Alex Goodman
ad9928cb2a
Merge the .NET deps.json and PE binary catalogers ( #3563 )
...
* add combined deps.json + pe binary cataloger
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* deprecate pe and deps standalone catalogers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* parse resource names + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix integration and CLI tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add some helpful code comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for dropping Dep packages that are missing DLLs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate json schema changes to 24
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep application configuration
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* correct config help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] detect claims of dlls within deps.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add assembly repack detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* .net package count is lower due to dll claim requirement
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-27 14:38:16 -04:00
Keith Zantow
4a9437808e
feat: parallelize catalogers per-file and hash contents in parallel ( #3636 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-26 11:10:08 -04:00
dependabot[bot]
dbe29ed4ab
chore(deps): bump github/codeql-action from 3.28.12 to 3.28.13 ( #3758 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.12 to 3.28.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5f8171a638...1b549b9259
2025-03-24 14:28:25 -04:00
anchore-actions-token-generator[bot]
d0018c921e
chore(deps): update CPE dictionary index ( #3756 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-24 10:02:21 -04:00
Keith Zantow
7ac4d91f43
chore: reformat ( #3754 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-21 06:13:35 -04:00
anchore-actions-token-generator[bot]
410b85e1c9
chore(deps): update tools to latest versions ( #3747 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-20 10:19:45 -04:00
Alex Goodman
e9b24a29d7
Remove mitchellh dependencies ( #3748 )
...
* remove mitchellh dependencies
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix failing unit tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-20 10:19:19 -04:00
dependabot[bot]
35d666b27d
chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 ( #3750 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](4cec3d8aa0...ea165f8d65
2025-03-20 10:02:50 -04:00
dependabot[bot]
b036d75e8a
chore(deps): bump github.com/docker/docker ( #3749 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.0.1+incompatible to 28.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.0.1...v28.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 10:02:35 -04:00
dependabot[bot]
f1bc8f8a2a
chore(deps): bump actions/cache from 4.2.2 to 4.2.3 ( #3751 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.2 to 4.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](d4323d4df1...5a3ec84eff
2025-03-20 10:02:21 -04:00
dependabot[bot]
e986750cbc
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #3752 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.2 to 4.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](d4323d4df1...5a3ec84eff
2025-03-20 10:02:05 -04:00
Alan Pope
5fa8e9c6e9
feat: add Debian archive (.deb) file cataloger ( #3704 )
...
* feat: add Debian archive (.deb) file cataloger
Add a cataloger that parses Debian package (.deb) archive files directly,
allowing Syft to discover packages from .deb files without requiring
them to be installed on the system. This implements issue #3315 .
Key features:
- Parse .deb AR archives to extract package metadata
- Support for gzip, xz, and zstd compressed control files
- Extract package metadata from control files
- Process file information from md5sums files
- Mark configuration files from conffiles entries
- Handle trailing slashes in archive member names
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* chore: run go mod tidy to fix failing workflow
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* add license processing to dpkg archive cataloger + add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update json schema with dpkg archive type
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-19 20:03:21 +00:00
dependabot[bot]
be0959cabf
chore(deps): bump actions/setup-go in /.github/actions/bootstrap ( #3742 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f111f3307d...0aaccfd150
2025-03-19 13:46:54 -04:00
dependabot[bot]
78dc6f7546
chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0 ( #3743 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f111f3307d...0aaccfd150
2025-03-19 13:46:51 -04:00
dependabot[bot]
071948f58e
chore(deps): bump github/codeql-action from 3.28.11 to 3.28.12 ( #3744 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.11 to 3.28.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6bb031afdd...5f8171a638
2025-03-19 13:46:47 -04:00
dependabot[bot]
710f876d86
chore(deps): bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 ( #3740 )
...
Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/BurntSushi/toml/releases )
- [Commits](https://github.com/BurntSushi/toml/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/BurntSushi/toml
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 09:29:47 -04:00
dependabot[bot]
8d798134c2
chore(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 ( #3738 )
...
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd ) from 1.7.26 to 1.7.27.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v1.7.26...v1.7.27 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 09:29:36 -04:00
anchore-actions-token-generator[bot]
8fb32dfc13
chore(deps): update tools to latest versions ( #3739 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-19 08:32:30 -04:00
Alex Goodman
2738291a96
swap centos images for rocky ( #3741 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-18 14:25:03 +00:00
anchore-actions-token-generator[bot]
7bdbfc0478
chore(deps): update anchore dependencies ( #3727 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-17 15:59:13 +00:00
anchore-actions-token-generator[bot]
6e7386a4fd
chore(deps): update CPE dictionary index ( #3735 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-17 10:22:53 -04:00
anchore-actions-token-generator[bot]
f889c4c014
chore(deps): update tools to latest versions ( #3722 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-17 10:22:21 -04:00
dependabot[bot]
06571af855
chore(deps): bump github.com/spf13/afero from 1.12.0 to 1.14.0 ( #3736 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.12.0...v1.14.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 10:22:10 -04:00
dependabot[bot]
d6693c8504
chore(deps): bump modernc.org/sqlite from 1.36.0 to 1.36.1 ( #3737 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.36.0 to 1.36.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.36.0...v1.36.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 10:22:02 -04:00
dependabot[bot]
2d33bcf84f
chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0 to 1.1.0 ( #3732 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-14 11:47:58 -04:00
dependabot[bot]
ae878f7dfd
chore(deps): bump docker/login-action from 3.3.0 to 3.4.0 ( #3733 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](9780b0c442...74a5d14239
2025-03-14 11:47:51 -04:00
Yoav Alon
6f70927bcc
fix(performance): reduce memory allocation in containsPath ( #3730 )
...
