Rez Moss
fea4a50124
feat: deno cataloger #4417 ( #4523 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-23 10:58:22 -04:00
dependabot[bot]
5eefd73ac7
chore(deps): bump golang.org/x/tools from 0.45.0 to 0.46.0 ( #5008 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.45.0...v0.46.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.46.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 18:50:24 +00:00
dependabot[bot]
684c7018be
chore(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 ( #5004 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.55.0 to 0.56.0.
- [Commits](https://github.com/golang/net/compare/v0.55.0...v0.56.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.56.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 18:34:47 +00:00
dependabot[bot]
f827f91ec1
chore(deps): bump golang.org/x/mod from 0.36.0 to 0.37.0 ( #5007 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.36.0 to 0.37.0.
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.37.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 18:19:47 +00:00
dependabot[bot]
e9af7d218c
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.10 to 6.8.1 ( #5006 )
...
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) from 6.7.10 to 6.8.1.
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.10...v6.8.1 )
---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.8.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 18:18:54 +00:00
Alex Goodman
506ad5d6a7
refactor release pipeline: TAG_TOKEN, skip-checks gate, dependabot/zizmor cleanup ( #5003 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 14:04:48 -04:00
Rez Moss
1f4f9332c5
feat: support envoy bin classifier
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-22 13:16:33 -04:00
Rez Moss
52a4c3b594
feat: elastic beats bin classifier ( #4969 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-22 11:49:44 -04:00
Keith Zantow
9c321691d4
feat: SPDX 3 ( #4269 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-22 10:59:34 -04:00
Alex Goodman
0e8d6deabe
require tmpdir to exist for fingerprints ( #5002 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 10:54:26 -04:00
dependabot[bot]
deb2fd92ef
chore(deps): bump github.com/containerd/containerd/v2 ( #5001 )
...
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v2.3.1...v2.3.2 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
dependency-version: 2.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 14:12:11 +00:00
Alex Goodman
80d3b62de4
bump go-make to v0.7.0 ( #4999 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 09:47:58 -04:00
anchore-oss-update-bot
b71afc87fc
chore(deps): update tool versions ( #4994 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-06-19 11:51:05 +00:00
Alex Goodman
efe3174b5f
Preserve dependency edges when a compliance stub changes a package ID ( #4993 )
...
* fix relationship rewrites for isolated nodes
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* cover dangling pointers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-18 19:50:30 -04:00
Rez Moss
58e4dbbf01
feat: added bin classifier elastic-agent ( #4968 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-17 15:29:07 +00:00
Sebastiaan van Stijn
b70fa899cb
golangci-lint: enable gci formatter ( #4828 )
...
This allows linting the imports to be grouped correctly, and provides
an auto-fix (`golangci-lint run --fix`).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-06-17 10:34:22 -04:00
Alex Goodman
951fbd454a
add purl types to cataloger info cmd ( #4984 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-16 12:13:34 -04:00
Rez Moss
92ae4d44c5
fix: .net deps.json cataloger no longer shows phantom pkgs ( #4971 )
...
Signed-off-by: Rez Moss <hi@rezmoss.com>
2026-06-16 12:02:42 -04:00
Alex Goodman
8d48a8b8c2
ensure we have a snapshot build for cli tests ( #4981 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-16 10:41:33 -04:00
David Dashti
cff5a05681
fix(dpkg): extract License field for opkg/ipkg entries ( #4963 )
...
* fix(dpkg): extract License field for opkg/ipkg entries
opkg and ipkg use the dpkg cataloger but declare the package License
inline in the status DB (unlike Debian dpkg, where licenses live in
copyright files). The cataloger silently dropped the License field at
mapstructure decode time, so all opkg-managed packages reported empty
licenses.
This adds the field to the intermediate decode struct and the public
DpkgDBEntry, and populates licenses in newDpkgPackage using the alpine
cataloger's pattern: try license.ParseExpression first to keep valid
SPDX expressions whole, fall back to whitespace splitting for
space-separated lists.
Standard Debian dpkg status files never carry a License field per
Debian policy, so the new path is a no-op for them; the existing
copyright-file lookup in addLicenses is unaffected.
