Alex Goodman
7ed733c3fb
signpost to docs site ( #4483 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-17 18:00:38 +00:00
dependabot[bot]
a39c600913
chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 ( #4481 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.8 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b168cd394...5d4e8d1aca
2025-12-17 10:20:52 -05:00
dependabot[bot]
a2020fe1c7
chore(deps): bump github.com/goccy/go-yaml from 1.19.0 to 1.19.1 ( #4482 )
...
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml ) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/goccy/go-yaml/releases )
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/goccy/go-yaml/compare/v1.19.0...v1.19.1 )
---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
dependency-version: 1.19.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 10:20:43 -05:00
Rez Moss
c79a57b6a1
Detect embedded deps.json in .NET binaries ( #4375 )
...
* syft detect embedded deps.json,dotnet , fixed #4344
Signed-off-by: Rez Moss <hi@rezmoss.com>
* [wip] have pe utils process embedded dep.json
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] add PoC bundler processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] search for bundle marker within pe sections
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* put bundle parsing for multiple .net versions under test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-16 08:35:19 -05:00
dependabot[bot]
2c97ff1b24
chore(deps): bump actions/cache from 5.0.0 to 5.0.1 ( #4476 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](a783357455...9255dc7a25
2025-12-16 08:28:51 -05:00
dependabot[bot]
e760a7cad4
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #4477 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](a783357455...9255dc7a25
2025-12-16 08:28:48 -05:00
anchore-actions-token-generator[bot]
e1ae4e1112
chore(deps): update tools to latest versions ( #4473 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-16 08:28:44 -05:00
Alex Goodman
beb70891e5
unapply base path for resolver inbound requests ( #4478 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-16 08:28:12 -05:00
Rez Moss
e0b61a3ae3
fix: golang PURL should include full module ( #4395 )
...
* fixed #4316 go mod with ver purl
Signed-off-by: Rez Moss <hi@rezmoss.com>
* go mod purl fixed, added func to handle go.mod
Signed-off-by: Rez Moss <hi@rezmoss.com>
* fix: use module name in PURL string everywhere
Signed-off-by: Keith Zantow <kzantow@gmail.com>
---------
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2025-12-12 14:19:26 -05:00
VictorHuu
4c38ee1932
fix:best effort to get the os info of an ELF binary ( #4438 )
...
* fix:the os of an elf binary should be detected even when the os version is empty
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:revoke the update of appCpe
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:resume the testcase
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix:revoke the possible compromise to the json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* fix:align with the json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* add a json schema(pre-relase,may be in conflict with others')
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:add a json schema
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:revert the accidental change to 16.1.0
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* regression/fix:best effort to get the os info
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:resume the previous json file
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* update the schema ver to 16.2.0
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore:no breaking behavior
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* chore: follow the guide of the README.md
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* appCpe is temporarily unused
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
* preserve json field for osCPE
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-12 19:13:59 +00:00
Alex Goodman
6be0a9abc4
Improve PR template ( #4472 )
...
* improve pr template
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-12-12 15:45:29 +00:00
Alexandre Steppé
ea1f4cba38
feat: add support for Gemfile.next.lock ( #4457 )
...
Signed-off-by: Alexandre Steppé <alexandre.steppe@gmail.com>
2025-12-12 10:20:53 -05:00
VictorHuu
c8982b887d
chore:cancel in-progress workflows for new commits on same PR ( #4465 )
...
Signed-off-by: VictorHuu <victorhu493@gmail.com>
2025-12-12 10:20:20 -05:00
anchore-actions-token-generator[bot]
6ad4873a33
chore(deps): update tools to latest versions ( #4466 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-12 08:49:02 -05:00
dependabot[bot]
052e4ca9a3
chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 ( #4468 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.7 to 4.31.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cf1bb45a27...1b168cd394
2025-12-12 08:48:36 -05:00
dependabot[bot]
41e133e2cf
chore(deps): bump actions/cache from 4.3.0 to 5.0.0 ( #4469 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0057852bfa...a783357455
2025-12-12 08:48:32 -05:00
dependabot[bot]
a85e034afc
chore(deps): bump github.com/anchore/stereoscope from 0.1.14 to 0.1.16 ( #4470 )
...
