Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update ⬆️ aqua-packages (#125)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [anchore/grype](https://togithub.com/anchore/grype) | minor | `v0.65.1` -> `v0.73.4` | | [anchore/quill](https://togithub.com/anchore/quill) | patch | `v0.4.0` -> `v0.4.1` | | [anchore/syft](https://togithub.com/anchore/syft) | minor | `v0.87.0` -> `v0.98.0` | | [charmbracelet/gum](https://togithub.com/charmbracelet/gum) | minor | `v0.11.0` -> `v0.13.0` | | [charmbracelet/vhs](https://togithub.com/charmbracelet/vhs) | minor | `v0.6.0` -> `v0.7.1` | | [direnv/direnv](https://togithub.com/direnv/direnv) | minor | `v2.32.3` -> `v2.33.0` | | [golang/go](https://togithub.com/golang/go) | patch | `1.21.0` -> `1.21.5` | | [goreleaser/goreleaser](https://togithub.com/goreleaser/goreleaser) | minor | `v1.20.0` -> `v1.22.1` | | [gotestyourself/gotestsum](https://togithub.com/gotestyourself/gotestsum) | minor | `v1.10.1` -> `v1.11.0` | | [mikefarah/yq](https://togithub.com/mikefarah/yq) | minor | `v4.35.1` -> `v4.40.5` | | [miniscruff/changie](https://togithub.com/miniscruff/changie) | minor | `v1.12.0` -> `v1.17.0` | | [sharkdp/hyperfine](https://togithub.com/sharkdp/hyperfine) | minor | `v1.17.0` -> `v1.18.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>anchore/grype (anchore/grype)</summary> ### [`v0.73.4`](https://togithub.com/anchore/grype/releases/tag/v0.73.4) [Compare Source](https://togithub.com/anchore/grype/compare/v0.73.3...v0.73.4) ##### Additional Changes - bump to syft v0.98.0 in quality gate tests \[[#​1623](https://togithub.com/anchore/grype/pull/1623) [@​westonsteimel](https://togithub.com/westonsteimel)] - update syft to v0.98.0; go mod tidy \[[#​1621](https://togithub.com/anchore/grype/pull/1621) [@​spiffcs](https://togithub.com/spiffcs)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.73.3...v0.73.4)** ### [`v0.73.3`](https://togithub.com/anchore/grype/releases/tag/v0.73.3) [Compare Source](https://togithub.com/anchore/grype/compare/v0.73.2...v0.73.3) ##### Additional Changes - update Syft to v0.97.1 \[[#​1610](https://togithub.com/anchore/grype/pull/1610) [@​anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.73.2...v0.73.3)** ### [`v0.73.2`](https://togithub.com/anchore/grype/releases/tag/v0.73.2) [Compare Source](https://togithub.com/anchore/grype/compare/v0.73.1...v0.73.2) ##### Bug Fixes - Vulnerabilities in go packages without go modules are not detected \[[#​1581](https://togithub.com/anchore/grype/issues/1581) [#​1599](https://togithub.com/anchore/grype/pull/1599) [@​willmurphyscode](https://togithub.com/willmurphyscode)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.73.1...v0.73.2)** ### [`v0.73.1`](https://togithub.com/anchore/grype/releases/tag/v0.73.1) [Compare Source](https://togithub.com/anchore/grype/compare/v0.73.0...v0.73.1) ##### Bug Fixes - CycloneDX based analysis failing \[[#​1594](https://togithub.com/anchore/grype/issues/1594) [#​1596](https://togithub.com/anchore/grype/pull/1596) [@​anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)] - False negatives when scanning debian trixie/sid images from Dockerhub \[[#​1446](https://togithub.com/anchore/grype/issues/1446) [#​1593](https://togithub.com/anchore/grype/pull/1593) [@​willmurphyscode](https://togithub.com/willmurphyscode)] ##### Additional Changes - avoid allocations with `(*regexp.Regexp).MatchString` \[[#​1592](https://togithub.com/anchore/grype/pull/1592) [@​Juneezee](https://togithub.com/Juneezee)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.73.0...v0.73.1)** ### [`v0.73.0`](https://togithub.com/anchore/grype/releases/tag/v0.73.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.72.0...v0.73.0) ##### Added Features - Add a reason field to ignore config \[[#​1337](https://togithub.com/anchore/grype/issues/1337) [#​1532](https://togithub.com/anchore/grype/pull/1532) [@​shanduur](https://togithub.com/shanduur)] - Colorize severity in table output \[[#​225](https://togithub.com/anchore/grype/issues/225) [#​1284](https://togithub.com/anchore/grype/pull/1284) [@​shanedell](https://togithub.com/shanedell)] ##### Bug Fixes - Enable setting golang CPE config using env var \[[#​1585](https://togithub.com/anchore/grype/pull/1585) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - Incorrect version comparisons for maven packages \[[#​1526](https://togithub.com/anchore/grype/issues/1526) [#​1571](https://togithub.com/anchore/grype/pull/1571) [@​spiffcs](https://togithub.com/spiffcs)] - Grype fails to detect postgresql jdbc driver CVEs when scanning .jar \[[#​1482](https://togithub.com/anchore/grype/issues/1482)] ##### Additional Changes - Incorporate format API changes from syft \[[#​1582](https://togithub.com/anchore/grype/pull/1582) [@​wagoodman](https://togithub.com/wagoodman)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.72.0...v0.73.0)** ### [`v0.72.0`](https://togithub.com/anchore/grype/releases/tag/v0.72.