Bump github.com/anchore/syft from 0.79.0 to 0.81.0 #9

dependabot · 2023-05-23T01:10:21Z

Bumps github.com/anchore/syft from 0.79.0 to 0.81.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.81.0

Changelog

v0.81.0 (2023-05-22)

Full Changelog

Added Features

Support cataloging R packages [[Issue #730](https://redirect.github.com/Support cataloging R packages anchore/syft#730)] [[PR #1790](https://redirect.github.com/feat: Add R cataloger anchore/syft#1790)] [willmurphyscode]

Support describing license properties and SPDX expression assertions [[Issue #1577](https://redirect.github.com/Support describing license properties and SPDX expression assertions anchore/syft#1577)] [[PR #1743](https://redirect.github.com/feat: update syft license concept to complex struct anchore/syft#1743)] [spiffcs]

Warn if parsing a newer SBOM [[PR #1810](https://redirect.github.com/feat: warn if parsing newer SBOM anchore/syft#1810)] [willmurphyscode]

Bug Fixes

Retain cataloged SBOM relationships [[PR #1509](https://redirect.github.com/Retain cataloged SBOM relationships anchore/syft#1509)] [houdini91]

fix: update field plurality of 8.0.0 schema before release [[PR #1820](https://redirect.github.com/fix: update field plurality of 8.0.0 schema before release anchore/syft#1820)] [spiffcs]

fix: remove spurious warnings - unknown relationship type: evident-by form-lib=syft [[Issue #1812](https://redirect.github.com/Spurious warnings - unknown relationship type: evident-by form-lib=syft anchore/syft#1812)] [[PR #1797](https://redirect.github.com/Reduce log spam on unknown relationship type anchore/syft#1797)] [willmurphyscode]

CycloneDX Dependencies Relationships Inverted [[Issue #1815](https://redirect.github.com/CycloneDX Dependencies Relationships Inverted anchore/syft#1815)] [[PR #1816](https://redirect.github.com/fix: cyclonedx depends-on relationship inverted anchore/syft#1816)] [shanealv]

Alpine: license expression should be complete and not parsed out [[Issue #1817](https://redirect.github.com/Alpine: license expression should be complete and not parsed out anchore/syft#1817)] [[PR #1819](https://redirect.github.com/fix: update cataloger to check for expressions before split anchore/syft#1819)] [spiffcs]

Additional Changes

Print package list when extra packages found [[PR #1791](https://redirect.github.com/Print package list when extra packages found anchore/syft#1791)] [willmurphyscode]

update cosign to v2 release (different go module) [[PR #1805](https://redirect.github.com/update cosign to v2 release (different go module) anchore/syft#1805)] [bobcallaway]

v0.80.0

Changelog

v0.80.0 (2023-05-05)

Full Changelog

Added Features

Improve pnpm support [[Issue #1535](https://redirect.github.com/Improve pnpm support anchore/syft#1535)] [[PR #1752](https://redirect.github.com/Improve pnpm support anchore/syft#1752)] [Shanedell]

Bug Fixes

chore: add more detail on SPDX file IDs [[PR #1769](https://redirect.github.com/chore: add more detail on SPDX file IDs anchore/syft#1769)] [kzantow]

chore: do not HTML escape PackageURLs [[PR #1782](https://redirect.github.com/chore: do not HTML escape PackageURLs anchore/syft#1782)] [kzantow]

RPM database not found on ostree-managed systems [[Issue #1755](https://redirect.github.com/RPM database not found on ostree-managed systems anchore/syft#1755)] [[PR #1756](https://redirect.github.com/Search /usr/share for rpmdb to fix scan on ostree-managed images anchore/syft#1756)] [fpytloun]

Unable to use syft for private azure container registry [[Issue #1777](https://redirect.github.com/Unable to use syft for private azure container registry anchore/syft#1777)]

linux-kernel-cataloger produces thousands of version-less components. [[Issue #1781](https://redirect.github.com/linux-kernel-cataloger produces thousands of version-less components. anchore/syft#1781)] [[PR #1784](https://redirect.github.com/chore: do not include kernel module cataloger by default anchore/syft#1784)] [kzantow]

Deprecated Features

... (truncated)

Commits

334a775 Keep original FileInfo persisted on file.Metadata structs (#1794)
f1b6f38 chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#1827)
f6f8332 chore(deps): bump github.com/google/go-containerregistry (#1823)
7435156 chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 (#1822)
51d4c9b chore(deps): bump github.com/docker/docker (#1824)
4601ca3 fix: update field plurality of 8.0.0 schema before release (#1820)
1a2a498 fix: update cataloger to check for expressions before split (#1819)
42fa9e4 feat: update syft license concept to complex struct (#1743)
8046f09 fix: cyclonedx depends-on relationship inverted (#1816)
b4ed599 fix: retain sbom cataloger relationships (#1509)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.79.0 to 0.81.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.79.0...v0.81.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-05-23T21:11:51Z

Superseded by #13.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 23, 2023

dependabot bot mentioned this pull request May 23, 2023

Bump github.com/anchore/syft from 0.79.0 to 0.80.0 #2

Closed

dependabot bot closed this May 23, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.81.0 branch May 23, 2023 21:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.79.0 to 0.81.0 #9

Bump github.com/anchore/syft from 0.79.0 to 0.81.0 #9

dependabot bot commented on behalf of github May 23, 2023 •

edited

Loading

dependabot bot commented on behalf of github May 23, 2023

Bump github.com/anchore/syft from 0.79.0 to 0.81.0 #9

Bump github.com/anchore/syft from 0.79.0 to 0.81.0 #9

Conversation

dependabot bot commented on behalf of github May 23, 2023 • edited Loading

v0.81.0

Changelog

v0.81.0 (2023-05-22)

Added Features

Bug Fixes

Additional Changes

v0.80.0

Changelog

v0.80.0 (2023-05-05)

Added Features

Bug Fixes

Deprecated Features

dependabot bot commented on behalf of github May 23, 2023

dependabot bot commented on behalf of github May 23, 2023 •

edited

Loading