Closes #4940
Signed-off-by: David Dashti <47575784+Dashtid@users.noreply.github.com>
* remove license from dpkg metadata struct
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore format snapshot files
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add additional tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: David Dashti <47575784+Dashtid@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-15 16:15:32 -04:00
Kursat Topcuoglu
00ca43d24a
fix: catalog uv PEP 723 script lockfiles (*.py.lock) ( #4950 )
...
Signed-off-by: Kursat Topcuoglu <7313835+ktopcuoglu@users.noreply.github.com>
Co-authored-by: Kursat Topcuoglu <7313835+ktopcuoglu@users.noreply.github.com>
2026-06-15 11:34:02 -04:00
dependabot[bot]
6a27678036
chore(deps): bump the actions-minor-patch group across 2 directories with 6 updates ( #4975 )
...
Bumps the actions-minor-patch group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
| [actions/checkout](https://github.com/actions/checkout ) | `6.0.2` | `6.0.3` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows ) | `0.7.0` | `0.7.2` |
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [anchore/go-make](https://github.com/anchore/go-make ).
Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](de0fac2e45...df4cb1c069 )
Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.7.0 to 0.7.2
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](b3e328b5ae...b0c30a8040 )
Updates `anchore/go-make` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/anchore/go-make/releases )
- [Commits](9de27be11e...39fe5f7111 )
---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
dependency-version: 0.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 13:29:23 +00:00
Keith Zantow
89773c0a12
fix: support CycloneDX 1.7 ( #4967 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-11 09:40:42 -04:00
Yoonho Hann
b08d3c2970
feat: add support for Bun lockfile ( #4625 )
...
---------
Signed-off-by: Yoonho Hann <hnnynh125@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-09 13:22:43 -04:00
Keith Zantow
63232bf725
fix: local version identifiers in python requirements parsing ( #4959 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-06-08 11:12:47 -04:00
Marcus
908eb57890
feat: add .bpl extension to PE cataloger ( #4954 )
...
BPL (Borland Package Library) files are standard PE/DLL format used by
Delphi and C++Builder. Adding the extension to the glob list so syft
picks them up during directory scans without users needing to rename
to .dll first.
---------
Signed-off-by: jfjrh2014 <jfjrh2014@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-08 10:07:15 -04:00
Arpit Jain
c5c423ab37
fix: detect mariadb version from RHEL build path ( #4952 )
...
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
2026-06-07 13:28:18 -04:00
anchore-oss-update-bot
d4496b05aa
chore(deps): update anchore dependencies ( #4934 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
v1.45.1
2026-06-05 13:55:57 +00:00
dependabot[bot]
adc55cdb3a
chore(deps): bump the go-minor-patch group across 1 directory with 3 updates ( #4957 )
...
Bumps the go-minor-patch group with 3 updates in the / directory: [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ), [github.com/gpustack/gguf-parser-go](https://github.com/gpustack/gguf-parser-go ) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ).
Updates `github.com/gkampitakis/go-snaps` from 0.5.21 to 0.5.22
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.21...v0.5.22 )
Updates `github.com/gpustack/gguf-parser-go` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/gpustack/gguf-parser-go/releases )
- [Commits](https://github.com/gpustack/gguf-parser-go/compare/v0.24.0...v0.24.1 )
Updates `modernc.org/sqlite` from 1.50.1 to 1.51.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.1...v1.51.0 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.22
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/gpustack/gguf-parser-go
dependency-version: 0.24.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
dependency-version: 1.51.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-05 13:28:05 +00:00
anchore-oss-update-bot
00d0bb59cc
chore(deps): update tool versions ( #4724 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-06-05 11:22:28 +00:00
dependabot[bot]
f474308783
chore(deps): bump the go-minor-patch group across 2 directories with 14 updates ( #4947 )
...
* chore(deps): bump the go-minor-patch group across 2 directories with 14 updates
Bumps the go-minor-patch group with 9 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go ) | `0.10.0` | `0.11.0` |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) | `3.4.0` | `3.5.0` |
| [github.com/diskfs/go-diskfs](https://github.com/diskfs/go-diskfs ) | `1.7.0` | `1.9.3` |
| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) | `2.4.0` | `2.7.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) | `0.21.5` | `0.21.6` |
| [github.com/gookit/color](https://github.com/gookit/color ) | `1.6.0` | `1.6.1` |
| [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema ) | `0.13.0` | `0.14.0` |
| [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty ) | `6.7.8` | `6.7.10` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) | `1.46.2` | `1.50.1` |
Bumps the go-minor-patch group with 1 update in the /.make directory: [github.com/anchore/go-make](https://github.com/anchore/go-make ).
