Alex Goodman
beb70891e5
unapply base path for resolver inbound requests ( #4478 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-16 08:28:12 -05:00
Rez Moss
e0b61a3ae3
fix: golang PURL should include full module ( #4395 )
...
* fixed #4316 go mod with ver purl
Signed-off-by: Rez Moss <hi@rezmoss.com>
* go mod purl fixed, added func to handle go.mod
Signed-off-by: Rez Moss <hi@rezmoss.com>
* fix: use module name in PURL string everywhere
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-12-12 14:19:26 -05:00
VictorHuu
4c38ee1932
fix:best effort to get the os info of an ELF binary ( #4438 )
...
* fix:the os of an elf binary should be detected even when the os version is empty
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:revoke the update of appCpe
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:resume the testcase
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix:revoke the possible compromise to the json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix:align with the json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* add a json schema(pre-relase,may be in conflict with others')
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:add a json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:revert the accidental change to 16.1.0
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* regression/fix:best effort to get the os info
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:resume the previous json file
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* update the schema ver to 16.2.0
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:no breaking behavior
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore: follow the guide of the README.md
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* appCpe is temporarily unused
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* preserve json field for osCPE
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-12 19:13:59 +00:00
Alex Goodman
6be0a9abc4
Improve PR template ( #4472 )
...
* improve pr template
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-12 15:45:29 +00:00
Alexandre Steppé
ea1f4cba38
feat: add support for Gemfile.next.lock ( #4457 )
...
Signed-off-by: Alexandre Steppé <alexandre.steppe@gmail.com>
2025-12-12 10:20:53 -05:00
VictorHuu
c8982b887d
chore:cancel in-progress workflows for new commits on same PR ( #4465 )
...
Signed-off-by: VictorHuu <victorhu493@gmail.com>
2025-12-12 10:20:20 -05:00
anchore-actions-token-generator[bot]
6ad4873a33
chore(deps): update tools to latest versions ( #4466 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-12 08:49:02 -05:00
dependabot[bot]
052e4ca9a3
chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 ( #4468 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.7 to 4.31.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cf1bb45a27...1b168cd394
2025-12-12 08:48:36 -05:00
dependabot[bot]
41e133e2cf
chore(deps): bump actions/cache from 4.3.0 to 5.0.0 ( #4469 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0057852bfa...a783357455
2025-12-12 08:48:32 -05:00
dependabot[bot]
a85e034afc
chore(deps): bump github.com/anchore/stereoscope from 0.1.14 to 0.1.16 ( #4470 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.14 to 0.1.16.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/compare/v0.1.14...v0.1.16 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.16
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-12 08:48:28 -05:00
dependabot[bot]
d5380013ae
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #4471 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0057852bfa...a783357455
2025-12-12 08:48:22 -05:00
anchore-actions-token-generator[bot]
5ea3387cbc
chore(deps): update tools to latest versions ( #4462 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-11 09:55:34 -05:00
Chris Greeno
568b7601bb
fix(javascript): remove debug print statement in dependency parser ( #4412 )
...
Removes an accidental `fmt.Println("error", err)` that was left in
the javascript dependency parser. This causes noisy output to stdout
when parsing npm package-lock.json files that contain dependency
specifiers that aren't valid PURLs.
Signed-off-by: Chris Greeno <chris@fresha.com>
2025-12-10 13:42:09 -05:00
Kendrick
7fdb08c0b6
Validating download_url for github repositories, and updating if necessary ( #4390 )
...
* Adding a second function to validate/correct urls that are just github repositories
Signed-off-by: Kendrick <kmartinix@gmail.com>
* Adding test case to capture github repositories
Signed-off-by: Kendrick <kmartinix@gmail.com>
---------
Signed-off-by: Kendrick <kmartinix@gmail.com>
2025-12-10 13:41:00 -05:00
anchore-actions-token-generator[bot]
47e1cee5a5
chore(deps): update tools to latest versions ( #4456 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-10 13:34:42 -05:00
dependabot[bot]
a0c5b8aa8d
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.5 to 6.7.7 ( #4460 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.7.5 to 6.7.7.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.5...v6.7.7 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.7.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:32:56 -05:00
dependabot[bot]
ab5fa0a664
chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 ( #4459 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.11 to 8.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](22a9089034...98357b18bf
2025-12-10 13:32:51 -05:00
dependabot[bot]
07ad8a5573
chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 ( #4458 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.10 to 0.20.11.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](fbfd9c6c18...43a17d6e7a
2025-12-10 13:32:47 -05:00
anchore-actions-token-generator[bot]
bfe63f83db
chore(deps): update anchore dependencies ( #4440 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2025-12-09 20:56:03 +00:00
anchore-actions-token-generator[bot]
f01056d111
chore(deps): update tools to latest versions ( #4442 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: suppress revive on internal/os package name
golangci-lint has started flagging internal/os package name for
shadowing the stdlib package named "os". Suppress this.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-09 11:00:08 -05:00
dependabot[bot]
09b24bdb47
chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 ( #4447 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.8 to 7.0.11.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](271a8d0340...22a9089034
2025-12-09 09:59:32 -05:00
dependabot[bot]
ae1fa09e02
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.1 ( #4445 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...29824e69f5
2025-12-09 09:57:48 -05:00
dependabot[bot]
6b0f924426
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.2 to 5.7.0 ( #4448 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.6.2 to 5.7.0.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-version: 5.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 09:56:00 -05:00
dependabot[bot]
6d56087289
chore(deps): bump github/codeql-action from 4.31.6 to 4.31.7 ( #4446 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.6 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fe4161a26a...cf1bb45a27
2025-12-09 09:47:52 -05:00
dependabot[bot]
1d718f3311
chore(deps): bump golang.org/x/tools from 0.39.0 to 0.40.0 ( #4453 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.39.0 to 0.40.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 09:46:52 -05:00
Keith Zantow
9e3150b7ee
fix: java archives excluded due to incorrect license glob results ( #4449 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-12-08 15:58:13 -05:00
Will Murphy
d950ac1fae
fix: use vercel for vendor in nextjs CPE ( #4450 )
...
