Bert Coppens
512319337f
feat: add cataloger for NuGet packages ( #3484 )
...
* add cataloger for dotnet packages.lock.json files
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* add entry for dotnet packages.lock files
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* add unit test for dotnet packages.lock cataloger
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* add test for faulty packages.lock.json file
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* add missing name metadata
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* ensure package appears with version
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* add example of conflicting dependencies
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema and fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* move section
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Kemosabert <bert.coppens14@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-01-16 14:57:17 -05:00
GGMU
6b2d73d4b7
allow disabling all package catalogers ( #3468 )
...
Signed-off-by: tomersein <tomersein@gmail.com>
2025-01-16 13:03:54 -05:00
dependabot[bot]
c359c76934
chore(deps): bump github.com/google/go-containerregistry ( #3592 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.2 to 0.20.3.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.2...v0.20.3 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-16 12:19:26 -05:00
dependabot[bot]
06a22dd4dc
chore(deps): bump modernc.org/sqlite from 1.34.4 to 1.34.5 ( #3593 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.34.4 to 1.34.5.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.4...v1.34.5 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-16 12:19:19 -05:00
anchore-actions-token-generator[bot]
63a026eb8f
chore(deps): update tools to latest versions ( #3582 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-01-15 17:13:17 -05:00
Alex Mason
436b36916d
chore: update README.md's link to Nixpkgs ( #3578 )
...
Nixpkgs changed the location of packages to ease organisation, this should be the correct link.
Signed-off-by: Alex Mason <github@me.axman6.com>
2025-01-15 17:56:11 +00:00
dependabot[bot]
453b187ca1
chore(deps): bump github.com/sanity-io/litter from 1.5.5 to 1.5.6 ( #3579 )
...
Bumps [github.com/sanity-io/litter](https://github.com/sanity-io/litter ) from 1.5.5 to 1.5.6.
- [Changelog](https://github.com/sanity-io/litter/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sanity-io/litter/compare/v1.5.5...v1.5.6 )
---
updated-dependencies:
- dependency-name: github.com/sanity-io/litter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-15 12:42:13 -05:00
dependabot[bot]
86ad570f8d
chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0 ( #3580 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.11.0...v1.12.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-15 12:41:59 -05:00
dependabot[bot]
2f08d60ba3
chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 ( #3581 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6f51ac03b9...65c4c4a1dd
2025-01-15 12:41:07 -05:00
anchore-actions-token-generator[bot]
da62caee3d
chore(deps): update CPE dictionary index ( #3583 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-01-15 12:11:46 -05:00
dependabot[bot]
2220d708a5
chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 ( #3584 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.0 to 3.28.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](48ab28a6f5...b6a472f63d
2025-01-15 12:05:19 -05:00
dependabot[bot]
1a9af0db96
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 ( #3585 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.1...v5.6.2 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-14 10:57:33 -05:00
dependabot[bot]
b79f9330fc
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 ( #3586 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.7.1 to 4.8.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.7.1...v4.8.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-14 10:55:48 -05:00
dependabot[bot]
fbfad5ef35
chore(deps): bump github.com/docker/docker ( #3587 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.4.1+incompatible to 27.5.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.4.1...v27.5.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-14 10:55:38 -05:00
anchore-actions-token-generator[bot]
b4e7b64d5c
chore(deps): update anchore dependencies ( #3571 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-01-08 17:51:48 +00:00
anchore-actions-token-generator[bot]
b3fc7b3b0a
chore(deps): update tools to latest versions ( #3567 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-01-07 11:30:26 -05:00
dependabot[bot]
df36303df0
chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0 ( #3568 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.33.0 to 0.34.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.34.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-07 11:29:58 -05:00
Keith Zantow
a2a56dd3e9
fix: golang remote license search not executing when error reading local mod dir ( #3549 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-01-06 11:47:55 -05:00
anchore-actions-token-generator[bot]
2a8c8ac832
chore(deps): update tools to latest versions ( #3564 )
2025-01-06 11:15:36 -05:00
anchore-actions-token-generator[bot]
dc01c5d052
chore(deps): update CPE dictionary index ( #3565 )
2025-01-06 11:15:13 -05:00
dependabot[bot]
a95244aace
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.8 ( #3548 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.7...v0.5.8 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-03 15:23:57 +00:00
anchore-actions-token-generator[bot]
5c429ae834
chore(deps): update tools to latest versions ( #3560 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-01-03 10:12:02 -05:00
dependabot[bot]
463a8f3661
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1 ( #3561 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.13.0 to 5.13.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.13.0...v5.13.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-03 10:11:30 -05:00
Alex Goodman
cbce129bb9
Use reader when scanning for package versions over reading entire binary into memory ( #3558 )
...
