chore(deps): bump slackapi/slack-github-action from 2.1.1 to 3.0.1 (#4684 )

Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 2.1.1 to 3.0.1. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](91efab103c...af78098f53) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore(deps): bump marocchino/sticky-pull-request-comment (#4685 )
2026-03-30 13:43:25 +02:00 · 2026-03-26 11:12:33 -04:00 · 2026-03-25 19:27:59 -04:00 · 2026-03-25 19:27:50 -04:00 · 2026-03-25 19:27:31 -04:00 · 2026-03-25 08:38:49 -04:00
20 changed files with 136 additions and 30 deletions
--- a/.binny.yaml
+++ b/.binny.yaml
@ -26,7 +26,7 @@ tools:
  # used for linting
  - name: golangci-lint
    version:
-      want: v2.11.3
+      want: v2.11.4
    method: github-release
    with:
      repo: golangci/golangci-lint
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -23,6 +23,11 @@ updates:
    open-pull-requests-limit: 10
    labels:
      - "dependencies"
+    ignore:
+      - dependency-name: "github.com/aquasecurity/go-pep440-version"
+      - dependency-name: "github.com/aquasecurity/go-version"
+      - dependency-name: "github.com/knqyf263/go-apk-version"
+      - dependency-name: "github.com/knqyf263/go-deb-version"
    groups:
      go-minor-patch:
        applies-to: version-updates  # security updates get individual PRs
--- a/.github/workflows/detect-schema-changes.yaml
+++ b/.github/workflows/detect-schema-changes.yaml
@ -37,6 +37,8 @@ jobs:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
        with:
          persist-credentials: false
+          repository: anchore/syft # IMPORTANT! An additional protection that this is checking out code from the expected repository 
+          ref: main # IMPORTANT!  It is CRITICAL that this only ever considers the code from main and NEVER EVER from a fork.

      - run: python .github/scripts/labeler.py
        env:
@ -46,7 +48,7 @@ jobs:

      - name: Delete existing comment
        if: ${{ hashFiles( env.CI_COMMENT_FILE ) == '' }}
-        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 #v2.9.4
+        uses: marocchino/sticky-pull-request-comment@70d2764d1a7d5d9560b100cbea0077fc8f633987 #v3.0.2
        with:
          header: ${{ env.COMMENT_HEADER }}
          hide: true
@ -54,7 +56,7 @@ jobs:

      - name: Add comment
        if: ${{ hashFiles( env.CI_COMMENT_FILE ) != '' }}
-        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 #v2.9.4
+        uses: marocchino/sticky-pull-request-comment@70d2764d1a7d5d9560b100cbea0077fc8f633987 #v3.0.2
        with:
          header: ${{ env.COMMENT_HEADER }}
          path: ${{ env.CI_COMMENT_FILE }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -193,7 +193,7 @@ jobs:
          artifact-name: sbom.spdx.json

      - name: Notify Slack of new release
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1
+        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 #v3.0.1
        continue-on-error: true
        with:
          webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
--- a/.github/workflows/update-anchore-dependencies.yml
+++ b/.github/workflows/update-anchore-dependencies.yml
@ -31,7 +31,7 @@ jobs:
        with:
          repos: ${{ github.event.inputs.repos }}

-      - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1
+      - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 #v3.0.0
        id: generate-token
        with:
          app-id: ${{ secrets.TOKEN_APP_ID }}
--- a/.github/workflows/update-bootstrap-tools.yml
+++ b/.github/workflows/update-bootstrap-tools.yml
@ -45,7 +45,7 @@ jobs:
            echo "\`\`\`"
          } >> $GITHUB_STEP_SUMMARY

-      - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1
+      - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 #v3.0.0
        id: generate-token
        with:
          app-id: ${{ secrets.TOKEN_APP_ID }}
--- a/.github/workflows/update-cpe-dictionary-index.yml
+++ b/.github/workflows/update-cpe-dictionary-index.yml
@ -46,7 +46,7 @@ jobs:
      - name: Push updated CPE cache to registry
        run: make generate:cpe-index:cache:push