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.71.0...v0.72.0) ##### Added Features - Add --ignore-states flag for ignoring findings with specific fix states \[[#​1473](https://togithub.com/anchore/grype/pull/1473) [@​jhebden-gl](https://togithub.com/jhebden-gl)] - Implement checksum & artifact signing \[[#​1513](https://togithub.com/anchore/grype/issues/1513) [#​1535](https://togithub.com/anchore/grype/pull/1535) [@​hibare](https://togithub.com/hibare)] ##### Bug Fixes - Report errors to stderr not stdout \[[#​1561](https://togithub.com/anchore/grype/pull/1561) [@​wagoodman](https://togithub.com/wagoodman)] - grype v0.71.0 stopped showing vulnerabilities for Go stdlib \[[#​1562](https://togithub.com/anchore/grype/issues/1562) [#​1565](https://togithub.com/anchore/grype/pull/1565) [@​wagoodman](https://togithub.com/wagoodman)] - SARIF output not compatible with GitHub \[[#​1518](https://togithub.com/anchore/grype/issues/1518) [#​1563](https://togithub.com/anchore/grype/pull/1563) [@​spiffcs](https://togithub.com/spiffcs)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.71.0...v0.72.0)** ### [`v0.71.0`](https://togithub.com/anchore/grype/releases/tag/v0.71.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.70.0...v0.71.0) ##### Added Features - use ghsa to improve matching for cpes \[[#​811](https://togithub.com/anchore/grype/issues/811) [#​1412](https://togithub.com/anchore/grype/pull/1412) [@​westonsteimel](https://togithub.com/westonsteimel)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.70.0...v0.71.0)** ### [`v0.70.0`](https://togithub.com/anchore/grype/releases/tag/v0.70.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.69.1...v0.70.0) ##### Added Features - Update Syft to v0.93.0 + enable golang stdlib matching \[[#​1550](https://togithub.com/anchore/grype/pull/1550) [@​spiffcs](https://togithub.com/spiffcs) ] ##### Bug Fixes - JSON output: descriptor name is missing "grype" value \[[#​1538](https://togithub.com/anchore/grype/issues/1538) [#​1542](https://togithub.com/anchore/grype/pull/1542) [@​kzantow](https://togithub.com/kzantow)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.69.1...v0.70.0)** ### [`v0.69.1`](https://togithub.com/anchore/grype/releases/tag/v0.69.1) [Compare Source](https://togithub.com/anchore/grype/compare/v0.69.0...v0.69.1) ##### Bug Fixes - Incorrect python version comparisons for rc releases \[[#​986](https://togithub.com/anchore/grype/issues/986) [#​1510](https://togithub.com/anchore/grype/pull/1510) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - False Positive: CVE-2023-37920 reported for certifi library in python \[[#​1417](https://togithub.com/anchore/grype/issues/1417) [#​1510](https://togithub.com/anchore/grype/pull/1510) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - Grype is not recognizing python-certifi is patched for GHSA-43fp-rhv2-5gv8 \[[#​1172](https://togithub.com/anchore/grype/issues/1172) [#​1510](https://togithub.com/anchore/grype/pull/1510) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - False positive on certifi 2022.12.07 \[[#​1034](https://togithub.com/anchore/grype/issues/1034) [#​1510](https://togithub.com/anchore/grype/pull/1510) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - Leading zeros seen as difference in version numbers \[[#​1430](https://togithub.com/anchore/grype/issues/1430) [#​1510](https://togithub.com/anchore/grype/pull/1510) [@​willmurphyscode](https://togithub.com/willmurphyscode)] ##### Additional Changes - add OpenSSF Best Practices badge \[[#​1523](https://togithub.com/anchore/grype/pull/1523) [@​spiffcs](https://togithub.com/spiffcs)] - Bump vulnerability match labels \[[#​1525](https://togithub.com/anchore/grype/pull/1525) [@​wagoodman](https://togithub.com/wagoodman)] - bump stereoscope to fix data race in UI \[[#​1517](https://togithub.com/anchore/grype/pull/1517) [@​willmurphyscode](https://togithub.com/willmurphyscode)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.69.0...v0.69.1)** ### [`v0.69.0`](https://togithub.com/anchore/grype/releases/tag/v0.69.