The recent react / next CVE uses "vercel" as the vendor, see
https://nvd.nist.gov/vuln/detail/CVE-2025-55182
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-08 20:23:36 +00:00
VictorHuu
baca32f04a
fix:after compliance applied,the relationship concerning the original one should be omitted ( #4419 )
...
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
2025-12-04 15:30:16 -05:00
dependabot[bot]
155738aba7
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.4 to 2.3.5 ( #4434 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.4...v2.3.5 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-version: 2.3.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-04 13:42:59 -05:00
dependabot[bot]
2b72158b0b
chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 ( #4435 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-version: 1.10.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-04 13:42:50 -05:00
dependabot[bot]
a80679beba
chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 ( #4431 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8
2025-12-03 20:18:45 -05:00
dependabot[bot]
b0c74d4104
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.17 to 0.5.18 ( #4432 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.17 to 0.5.18.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/0.5.17...0.5.18 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-03 13:20:11 -05:00
VictorHuu
afe28a2fc0
fix:handle compound aliases like ``.tgz`` when cataloging archives ( #4421 )
...
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-12-02 16:55:32 -05:00
Will Murphy
d37ed567a8
chore: use git ls-files instead of find to list files ( #4425 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-01 16:46:42 -05:00
dependabot[bot]
e556ceb4a8
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.15 to 0.5.17 ( #4413 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.15 to 0.5.17.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.15...0.5.17 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.17
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 16:34:38 -05:00
anchore-actions-token-generator[bot]
d8538e7d8b
chore(deps): update tools to latest versions ( #4420 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-01 16:34:18 -05:00
dependabot[bot]
cd19ac956c
chore(deps): bump github.com/olekukonko/tablewriter from 1.1.1 to 1.1.2 ( #4427 )
...
Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter ) from 1.1.1 to 1.1.2.
- [Commits](https://github.com/olekukonko/tablewriter/compare/v1.1.1...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/olekukonko/tablewriter
dependency-version: 1.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 16:34:07 -05:00
dependabot[bot]
d1a523fef5
chore(deps): bump github/codeql-action from 4.31.4 to 4.31.6 ( #4424 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.4 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e12f017898...fe4161a26a
2025-12-01 16:34:03 -05:00
dependabot[bot]
e1e3d002bc
chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 ( #4426 )
...
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/goccy/go-yaml/releases )
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/goccy/go-yaml/compare/v1.18.0...v1.19.0 )
---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
dependency-version: 1.19.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 16:33:48 -05:00
Will Murphy
a0f7148608
chore: ignore .DS_Store in test fixtures ( #4422 )
...
Otherwise, we get test failures on macOS if macOS has decided to put
.DS_Store entries in the test fixtures.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-01 10:15:35 -05:00
Adam Chovanec
5b96d1d69d
chore: rename test func for CPE decoder ( #4379 )
...
Signed-off-by: Adam Chovanec <git@adamchovanec.cz>
Co-authored-by: Adam Chovanec <git@adamchovanec.cz>
2025-11-25 23:05:31 -05:00
dependabot[bot]
6c666383e7
chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 ( #4381 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.9 to 0.20.10.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8e94d75ddd...fbfd9c6c18
2025-11-25 23:05:05 -05:00
dependabot[bot]
b9710a1e79
chore(deps): bump modernc.org/sqlite from 1.40.0 to 1.40.1 ( #4382 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.40.0 to 1.40.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.40.0...v1.40.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.40.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-25 23:04:56 -05:00
dependabot[bot]
023a14f869
chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 ( #4396 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68
2025-11-25 23:03:02 -05:00
dependabot[bot]
439a063d08
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.3 to 6.7.5 ( #4397 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.7.3 to 6.7.5.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.3...v6.7.5 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.7.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-25 10:20:59 -05:00
Will Murphy
c95893209d
fix: normalize python package names from dependency lists ( #4408 )
...
Because package names in METADATA files may have upper case like
Werkzeug or Jinja2, but Syft artifacts have normalized names and are
lower case, like werkzeug or jinja2, Syft would miss emitting dependency
relationships. Therefore, normalize dependency names before comparing
with existing artifacts.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-11-25 10:20:21 -05:00
anchore-actions-token-generator[bot]
7e02bdfe45
chore(deps): update tools to latest versions ( #4398 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-11-25 10:17:33 -05:00
dependabot[bot]
479cf5aff2
chore(deps): bump github.com/google/go-containerregistry ( #4409 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.20.6 to 0.20.7.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.6...v0.20.7 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.20.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-25 10:16:54 -05:00
dependabot[bot]
f12788da78
chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 ( #4386 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](014f16e7ab...e12f017898
2025-11-20 12:40:21 -05:00
dependabot[bot]
67709362b6
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.2 to 6.7.3 ( #4387 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.7.2 to 6.7.3.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.2...v6.7.3 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.7.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-20 12:01:21 -05:00
