v1.0.0

Changelog

• 8b8461b Bump actions/cache from 4.2.2 to 4.2.3 (#2579)
• 47ee967 Bump actions/create-github-app-token from 1.11.6 to 1.11.7 (#2578)
• 0683caf Bump actions/create-github-app-token from 1.11.7 to 2.0.2 (#2600)
• 267460a Bump actions/create-github-app-token from 2.0.2 to 2.0.6 (#2639)
• 87885d1 Bump actions/download-artifact from 4.1.9 to 4.2.1 (#2582)
• d4d807d Bump actions/download-artifact from 4.2.1 to 4.3.0 (#2627)
• 7bc1e90 Bump actions/setup-go from 5.3.0 to 5.4.0 (#2588)
• 9d8114f Bump actions/setup-go from 5.4.0 to 5.5.0 (#2645)
• 78c6e55 Bump actions/setup-python from 5.4.0 to 5.5.0 (#2589)
• 60fe6ac Bump actions/setup-python from 5.5.0 to 5.6.0 (#2625)
• 124b8ca Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#2581)
• 6f1767f Bump anchore/sbom-action from 0.18.0 to 0.19.0 (#2630)
• bd099b6 Bump anchore/sbom-action from 0.19.0 to 0.20.0 (#2652)
• a127d45 Bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 (#2671)
• 728c3b5 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2570)
• 219d452 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2583)
• e3f5961 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2584)
• 4222e90 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2585)
• a4d8d8b Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2587)
• ebba9cd Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2596)
• 589da12 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2601)
• 629a382 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2602)
• 7005deb Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2604)
• 9a0f80d Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2611)
• 7cac50a Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2614)
• 5d70cb1 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2615)
• 556c203 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2616)
• bcd7db3 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2618)
• 4a8c045 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2620)
• ccdf91f Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2621)
• 054d670 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2622)
• 732c843 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2623)
• c779114 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2624)
• 5d5229b Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2626)
• 156e1f4 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2632)
• 830e7b6 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2633)
• 12eef2a Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2634)
• c79a361 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2635)
• 523ff9c Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2637)
• 16e1990 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2641)
• 57aba80 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2642)
• d43c218 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2643)
• 088a514 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2644)
• b665152 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2646)
• 2696104 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2647)
• e7b312f Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2648)
• 42942f7 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2649)
• a3e1249 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2650)
• bb11be8 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2654)
• dcf2ee5 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2655)
• 511e459 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2657)
• caafa48 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2658)
• 20ddd27 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2659)
• a5e63d3 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2660)
• 70aff85 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2666)
• 9c139c0 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2668)
• 011f531 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2669)
• 42dc8f5 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2678)
• fb4de5e Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2681)
• 86b5d31 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2683)
• 6493f35 Bump cloudposse/github-action-matrix-outputs-read (#2676)
• bd164ba Bump cloudposse/github-action-matrix-outputs-write (#2675)
• 047d4a0 Bump docker/build-push-action from 6.15.0 to 6.16.0 (#2629)
• 06173ba Bump docker/build-push-action from 6.16.0 to 6.17.0 (#2651)
• a8a954f Bump docker/build-push-action from 6.17.0 to 6.18.0 (#2665)
• 680a590 Bump github.com/XSAM/otelsql from 0.37.0 to 0.39.0 (#2672)
• 4528de5 Bump github.com/anchore/syft from 1.20.0 to 1.21.0 (#2574)
• 8a02b2d Bump github.com/arangodb/go-driver from 1.6.5 to 1.6.6 (#2576)
• 7954954 Bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 (#2677)
• 71f1b19 Bump github.com/aws/aws-sdk-go-v2/config from 1.29.12 to 1.29.14 (#2610)
• dd70f64 Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 (#2682)
• f4904b4 Bump github.com/getkin/kin-openapi from 0.129.0 to 0.131.0 (#2592)
• 52ab57d Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#2572)
• 594e80d Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#2571)
• 747cf75 Bump github.com/nats-io/nats-server/v2 from 2.11.0 to 2.11.1 (#2609)
• ba41c74 Bump github.com/nats-io/nats.go from 1.39.1 to 1.40.0 (#2573)
• a584d7b Bump github.com/nats-io/nats.go from 1.40.0 to 1.41.0 (#2599)
• 5a4c3df Bump github.com/pitabwire/natspubsub from 0.1.7 to 0.1.9 (#2598)
• 75e88c0 Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 (#2606)
• 832c0c8 Bump github.com/redis/go-redis/v9 from 9.7.3 to 9.10.0 (#2670)
• 06d3ff4 Bump github.com/regclient/regclient from 0.8.2 to 0.8.3 (#2673)
• c99c2b1 Bump github.com/vektah/gqlparser/v2 from 2.5.23 to 2.5.24 (#2607)
• 5a06a48 Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 in the golang-x group (#2636)
• 44732ff Bump golang.org/x/time from 0.10.0 to 0.11.0 (#2577)
• 5fbed37 Bump golangci/golangci-lint-action from 6.5.1 to 7.0.0 (#2580)
• 1eab587 Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#2640)
• 87ed310 Bump google.golang.org/api from 0.228.0 to 0.229.0 (#2608)
• d508063 Bump google.golang.org/api from 0.229.0 to 0.236.0 (#2674)
• d47e955 Bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 (#2586)
• 2ba3a69 Bump k8s.io/client-go from 0.29.0 to 0.32.3 (#2575)
• 84dc0d2 Bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#2664)
• d608913 Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#2628)
• 8589ea1 Don't expect the same results when we get deadline exceeded (#2679)
• ca8c84a Fix ClearlyDefined rate limit interval (#2605)
• f5...