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.68.1...v0.69.0) ##### Added Features - Upgrade syft to v0.91.0 (and CycloneDX to v1.5) \[[#​1508](https://togithub.com/anchore/grype/pull/1508) [@​wagoodman](https://togithub.com/wagoodman)] ##### Bug Fixes - Grype doesn't exit cleanly on error \[[#​1492](https://togithub.com/anchore/grype/issues/1492) [#​1505](https://togithub.com/anchore/grype/pull/1505) [@​kzantow](https://togithub.com/kzantow)] ##### Additional Changes - Fix typo in flag on Readme \[[#​1501](https://togithub.com/anchore/grype/pull/1501) [@​robszumski](https://togithub.com/robszumski)] - pin cache versions \[[#​1495](https://togithub.com/anchore/grype/pull/1495) [@​spiffcs](https://togithub.com/spiffcs)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.68.1...v0.69.0)** ### [`v0.68.1`](https://togithub.com/anchore/grype/releases/tag/v0.68.1) [Compare Source](https://togithub.com/anchore/grype/compare/v0.68.0...v0.68.1) ### #### [v0.68.1](https://togithub.com/anchore/grype/tree/v0.68.1) (2023-09-15) [Full Changelog](https://togithub.com/anchore/grype/compare/v0.68.0...v0.68.1) ##### Bug Fixes - Version output was not including supported db schema \[[PR #​1494](https://togithub.com/anchore/grype/pull/1494)] \[[kzantow](https://togithub.com/kzantow)] ### [`v0.68.0`](https://togithub.com/anchore/grype/releases/tag/v0.68.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.67.0...v0.68.0) ### #### [v0.68.0](https://togithub.com/anchore/grype/tree/v0.68.0) (2023-09-14) [Full Changelog](https://togithub.com/anchore/grype/compare/v0.67.0...v0.68.0) ##### Added Features - Ignore/add match results based on OpenVEX documents \[[PR #​1397](https://togithub.com/anchore/grype/pull/1397)] \[[puerco](https://togithub.com/puerco)] - Introduce exit code failure option for db update check \[[PR #​1463](https://togithub.com/anchore/grype/pull/1463)] \[[devfbe](https://togithub.com/devfbe)] ##### Bug Fixes - Fix race conditions around stager, enable detector \[[PR #​1489](https://togithub.com/anchore/grype/pull/1489)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] - Grype hangs forever if gets interrupted during work (in rare cases) \[[Issue #​1427](https://togithub.com/anchore/grype/issues/1427)] \[[PR #​1437](https://togithub.com/anchore/grype/pull/1437)] \[[kzantow](https://togithub.com/kzantow)] ### [`v0.67.0`](https://togithub.com/anchore/grype/releases/tag/v0.67.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.66.0...v0.67.0) ### #### [v0.67.0](https://togithub.com/anchore/grype/tree/v0.67.0) (2023-09-11) [Full Changelog](https://togithub.com/anchore/grype/compare/v0.66.0...v0.67.0) ##### Additional Changes - chore: bump quality gate to use syft v0.89.0 \[[PR #​1479](https://togithub.com/anchore/grype/pull/1479)] \[[westonsteimel](https://togithub.com/westonsteimel)] - chore: update grype to use Go v1.21 \[[PR #​1480](https://togithub.com/anchore/grype/pull/1480)] \[[spiffcs](https://togithub.com/spiffcs)] ### [`v0.66.0`](https://togithub.com/anchore/grype/releases/tag/v0.66.0) [Compare Source](https://togithub.com/anchore/grype/compare/v0.65.2...v0.66.0) ### #### [v0.66.0](https://togithub.com/anchore/grype/tree/v0.66.0) (2023-08-31) [Full Changelog](https://togithub.com/anchore/grype/compare/v0.65.2...v0.66.0) ##### Added Features - Allow for access to private CAs securely \[[Issue #​1226](https://togithub.com/anchore/grype/issues/1226)] \[[PR #​1232](https://togithub.com/anchore/grype/pull/1232)] \[[5p2O5pe25ouT](https://togithub.com/5p2O5pe25ouT)] - Filter out packages that are owned by OS packages (ownership overlap) \[[Issue #​1373](https://togithub.com/anchore/grype/issues/1373)] \[[PR #​1387](https://togithub.com/anchore/grype/pull/1387)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] ##### Bug Fixes - fix: Only remove packages by binary overlap \[[PR #​1444](https://togithub.com/anchore/grype/pull/1444)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] - New version notice only showing the version and no text \[[PR #​1445](https://togithub.com/anchore/grype/pull/1445)] \[[wagoodman](https://togithub.com/wagoodman)] - fix: set correct default to exclude overlapping binaries \[[PR #​1452](https://togithub.com/anchore/grype/pull/1452)] \[[kzantow](https://togithub.com/kzantow)] - Portage version comparison is not working \[[Issue #​1459](https://togithub.com/anchore/grype/issues/1459)] \[[PR #​1468](https://togithub.com/anchore/grype/pull/1468)] \[[barnuri](https://togithub.com/barnuri)] ##### Additional Changes - Update Syft to 0.89.0 ### [`v0.65.2`](https://togithub.com/anchore/grype/releases/tag/v0.65.2) [Compare Source](https://togithub.com/anchore/grype/compare/v0.65.1...v0.65.2) ### #### [v0.65.2](https://togithub.com/anchore/grype/tree/v0.65.2) (2023-08-17) [Full Changelog](https://togithub.com/anchore/grype/compare/v0.65.1...v0.65.2) ##### Additional