Updates `github.com/CycloneDX/cyclonedx-go` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases )
- [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.10.0...v0.11.0 )
Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.4.0...v3.5.0 )
Updates `github.com/diskfs/go-diskfs` from 1.7.0 to 1.9.3
- [Commits](https://github.com/diskfs/go-diskfs/compare/v1.7.0...v1.9.3 )
Updates `github.com/github/go-spdx/v2` from 2.4.0 to 2.7.0
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.4.0...v2.7.0 )
Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6 )
Updates `github.com/gookit/color` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.6.0...v1.6.1 )
Updates `github.com/invopop/jsonschema` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/invopop/jsonschema/releases )
- [Commits](https://github.com/invopop/jsonschema/compare/v0.13.0...v0.14.0 )
Updates `github.com/jedib0t/go-pretty/v6` from 6.7.8 to 6.7.10
- [Release notes](https://github.com/jedib0t/go-pretty/releases )
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.7.8...v6.7.10 )
Updates `github.com/klauspost/compress` from 1.18.5 to 1.18.6
- [Release notes](https://github.com/klauspost/compress/releases )
- [Commits](https://github.com/klauspost/compress/compare/v1.18.5...v1.18.6 )
Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](https://github.com/golang/mod/compare/v0.35.0...v0.36.0 )
Updates `golang.org/x/net` from 0.53.0 to 0.54.0
- [Commits](https://github.com/golang/net/compare/v0.53.0...v0.54.0 )
Updates `golang.org/x/tools` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.44.0...v0.45.0 )
Updates `modernc.org/sqlite` from 1.46.2 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.2...v1.50.1 )
Updates `github.com/anchore/go-make` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/anchore/go-make/releases )
- [Commits](https://github.com/anchore/go-make/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
dependency-version: 0.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/Masterminds/semver/v3
dependency-version: 3.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/diskfs/go-diskfs
dependency-version: 1.9.3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/github/go-spdx/v2
dependency-version: 2.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.21.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/gookit/color
dependency-version: 1.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/invopop/jsonschema
dependency-version: 0.14.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/jedib0t/go-pretty/v6
dependency-version: 6.7.10
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/klauspost/compress
dependency-version: 1.18.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: golang.org/x/mod
dependency-version: 0.36.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: golang.org/x/net
dependency-version: 0.54.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: golang.org/x/tools
dependency-version: 0.45.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
dependency-version: 1.50.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/anchore/go-make
dependency-version: 0.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: update signatures to return fs.FileInfo after breaking changes
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* fix: lint-fix
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2026-06-04 17:06:25 -04:00
Will Murphy
bf67072246
chore: bump golang.org/x/crypto ( #4955 )
...
* chore: bump golang.org/x/crypto
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* also bump golang.org/x/net
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-06-04 16:06:08 -04:00
Will Murphy
9673f867e5
Pass contents: read to check-gate ( #4951 )
...
Otherwise check-gate doesn't have enough permissions to do its job and
fails.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
v1.45.0
2026-06-02 16:05:42 -04:00
Matias Insaurralde
a4fb2c0396
perf(python): hoist name normalization regexp to package level ( #4926 )
...
Avoid recompiling the separator pattern on every normalize() call during cataloging.
Signed-off-by: Matías Insaurralde <matias@insaurral.de>
2026-06-01 21:17:43 -04:00
witchcraze
cf2ce643c3
update helm classifier ( #4922 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-06-01 10:21:57 -04:00
dependabot[bot]
524a44b70d
chore(deps): bump the actions-minor-patch group across 1 directory with 6 updates ( #4946 )
...
