dependabot[bot]
c19558dd73
chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 ( #4000 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.19 to 3.29.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fca7ace96b...ce28f5bb42
2025-06-12 10:37:53 -04:00
Keith Zantow
10f0631710
fix: provide separate nonroot image ( #3998 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-11 17:00:55 -04:00
Alex Goodman
96c34ffc43
account for non-import shapes ( #3997 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-11 13:11:40 -04:00
Alex Goodman
79b6d5daa4
Allow decoding of anchorectl json files ( #3973 )
...
* allow decoding of import sbom file shape
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address formatting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add file mode and type processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* use type to interpret the raw value
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* safe mode convert should use uint32
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simpler decoder type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-10 15:03:50 -04:00
dependabot[bot]
cfa7cc5be9
chore(deps): bump github.com/anchore/stereoscope ( #3991 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.5-0.20250604132324-344e29f37f05 to 0.1.5.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/commits/v0.1.5 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 11:47:40 -04:00
Alex Goodman
18f9b5ab58
remove benchmark utils ( #3982 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-09 18:24:49 +00:00
Keith Zantow
9090c69708
fix: exclude packages with SPDX GENERATED_FROM source package indication ( #3981 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-09 14:12:23 -04:00
dependabot[bot]
1396a14550
chore(deps): bump modernc.org/sqlite from 1.37.1 to 1.38.0 ( #3979 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.37.1 to 1.38.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.37.1...v1.38.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.38.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 10:31:10 -04:00
dependabot[bot]
592bc0af7d
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.1 to 5.16.2 ( #3978 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.1 to 5.16.2.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.1...v5.16.2 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 10:26:47 -04:00
anchore-actions-token-generator[bot]
b6b8a8f52e
chore(deps): update tools to latest versions ( #3977 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-09 08:56:36 -04:00
anchore-actions-token-generator[bot]
a196cc9215
chore(deps): update CPE dictionary index ( #3976 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-09 08:56:18 -04:00
dependabot[bot]
12c8003317
chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 ( #3970 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/net/compare/v0.40.0...v0.41.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.41.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-06 10:23:02 -04:00
dependabot[bot]
0a25c0ec5c
chore(deps): bump github.com/sergi/go-diff ( #3971 )
...
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff ) from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0.
- [Commits](https://github.com/sergi/go-diff/commits/v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/sergi/go-diff
dependency-version: 1.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-06 10:22:54 -04:00
Christoph Blessing
5ae11bd1f7
Fix Python package dependency detection ( #3965 )
...
Previously a dependency relationship between two Python packages was not
detected if there were no parentheses around the version specifier in
the wheel metadata of the parent package. This commit allows detection
of such relationships.
Signed-off-by: Christoph Blessing <chris24.blessing@gmail.com>
2025-06-06 09:46:16 -04:00
John Vandenberg
bc1cbde4f7
fix: Remove three Rust crate false positive CPE matches ( #3967 )
...
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
2025-06-06 04:29:06 -04:00
Michael Briley
868a6a7584
Harden Container Runtime with Non-Root User ( #3941 )
...
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update validations.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update validations.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update validations.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update Dockerfile
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update .goreleaser.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* Update .goreleaser.yaml
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
* use distroless/static-debian12:nonroot directly
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep manual manifest curation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove qemu usage
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add smoke test for snapshot
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split up manifests section with comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct ci step name
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix arch condition
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep path prefix
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Michael Briley <michael.briley937@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-06-05 12:36:23 -04:00
John Vandenberg
bd894b9c4d
fix: Remove two Rust crate false positive CPE matches ( #3962 )
...
Rust crates opentelemetry and redis are being given CPEs that
match CVEs such as CVE-2023-45142 and CVE-2022-24735 respectively.
The vendor overrides added here prevent that.
Signed-off-by: John Vandenberg <jayvdb@gmail.com>
2025-06-05 10:28:54 -04:00
dependabot[bot]
c36c69779a
chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 ( #3963 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/mod/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.25.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 13:46:58 +00:00
dependabot[bot]
cd23ccc6e6
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.12 to 0.5.13 ( #3964 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.12 to 0.5.13.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.12...v0.5.13 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.13
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 13:45:40 +00:00
Keith Zantow
71d84603c1
fix: bump stereoscope to fix symlink performance issue ( #3953 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-06-04 15:50:03 +00:00
dependabot[bot]
f2118b568d
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.0 to 5.16.1 ( #3960 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.16.0 to 5.16.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.0...v5.16.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.16.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-04 14:02:45 +00:00
dependabot[bot]
bb50f1650d
chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 ( #3952 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.18 to 3.28.19.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ff0a06e83c...fca7ace96b
2025-06-03 10:20:24 -04:00
Christopher Angelo Phillips
a0be514184
feat: add syft schema version to version command ( #3949 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-06-02 15:50:21 +00:00
dependabot[bot]
8cc808f8f6
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.11 to 0.5.12 ( #3943 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.11 to 0.5.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.11...v0.5.12 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 10:46:30 -04:00
anchore-actions-token-generator[bot]
967e2f85bf
chore(deps): update tools to latest versions ( #3945 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-06-02 10:46:20 -04:00
anchore-actions-token-generator[bot]
339fea9851
chore(deps): update CPE dictionary index ( #3947 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-06-02 10:43:31 -04:00
Keith Zantow
576e729c84
fix: revert incorrect graalvm unknown behavior ( #3944 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-05-30 11:36:57 -04:00
dependabot[bot]
b3e8926025
chore(deps): bump github.com/google/go-containerregistry ( #3933 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.4...v0.20.5 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-28 12:45:51 -04:00
anchore-actions-token-generator[bot]
002ec4510a
chore(deps): update CPE dictionary index ( #3935 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-05-28 12:45:42 -04:00
Thomas Gosteli
684e1e963d
fix(terraform): parse provider lock entries without constraints ( #3934 )
...