Changes - Update Syft to v0.87.1 - Add a simple JUnit XML template \[[PR #​1422](https://togithub.com/anchore/grype/pull/1422)] \[[YevheniiPokhvalii](https://togithub.com/YevheniiPokhvalii)] - Update semver regular expression constraint to allow for 1.20rc1 cases no '-' \[[PR #​1434](https://togithub.com/anchore/grype/pull/1434)] \[[spiffcs](https://togithub.com/spiffcs)] </details> <details> <summary>anchore/quill (anchore/quill)</summary> ### [`v0.4.1`](https://togithub.com/anchore/quill/releases/tag/v0.4.1) [Compare Source](https://togithub.com/anchore/quill/compare/v0.4.0...v0.4.1) ### Changelog #### [v0.4.1](https://togithub.com/anchore/quill/tree/v0.4.1) (2023-08-25) [Full Changelog](https://togithub.com/anchore/quill/compare/v0.4.0...v0.4.1) ##### Bug Fixes - Quill notarization failed \[[Issue #​118](https://togithub.com/anchore/quill/issues/118)] \[[PR #​119](https://togithub.com/anchore/quill/pull/119)] \[[wagoodman](https://togithub.com/wagoodman)] ##### Additional Changes - Port to clio \[[PR #​53](https://togithub.com/anchore/quill/pull/53)] \[[wagoodman](https://togithub.com/wagoodman)] - chore: update to latest clio \[[PR #​98](https://togithub.com/anchore/quill/pull/98)] \[[kzantow](https://togithub.com/kzantow)] </details> <details> <summary>anchore/syft (anchore/syft)</summary> ### [`v0.98.0`](https://togithub.com/anchore/syft/releases/tag/v0.98.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.97.1...v0.98.0) ##### Added Features - Add binary classifiers for MySQL and MariaDB \[[#​2316](https://togithub.com/anchore/syft/pull/2316) [@​duanemay](https://togithub.com/duanemay)] - Enhance redis binary classifier to support additional versions \[[#​2329](https://togithub.com/anchore/syft/pull/2329) [@​whalelines](https://togithub.com/whalelines)] - Expose compact JSON and XML format configuration \[[#​561](https://togithub.com/anchore/syft/issues/561) [#​2275](https://togithub.com/anchore/syft/pull/2275) [@​wagoodman](https://togithub.com/wagoodman)] ##### Bug Fixes - Fix file metadata cataloger when passed explicit coordinates \[[#​2370](https://togithub.com/anchore/syft/pull/2370) [@​wagoodman](https://togithub.com/wagoodman)] - hardcode xalan group ID \[[#​2368](https://togithub.com/anchore/syft/pull/2368) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - logging level for parsing potential PE files \[[#​2367](https://togithub.com/anchore/syft/pull/2367) [@​kzantow](https://togithub.com/kzantow)] - Use read lock in `pkg.Collection` \[[#​2341](https://togithub.com/anchore/syft/pull/2341) [@​wagoodman](https://togithub.com/wagoodman)] - add manual namespace mapping for org.springframework jars \[[#​2345](https://togithub.com/anchore/syft/pull/2345) [@​westonsteimel](https://togithub.com/westonsteimel)] - add manual namespace mapping for org.springframework.security jars \[[#​2343](https://togithub.com/anchore/syft/pull/2343) [@​westonsteimel](https://togithub.com/westonsteimel)] - errors are printed into the stdout in syft 0.97.1 \[[#​2356](https://togithub.com/anchore/syft/issues/2356) [#​2364](https://togithub.com/anchore/syft/pull/2364) [@​kzantow](https://togithub.com/kzantow)] - `syft some-jar.jar` fails to find packages if PWD is a symlink \[[#​2355](https://togithub.com/anchore/syft/issues/2355) [#​2359](https://togithub.com/anchore/syft/pull/2359) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - Default for recently added base path, `""`, disables detection of symlinked `*.jar` files \[[#​1962](https://togithub.com/anchore/syft/issues/1962) [#​2359](https://togithub.com/anchore/syft/pull/2359) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - `syft attest` broken since 0.85.0 \[[#​2333](https://togithub.com/anchore/syft/issues/2333) [#​2337](https://togithub.com/anchore/syft/pull/2337) [@​wagoodman](https://togithub.com/wagoodman)] - Incorrect Java PURL for org.bouncycastle jars \[[#​2339](https://togithub.com/anchore/syft/issues/2339) [#​2342](https://togithub.com/anchore/syft/pull/2342) [@​westonsteimel](https://togithub.com/westonsteimel)] ##### Breaking Changes - Remove power-user command and related catalogers \[[#​1419](https://togithub.com/anchore/syft/issues/1419) [#​2306](https://togithub.com/anchore/syft/pull/2306) [@​wagoodman](https://togithub.com/wagoodman)] ##### Additional Changes - Normalize cataloger configuration patterns \[[#​2365](https://togithub.com/anchore/syft/pull/2365) [@​wagoodman](https://togithub.com/wagoodman)] - Normalize enums to lowercase with hyphens \[[#​2363](https://togithub.com/anchore/syft/pull/2363) [@​wagoodman](https://togithub.com/wagoodman)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.97.1...v0.98.0)** ##### Special