-      - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1
+      - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 #v3.0.0
        id: generate-token
        with:
          app-id: ${{ secrets.TOKEN_APP_ID }}
@ -65,7 +65,7 @@ jobs:
          token: ${{ steps.generate-token.outputs.token }}

      - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1
+        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 #v3.0.1
        with:
          webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
          webhook-type: incoming-webhook
--- a/.github/workflows/update-spdx-license-list.yaml
+++ b/.github/workflows/update-spdx-license-list.yaml
@ -45,7 +45,7 @@ jobs:
          token: ${{ steps.generate-token.outputs.token }}

      - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1
+        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 #v3.0.1
        with:
          webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
          webhook-type: incoming-webhook
--- a/go.mod
+++ b/go.mod
@ -37,7 +37,7 @@ require (
 	github.com/elliotchance/phpserialize v1.4.0
 	github.com/facebookincubator/nvdtools v0.1.5
 	github.com/github/go-spdx/v2 v2.4.0
-	github.com/gkampitakis/go-snaps v0.5.20
+	github.com/gkampitakis/go-snaps v0.5.21
 	github.com/go-git/go-billy/v5 v5.8.0
 	github.com/go-git/go-git/v5 v5.17.0
 	github.com/go-test/deep v1.1.1
@ -88,7 +88,7 @@ require (
 	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546
 	golang.org/x/mod v0.34.0
 	golang.org/x/net v0.52.0
-	modernc.org/sqlite v1.46.1
+	modernc.org/sqlite v1.46.2
 )