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope ) from 0.1.14 to 0.1.16.
- [Release notes](https://github.com/anchore/stereoscope/releases )
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md )
- [Commits](https://github.com/anchore/stereoscope/compare/v0.1.14...v0.1.16 )
---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
dependency-version: 0.1.16
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-12 08:48:28 -05:00
dependabot[bot]
d5380013ae
chore(deps): bump actions/cache in /.github/actions/bootstrap ( #4471 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0057852bfa...a783357455
2025-12-12 08:48:22 -05:00
anchore-actions-token-generator[bot]
5ea3387cbc
chore(deps): update tools to latest versions ( #4462 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-11 09:55:34 -05:00
Chris Greeno
568b7601bb
fix(javascript): remove debug print statement in dependency parser ( #4412 )
...
Removes an accidental `fmt.Println("error", err)` that was left in
the javascript dependency parser. This causes noisy output to stdout
when parsing npm package-lock.json files that contain dependency
specifiers that aren't valid PURLs.
Signed-off-by: Chris Greeno <chris@fresha.com>
2025-12-10 13:42:09 -05:00
Kendrick
7fdb08c0b6
Validating download_url for github repositories, and updating if necessary ( #4390 )
...
* Adding a second function to validate/correct urls that are just github repositories
Signed-off-by: Kendrick <kmartinix@gmail.com>
* Adding test case to capture github repositories
Signed-off-by: Kendrick <kmartinix@gmail.com>
---------
Signed-off-by: Kendrick <kmartinix@gmail.com>
2025-12-10 13:41:00 -05:00
anchore-actions-token-generator[bot]
47e1cee5a5
chore(deps): update tools to latest versions ( #4456 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-10 13:34:42 -05:00
dependabot[bot]
a0c5b8aa8d
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.5 to 6.7.7 ( #4460 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.7.5 to 6.7.7.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.5...v6.7.7 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.7.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:32:56 -05:00
dependabot[bot]
ab5fa0a664
chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 ( #4459 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.11 to 8.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](22a9089034...98357b18bf
2025-12-10 13:32:51 -05:00
dependabot[bot]
07ad8a5573
chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 ( #4458 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.10 to 0.20.11.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](fbfd9c6c18...43a17d6e7a
2025-12-10 13:32:47 -05:00
anchore-actions-token-generator[bot]
bfe63f83db
chore(deps): update anchore dependencies ( #4440 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2025-12-09 20:56:03 +00:00
anchore-actions-token-generator[bot]
f01056d111
chore(deps): update tools to latest versions ( #4442 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: suppress revive on internal/os package name
golangci-lint has started flagging internal/os package name for
shadowing the stdlib package named "os". Suppress this.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-09 11:00:08 -05:00
dependabot[bot]
09b24bdb47
chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 ( #4447 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.8 to 7.0.11.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](271a8d0340...22a9089034
2025-12-09 09:59:32 -05:00
dependabot[bot]
ae1fa09e02
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.1 ( #4445 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...29824e69f5
2025-12-09 09:57:48 -05:00
dependabot[bot]
6b0f924426
chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.2 to 5.7.0 ( #4448 )
...
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) from 5.6.2 to 5.7.0.
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-billy/v5
dependency-version: 5.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 09:56:00 -05:00
dependabot[bot]
6d56087289
chore(deps): bump github/codeql-action from 4.31.6 to 4.31.7 ( #4446 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.6 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fe4161a26a...cf1bb45a27
2025-12-09 09:47:52 -05:00
dependabot[bot]
1d718f3311
chore(deps): bump golang.org/x/tools from 0.39.0 to 0.40.0 ( #4453 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.39.0 to 0.40.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 09:46:52 -05:00
Keith Zantow
9e3150b7ee
fix: java archives excluded due to incorrect license glob results ( #4449 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-12-08 15:58:13 -05:00
Will Murphy
d950ac1fae
fix: use vercel for vendor in nextjs CPE ( #4450 )
...
