mirror of
https://github.com/anchore/syft.git
synced 2026-02-12 10:36:45 +01:00
c732052cf1
* feat(cpegenerate): add support for binary package digit-suffix variations in CPE generation Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13 to 0.5.14 (#4089) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.13 to 0.5.14. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.13...v0.5.14) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-version: 0.5.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump modernc.org/sqlite from 1.38.1 to 1.38.2 (#4088) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.38.1 to 1.38.2. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.1...v1.38.2) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.38.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump github.com/docker/docker (#4092) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.2.2+incompatible to 28.3.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.2.2...v28.3.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-version: 28.3.3+incompatible dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump github.com/anchore/stereoscope (#4091) Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) from 0.1.7-0.20250716200927-94c6f92877d4 to 0.1.7. - [Release notes](https://github.com/anchore/stereoscope/releases) - [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/stereoscope/commits/v0.1.7) --- updated-dependencies: - dependency-name: github.com/anchore/stereoscope dependency-version: 0.1.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * migrate to get.anchore.io (#4095) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): update anchore dependencies (#4098) * chore(deps): update anchore dependencies Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * address reader close operations Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): update anchore dependencies (#4104) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 (#4096) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.4 to 3.29.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](4e828ff8d4...51f77329af) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): update tools to latest versions (#4108) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): update CPE dictionary index (#4112) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): update tools to latest versions (#4111) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump actions/cache in /.github/actions/bootstrap (#4120) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](5a3ec84eff...0400d5f644) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump actions/cache from 4.2.3 to 4.2.4 (#4119) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](5a3ec84eff...0400d5f644) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump docker/login-action from 3.4.0 to 3.5.0 (#4115) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](74a5d14239...184bdaa072) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * fix: nondeterministic Java archive cataloging and improve groupID (#4118) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * feat: add binary classifier for hashicorp vault (#4121) * add binary classifier for hashicorp vault The Go Binary Cataloger isn't able to parse the version out of the binary shipped in the DockerHub images of hashicorp/vault because the version of the main module isn't set in the binary. Therefore, add a binary classifier cataloger for this binary. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> * chore: add test fixtures, update vault Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: set binary classifier package type based on PURL Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: use github.com/hashicorp/vault as package name Signed-off-by: Keith Zantow <kzantow@gmail.com> * chore: update tests Signed-off-by: Keith Zantow <kzantow@gmail.com> --------- Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4124) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.7 to 3.29.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](51f77329af...76621b61de) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 (#4123) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.26.0 to 0.27.0. - [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.27.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 (#4122) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.42.0 to 0.43.0. - [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): update CPE dictionary index (#4126) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore: update GoReleaser configurations (#4128) Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4130) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](11bd71901b...08c6903cd8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * fix: closed reader during java binary detection (#4129) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * fix: support multiple letters in openssl patch version (#4106) Signed-off-by: honigbot <thesoftbear@gmail.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 (#4134) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.8 to 3.29.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](76621b61de...df559355d5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * feat: update syft license construction to be able to look up by URL (#4132) --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * feat: add package supplier flag (#4131) --------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 (#4135) Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.1.1 to 0.1.2. - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](f52a838cfa...5ca5fc7a47) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * feat: add support for authors, maintainers, and contributors in package.json. (#4003) Fixes #2250 --------- Signed-off-by: Alan Pope <alan.pope@anchore.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * feat(cpegentereate): added test for the addBinaryPackageDigitVariation function Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * docs(cpegenerate): made the comment more verbose Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> * nit: separate digit variation concerns from case of use Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --------- Signed-off-by: Parthib Mukherjee <parthibmukherjee@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Signed-off-by: honigbot <thesoftbear@gmail.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Signed-off-by: Alan Pope <alan.pope@anchore.com> Signed-off-by: Parthib Mukherjee <109328510+hawkaii@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com> Co-authored-by: Emmanuel Ferdman <emmanuelferdman@gmail.com> Co-authored-by: honigbot <34426443+honigbot@users.noreply.github.com> Co-authored-by: Alan Pope <alan.pope@anchore.com>