In a .terraform.lock.hcl file in a provider block the `constraints` attribute is actually not required (=optional).
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
2025-05-27 14:55:19 -04:00
Dan Luhring
bbf3bb5856
fix(relationship): favor real paths over symlinks for ownership by file ( #3923 )
...
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-05-23 14:33:19 -04:00
dependabot[bot]
31c1be6d4d
chore(deps): bump modernc.org/sqlite from 1.37.0 to 1.37.1 ( #3926 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.37.0 to 1.37.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.37.0...v1.37.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.37.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 10:47:26 -04:00
Keith Zantow
7bfb4c86a6
fix(dotnet-deps-cataloger): avoid repeated dependency resolution ( #3930 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-05-21 21:28:40 -04:00
anchore-actions-token-generator[bot]
18ed8b60f8
chore(deps): update tools to latest versions ( #3921 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-05-21 10:56:17 -04:00
dependabot[bot]
b5e9f75ef1
chore(deps): bump github.com/google/go-containerregistry ( #3925 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.3 to 0.20.4.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.3...v0.20.4 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-21 10:55:48 -04:00
Alex Goodman
ac883f52ed
add cdx group as purl namespace ( #3922 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-20 15:56:08 -04:00
Alex Goodman
e23ca43a83
add PE binary cataloger ( #3911 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-19 14:17:09 -04:00
Christopher Angelo Phillips
b4ca04001c
chore: update dockerfile base images to latest rolling tags ( #3915 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-19 13:43:14 +00:00
anchore-actions-token-generator[bot]
828645ec27
chore(deps): update CPE dictionary index ( #3913 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-05-19 09:16:25 -04:00
Alex Goodman
db77b54c01
finalize go mod ref ( #3908 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 17:36:26 +00:00
Alex Goodman
2d4fe513ec
remove benchmark workflow ( #3906 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 11:08:43 -04:00
Christopher Angelo Phillips
e1374f758e
fix: update license content filtering default case to be 'none' for no content returned
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-16 14:25:15 +00:00
dependabot[bot]
945893847f
chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 ( #3905 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.17 to 3.28.18.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](60168efe1c...ff0a06e83c
2025-05-16 14:16:11 +00:00
sathiya06
8cbdd38a63
fix: Make Native Image contains no embedded SBOM Error Discoverable ( #3805 )
...
* fix: Make Native Image contains no embedded SBOM Error Discoverable
Signed-off-by: Sathiya Narayanan Venkatesan <sathiyavenkat06@gmail.com>
* adjust error phrasing + wrap error
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Sathiya Narayanan Venkatesan <sathiyavenkat06@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 13:54:40 +00:00
Adam McClenaghan
8f02bd85f6
fix: Distinguish openjdk vs jdk when using file source ( #3895 )
...
* fix: Distinguish openjdk vs jdk when using file source
Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>
* fix: Fix goimport order
Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>
* add comment
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: adammcclenaghan <adam@mcclenaghan.co.uk>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-16 13:29:53 +00:00
Alex Goodman
0480b516f6
chore: fix publishing test fixture images ( #3896 )
...
* update pkg counts
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump max cache size
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 14:35:11 -04:00
Christopher Angelo Phillips
2a055690e6
chore: delete unused fixture ( #3901 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-15 17:30:36 +00:00
Christopher Angelo Phillips
4f73d35051
Include default config licenses ( #3900 )
...
* fix: the licenses config was not being carried through causing content to show by default
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-05-15 16:48:18 +00:00
Ralph Bean
b369b02f4f
Expose RPM signature information (for RPM DB and RPM archives) ( #3179 )
...
* feat: expose rpm signature information
This helps with more confident identification of an rpm.
In theory, two rpms can be built that have the same purl string, and
otherwise look identical in syft's output, but the PGP information
would distinguish them as signed either by different keys, or signed at
different times.
In practice, this usually makes no difference since rpms tend to have
unique name/version/release strings. This just gives increased
confidence about the identity of the rpm found in the db.
Signed-off-by: Ralph Bean <rbean@redhat.com>
* chore: generate json schema
Signed-off-by: Ralph Bean <rbean@redhat.com>
* re-generate json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename to a more generic signature field
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename rpm.pgp to rpm.signatures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* split out signature fields
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* include RPM archives
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* dont fail on unknown signature type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Ralph Bean <rbean@redhat.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-05-15 16:01:00 +00:00
dependabot[bot]
5effed06a8
chore(deps): bump github.com/mholt/archives from 0.1.1 to 0.1.2 ( #3898 )
...
Bumps [github.com/mholt/archives](https://github.com/mholt/archives ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/mholt/archives/releases )
- [Commits](https://github.com/mholt/archives/compare/v0.1.1...v0.1.2 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archives
dependency-version: 0.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-15 10:23:30 -04:00