The recent react / next CVE uses "vercel" as the vendor, see
https://nvd.nist.gov/vuln/detail/CVE-2025-55182
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-08 20:23:36 +00:00
VictorHuu
baca32f04a
fix:after compliance applied,the relationship concerning the original one should be omitted ( #4419 )
...
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
2025-12-04 15:30:16 -05:00
dependabot[bot]
155738aba7
chore(deps): bump github.com/github/go-spdx/v2 from 2.3.4 to 2.3.5 ( #4434 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.4...v2.3.5 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-version: 2.3.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-04 13:42:59 -05:00
dependabot[bot]
2b72158b0b
chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 ( #4435 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-version: 1.10.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-04 13:42:50 -05:00
dependabot[bot]
a80679beba
chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 ( #4431 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8
2025-12-03 20:18:45 -05:00
dependabot[bot]
b0c74d4104
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.17 to 0.5.18 ( #4432 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.17 to 0.5.18.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/0.5.17...0.5.18 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-03 13:20:11 -05:00
VictorHuu
afe28a2fc0
fix:handle compound aliases like ``.tgz`` when cataloging archives ( #4421 )
...
---------
Signed-off-by: Yuntao Hu <victorhu493@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-12-02 16:55:32 -05:00
Will Murphy
d37ed567a8
chore: use git ls-files instead of find to list files ( #4425 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-01 16:46:42 -05:00
dependabot[bot]
e556ceb4a8
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.15 to 0.5.17 ( #4413 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.5.15 to 0.5.17.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.15...0.5.17 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.17
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 16:34:38 -05:00
anchore-actions-token-generator[bot]
d8538e7d8b
chore(deps): update tools to latest versions ( #4420 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2025-12-01 16:34:18 -05:00
dependabot[bot]
cd19ac956c
chore(deps): bump github.com/olekukonko/tablewriter from 1.1.1 to 1.1.2 ( #4427 )
...
Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter ) from 1.1.1 to 1.1.2.
- [Commits](https://github.com/olekukonko/tablewriter/compare/v1.1.1...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/olekukonko/tablewriter
dependency-version: 1.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 16:34:07 -05:00
dependabot[bot]
d1a523fef5
chore(deps): bump github/codeql-action from 4.31.4 to 4.31.6 ( #4424 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.4 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e12f017898...fe4161a26a
2025-12-01 16:34:03 -05:00
dependabot[bot]
e1e3d002bc
chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 ( #4426 )
...
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/goccy/go-yaml/releases )
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/goccy/go-yaml/compare/v1.18.0...v1.19.0 )
---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
dependency-version: 1.19.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 16:33:48 -05:00
Will Murphy
a0f7148608
chore: ignore .DS_Store in test fixtures ( #4422 )
...
Otherwise, we get test failures on macOS if macOS has decided to put
.DS_Store entries in the test fixtures.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-12-01 10:15:35 -05:00
Adam Chovanec
5b96d1d69d
chore: rename test func for CPE decoder ( #4379 )
...
Signed-off-by: Adam Chovanec <git@adamchovanec.cz>
Co-authored-by: Adam Chovanec <git@adamchovanec.cz>
2025-11-25 23:05:31 -05:00
dependabot[bot]
6c666383e7
chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 ( #4381 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.9 to 0.20.10.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8e94d75ddd...fbfd9c6c18
2025-11-25 23:05:05 -05:00
dependabot[bot]
b9710a1e79
chore(deps): bump modernc.org/sqlite from 1.40.0 to 1.40.1 ( #4382 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.40.0 to 1.40.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.40.0...v1.40.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-version: 1.40.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-25 23:04:56 -05:00