v0.14.0

GUAC v0.14.0

What's Changed

• fix golang coordinate to ensure valid coordinate by @pxp928 in #2564
• update ent to fix release workflow by @pxp928 in #2562
• Kubescape collector by @jeffmendoza in #2565
• Included REST Spec Changes by @nathannaveen in #2217
• re-gen code and add retry for other error codes for CD by @pxp928 in #2568
• Add eol to e2e and fix certifier logic by @robert-cronin in #2396
• Feat/multiple equivalent images SBOM by @robert-cronin in #2467
• Many dependency updates

Full Changelog: v0.13.2...v0.14.0

v0.13.2

Dependency updates to avoid dependency conflicts.

Changelog

• cc45b44 Update only depdevclient deps. (#2455)

v0.13.1

Changelog

• 4920e5a Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2442)
• d38afbb Bump docker/build-push-action from 6.11.0 to 6.12.0 (#2444)
• 55af2ac Bump github.com/99designs/gqlgen from 0.17.60 to 0.17.63 (#2429)
• 0d0286c Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.0 to 1.73.2 (#2445)
• 7ea1511 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.37.3 to 1.37.9 (#2446)
• 902b10e Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#2443)
• 1860ba4 Bump google.golang.org/grpc from 1.68.1 to 1.69.4 (#2431)
• 0c9e142 Note external updates necessary after a release (#2447)
• 9ac0e46 Rework CertifyVuln and CertifyLegal to upsert and not create duplicate entires (#2452)
• 237114f [ENT] Update license table to use hash of license text (#2453)
• 583ba15 add add-depsdev-on-ingest to cli store (#2389)

v0.13.0

Updates

Added instrumentation for OTel . See this README for more info.

Contributors

• @robert-cronin
• @pxp928
• @jeffmendoza

Changelog

• 2d684f0 Add missing use-csub flag to oci collector (#2424)
• 6ad13e9 Add otel instrumentation to http/grpc/sql libraries. (#2440)
• d5ea246 add missing add-eol-on-ingest flag to guacone (#2391)

Dependency Updates

• 97c0e35 Bump actions/create-github-app-token from 1.11.0 to 1.11.1 (#2435)
• 7e7f6a9 Bump actions/upload-artifact from 4.4.3 to 4.6.0 (#2433)
• 461d52b Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2421)
• 6f01000 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2422)
• 6ea8c8c Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2425)
• 57fb94f Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2427)
• 4bd6311 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2428)
• d121e56 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2437)
• 4d7a847 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2438)
• 6092a54 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2439)
• 3a1318b Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2441)
• cba9481 Bump docker/build-push-action from 6.10.0 to 6.11.0 (#2434)
• 4c714f0 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.70.0 to 1.72.0 (#2420)
• 939a5ae Bump github.com/fsouza/fake-gcs-server from 1.50.2 to 1.52.1 (#2432)
• 20e93f5 Bump github.com/sigstore/sigstore from 1.8.10 to 1.8.11 (#2418)
• 613c89f Bump github/codeql-action from 3.27.9 to 3.28.1 (#2436)
• 678049a Bump golang.org/x/time from 0.8.0 to 0.9.0 (#2419)