Signed-off-by: Yoav Alon <yoav@orca.security>
2025-03-13 14:39:57 -04:00
Keith Zantow
9a2c2ad401
chore: upload individual binaries as artifacts ( #3714 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-13 12:15:13 -04:00
Sven Gregori
2846bb18d2
fix: fetch Dart package versions from sdk entries ( #3572 )
...
* fix: fetch Dart package versions from sdk entries
Packages that are provided by an SDK, mainly Flutter, will have their
version set to 0.0.0 in Dart's pubspec.lock file. Their actual version
is linked to that SDK, which is defined either as a version range or a
minimum supported version, rather than an explicit, single version.
The pubspec.lock file has a dedicated section to define those SDK
version range constraints, which is already stored internally when
parsing the file itself. The solution now is to look up such a package's
SDK name, retrieve the defined version range / lower version boundary,
and set the minimum supported version as the package's new version.
Signed-off-by: Sven Gregori <sven@craplab.fi>
* Ignore Dart package if SDK version cannot be fetched
Signed-off-by: Sven Gregori <sven@craplab.fi>
* fix linting issues
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Sven Gregori <sven@craplab.fi>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-13 06:10:32 -04:00
anchore-actions-token-generator[bot]
616c8dfe2a
chore(deps): update tools to latest versions ( #3713 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-03-11 14:13:34 -04:00
anchore-actions-token-generator[bot]
d387f612ca
chore(deps): update CPE dictionary index ( #3715 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-11 14:09:54 -04:00
mikey strauss
6a28c1c604
Add set ID to dotnet packages ( #3719 )
...
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
2025-03-11 14:09:25 -04:00
dependabot[bot]
c613476347
chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 ( #3716 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.28.10 to 3.28.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b56ba49b26...6bb031afdd
2025-03-11 14:08:54 -04:00
Alex Goodman
34e5ff753f
Location order on packages should consider evidence annotations when sorting ( #3720 )
...
* fix: sorting locations should consider pkg evidence
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify location test options for comparison
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-11 10:34:37 -04:00
TechVest
04941c8b97
chore: fix some function names in comment ( #3717 )
...
Signed-off-by: TechVest <techdashen@qq.com>
2025-03-10 11:34:10 -04:00
Alan Pope
c687b7bfa5
fix: improve fluent-bit binary detection regex pattern ( #3701 )
...
* fix: improve fluent-bit binary detection regex pattern
This fixes issue #3133 by updating the regex pattern for fluent-bit binary detection
to better handle ANSI escape sequences and multiple null bytes between the version
string and "Fluent Bit" text. The change also makes the %s format specifier optional,
supporting all variations in fluent-bit binary signatures.
Signed-off-by: Alan Pope <alan.pope@anchore.com>
* test: add fluent-bit 1.7.0-dev-3 test fixture for issue #3133
Signed-off-by: Alan Pope <alan.pope@anchore.com>
---------
Signed-off-by: Alan Pope <alan.pope@anchore.com>
2025-03-07 14:56:37 +00:00
Keith Zantow
7571f8dfba
chore: updates for go 1.24.1 ( #3712 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-03-06 15:35:26 +00:00
dependabot[bot]
e8c62faefc
chore(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 ( #3708 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/mod/compare/v0.23.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 15:20:45 +00:00
Tom Fay
24133be4e6
Update rustaudit module name ( #3689 )
...
Signed-off-by: Tom Fay <tom@teamfay.co.uk>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-03-06 15:07:05 +00:00
dependabot[bot]
8e28b13a3d
chore(deps): bump golang.org/x/net from 0.35.0 to 0.37.0 ( #3711 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.35.0 to 0.37.0.
- [Commits](https://github.com/golang/net/compare/v0.35.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 15:01:39 +00:00
dependabot[bot]
6b0425ebad
chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4 to 1.3.4 ( #3690 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 1.2.4 to 1.3.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.2.4...v1.3.4 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 15:00:19 +00:00
Stef Graces
694eec4079
Add downloadLocation URI validation ( #3697 )
...
* Add downloadLocation URI validation
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
* Update function names
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
* Fixes for make lint-fix + Changes to when NONE and NOASSERTION in downloadLocation
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
---------
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-03-06 14:45:47 +00:00
Joel Rudsberg
974ce23722
Native Image SBOM: support extracting symbols in .dynsym section for ELF files ( #3647 )
...
Signed-off-by: Joel Rudsberg <joel.rudsberg@oracle.com>
2025-03-06 09:12:14 -05:00
dependabot[bot]
36c198ac67
chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 ( #3687 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:14 -05:00
dependabot[bot]
f68351c457
chore(deps): bump modernc.org/sqlite from 1.35.0 to 1.36.0 ( #3692 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.35.0 to 1.36.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.35.0...v1.36.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:10 -05:00
dependabot[bot]
3bdc24dfd7
chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 ( #3693 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.13.2 to 5.14.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:04:07 -05:00
dependabot[bot]
eaca1921bf
chore(deps): bump github.com/docker/docker ( #3694 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.0.0+incompatible to 28.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.0.0...v28.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 09:03:51 -05:00
dependabot[bot]
6e0cc6fe04
chore(deps): bump actions/cache from 4.2.1 to 4.2.2 ( #3698 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c907a75c2...d4323d4df1
2025-03-06 09:03:48 -05:00
dependabot[bot]
2251b83315
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #3699 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0c907a75c2...d4323d4df1
2025-03-06 09:03:44 -05:00
anchore-actions-token-generator[bot]
90761f449a
chore(deps): update CPE dictionary index ( #3702 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2025-03-06 09:03:31 -05:00