Thanks Thanks [@​duanemay](https://togithub.com/duanemay) and [@​whalelines](https://togithub.com/whalelines) for the enhanced binary classifier support 👍 ### [`v0.97.1`](https://togithub.com/anchore/syft/releases/tag/v0.97.1) [Compare Source](https://togithub.com/anchore/syft/compare/v0.97.0...v0.97.1) ##### Bug Fixes - Syft does not use HTTP proxy when downloading the Docker image itself \[[#​2203](https://togithub.com/anchore/syft/issues/2203) [#​2336](https://togithub.com/anchore/syft/pull/2336) [@​anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)] ##### Additional Changes - `syft version` report is broken with 0.97.0 release \[[#​2334](https://togithub.com/anchore/syft/issues/2334) [#​2335](https://togithub.com/anchore/syft/pull/2335) [@​spiffcs](https://togithub.com/spiffcs)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.97.0...v0.97.1)** ### [`v0.97.0`](https://togithub.com/anchore/syft/releases/tag/v0.97.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.96.0...v0.97.0) ##### Added Features - Add license for golang stdlib package \[[#​2317](https://togithub.com/anchore/syft/pull/2317) [@​coheigea](https://togithub.com/coheigea)] - Fall back to searching maven central using groupIDFromJavaMetadata \[[#​2295](https://togithub.com/anchore/syft/pull/2295) [@​coheigea](https://togithub.com/coheigea)] ##### Bug Fixes - Refine license search from groupIDFromJavaMetadata to account for artfactId in the groupId \[[#​2313](https://togithub.com/anchore/syft/pull/2313) [@​coheigea](https://togithub.com/coheigea)] - capture content written to stdout outside of report \[[#​2324](https://togithub.com/anchore/syft/pull/2324) [@​kzantow](https://togithub.com/kzantow)] - add manual groupid mappings for org.apache.velocity jars \[[#​2327](https://togithub.com/anchore/syft/pull/2327) [@​westonsteimel](https://togithub.com/westonsteimel)] - skip maven bundle plugin logic if vendor id and symbolic name match \[[#​2326](https://togithub.com/anchore/syft/pull/2326) [@​westonsteimel](https://togithub.com/westonsteimel)] - cataloger `dpkg-db-cataloger` not working \[[#​2323](https://togithub.com/anchore/syft/issues/2323)] ##### Breaking Changes - Rename Location virtualPath to accessPath \[[#​1835](https://togithub.com/anchore/syft/issues/1835) [#​2288](https://togithub.com/anchore/syft/pull/2288) [@​wagoodman](https://togithub.com/wagoodman)] ##### Additional Changes - Export syft-json format package metadata type helper \[[#​2328](https://togithub.com/anchore/syft/pull/2328) [@​wagoodman](https://togithub.com/wagoodman)] - Add dotnet-portable-executable-cataloger to README \[[#​2322](https://togithub.com/anchore/syft/pull/2322) [@​noqcks](https://togithub.com/noqcks)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.96.0...v0.97.0)** ### [`v0.96.0`](https://togithub.com/anchore/syft/releases/tag/v0.96.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.95.0...v0.96.0) ##### Added Features - Check maven central as well for licenses in parents poms for nested jars \[[#​2302](https://togithub.com/anchore/syft/pull/2302) [@​coheigea](https://togithub.com/coheigea)] - store image annotations inside the SBOM \[[#​2267](https://togithub.com/anchore/syft/issues/2267) [#​2294](https://togithub.com/anchore/syft/pull/2294) [@​noqcks](https://togithub.com/noqcks)] - Support parsing license information in Maven projects via parent poms \[[#​2103](https://togithub.com/anchore/syft/issues/2103)] ##### Bug Fixes - SPDX file has duplicate sha256 tag in versionInfo \[[#​2300](https://togithub.com/anchore/syft/pull/2300) [@​coheigea](https://togithub.com/coheigea)] - Report virtual path consistently between file.Resolvers \[[#​1836](https://togithub.com/anchore/syft/issues/1836) [#​2287](https://togithub.com/anchore/syft/pull/2287) [@​wagoodman](https://togithub.com/wagoodman)] - Unable to identify CycloneDX JSON documents without $schema property \[[#​2299](https://togithub.com/anchore/syft/issues/2299) [#​2303](https://togithub.com/anchore/syft/pull/2303) [@​kzantow](https://togithub.com/kzantow)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.95.0...v0.96.0)** ### [`v0.95.0`](https://togithub.com/anchore/syft/releases/tag/v0.95.