oss/syft - syft - Sa' Rocí Solutions

oss/syft

mirror of https://github.com/anchore/syft.git synced 2026-02-12 10:36:45 +01:00

Author	SHA1	Message	Date
dependabot[bot]	92e523caa6	chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 (#4526 ) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](`018cc2cf5b...37930b1c2a`) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-05 12:48:20 -05:00
dependabot[bot]	9b33b8a3d6	chore(deps): bump actions/upload-artifact from 4.4.3 to 6.0.0 (#4527 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`b4b15b8c7c...b7c566a772`) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-05 12:48:13 -05:00
Alex Goodman	11fed90075	Migrate CI to runs-on (#4351 ) * migrate to runs-on runners Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep validations on x64 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct ubuntu arm refs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bust cache Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use artifacts api between jobs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * download individual artifacts Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * troubleshoot artifact upload Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * disable magic cache Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix deps Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * attempt to replicate layout Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * change asset names and remove extras Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * better artifact filters Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use action to get artifacts working Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add sboms Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * simpler artifacts Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add logging Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove logging Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * make artifacts executable Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve workflow dispatch calls Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * attempt to bring down ci times Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update repo path Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use local config instead of shared one Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use runner labels instead of config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use valid alias Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use compute instances for build Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * small comment on concurrency Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fixes from review Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove parallelism Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2026-01-05 09:53:06 -05:00
dependabot[bot]	1e15428c6f	chore(deps): bump anchore/sbom-action from 0.20.11 to 0.21.0 (#4501 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.11 to 0.21.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`43a17d6e7a...a930d0ac43`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-05 09:19:40 -05:00
Alex Goodman	e9e3494853	remove debug output (#4496 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-12-22 14:51:39 -05:00
Alex Goodman	b3c70da3ea	Add experimental cataloger capabilities command (#4317 ) * add info command from generated capabilities Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct gentoo and arch ecosystems Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename os pkg types Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * better binary cataloger description Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * expose metadata and pacakge types in json Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * expose json schema types Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add completeness tests for metadata types Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * latest generation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve testing a docs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests and linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore goreleaser config Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * tweak diagram Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix pdm Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * chore: java binary data Signed-off-by: Keith Zantow <kzantow@gmail.com> * new capability descriptions for gguf and python Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct poetry lock integrity hash claim Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix compile error Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix: remove purl version from overrides Signed-off-by: Keith Zantow <kzantow@gmail.com> * fix lua deps ref Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep gguf as ai ecosystem Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * split packages.yaml to multiple files by go package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * ensure tests do not use go test cache Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * sort json output for info command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * docs: fix ocaml, php, and portage capabilities yaml Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: update erlang capabilities Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: update java capabilities Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: update javascript capabilities Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: update linux kernel capabilities Signed-off-by: Keith Zantow <kzantow@gmail.com> * remove missing tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix package.yaml references Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * revert license list change Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * check for drift in capability descriptions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate capabilities Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * test cleanup Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use fixture cache in static analysis Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * claim fixtures pre-req for cap generation Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update documentation with correct regeneration procedure Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * chore: ruby-gemspec-cataloger finds no dependencies Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: fix python docs and config comment Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: commit re-generated java yaml Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * add cataloger selection to caps command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * re-generate cap yamls Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests for cataloger selection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add missing tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename cmd to `cataloger info` Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] change capability description locations Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] continued Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] adjust for import cycles Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * correct docs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-12-22 19:34:10 +00:00
Alex Goodman	ae1a247f3d	Unpin fixture dependencies that will always float (#4495 ) * unpin dependencies for package dedup case Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * prevent make from blocking tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add check Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-12-22 19:17:58 +00:00
dependabot[bot]	a39c600913	chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 (#4481 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.8 to 4.31.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`1b168cd394...5d4e8d1aca`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-17 10:20:52 -05:00
dependabot[bot]	2c97ff1b24	chore(deps): bump actions/cache from 5.0.0 to 5.0.1 (#4476 ) Bumps [actions/cache](https://github.com/actions/cache) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`a783357455...9255dc7a25`) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-16 08:28:51 -05:00
VictorHuu	c8982b887d	chore:cancel in-progress workflows for new commits on same PR (#4465 ) Signed-off-by: VictorHuu <victorhu493@gmail.com>	2025-12-12 10:20:20 -05:00
dependabot[bot]	052e4ca9a3	chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 (#4468 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.7 to 4.31.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`cf1bb45a27...1b168cd394`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-12 08:48:36 -05:00
dependabot[bot]	41e133e2cf	chore(deps): bump actions/cache from 4.3.0 to 5.0.0 (#4469 ) Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`0057852bfa...a783357455`) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-12 08:48:32 -05:00
dependabot[bot]	ab5fa0a664	chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#4459 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.11 to 8.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`22a9089034...98357b18bf`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-10 13:32:51 -05:00
dependabot[bot]	07ad8a5573	chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 (#4458 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.10 to 0.20.11. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`fbfd9c6c18...43a17d6e7a`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-10 13:32:47 -05:00
dependabot[bot]	09b24bdb47	chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 (#4447 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.11. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`271a8d0340...22a9089034`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 7.0.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 09:59:32 -05:00