 require (
@ -263,7 +263,7 @@ require (
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1
-	modernc.org/libc v1.67.6 // indirect
+	modernc.org/libc v1.70.0 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -414,8 +414,8 @@ github.com/github/go-spdx/v2 v2.4.0 h1:+4IwVwJJbm3rzvrQ6P1nI9BDMcy3la4RchRy5uehV
 github.com/github/go-spdx/v2 v2.4.0/go.mod h1:/5rwgS0txhGtRdUZwc02bTglzg6HK3FfuEbECKlK2Sg=
 github.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs=
 github.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo=
-github.com/gkampitakis/go-snaps v0.5.20 h1:FGKonEeQPJ12t7RQj6cTPa881fl5c8HYarMLv5vP7sg=
-github.com/gkampitakis/go-snaps v0.5.20/go.mod h1:gC3YqxQTPyIXvQrw/Vpt3a8VqR1MO8sVpZFWN4DGwNs=
+github.com/gkampitakis/go-snaps v0.5.21 h1:SvhSFeZviQXwlT+dnGyAIATVehkhqRVW6qfQZhCZH+Y=
+github.com/gkampitakis/go-snaps v0.5.21/go.mod h1:gC3YqxQTPyIXvQrw/Vpt3a8VqR1MO8sVpZFWN4DGwNs=
 github.com/glebarez/go-sqlite v1.20.3 h1:89BkqGOXR9oRmG58ZrzgoY/Fhy5x0M+/WV48U5zVrZ4=
 github.com/glebarez/go-sqlite v1.20.3/go.mod h1:u3N6D/wftiAzIOJtZl6BmedqxmmkDfH3q+ihjqxC9u0=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
@ -1514,18 +1514,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
 modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
-modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc=
-modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM=
-modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
-modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/ccgo/v4 v4.32.0 h1:hjG66bI/kqIPX1b2yT6fr/jt+QedtP2fqojG2VrFuVw=
+modernc.org/ccgo/v4 v4.32.0/go.mod h1:6F08EBCx5uQc38kMGl+0Nm0oWczoo1c7cgpzEry7Uc0=
+modernc.org/fileutil v1.4.0 h1:j6ZzNTftVS054gi281TyLjHPp6CPHr2KCxEXjEbD6SM=
+modernc.org/fileutil v1.4.0/go.mod h1:EqdKFDxiByqxLk8ozOxObDSfcVOv/54xDs/DUHdvCUU=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
-modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE=
-modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
+modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
+modernc.org/gc/v3 v3.1.2/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI=
-modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE=
+modernc.org/libc v1.70.0 h1:U58NawXqXbgpZ/dcdS9kMshu08aiA6b7gusEusqzNkw=
+modernc.org/libc v1.70.0/go.mod h1:OVmxFGP1CI/Z4L3E0Q3Mf1PDE0BucwMkcXjjLntvHJo=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@ -1534,8 +1534,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
-modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
+modernc.org/sqlite v1.46.2 h1:gkXQ6R0+AjxFC/fTDaeIVLbNLNrRoOK7YYVz5BKhTcE=
+modernc.org/sqlite v1.46.2/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
--- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go
+++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go
@ -61,6 +61,28 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 				Metadata:  metadata("arangodb-binary"),
 			},
 		},
+		{
+			logicalFixture: "arangodb/3.12.5/linux-amd64",
+			expected: pkg.Package{
+				Name:      "arangodb",
+				Version:   "3.12.5",
+				Type:      "binary",
+				PURL:      "pkg:generic/arangodb@3.12.5",
+				Locations: locations("arangosh"),
+				Metadata:  metadata("arangodb-binary"),
+			},
+		},
+		{
+			logicalFixture: "arangodb/3.12.5-2/linux-amd64",
+			expected: pkg.Package{
+				Name:      "arangodb",
+				Version:   "3.12.5-2",
+				Type:      "binary",
+				PURL:      "pkg:generic/arangodb@3.12.5-2",
+				Locations: locations("arangosh"),
+				Metadata:  metadata("arangodb-binary"),
+			},
+		},
 		{
 			logicalFixture: "postgres/15beta4/linux-amd64",
 			expected: pkg.Package{
@ -727,6 +749,16 @@ func Test_Cataloger_PositiveCases(t *testing.T) {
 		{
 			// TODO: find original binary...
 			// note: cannot find the original binary, using a custom snippet based on the original snippet in the repo
+			logicalFixture: "go-version-hint/1.15-dev/any",
+			expected: pkg.Package{
+				Name:      "go",
+				Version:   "1.15",
+				PURL:      "pkg:generic/go@1.15",
+				Locations: locations("bin/go", "VERSION"),
+				Metadata:  metadata("go-binary"),
+			},
+		},
+		{
 			logicalFixture: "go-version-hint/1.15/any",
 			expected: pkg.Package{
 				Name:      "go",
--- a/syft/pkg/cataloger/binary/classifiers.go
+++ b/syft/pkg/cataloger/binary/classifiers.go
@ -76,10 +76,10 @@ func DefaultClassifiers() []binutils.Classifier {
 					`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)\x00`),
 				binutils.SupportingEvidenceMatcher("VERSION*",
 					m.FileContentsVersionMatcher(
-						`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+|-[_0-9a-z]+)?)\s`)),
+						`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+|-[_0-9a-z]+)?)`)),
 				binutils.SupportingEvidenceMatcher("../VERSION*",
 					m.FileContentsVersionMatcher(
-						`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+|-[_0-9a-z]+)?)\s`)),
+						`(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+|-[_0-9a-z]+)?)`)),
 			),
 			Package: "go",
 			PURL:    mustPURL("pkg:generic/go@version"),
@ -232,7 +232,7 @@ func DefaultClassifiers() []binutils.Classifier {
 			Class:    "arangodb-binary",
 			FileGlob: "**/arangosh",
 			EvidenceMatcher: m.FileContentsVersionMatcher(
-				`(?m)\x00*(?P<version>[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?)\s\[linux\]`),
+				`(?m)\x00*(?P<version>[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?)\s(enterprise\s)?\[linux\]`),
 			Package: "arangodb",
 			PURL:    mustPURL("pkg:generic/arangodb@version"),
 			CPEs:    singleCPE("cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource),
--- a/syft/pkg/cataloger/binary/testdata/capture-snippet.sh
+++ b/syft/pkg/cataloger/binary/testdata/capture-snippet.sh
@ -151,4 +151,4 @@ while $CONTINUE_LOOP; do