v0.12.4

• Fix bugs in deps.dev client and add missing EOL processor

What's Changed

• Bump arigaio/atlas from d61e11c to a491fa7 in /pkg/assembler/backends/ent/migrate by @dependabot in #2393
• Bump arigaio/atlas from a491fa7 to bb59a24 in /pkg/assembler/backends/ent/migrate by @dependabot in #2397
• Bump arigaio/atlas from bb59a24 to 662c338 in /pkg/assembler/backends/ent/migrate by @dependabot in #2398
• Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.36.1 to 1.37.3 by @dependabot in #2399
• Bump github.com/regclient/regclient from 0.7.2 to 0.8.0 by @dependabot in #2400
• Bump google.golang.org/protobuf from 1.35.2 to 1.36.1 by @dependabot in #2402
• Bump arigaio/atlas from 662c338 to 3b0d8fb in /pkg/assembler/backends/ent/migrate by @dependabot in #2404
• Bump arigaio/atlas from 3b0d8fb to 913917f in /pkg/assembler/backends/ent/migrate by @dependabot in #2405
• Bump arigaio/atlas from 913917f to b6f78d8 in /pkg/assembler/backends/ent/migrate by @dependabot in #2406
• Bump arigaio/atlas from b6f78d8 to dd03f5b in /pkg/assembler/backends/ent/migrate by @dependabot in #2407
• Bump arigaio/atlas from dd03f5b to f481036 in /pkg/assembler/backends/ent/migrate by @dependabot in #2411
• Bump arigaio/atlas from f481036 to 36e6568 in /pkg/assembler/backends/ent/migrate by @dependabot in #2412
• Bump github.com/nats-io/nats.go from 1.37.0 to 1.38.0 by @dependabot in #2410
• Bump google.golang.org/api from 0.212.0 to 0.214.0 by @dependabot in #2409
• Bump github.com/vektah/gqlparser/v2 from 2.5.20 to 2.5.21 by @dependabot in #2408
• Bump arigaio/atlas from 36e6568 to 67de586 in /pkg/assembler/backends/ent/migrate by @dependabot in #2413
• Bump arigaio/atlas from 67de586 to c976499 in /pkg/assembler/backends/ent/migrate by @dependabot in #2414
• Bump arigaio/atlas from c976499 to 9bb6dfc in /pkg/assembler/backends/ent/migrate by @dependabot in #2417
• log error but return nil to ensure deps.dev continues if package is not found by @pxp928 in #2416
• Add EOL processor so the certifier will run by @funnelfiasco in #2394

Full Changelog: v0.12.3...v0.12.4

v0.12.3

• updated deps.dev collector to use new depsdevclient
• add new deps.dev scanner on ingestion
• fix bug that caused guac.yaml not to be read during initialization of the backends

What's Changed

• update depsdev collector to use depsdevclient by @lumjjb in #2383
• fix issue where guac.yaml was not being read for backend configuration by @pxp928 in #2388
• add depsdev scanner implementation by @lumjjb in #2385

Full Changelog: v0.12.2...v0.12.3

v0.12.2

• Various bug fixes and improvements

What's Changed

• Add check for empty CertifyBad nodes in query bad by @robert-cronin in #2365
• Bump arigaio/atlas from 7a2cd6a to cc6aec9 in /pkg/assembler/backends/ent/migrate by @dependabot in #2367
• Bump arigaio/atlas from cc6aec9 to f171955 in /pkg/assembler/backends/ent/migrate by @dependabot in #2368
• Bump arigaio/atlas from f171955 to cdb29ba in /pkg/assembler/backends/ent/migrate by @dependabot in #2381
• Bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #2379
• Bump github/codeql-action from 3.27.6 to 3.27.9 by @dependabot in #2378
• Bump github.com/go-chi/chi/v5 from 5.1.0 to 5.2.0 by @dependabot in #2372
• Bump google.golang.org/api from 0.210.0 to 0.212.0 by @dependabot in #2374
• Bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 by @dependabot in #2376
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.8.0 to 0.9.0 by @dependabot in #2375
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @dependabot in #2377
• Bump anchore/sbom-action from 0.17.8 to 0.17.9 by @dependabot in #2380
• Bump github.com/99designs/gqlgen from 0.17.59 to 0.17.60 by @dependabot in #2373
• Bump arigaio/atlas from cdb29ba to b0fd3a2 in /pkg/assembler/backends/ent/migrate by @dependabot in #2384
• [FIX] Update batch query vulns to return all values, including novulns by @pxp928 in #2370
• Bump arigaio/atlas from b0fd3a2 to d61e11c in /pkg/assembler/backends/ent/migrate by @dependabot in #2386
• [FIX] CDX vulnerability parsing and update ENT VEX index by @pxp928 in #2371