dependabot[bot]	ae1fa09e02	chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.1 (#4445 ) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.1.4 to 2.2.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`6701853927...29824e69f5`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 09:57:48 -05:00
dependabot[bot]	6d56087289	chore(deps): bump github/codeql-action from 4.31.6 to 4.31.7 (#4446 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.6 to 4.31.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`fe4161a26a...cf1bb45a27`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 09:47:52 -05:00
dependabot[bot]	a80679beba	chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#4431 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`1af3b93b68...8e8c483db8`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-03 20:18:45 -05:00
dependabot[bot]	d1a523fef5	chore(deps): bump github/codeql-action from 4.31.4 to 4.31.6 (#4424 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.4 to 4.31.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`e12f017898...fe4161a26a`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-01 16:34:03 -05:00
dependabot[bot]	6c666383e7	chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 (#4381 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.9 to 0.20.10. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`8e94d75ddd...fbfd9c6c18`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 23:05:05 -05:00
dependabot[bot]	023a14f869	chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4396 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`08c6903cd8...1af3b93b68`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-25 23:03:02 -05:00
dependabot[bot]	f12788da78	chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#4386 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`014f16e7ab...e12f017898`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:40:21 -05:00
dependabot[bot]	af167ba0c1	chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#4392 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`4469467582...4dc6199c7b`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-20 12:00:56 -05:00
Keith Zantow	7014cb023f	chore: options to run release-install-script without release (#4377 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2025-11-17 22:12:04 +00:00
Will Murphy	1c22325385	ci: output oras path (#4373 ) * ci: output oras path Some workflows expect bootstrap to output the oras path. This seems like a reasonable thing for it to do. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * ci: use path to oras from binny Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-11-17 15:36:45 +00:00
dependabot[bot]	6480c8a425	chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#4366 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`0499de31b9...014f16e7ab`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-14 09:25:08 -05:00
Alex Goodman	e5711e9b42	Update CPE processing to use NVD API (#4332 ) * update NVD CPE dictionary processor to use API Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pass linting with exceptions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-06 16:02:26 -05:00
Alex Goodman	7c154e7c37	use official action for token generation (#4331 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-11-03 13:08:42 -05:00
dependabot[bot]	793b0a346f	chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 (#4325 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.1 to 4.31.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`5fe9434cd2...0499de31b9`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-03 09:11:20 -05:00
dependabot[bot]	774b1e97b9	chore(deps): bump github/codeql-action from 4.31.0 to 4.31.1 (#4321 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.0 to 4.31.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`4e94bd11f7...5fe9434cd2`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-30 13:19:57 -04:00
Alex Goodman	5db3a9bf55	add workflow to create PR for spdx license list updates (#4319 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2025-10-30 12:14:13 -04:00
Will Murphy	728feea620	ci: use apple creds before pushing tags (#4313 ) We have had a few releases fail because the Apple credentials needed some sort of fix. These release were operationally more interesting because they failed after pushing a git tag (which effectively releases the golagn package). Therefore, try to use these creds early, before there's a tag pushed. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2025-10-29 10:07:47 -04:00
dependabot[bot]	bee78c0b16	chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#4310 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.9 to 4.31.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`16140ae1a1...4e94bd11f7`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-27 10:43:04 -04:00
dependabot[bot]	88bbcbe9c6	chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 (#4305 )	2025-10-27 02:03:09 -04:00
dependabot[bot]	675075e882	chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4299 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.8 to 4.30.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`f443b600d9...16140ae1a1`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.30.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-20 10:08:39 -04:00
dependabot[bot]	07029ead8a	chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4296 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.10.0 to 4.0.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`d7543c93d8...faadad0cce`) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-17 10:22:20 -04:00
dependabot[bot]	f4de1e863c	chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 (#4297 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.7 to 0.20.8. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`d8a2c01300...aa0e114b2e`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-17 10:22:10 -04:00
dependabot[bot]	6627c5214c	chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 (#4293 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.6 to 0.20.7. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`f8bdd1d8ac...d8a2c01300`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-16 13:57:17 -04:00
dependabot[bot]	5056c7f861	chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 (#4277 )	2025-10-13 10:47:50 -04:00
dependabot[bot]	3b82a3724a	chore(deps): bump github/codeql-action from 3.30.6 to 4.30.7 (#4262 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.6 to 4.30.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`64d10c1313...e296a93559`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.30.7 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-08 16:44:21 -04:00
dependabot[bot]	b96d3d20af	chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#4253 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.5 to 3.30.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`3599b3baa1...64d10c1313`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-03 12:07:20 -04:00
dependabot[bot]	605a275dd3	chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 (#4246 )	2025-09-30 17:06:10 -04:00
dependabot[bot]	f0998de717	chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 (#4239 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.3 to 3.30.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`192325c861...303c0aef88`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-25 12:06:49 -04:00
dependabot[bot]	261ab7c1fd	chore(deps): bump actions/cache from 4.2.4 to 4.3.0 (#4240 ) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.4 to 4.3.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`0400d5f644...0057852bfa`) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-25 12:02:41 -04:00
dependabot[bot]	3abbd940e3	chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 (#4222 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.5 to 0.20.6. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](`da167eac91...f8bdd1d8ac`) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-18 10:58:53 -04:00
dependabot[bot]	333b951be3	chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 (#4216 ) Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.1.2 to 0.2.0. - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](`5ca5fc7a47...e673c3917a`) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-15 14:30:16 -04:00
dependabot[bot]	90c733d24d	chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 (#4217 ) Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack) from 3.18.0 to 3.19.0. - [Release notes](https://github.com/8398a7/action-slack/releases) - [Commits](`1750b5085f...77eaa4f1c6`) --- updated-dependencies: - dependency-name: 8398a7/action-slack dependency-version: 3.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-15 14:30:03 -04:00
dependabot[bot]	dacc2f61f9	chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 (#4218 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.2 to 3.10.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`d58896d6a1...d7543c93d8`) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-15 14:29:53 -04:00
dependabot[bot]	1fcdb67698	chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 (#4210 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.1 to 3.30.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`f1f6e5f6af...192325c861`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-11 12:50:41 -04:00
dependabot[bot]	8e78fd57b8	chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#4188 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`d35c59abb0...4469467582`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-08 02:35:22 -04:00

1 2 3 4 5 ...

438 Commits