Bump github.com/anchore/syft from 0.86.1 to 0.90.0 #102

dependabot · 2023-09-18T16:23:25Z

Bumps github.com/anchore/syft from 0.86.1 to 0.90.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.90.0

v0.90.0 (2023-09-11)

Full Changelog

Added Features

Expose cobra command in cli package [[PR #2097](https://redirect.github.com/Expose cobra command in cli package anchore/syft#2097)] [wagoodman]

Explicitly test PURL generation against key packages [[Issue #2071](https://redirect.github.com/Explicitly test PURL generation against key packages anchore/syft#2071)]

Add User-Agent with Syft version during update check [[Issue #2072](https://redirect.github.com/Add User-Agent with Syft version during update check anchore/syft#2072)] [[PR #2100](https://redirect.github.com/feat(cmd/update): add UA header with current ver when check for update anchore/syft#2100)] [hainenber]

Bug Fixes

fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation [[PR #2075](https://redirect.github.com/fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation anchore/syft#2075)] [willmurphyscode]

Cyclonedx external reference URLs are not validated when encoding [[Issue #2079](https://redirect.github.com/Cyclonedx external reference URLs are not validated when encoding anchore/syft#2079)] [[PR #2091](https://redirect.github.com/fix(cdx): validate external refs before encoding anchore/syft#2091)] [hainenber]

Additional Changes

Bump the golang.org/x/exp dependency and fix a build breakage. [[PR #2088](https://redirect.github.com/Bump the golang.org/x/exp dependency and fix a build breakage. anchore/syft#2088)] [dlorenc]

fix: update codeql-analysis for go 1.21 [[PR #2108](https://redirect.github.com/fix: update codeql-analysis for go 1.21 anchore/syft#2108)] [spiffcs]

v0.89.0

v0.89.0 (2023-08-31)

Full Changelog

Added Features

Add registry certificate verification support [[PR #1734](https://redirect.github.com/Add registry certificate verification support anchore/syft#1734)] [5p2O5pe25ouT]

Add SYFT_CONFIG environment variable for configuration file path [[Issue #1986](https://redirect.github.com/SYFT_CONFIG environment variable not supported anchore/syft#1986)] [[PR #2001](https://redirect.github.com/chore: update CLI to CLIO anchore/syft#2001)] [kzantow]

Bug Fixes

Fix quiet flag [[PR #2081](https://redirect.github.com/Fix quiet flag anchore/syft#2081)] [wagoodman]

Command line flags not overriding configuration file values [[Issue #1143](https://redirect.github.com/Command line flags not overriding configuration file values anchore/syft#1143)] [[PR #2001](https://redirect.github.com/chore: update CLI to CLIO anchore/syft#2001)] [kzantow]

Django package CPE is not correct [[Issue #1298](https://redirect.github.com/Django package CPE is not correct anchore/syft#1298)] [[PR #2068](https://redirect.github.com/add CPE generation for Django anchore/syft#2068)] [witchcraze]

Config parsing includes config.yaml in working dir [[Issue #1634](https://redirect.github.com/Config parsing includes config.yaml in working dir anchore/syft#1634)] [[PR #2001](https://redirect.github.com/chore: update CLI to CLIO anchore/syft#2001)] [kzantow]

Fix a possible panic on universal go binaries [[Issue #2073](https://redirect.github.com/v0.88.0 - runtime error: index out of range [0] anchore/syft#2073)] [[PR #2078](https://redirect.github.com/fix: don't panic on universal go binaries anchore/syft#2078)] [willmurphyscode]

Disabling catalogers is not working in power user command [[Issue #2074](https://redirect.github.com/Disabling catalogers is not working in power user command anchore/syft#2074)] [[PR #2001](https://redirect.github.com/chore: update CLI to CLIO anchore/syft#2001)] [kzantow]

Virtual path changes to java cataloger causing creation of extra incorrect packages when jars are renamed [[Issue #2077](https://redirect.github.com/Virtual path changes to java cataloger causing creation of extra incorrect packages when jars are renamed anchore/syft#2077)] [[PR #2080](https://redirect.github.com/fix: in some cases, try to use pom info to guess name and version to top level jar anchore/syft#2080)] [willmurphyscode]

v0.88.0

... (truncated)

Commits

b82c0ff fix(help): power-user help text to indicate it supports file-system (#2113)
b2be411 chore(deps): bump tibdex/github-app-token from 1 to 2 (#2116)
ec22f4b chore(deps): update CPE dictionary index (#2114)
e3c525b chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (...
3842d28 fix: update codeql-analysis for go 1.21 (#2108)
9f22ab6 Bump the golang.org/x/exp dependency and fix a build breakage. (#2088)
1315cfd chore(deps): bump actions/checkout from 3 to 4 (#2094)
212aa9b chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106)
46e4ac1 chore(deps): update bootstrap tools to latest versions (#2086)
6800a5f chore(deps): update CPE dictionary index (#2089)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.86.1 to 0.90.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.86.1...v0.90.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 18, 2023

dependabot bot mentioned this pull request Sep 18, 2023

Bump github.com/anchore/syft from 0.86.1 to 0.89.0 #98

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.86.1 to 0.90.0 #102

Bump github.com/anchore/syft from 0.86.1 to 0.90.0 #102

dependabot bot commented on behalf of github Sep 18, 2023

Bump github.com/anchore/syft from 0.86.1 to 0.90.0 #102

Are you sure you want to change the base?

Bump github.com/anchore/syft from 0.86.1 to 0.90.0 #102

Conversation

dependabot bot commented on behalf of github Sep 18, 2023

v0.90.0

v0.90.0 (2023-09-11)

Added Features

Bug Fixes

Additional Changes

v0.89.0

v0.89.0 (2023-08-31)

Added Features

Bug Fixes

v0.88.0