Full Changelog: v0.12.1...v0.12.2

v0.12.1

• Incremental release to ensure release of proper SBOM via the github workflow

Changelog

• fc2976b Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2359)
• 68bb630 Bump arigaio/atlas in /pkg/assembler/backends/ent/migrate (#2363)
• 01d52be Bump github.com/99designs/gqlgen from 0.17.56 to 0.17.59 (#2358)
• 2cd0ed9 Bump golang.org/x/crypto from 0.29.0 to 0.31.0 (#2364)
• 68610a4 Grant write permissions to the sbom generation (#2360)

What's Changed

• Bump github.com/99designs/gqlgen from 0.17.56 to 0.17.59 by @dependabot in #2358
• Bump arigaio/atlas from 0bb766d to 07bc256 in /pkg/assembler/backends/ent/migrate by @dependabot in #2359
• Bump arigaio/atlas from 07bc256 to 7a2cd6a in /pkg/assembler/backends/ent/migrate by @dependabot in #2363
• Grant write permissions to the sbom generation by @funnelfiasco in #2360
• Bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @dependabot in #2364

Full Changelog: v0.12.0...v0.12.1

v0.12.0

• endoflife collector
• Collect additional metadata for vulnerabilities from OSV
• OCI registry collector updates
• Add CertifyLegal to query known package
• Fix: jsonl files are rejected
• plumbing to enable deps.dev on ingest
• Export getGraphqlServer and accept initialized backend
• Fix PURL to Coord conversion for Go
• Update workflow permissions
• Decouple backend specific config from guacgql cmd
• Various bug fixes and improvements

Contributors

• @robert-cronin
• @ANIRUDH-333 made their first contribution in #2307
• @hown3d made their first contribution in #2219
• @semmet95
• @pxp928
• @jeffmendoza
• @nathannaveen
• @lumjjb

