariza@vmware.com>

* bugfix: mod tidy

Signed-off-by: juan131 <jariza@vmware.com>

---------

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2025-02-18 09:07:47 -05:00
dependabot[bot]
869908ece1
chore(deps): bump modernc.org/sqlite from 1.34.5 to 1.35.0 (#3664) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.5 to 1.35.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.5...v1.35.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 08:40:30 -05:00
dependabot[bot]
91b7592a2f
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.5 to 6.6.6 (#3653) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.5 to 6.6.6.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.5...v6.6.6)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-13 10:08:20 -05:00
Weston Steimel
dce99543b2
feat: update to go 1.24.x (#3660) 
* feat: update to go 1.24.x

Update to building with go 1.24.x so that the main module version gets
set during `go build`

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>

* chore: bump golangci-lint for go 1.24.x support

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>

* chore: appease the updated linter

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>

* chore: fix test logging for go 1.24

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>

---------

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
 2025-02-13 10:08:10 -05:00
dependabot[bot]
d6fe2b08cb
chore(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 (#3655) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.34.0 to 0.35.0.
- [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-11 13:15:50 -05:00
dependabot[bot]
51780fba16
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.9 to 0.5.10 (#3650) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.9 to 0.5.10.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.9...v0.5.10)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-10 10:19:22 -05:00
dependabot[bot]
79ea956f18
chore(deps): bump golang.org/x/mod from 0.22.0 to 0.23.0 (#3644) 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/mod/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-05 14:22:02 -05:00
dependabot[bot]
b89304d9b5
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.8 to 0.5.9 (#3627) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.8...v0.5.9)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-29 09:58:51 -05:00
dependabot[bot]
1a2a7cb59f
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 (#3621) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.8.0...v4.8.1)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-27 09:57:04 -05:00
dependabot[bot]
ad83f7c2cb
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 (#3609) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.13.1 to 5.13.2.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-23 11:27:01 -05:00
dependabot[bot]
dffa52f950
chore(deps): bump github.com/docker/docker (#3610) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.5.0+incompatible to 27.5.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.5.0...v27.5.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-23 11:26:46 -05:00
dependabot[bot]
a5ef8167a1
chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0 (#3605) 
Bumps [github.com/hashicorp/hcl/v2](https://github.com/hashicorp/hcl) from 2.22.0 to 2.23.0.
- [Release notes](https://github.com/hashicorp/hcl/releases)
- [Changelog](https://github.com/hashicorp/hcl/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/hcl/compare/v2.22.0...v2.23.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/hcl/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-22 10:47:47 -05:00
dependabot[bot]
07f0658843
chore(deps): bump github.com/aquasecurity/go-pep440-version (#3606) 
Bumps [github.com/aquasecurity/go-pep440-version](https://github.com/aquasecurity/go-pep440-version) from 0.0.0-20210121094942-22b2f8951d46 to 0.0.1.
- [Release notes](https://github.com/aquasecurity/go-pep440-version/releases)
- [Commits](https://github.com/aquasecurity/go-pep440-version/commits/v0.0.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/go-pep440-version
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-22 10:47:38 -05:00
Christopher Angelo Phillips
7f5dbf9872
chore: bump stereoscope to v0.0.13 (#3601) 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
 2025-01-21 15:50:42 -05:00
Thomas Gosteli
c10e904c28
feat(cataloger): add a terraform provider cataloger (#3378) 
* feat(cataloger): add a terraform provider cataloger
* chore: bump schema from 16.0.19 -> 16.0.20
------
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
 2025-01-21 14:44:54 -05:00
Christopher Angelo Phillips
8198a706d6
chore: bump packageurl-go with new parsing rules (#3596) 
* chore: bump packageurl-go with new parsing rules
* test: update expectedPURL in unit tests to match new % encoding
---------

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
 2025-01-17 16:20:14 -05:00
dependabot[bot]
c359c76934
chore(deps): bump github.com/google/go-containerregistry (#3592) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.2 to 0.20.3.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.2...v0.20.3)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 12:19:26 -05:00
dependabot[bot]
06a22dd4dc
chore(deps): bump modernc.org/sqlite from 1.34.4 to 1.34.5 (#3593) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.4 to 1.34.5.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.4...v1.34.5)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 12:19:19 -05:00
dependabot[bot]
453b187ca1
chore(deps): bump github.com/sanity-io/litter from 1.5.5 to 1.5.6 (#3579) 
Bumps [github.com/sanity-io/litter](https://github.com/sanity-io/litter) from 1.5.5 to 1.5.6.
- [Changelog](https://github.com/sanity-io/litter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sanity-io/litter/compare/v1.5.5...v1.5.6)