 done

-go run ./manager write-snippet "$BINARY_FILE" --offset "$OFFSET" --length "$LENGTH" --name "$GROUP_NAME" --version "$VERSION"
+go run ../internal/manager write-snippet "$BINARY_FILE" --offset "$OFFSET" --length "$LENGTH" --name "$GROUP_NAME" --version "$VERSION"
--- a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/arangodb/3.12.5-2/linux-amd64/arangosh
+++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/arangodb/3.12.5-2/linux-amd64/arangosh
--- a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/arangodb/3.12.5/linux-amd64/arangosh
+++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/arangodb/3.12.5/linux-amd64/arangosh
--- a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/1.15-dev/any/VERSION
+++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/1.15-dev/any/VERSION
@ -0,0 +1 @@
+go1.15 Fri 2003
--- a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/1.15-dev/any/bin/go
+++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/1.15-dev/any/bin/go
@ -0,0 +1 @@
+no version in this binary
--- a/syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/1.15/any/VERSION
+++ b/syft/pkg/cataloger/binary/testdata/classifiers/snippets/go-version-hint/1.15/any/VERSION
@ -1 +1 @@
-go1.15 Fri 2003
+go1.15
--- a/syft/pkg/cataloger/binary/testdata/config.yaml
+++ b/syft/pkg/cataloger/binary/testdata/config.yaml
@ -458,6 +458,20 @@ from-images:
        platform: linux/amd64
    paths:
      - /usr/bin/arangosh
+  - name: arangodb
+    version: 3.12.5
+    images:
+      - ref: arangodb:3.12.5@sha256:1f9278fe17b200cf3aea2c7bd7fd571221b5b41a49b835a397c47eb970c952d6
+        platform: linux/amd64
+    paths:
+      - /usr/bin/arangosh
+  - name: arangodb
+    version: 3.12.5-2
+    images:
+      - ref: arangodb:3.12.5.2@sha256:5b0d1d2911ea864ea61d7e2357789004fe912606f5980cf481739601d7cb17a1
+        platform: linux/amd64
+    paths:
+      - /usr/bin/arangosh
  - version: 15.1
    images:
      - ref: postgres:15.1@sha256:b4140dd3a62f364f16a82c1bd88d28b9887ecb47f07dbe2941237d073574d428
--- a/syft/pkg/cataloger/internal/cpegenerate/dictionary/data/cpe-index.json
+++ b/syft/pkg/cataloger/internal/cpegenerate/dictionary/data/cpe-index.json
@ -52,6 +52,12 @@
      "github.com/ecnepsnai/web": [
        "cpe:2.3:a:web_project:web:*:*:*:*:*:go:*:*"
      ],
+      "github.com/free5gc/amf": [
+        "cpe:2.3:a:free5gc:amf:*:*:*:*:*:go:*:*"
+      ],
+      "github.com/free5gc/go-upf": [
+        "cpe:2.3:a:free5gc:go-upf:*:*:*:*:*:go:*:*"
+      ],
      "github.com/free5gc/smf": [
        "cpe:2.3:a:free5gc:smf:*:*:*:*:*:go:*:*"
      ],
@ -2314,6 +2320,9 @@
      "@ckeditor/ckeditor5-widget": [
        "cpe:2.3:a:ckeditor:ckeditor5-widget:*:*:*:*:*:node.js:*:*"
      ],
+      "@coding-solo/godot-mcp": [
+        "cpe:2.3:a:coding-solo:godot_mcp:*:*:*:*:*:*:*:*"
+      ],
      "@cookiex/deep": [
        "cpe:2.3:a:cookiex-deep_project:cookiex-deep:*:*:*:*:*:node.js:*:*"
      ],
@ -2477,6 +2486,12 @@
      "@thi.ng/egf": [
        "cpe:2.3:a:\\@thi.ng\\/egf_project:\\@thi.ng\\/egf:*:*:*:*:*:node.js:*:*"
      ],
+      "@tinacms/cli": [
+        "cpe:2.3:a:ssw:tinacms\\/cli:*:*:*:*:*:node.js:*:*"
+      ],
+      "@tinacms/graphql": [
+        "cpe:2.3:a:ssw:tinacms\\/graphql:*:*:*:*:*:node.js:*:*"
+      ],
      "@tiptap/extension-link": [
        "cpe:2.3:a:tiptap:tiptap\\/extension-link:*:*:*:*:*:node.js:*:*"
      ],
@ -3076,6 +3091,9 @@
      "defaults-deep": [