What's Changed

• Feat/endoflife collector by @robert-cronin in #2215
• Feat/oci registry collector by @robert-cronin in #2185
• Bump arigaio/atlas from 5eac9e3 to a3b29b4 in /pkg/assembler/backends/ent/migrate by @dependabot in #2259
• Bump google.golang.org/api from 0.203.0 to 0.204.0 by @dependabot in #2255
• Bump anchore/sbom-action from 0.17.5 to 0.17.6 by @dependabot in #2260
• Bump cloud.google.com/go/storage from 1.45.0 to 1.46.0 by @dependabot in #2256
• Bump github.com/go-chi/chi/v5 from 5.0.12 to 5.1.0 by @dependabot in #2257
• Bump gocloud.dev/pubsub/kafkapubsub from 0.37.0 to 0.40.0 by @dependabot in #2258
• Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #2261
• Add CertifyLegal to query known package by @robert-cronin in #2254
• Fix: jsonl files are rejected by @robert-cronin in #2266
• Bump arigaio/atlas from a3b29b4 to 9e0d9f9 in /pkg/assembler/backends/ent/migrate by @dependabot in #2263
• Updated GraphQL Testing by @nathannaveen in #2216
• plumbing to enable deps.dev on ingest by @lumjjb in #2265
• Bump arigaio/atlas from 9e0d9f9 to e6b4461 in /pkg/assembler/backends/ent/migrate by @dependabot in #2283
• Bump google.golang.org/grpc from 1.67.1 to 1.68.0 by @dependabot in #2287
• Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #2281
• Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #2282
• Bump github.com/nats-io/nats-server/v2 from 2.10.20 to 2.10.22 by @dependabot in #2284
• Bump github.com/regclient/regclient from 0.7.1 to 0.7.2 by @dependabot in #2285
• Bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 by @dependabot in #2286
• Bump anchore/sbom-action from 0.17.6 to 0.17.7 by @dependabot in #2280
• Attempt to fix tilt-ci flakiness by @lumjjb in #2279
• Bump arigaio/atlas from e6b4461 to abe7313 in /pkg/assembler/backends/ent/migrate by @dependabot in #2289
• skip clearly defined tests for now because of flake by @lumjjb in #2291
• Bump arigaio/atlas from abe7313 to 062cd81 in /pkg/assembler/backends/ent/migrate by @dependabot in #2292
• Bump arigaio/atlas from 062cd81 to 404e6b4 in /pkg/assembler/backends/ent/migrate by @dependabot in #2293
• Export getGraphqlServer and accept initialized backend by @robert-cronin in #2243
• Bump arigaio/atlas from 404e6b4 to f672115 in /pkg/assembler/backends/ent/migrate by @dependabot in #2295
• Fix zizmor audits by @funnelfiasco in #2276
• Don't persist credentials in actions/checkout by @funnelfiasco in #2268
• Add depsdev guac client as a stepping stone to split up depsdev functionality by @lumjjb in #2278
• skip scanner cd test due to service timeout by @pxp928 in #2297
• Bump arigaio/atlas from f672115 to 0cabbd9 in /pkg/assembler/backends/ent/migrate by @dependabot in #2303
• Bump arigaio/atlas from 0cabbd9 to eaa219c in /pkg/assembler/backends/ent/migrate by @dependabot in #2304
• Feat/registry collector cli additions by @robert-cronin in #2241
• Fix/overwrite collector registration by @robert-cronin in #2288
• Bump arigaio/atlas from eaa219c to 66caa34 in /pkg/assembler/backends/ent/migrate by @dependabot in #2308
• bugfix: fixes service-poll env variable bug in s3 by @ANIRUDH-333 in #2307
• Bump github/codeql-action from 3.27.1 to 3.27.4 by @dependabot in #2298
• Bump github.com/google/osv-scanner from 1.9.0 to 1.9.1 by @dependabot in #2300
• Bump github.com/99designs/gqlgen from 0.17.55 to 0.17.56 by @dependabot in #2302
• Bump arigaio/atlas from 66caa34 to da62231 in /pkg/assembler/backends/ent/migrate by @dependabot in #2311
• Bump arigaio/atlas from da62231 to 4295312 in /pkg/assembler/backends/ent/migrate by @dependabot in #2312
• Address Flakiness in ClearlyDefined API by @robert-cronin in #2306
• Fix PURL to Coord conversion for Go by @jeffmendoza in #2305
• Collect additional metadata for vulnerabilities from OSV by @hown3d in #2219
• Improve test output formatting by @robert-cronin in #2310
• clearly defined url encode/add hyphen for namespace by @pxp928 in #2262
• Decouple backend specific config from guacgql cmd by @robert-cronin in #2247
• Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 by @dependabot in #2301
• Bump entgo.io/ent from 0.14.0 to 0.14.1 by @dependabot in #2233
• Bump arigaio/atlas from 4295312 to 1a13b85 in /pkg/assembler/backends/ent/migrate by @dependabot in #2322
• Bump github.com/oapi-codegen/oapi-codegen/v2 from 2.3.1-0.20240823215434-d232e9efa9f5 to 2.4.1 by @dependabot in #2299
• Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 by @dependabot in #2321
• Bump github.com/aws/aws-sdk-go-v2 from 1.32.2 to 1.32.5 by @dependabot in #2318
• Bump golang.org/x/time from 0.7.0 to 0.8.0 by @dependabot in #2316
• Bump anchore/sbom-action from 0.17.7 to 0.17.8 by @dependabot in #2320
• Bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #2319
• Bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.28.5 by @dependabot in #2317
• Bump arigaio/atlas from 1a13b85 to d448aab in /pkg/assembler/backends/ent/migrate by @dependabot in #2323
• Bump arigaio/atlas from d448aab to 5c465fd in /pkg/assembler/backends/ent/migrate by @dependabot in #2324
• Bump arigaio/atlas from 5c465fd to a0d43a6 in /pkg/assembler/backends/ent/migrate by @dependabot in #2325
• Bump arigaio/atlas from a0d43a6 to 96753ab in /pkg/assembler/backends/ent/migrate by @dependabot in #2327
• Bump google.golang.org/api from 0.204.0 to 0.209.0 by @dependabot in #2336
• Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 by @dependabot in #2333
• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @dependabot in #2331
• Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.63.3 to 1.70.0 by @dependabot in #2332
• Bump cloud.google.com/go/storage from 1.46.0 to 1.47.0 by @dependabot in #2335
• Bump arigaio/atlas from 96753ab to dc46240 in /pkg/assembler/backends/ent/migrate by @dependabot in #2337
• Adjust workflow permissions for signing and publishing by @funnelfiasco in #2338
• Bump arigaio/atlas from dc46240 to 73374c5 in /pkg/assembler/backends/ent/migrate by @dependabot in #2340
• Bump arigaio/atlas from 73374c5 to 2ac9ef1 in /pkg/assembler/backends/ent/migrate by @dependabot in #2342
• fix: handles the case where empty pkgIDs slice is passed by @semmet95 in #2339
• Really fix the permissions this time by @funnelfiasco in #2341
• Reduce scorecard workflow permissions scope by @robert-cronin in #2326
  ...