---
updated-dependencies:
- dependency-name: github.com/sanity-io/litter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-15 12:42:13 -05:00
dependabot[bot]
86ad570f8d
chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0 (#3580) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-15 12:41:59 -05:00
dependabot[bot]
1a9af0db96
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 (#3585) 
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.1...v5.6.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-14 10:57:33 -05:00
dependabot[bot]
b79f9330fc
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 (#3586) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.7.1 to 4.8.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.7.1...v4.8.0)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-14 10:55:48 -05:00
dependabot[bot]
fbfad5ef35
chore(deps): bump github.com/docker/docker (#3587) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.4.1+incompatible to 27.5.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.4.1...v27.5.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-14 10:55:38 -05:00
anchore-actions-token-generator[bot]
b4e7b64d5c
chore(deps): update anchore dependencies (#3571) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
 2025-01-08 17:51:48 +00:00
dependabot[bot]
df36303df0
chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0 (#3568) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.34.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-07 11:29:58 -05:00
dependabot[bot]
a95244aace
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.8 (#3548) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.7...v0.5.8)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-03 15:23:57 +00:00
dependabot[bot]
463a8f3661
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1 (#3561) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.13.0 to 5.13.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.13.0...v5.13.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-03 10:11:30 -05:00
dependabot[bot]
470c2ff04c
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 (#3551) 
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from 5.6.0 to 5.6.1.
- [Release notes](https://github.com/go-git/go-billy/releases)
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.0...v5.6.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-02 21:52:01 +00:00
dependabot[bot]
52d904363c
chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#3552) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.12.0...v5.13.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-02 09:24:40 -05:00
dependabot[bot]
13e32d3a49
chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4 (#3545) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.3 to 1.34.4.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.3...v1.34.4)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 09:36:57 -05:00
dependabot[bot]
a185acdc43
chore(deps): bump golang.org/x/net from 0.32.0 to 0.33.0 (#3541) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-19 11:15:20 -05:00
dependabot[bot]
4822950b06
chore(deps): bump modernc.org/sqlite from 1.34.2 to 1.34.3 (#3542) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.2 to 1.34.3.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.3)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-19 11:15:10 -05:00
dependabot[bot]
5120651285
chore(deps): bump github.com/docker/docker (#3538) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.4.0+incompatible to 27.4.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.4.0...v27.4.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-18 13:34:24 -05:00
dependabot[bot]
adfb6656fd
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 (#3530) 
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml)
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.1...v0.9.2)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 10:37:19 -05:00
dependabot[bot]
952837dd25
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.4 to 6.6.5 (#3531) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.4 to 6.6.5.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.4...v6.6.5)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 09:29:51 -05:00
anchore-actions-token-generator[bot]
5e16e5031a
chore(deps): update anchore dependencies (#3525) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
 2024-12-13 13:30:11 -05:00
dependabot[bot]
8dcb495312
chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#3523) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.30.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-12 15:43:40 -05:00
Christopher Angelo Phillips
561ed50c2d
chore: migrate syft to use the anchore fork of archiver without replace (#3516) 
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
 2024-12-10 13:33:24 -05:00
dependabot[bot]
0f9d2e5311
chore(deps): bump github.com/docker/docker (#3512) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.3.1+incompatible to 27.4.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.3.1...v27.4.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-10 10:49:17 -05:00
dependabot[bot]
0dc74a3c37
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.3 to 6.6.4 (#3513) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.3 to 6.6.4.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.3...v6.6.4)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-10 10:49:05 -05:00
Alex Goodman
d38efb0b7f
chore(deps): update anchore dependencies (#3510) 
* integrate anchore deps

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgrade to released versions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-12-09 15:51:16 -05:00
dependabot[bot]
c43c9df1ba
chore(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (#3508) 
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.7 to 1.8.9.
- [Release notes](https://github.com/magiconair/properties/releases)
- [Commits](https://github.com/magiconair/properties/compare/v1.8.7...v1.8.9)

---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 09:54:12 -05:00
dependabot[bot]
5e22251c86
chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 (#3499) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/net/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-05 11:36:33 -05:00
dependabot[bot]
c3619422bb
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.2 to 6.6.3 (#3489) 2024-12-02 16:30:09 +00:00
dependabot[bot]
74d58024f6
chore(deps): bump modernc.org/sqlite from 1.34.1 to 1.34.2 (#3492) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.1 to 1.34.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.1...v1.34.2)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 10:47:33 -05:00