        "cpe:2.3:a:defaults-deep_project:defaults-deep:*:*:*:*:*:node.js:*:*"
      ],
+      "defuddle": [
+        "cpe:2.3:a:kepano:defuddle:*:*:*:*:*:node.js:*:*"
+      ],
      "desafio": [
        "cpe:2.3:a:desafio_project:desafio:*:*:*:*:*:node.js:*:*"
      ],
@ -3279,6 +3297,9 @@
      "express-openid-connect": [
        "cpe:2.3:a:auth0:express_openid_connect:*:*:*:*:*:node.js:*:*"
      ],
+      "express-rate-limit": [
+        "cpe:2.3:a:express-rate-limit:express-rate-limit:*:*:*:*:*:node.js:*:*"
+      ],
      "express-restify-mongoose": [
        "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*"
      ],
@ -3361,7 +3382,7 @@
        "cpe:2.3:a:fibjs_project:fibjs:*:*:*:*:*:node.js:*:*"
      ],
      "file-type": [
-        "cpe:2.3:a:file-type_project:file-type:*:*:*:*:*:node.js:*:*"
+        "cpe:2.3:a:sindresorhus:file-type:*:*:*:*:*:node.js:*:*"
      ],
      "file-upload-with-preview": [
        "cpe:2.3:a:johndatserakis:file-upload-with-preview:*:*:*:*:*:node.js:*:*"
@ -5476,6 +5497,9 @@
      "terminal-kit": [
        "cpe:2.3:a:terminal-kit_project:terminal-kit:*:*:*:*:*:node.js:*:*"
      ],
+      "terriajs-server": [
+        "cpe:2.3:a:terria:terriajs-server:*:*:*:*:*:node.js:*:*"
+      ],
      "terser": [
        "cpe:2.3:a:terser:terser:*:*:*:*:*:node.js:*:*"
      ],
@ -5491,6 +5515,9 @@
      "timespan": [
        "cpe:2.3:a:timespan_project:timespan:*:*:*:*:*:node.js:*:*"
      ],
+      "tinacms": [
+        "cpe:2.3:a:ssw:tinacms:*:*:*:*:*:node.js:*:*"
+      ],
      "tiny-conf": [
        "cpe:2.3:a:tiny-conf_project:tiny-conf:*:*:*:*:*:node.js:*:*"
      ],
@ -5599,6 +5626,9 @@
      "ungit": [
        "cpe:2.3:a:ungit_project:ungit:*:*:*:*:*:node.js:*:*"
      ],
+      "unhead": [
+        "cpe:2.3:a:unjs:unhead:*:*:*:*:*:node.js:*:*"
+      ],
      "unicode": [
        "cpe:2.3:a:unicode_project:unicode:*:*:*:*:*:node.js:*:*"
      ],
@ -5980,6 +6010,9 @@
      "b2sdk": [
        "cpe:2.3:a:backblaze:b2-sdk-python:*:*:*:*:*:*:*:*"
      ],
+      "black": [
+        "cpe:2.3:a:python:black:*:*:*:*:*:python:*:*"
+      ],
      "blackduck": [
        "cpe:2.3:a:synopsys:hub-rest-api-python:*:*:*:*:*:*:*:*"
      ],
@ -6047,6 +6080,9 @@
      "datapizza-ai": [
        "cpe:2.3:a:datapizza:datapizza_ai:*:*:*:*:*:*:*:*"
      ],
+      "dbt-common": [
+        "cpe:2.3:a:getdbt:dbt-common:*:*:*:*:*:*:*:*"
+      ],
      "decorator": [
        "cpe:2.3:a:python:decorator:*:*:*:*:*:*:*:*"
      ],
@ -6180,6 +6216,9 @@
      "marshmallow": [
        "cpe:2.3:a:marshmallow_project:marshmallow:*:*:*:*:*:python:*:*"
      ],
+      "mcp-memory-service": [
+        "cpe:2.3:a:doobidoo:mcp-memory-service:*:*:*:*:*:*:*:*"
+      ],
      "mltable": [
        "cpe:2.3:a:microsoft:azure_machine_learning_software_development_kit:*:*:*:*:*:*:*:*"
      ],
@ -7008,6 +7047,12 @@
      "aws-lc-fips-sys": [
        "cpe:2.3:a:amazon:aws-lc-fips-sys:*:*:*:*:*:rust:*:*"
      ],
+      "aws-lc-rs": [
+        "cpe:2.3:a:amazon:aws-lc-rs:*:*:*:*:*:rust:*:*"
+      ],
+      "aws-lc-sys": [
+        "cpe:2.3:a:amazon:aws-lc-sys:*:*:*:*:*:rust:*:*"
+      ],
      "axum-core": [
        "cpe:2.3:a:axum-core_project:axum-core:*:*:*:*:*:rust:*:*"
      ],
@ -9186,6 +9231,9 @@
      "bravo-translate": [
        "cpe:2.3:a:guelbetech:bravo_translate:*:*:*:*:*:wordpress:*:*"
      ],
+      "bread-butter": [
+        "cpe:2.3:a:breadbutter:bread_\\\u0026_butter:*:*:*:*:*:wordpress:*:*"
+      ],