* use streaming readers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* replace redis search patterns
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-01-02 22:12:37 +00:00
dependabot[bot]
470c2ff04c
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 ( #3551 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.6.0 to 5.6.1.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.0...v5.6.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-02 21:52:01 +00:00
anchore-actions-token-generator[bot]
1f4a48c3c1
chore(deps): update tools to latest versions ( #3556 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: update build scripts with new architecture suffix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update suffix for new ppc64 arch
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: lintfix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-01-02 16:18:47 -05:00
Christopher Angelo Phillips
f9ffe7252e
test: removes latest license list test ( #3559 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-01-02 20:56:44 +00:00
dependabot[bot]
286182a66f
chore(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 ( #3547 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.5 to 7.0.6.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](5e914681df...67ccf781d6
2025-01-02 12:26:49 -05:00
anchore-actions-token-generator[bot]
5c47568362
chore(deps): update CPE dictionary index ( #3550 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-01-02 09:25:13 -05:00
dependabot[bot]
52d904363c
chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 ( #3552 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.12.0...v5.13.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-02 09:24:40 -05:00
anchore-actions-token-generator[bot]
25792160fb
chore(deps): update tools to latest versions ( #3543 )
...
* chore(deps): update tools to latest versions
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-12-23 11:32:17 -05:00
anchore-actions-token-generator[bot]
453c429c5c
chore(deps): update CPE dictionary index ( #3544 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-12-23 09:37:58 -05:00
dependabot[bot]
13e32d3a49
chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4 ( #3545 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.34.3 to 1.34.4.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.3...v1.34.4 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-23 09:36:57 -05:00
dependabot[bot]
03dbd38d88
chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 ( #3546 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.27.9 to 3.28.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df409f7d92...48ab28a6f5
2024-12-23 09:36:46 -05:00
dependabot[bot]
a185acdc43
chore(deps): bump golang.org/x/net from 0.32.0 to 0.33.0 ( #3541 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-19 11:15:20 -05:00
dependabot[bot]
4822950b06
chore(deps): bump modernc.org/sqlite from 1.34.2 to 1.34.3 ( #3542 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.34.2 to 1.34.3.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.3 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-19 11:15:10 -05:00
dependabot[bot]
2c10b602f0
chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 ( #3537 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.4.3 to 4.5.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b4b15b8c7c...6f51ac03b9
2024-12-18 13:34:38 -05:00
dependabot[bot]
5120651285
chore(deps): bump github.com/docker/docker ( #3538 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 27.4.0+incompatible to 27.4.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.4.0...v27.4.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-18 13:34:24 -05:00
anchore-actions-token-generator[bot]
397eb9c10a
chore(deps): update CPE dictionary index ( #3526 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-12-16 10:37:35 -05:00
dependabot[bot]
adfb6656fd
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 ( #3530 )
...
Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.1...v0.9.2 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-16 10:37:19 -05:00
dependabot[bot]
952837dd25
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.4 to 6.6.5 ( #3531 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.6.4 to 6.6.5.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.6.4...v6.6.5 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-16 09:29:51 -05:00
dependabot[bot]
4ac8439115
chore(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9 ( #3532 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.8 to 0.17.9.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](55dc4ee224...df80a981bc
2024-12-16 09:29:08 -05:00
anchore-actions-token-generator[bot]
5e16e5031a
chore(deps): update anchore dependencies ( #3525 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-12-13 13:30:11 -05:00
dependabot[bot]
36016a0c5f
chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9 ( #3524 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.27.7 to 3.27.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](babb554ede...df409f7d92
2024-12-13 10:38:58 -05:00
dependabot[bot]
8dcb495312
chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 ( #3523 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.30.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.30.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-12 15:43:40 -05:00
dependabot[bot]
02f9350fa5
chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 ( #3519 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](41dfa10bad...3041bf56c9
2024-12-11 13:14:55 -05:00
dependabot[bot]
20fb9cc00c
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 ( #3518 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.2.1...11bd71901bbe5b1630ceea73d27597364c9af683 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-11 13:14:25 -05:00
William Murphy
6deb41c458
chore: make fixes field in PR template match auto-close regex ( #3520 )
...
Previously, if filling out this template, someone pasted a PR link after
"Fixes #", the issue wouldn't automatically close, probably because the
extra "#" confused the auto-close regex.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-12-11 12:37:55 -05:00
William Murphy
445142886e
fix: stop omitting redundantly parenthesized licenses in CDX formatter ( #3517 )
...
Previously, a bug in the formatter would cause SPDX expressions that
were surrounded in redundant parentheses to be dropped instead of
normalized.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-12-11 10:06:08 -05:00
Christopher Angelo Phillips
561ed50c2d
chore: migrate syft to use the anchore fork of archiver without replace ( #3516 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-12-10 13:33:24 -05:00