Bumps the actions-minor-patch group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `4.1.0` | `4.2.0` |
| [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows ) | `0.6.0` | `0.7.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) | `0.5.5` | `0.5.6` |
Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](4907a6ddec...650006c6eb )
Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/anchore/workflows/releases )
- [Commits](15122524ce...b3e328b5ae )
Updates `zizmorcore/zizmor-action` from 0.5.5 to 0.5.6
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](a16621b09c...5f14fd08f7 )
---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: docker/login-action
dependency-version: 4.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
dependency-version: 0.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
dependency-version: 0.5.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-29 16:35:04 +00:00
witchcraze
4e86715c1a
fix: improve julia classifier to find shared libs and beta versions ( #4945 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-05-29 12:05:46 -04:00
Alex Goodman
e8c6b7151e
swap postgres signature check for rocky linux baseline rpm ( #4941 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-26 10:11:38 -04:00
witchcraze
0fb8762f41
fix: improve deno classifier ( #4939 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-05-25 11:58:10 -04:00
dependabot[bot]
58ddf74140
chore(deps): bump the actions-minor-patch group across 2 directories with 2 updates ( #4936 )
...
Bumps the actions-minor-patch group with 1 update in the / directory: [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [anchore/go-make](https://github.com/anchore/go-make ).
Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.5
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](b1d7e1fb5d...a16621b09c )
Updates `anchore/go-make` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/anchore/go-make/releases )
- [Commits](88c3650598...9de27be11e )
---
updated-dependencies:
- dependency-name: zizmorcore/zizmor-action
dependency-version: 0.5.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
dependency-version: 0.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-22 13:42:36 +00:00
dependabot[bot]
b5d828ee14
chore(deps): bump github.com/containerd/containerd/v2 ( #4935 )
...
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v2.3.0...v2.3.1 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
dependency-version: 2.3.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-21 22:17:36 +00:00
Doug Clarke
1c4394fed0
fix: enhancement to java cataloger to consider .zap files as jar files ( #4932 )
...
* Enhancements to java cataloger to consider .zap files as jar files - Issue #4654
Signed-off-by: Doug Clarke <douglas.clarke@oracle.com>
2026-05-21 15:24:38 -04:00
anchore-oss-update-bot
f5c1a0befc
chore(deps): update anchore dependencies ( #4821 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-05-20 19:50:47 +00:00
dependabot[bot]
b1287d45d8
chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 ( #4930 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.19.0 to 5.19.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md )
- [Commits](https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.19.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 16:11:18 +00:00
Alex Goodman
d97216ff70
Remediate audit ( #4929 )
...
* remove slack notification on release
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restrict cache usage
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-18 15:01:37 -04:00
dependabot[bot]
c09a009bda
chore(deps): bump the actions-minor-patch group across 1 directory with 4 updates ( #4927 )
...
Bumps the actions-minor-patch group with 4 updates in the / directory: [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows ), [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows ), [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows ) and [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows ).
Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.5.0 to 0.6.0
- [Commits](e8cee3a591...15122524ce )
Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.4.0 to 0.6.0
- [Commits](8b2b1caf40...15122524ce )
Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.4.0 to 0.6.0
- [Commits](8b2b1caf40...15122524ce )
Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.4.0 to 0.6.0
- [Commits](8b2b1caf40...15122524ce )
---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml
dependency-version: 0.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 16:13:54 +00:00
Alex Goodman
d61af0abab
Port to go-make ( #4923 )
...
* port to go-make
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* refresh fixtures on running unit tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address refresh cache issues with old now-gitignored files
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-05-18 11:59:55 -04:00
anchore-oss-update-bot
89cda82263
chore(deps): update CPE dictionary index ( #4925 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-05-18 10:21:30 -04:00
dependabot[bot]
ee6ace36d1
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates ( #4920 )
...
Bumps the actions-minor-patch group with 2 updates in the / directory: [runs-on/action](https://github.com/runs-on/action ) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ).
Updates `runs-on/action` from 2.1.0 to 2.1.2
- [Release notes](https://github.com/runs-on/action/releases )
- [Commits](742bf56072...d141ef83eb )
Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](cad07c2e89...6f9f177880 )
---
updated-dependencies:
- dependency-name: runs-on/action
dependency-version: 2.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
- dependency-name: sigstore/cosign-installer
dependency-version: 4.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 13:34:58 +00:00
witchcraze
e2e5e223ab
feat: mysqld, ndbd, ndbmtd and ndb_mgmd classifier ( #4907 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-05-14 11:29:42 -04:00