      "breadcrumbs-by-menu": [
        "cpe:2.3:a:holest:breadcrumbs_by_menu:*:*:*:*:*:wordpress:*:*"
      ],
@ -10039,6 +10087,9 @@
      "contact-form-7-paypal-add-on": [
        "cpe:2.3:a:wpplugin:paypal_\\\u0026_stripe_add-on:*:*:*:*:*:wordpress:*:*"
      ],
+      "contact-form-7-recaptcha": [
+        "cpe:2.3:a:iambriansreed:contact_form_7_recaptcha:*:*:*:*:*:wordpress:*:*"
+      ],
      "contact-form-7-simple-recaptcha": [
        "cpe:2.3:a:contact_form_7_captcha_project:contact_form_7_captcha:*:*:*:*:*:wordpress:*:*"
      ],
Author	SHA1	Message	Date
dependabot[bot]	d71b747cd1	chore(deps): bump slackapi/slack-github-action from 2.1.1 to 3.0.1 (#4684 ) Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 2.1.1 to 3.0.1. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](`91efab103c...af78098f53`) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-26 11:12:33 -04:00
dependabot[bot]	58a8a95e26	chore(deps): bump marocchino/sticky-pull-request-comment (#4685 ) Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) from 2.9.4 to 3.0.2. - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](`773744901b...70d2764d1a`) --- updated-dependencies: - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-25 19:27:59 -04:00
dependabot[bot]	78a21b9c88	chore(deps): bump the go-minor-patch group with 2 updates (#4697 ) Bumps the go-minor-patch group with 2 updates: [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite). Updates `github.com/gkampitakis/go-snaps` from 0.5.20 to 0.5.21 - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.20...v0.5.21) Updates `modernc.org/sqlite` from 1.46.1 to 1.46.2 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.1...v1.46.2) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-version: 0.5.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: modernc.org/sqlite dependency-version: 1.46.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-25 19:27:50 -04:00
dependabot[bot]	7d3882a425	chore(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 (#4699 ) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.1 to 3.0.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`29824e69f5...f8d387b68d`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-25 19:27:31 -04:00
anchore-actions-token-generator[bot]	673c85754c	chore(deps): update CPE dictionary index (#4689 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>	2026-03-25 08:38:49 -04:00
Will Murphy	c5114fd745	chore(deps): ignore some dependabot deps (#4696 ) Prevent some packages from being updated. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>	2026-03-24 08:12:50 -04:00
Weston Steimel	f68a7cc899	ci: further pr target code checkout assurances (#4695 ) Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>	2026-03-24 07:16:16 -04:00
witchcraze	7800b16529	fix: update arangodb classifier and capture-snippet.sh (#4662 ) Signed-off-by: witchcraze <witchcraze@gmail.com>	2026-03-23 16:29:39 -04:00
Keith Zantow	834ddcb1c0	fix: golang version file regex (#4694 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2026-03-23 15:56:29 -04:00
Weston Steimel	f5d318d934	ci: add explicit ref to main and warning for pull_request_target workflow (#4693 ) Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>	2026-03-23 16:45:18 +00:00
anchore-actions-token-generator[bot]	8531e1917b	chore(deps): update tools to latest versions (#4690 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>	2026-03-23 12:01:27 -04:00