Bump github.com/anchore/syft from 0.71.0 to 0.76.1 #22

dependabot · 2023-04-10T02:04:42Z

Bumps github.com/anchore/syft from 0.71.0 to 0.76.1.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.76.1

Changelog

v0.76.1 (2023-04-05)

Full Changelog

Added Features

Capture file ownership relationships from portage ecosystem [[PR #1702](https://redirect.github.com/Capture file ownership relationships from portage ecosystem anchore/syft#1702)] [wagoodman]

Add Nix Cataloger [[Issue #462](https://redirect.github.com/Add Nix Cataloger anchore/syft#462)] [[PR #1107](https://redirect.github.com/Add Basic Nix Cataloger anchore/syft#1107)] [juliosueiras] [[PR #1696](https://redirect.github.com/Add Nix cataloger anchore/syft#1696)] [wagoodman] [flokli]

v0.76.0

Changelog

v0.76.0 (2023-03-31)

Full Changelog

Added Features

Scan local go mod licenses for golang packages [[PR #1645](https://redirect.github.com/Scan local go mod licenses for golang packages anchore/syft#1645)] [deitch]

update and clean license list generation to return more SPDXID for more inputs [[PR #1691](https://redirect.github.com/1577: update and clean license list generation to return more SPDXID for more inputs anchore/syft#1691)] [spiffcs]

argocd binary classifier [[Issue #1606](https://redirect.github.com/argocd binary classifier anchore/syft#1606)] [[PR #1663](https://redirect.github.com/feat: add argocd, helm, kustomize and kubectl binary classifiers anchore/syft#1663)] [y12studio]

Add config option to allow user to select the default image source location [[Issue #1703](https://redirect.github.com/feat: Add config option to allow user to select the default image source location anchore/syft#1703)] [spiffcs]

Bug Fixes

Defer closing the opened file when using FileScheme [[PR #1668](https://redirect.github.com/Defer closing the opened file when using FileScheme anchore/syft#1668)] [Noxsios]

fix: remove author contributing to javascript CPEs [[PR #1669](https://redirect.github.com/fix: remove author contributing to javascript CPEs anchore/syft#1669)] [kzantow]

fix: reduce logging for bad dpkg lines [[PR #1675](https://redirect.github.com/fix: reduce logging for bad dpkg lines anchore/syft#1675)] [kzantow]

Broken shell completion - Bash [[Issue #962](https://redirect.github.com/Broken shell completion - Bash anchore/syft#962)] [[PR #1688](https://redirect.github.com/Fix shell completion by adding missing usage message required by spf13/cobra anchore/syft#1688)] [DanHam]

syft produces different output when run with sudo [[Issue #1391](https://redirect.github.com/syft produces different output when run with sudo anchore/syft#1391)] [[PR #1693](https://redirect.github.com/chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 anchore/syft#1693)] [anchore-actions-token-generator]

some binary ruby are not detected [[Issue #1677](https://redirect.github.com/some binary ruby are not detected anchore/syft#1677)] [[PR #1678](https://redirect.github.com/fix: ruby classifier anchore/syft#1678)] [witchcraze]

Documentation says that output is SPDX 2.2 [[Issue #1679](https://redirect.github.com/Documentation says that output is SPDX 2.2 anchore/syft#1679)] [[PR #1680](https://redirect.github.com/Update documentation: SPDX 2.2 vs 2.3 anchore/syft#1680)] [vargenau]

fix: move defer after error to protect panic case [[PR #1670](https://redirect.github.com/fix: move defer after error to protect panic case anchore/syft#1670)] [spiffcs]

Additional Changes

Deprecate config.yaml as valid config source; Add unit regression for correct config paths [[PR #1640](https://redirect.github.com/Deprecate config.yaml as valid config source; Add unit regression for correct config paths anchore/syft#1640)] [AidanDelaney]

Remove more side effects from application config testing [[PR #1684](https://redirect.github.com/Remove more side effects from application config testing anchore/syft#1684)] [wagoodman]

chore: tweak some workflow text [[PR #1685](https://redirect.github.com/chore: tweak some workflow text anchore/syft#1685)] [kzantow]

chore: fix flaky license sorting [[PR #1690](https://redirect.github.com/chore: fix flaky license sorting anchore/syft#1690)] [kzantow]

... (truncated)

Commits

7845381 chore: update tools-golang to v0.5.0 (#1717)
7464079 Add Nix cataloger (#1696)
8a574c9 refactor spdx tooling test to reduce intermittent failures (#1707)
681d250 Capture file ownership relationships from portage ecosystem (#1702)
2022ffa chore: update deprecated set-output calls (#1705)
dfcc07e feat: Add config option to allow user to select the default image source loca...
2fa238a chore(deps): bump github.com/docker/docker (#1699)
63bbd1e chore(deps): update bootstrap tools to latest versions (#1697)
81b87dd chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (...
f473bb7 1577 spdxlicense generate (#1691)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.71.0 to 0.76.1. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.71.0...v0.76.1) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 10, 2023

dependabot bot mentioned this pull request Apr 10, 2023

Bump github.com/anchore/syft from 0.71.0 to 0.76.0 #20

Closed

valllabh merged commit 33257ee into main Apr 13, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.76.1 branch April 13, 2023 06:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.71.0 to 0.76.1 #22

Bump github.com/anchore/syft from 0.71.0 to 0.76.1 #22

dependabot bot commented on behalf of github Apr 10, 2023

Bump github.com/anchore/syft from 0.71.0 to 0.76.1 #22

Bump github.com/anchore/syft from 0.71.0 to 0.76.1 #22

Conversation

dependabot bot commented on behalf of github Apr 10, 2023

v0.76.1

Changelog

v0.76.1 (2023-04-05)

Added Features

v0.76.0

Changelog

v0.76.0 (2023-03-31)

Added Features

Bug Fixes

Additional Changes