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.94.0...v0.95.0) ##### Added Features - Use case-insensitive matching for Go license files \[[#​2286](https://togithub.com/anchore/syft/pull/2286) [@​miquella](https://togithub.com/miquella)] - Add conaninfo.txt parser to detect conan packages in docker images \[[#​2234](https://togithub.com/anchore/syft/pull/2234) [@​Pro](https://togithub.com/Pro)] - Perform case insensitive matching on Java License files \[[#​2235](https://togithub.com/anchore/syft/pull/2235) [@​coheigea](https://togithub.com/coheigea)] - Read a license from a parent pom stored in Maven Central \[[#​2228](https://togithub.com/anchore/syft/pull/2228) [@​coheigea](https://togithub.com/coheigea)] - Add PURLs when scanning Gradle lock files \[[#​2278](https://togithub.com/anchore/syft/pull/2278) [@​robbiev](https://togithub.com/robbiev)] ##### Bug Fixes - Fix CPE index workflow \[[#​2252](https://togithub.com/anchore/syft/pull/2252) [@​wagoodman](https://togithub.com/wagoodman)] - Fix cpe generation task \[[#​2270](https://togithub.com/anchore/syft/pull/2270) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - Introduce cataloger naming conventions \[[#​1578](https://togithub.com/anchore/syft/issues/1578) [#​2277](https://togithub.com/anchore/syft/pull/2277) [@​wagoodman](https://togithub.com/wagoodman)] - .NET / nuget - invalid SBOM generated after parsing \[[#​2255](https://togithub.com/anchore/syft/issues/2255) [#​2273](https://togithub.com/anchore/syft/pull/2273) [@​spiffcs](https://togithub.com/spiffcs)] - Wrong parsing after v0.85.0 syft for some components \[[#​2241](https://togithub.com/anchore/syft/issues/2241) [#​2273](https://togithub.com/anchore/syft/pull/2273) [@​spiffcs](https://togithub.com/spiffcs)] - SPDX-2.3 is misidentified as SPDX-2.2 \[[#​2112](https://togithub.com/anchore/syft/issues/2112) [#​2186](https://togithub.com/anchore/syft/pull/2186) [@​wagoodman](https://togithub.com/wagoodman)] - Jar parser chokes on empty lines \[[#​2179](https://togithub.com/anchore/syft/issues/2179) [#​2254](https://togithub.com/anchore/syft/pull/2254) [@​spiffcs](https://togithub.com/spiffcs)] - Add a new Java configuration option to recursively search parent poms… \[[#​2274](https://togithub.com/anchore/syft/pull/2274) [@​coheigea](https://togithub.com/coheigea)] - Fix directory resolver to always return virtual path \[[#​2259](https://togithub.com/anchore/syft/pull/2259) [@​wagoodman](https://togithub.com/wagoodman)] - Syft can now handle the case of parsing a jar with multiple poms \[[#​2231](https://togithub.com/anchore/syft/pull/2231) [@​coheigea](https://togithub.com/coheigea)] - Add ruby.NewGemSpecCataloger to DirectoryCatalogers \[[#​1971](https://togithub.com/anchore/syft/pull/1971) [@​evanchaoli](https://togithub.com/evanchaoli)] ##### Breaking Changes - Introduce cataloger naming conventions \[[#​1578](https://togithub.com/anchore/syft/issues/1578) [#​2277](https://togithub.com/anchore/syft/pull/2277) [@​wagoodman](https://togithub.com/wagoodman)] - Remove MetadataType from the core package struct \[[#​1735](https://togithub.com/anchore/syft/issues/1735) [#​1983](https://togithub.com/anchore/syft/pull/1983) [@​wagoodman](https://togithub.com/wagoodman)] - Add convention for JSON metadata type names and port existing values to the new convention \[[#​1844](https://togithub.com/anchore/syft/issues/1844) [#​1983](https://togithub.com/anchore/syft/pull/1983) [@​wagoodman](https://togithub.com/wagoodman)] - Remove deprecated syft.Format functions \[[#​1344](https://togithub.com/anchore/syft/issues/1344) [#​2186](https://togithub.com/anchore/syft/pull/2186) [@​wagoodman](https://togithub.com/wagoodman)] ##### Additional Changes - Upgrade tool management \[[#​2188](https://togithub.com/anchore/syft/pull/2188) [@​wagoodman](https://togithub.com/wagoodman)] - Fix homebrew post-release workflow \[[#​2242](https://togithub.com/anchore/syft/pull/2242) [@​wagoodman](https://togithub.com/wagoodman)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.94.0...v0.95.0)** ### [`v0.94.0`](https://togithub.com/anchore/syft/releases/tag/v0.94.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.93.0...v0.94.0) ##### Added Features - Add additional license filenames \[[#​2227](https://togithub.com/anchore/syft/pull/2227) [@​coheigea](https://togithub.com/coheigea)] - Parse donet dependency trees \[[#​2143](https://togithub.com/anchore/syft/pull/2143) [@​noqcks](https://togithub.com/noqcks)] - Find license by embedded license text \[[#​2147](https://togithub.com/anchore/syft/issues/2147) [#​2213](https://togithub.com/anchore/syft/pull/2213) [@​coheigea](https://togithub.com/coheigea)] - Add support for dpkg dependency relationships \[[#​2040](https://togithub.com/anchore/syft/issues/2040) [#​2212](https://togithub.com/anchore/syft/pull/2212) [@​wagoodman](https://togithub.com/wagoodman)] ##### Bug Fixes - Report errors to stderr not stdout \[[#​2232](https://togithub.com/anchore/syft/pull/2232) [@​wagoodman](https://togithub.com/wagoodman)] - Python egg packages are not parsed for SBOM \[[#​1761](https://togithub.com/anchore/syft/issues/1761) [#​2239](https://togithub.com/anchore/syft/pull/2239) [@​spiffcs](https://togithub.com/spiffcs)] - Java archive is listed twice \[[#​2130](https://togithub.com/anchore/syft/issues/2130) [#​2220](https://togithub.com/anchore/syft/pull/2220) [@​wagoodman](https://togithub.com/wagoodman)] - Java archives not from Maven \[[#​2217](https://togithub.com/anchore/syft/issues/2217) [#​2220](https://togithub.com/anchore/syft/pull/2220) [@​wagoodman](https://togithub.com/wagoodman)] - Remove internal.StringSet \[[#​2209](https://togithub.com/anchore/syft/issues/2209) [#​2219](https://togithub.com/anchore/syft/pull/2219) [@​wagoodman](https://togithub.com/wagoodman)] - Invalid interface conversion in Swift cataloger \[[#​2225](https://togithub.com/anchore/syft/issues/2225) [#​2226](https://togithub.com/anchore/syft/pull/2226) [@​wagoodman](https://togithub.com/wagoodman)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.93.0...v0.94.0)** ### [`v0.93.0`](https://togithub.com/anchore/syft/releases/tag/v0.93.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.92.0...v0.93.0) ##### Added Features - Parse license from the pom.xml if not contained in the manifest \[[#​2115](https://togithub.com/anchore/syft/pull/2115) [@​coheigea](https://togithub.com/coheigea)] - Add Golang STD library package given a Golang binary has been discovered compiled with that go binary \[[#​1853](https://togithub.com/anchore/syft/issues/1853) [#​2195](https://togithub.com/anchore/syft/pull/2195) [@​spiffcs](https://togithub.com/spiffcs)] - Improve --output CLI help and deprecate --file \[[#​2165](https://togithub.com/anchore/syft/issues/2165) [#​2187](https://togithub.com/anchore/syft/pull/2187) [@​sharief007](https://togithub.com/sharief007)] ##### Bug Fixes - Converting a SBOM looses the algorithm type for added checksums \[[#​2183](https://togithub.com/anchore/syft/issues/2183) [#​2207](https://togithub.com/anchore/syft/pull/2207) [@​sharief007](https://togithub.com/sharief007)] ##### Additional Changes - Refine the docs for building a cataloger \[[#​2175](https://togithub.com/anchore/syft/pull/2175) [@​wagoodman](https://togithub.com/wagoodman)] - update license list to 3.22 \[[#​2201](https://togithub.com/anchore/syft/pull/2201) [@​spiffcs](https://togithub.com/spiffcs)] - Add exact syntax of the conversion formats \[[#​2196](https://togithub.com/anchore/syft/pull/2196) [@​vargenau](https://togithub.com/vargenau)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.92.0...v0.93.0)** ### [`v0.92.0`](https://togithub.com/anchore/syft/releases/tag/v0.92.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.91.0...v0.92.0) ##### Added Features - Support for multiple image refs of same sha in OCI layout \[[#​1544](https://togithub.com/anchore/syft/issues/1544)] ##### Bug Fixes - Generated purls are different between runs of syft against the same image and artifact \[[#​2169](https://togithub.com/anchore/syft/issues/2169) [#​2170](https://togithub.com/anchore/syft/pull/2170) [@​willmurphyscode](https://togithub.com/willmurphyscode)] ##### Additional Changes - bump stereoscope to fix data race in UI code \[[#​2173](https://togithub.com/anchore/syft/pull/2173) [@​willmurphyscode](https://togithub.com/willmurphyscode)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.91.0...v0.92.0)** ### [`v0.91.0`](https://togithub.com/anchore/syft/releases/tag/v0.91.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.90.0...v0.91.0) ##### Added Features - Add support for CycloneDX 1.5 \[[#​2120](https://togithub.com/anchore/syft/issues/2120) [#​2123](https://togithub.com/anchore/syft/pull/2123) [@​spiffcs](https://togithub.com/spiffcs)] - Add support for containerd as an image source \[[#​201](https://togithub.com/anchore/syft/issues/201) [#​1793](https://togithub.com/anchore/syft/pull/1793) [@​shanedell](https://togithub.com/shanedell)] - Support cataloging github workflow & github action usages \[[#​1896](https://togithub.com/anchore/syft/issues/1896) [#​2140](https://togithub.com/anchore/syft/pull/2140) [@​wagoodman](https://togithub.com/wagoodman)] ##### Bug Fixes - Allow CycloneDX json input with no components \[[#​2127](https://togithub.com/anchore/syft/pull/2127) [@​ahoz](https://togithub.com/ahoz)] - Prevent errors from clobbering terminal \[[#​2161](https://togithub.com/anchore/syft/pull/2161) [@​kzantow](https://togithub.com/kzantow)] - Using syft as a go library to decode a syft json has incomplete data \[[#​2069](https://togithub.com/anchore/syft/issues/2069) [#​2083](https://togithub.com/anchore/syft/pull/2083) [@​kzantow](https://togithub.com/kzantow)] - SBOMs are not the same on multiple runs of syft \[[#​1944](https://togithub.com/anchore/syft/issues/1944)] ##### Additional Changes - Switch to stdlib's slices pkg \[[#​2148](https://togithub.com/anchore/syft/pull/2148) [@​hainenber](https://togithub.com/hainenber)] - Remove unneeded arch switch in unit test \[[#​2156](https://togithub.com/anchore/syft/pull/2156) [@​willmurphyscode](https://togithub.com/willmurphyscode)] - Update chronicle to v0.8.0 \[[#​2154](https://togithub.com/anchore/syft/pull/2154) [@​wagoodman](https://togithub.com/wagoodman)] - Update to latest stereoscope \[[#​2151](https://togithub.com/anchore/syft/pull/2151) [@​spiffcs](https://togithub.com/spiffcs)] - Pin workflow checkout for cpe update-cpe-dictionary-index \[[#​2141](https://togithub.com/anchore/syft/pull/2141) [@​spiffcs](https://togithub.com/spiffcs)] - Add dependency information to conan lockfile parser \[[#​2131](https://togithub.com/anchore/syft/pull/2131) [@​Pro](https://togithub.com/Pro)] - Pin and update all workflow dependencies; add permission scopes \[[#​2138](https://togithub.com/anchore/syft/pull/2138) [@​spiffcs](https://togithub.com/spiffcs)] - Enforce race detector \[[#​2122](https://togithub.com/anchore/syft/pull/2122) [@​willmurphyscode](https://togithub.com/willmurphyscode)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.90.0...v0.91.0)** ### [`v0.90.0`](https://togithub.com/anchore/syft/releases/tag/v0.90.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.89.0...v0.90.0) ### #### [v0.90.0](https://togithub.com/anchore/syft/tree/v0.90.0) (2023-09-11) [Full Changelog](https://togithub.com/anchore/syft/compare/v0.89.0...v0.90.0) ##### Added Features - Expose cobra command in cli package \[[PR #​2097](https://togithub.com/anchore/syft/pull/2097)] \[[wagoodman](https://togithub.com/wagoodman)] - Explicitly test PURL generation against key packages \[[Issue #​2071](https://togithub.com/anchore/syft/issues/2071)] - Add User-Agent with Syft version during update check \[[Issue #​2072](https://togithub.com/anchore/syft/issues/2072)] \[[PR #​2100](https://togithub.com/anchore/syft/pull/2100)] \[[hainenber](https://togithub.com/hainenber)] ##### Bug Fixes - fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation \[[PR #​2075](https://togithub.com/anchore/syft/pull/2075)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] - Cyclonedx external reference URLs are not validated when encoding \[[Issue #​2079](https://togithub.com/anchore/syft/issues/2079)] \[[PR #​2091](https://togithub.com/anchore/syft/pull/2091)] \[[hainenber](https://togithub.com/hainenber)] ##### Additional Changes - Bump the golang.org/x/exp dependency and fix a build breakage. \[[PR #​2088](https://togithub.com/anchore/syft/pull/2088)] \[[dlorenc](https://togithub.com/dlorenc)] - fix: update codeql-analysis for go 1.21 \[[PR #​2108](https://togithub.com/anchore/syft/pull/2108)] \[[spiffcs](https://togithub.com/spiffcs)] ### [`v0.89.0`](https://togithub.com/anchore/syft/releases/tag/v0.89.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.88.0...v0.89.0) ### #### [v0.89.0](https://togithub.com/anchore/syft/tree/v0.89.0) (2023-08-31) [Full Changelog](https://togithub.com/anchore/syft/compare/v0.88.0...v0.89.0) ##### Added Features - Add registry certificate verification support \[[PR #​1734](https://togithub.com/anchore/syft/pull/1734)] \[[5p2O5pe25ouT](https://togithub.com/5p2O5pe25ouT)] - Add SYFT_CONFIG environment variable for configuration file path \[[Issue #​1986](https://togithub.com/anchore/syft/issues/1986)] \[[PR #​2001](https://togithub.com/anchore/syft/pull/2001)] \[[kzantow](https://togithub.com/kzantow)] ##### Bug Fixes - Fix quiet flag \[[PR #​2081](https://togithub.com/anchore/syft/pull/2081)] \[[wagoodman](https://togithub.com/wagoodman)] - Command line flags not overriding configuration file values \[[Issue #​1143](https://togithub.com/anchore/syft/issues/1143)] \[[PR #​2001](https://togithub.com/anchore/syft/pull/2001)] \[[kzantow](https://togithub.com/kzantow)] - Django package CPE is not correct \[[Issue #​1298](https://togithub.com/anchore/syft/issues/1298)] \[[PR #​2068](https://togithub.com/anchore/syft/pull/2068)] \[[witchcraze](https://togithub.com/witchcraze)] - Config parsing includes `config.yaml` in working dir \[[Issue #​1634](https://togithub.com/anchore/syft/issues/1634)] \[[PR #​2001](https://togithub.com/anchore/syft/pull/2001)] \[[kzantow](https://togithub.com/kzantow)] - Fix a possible panic on universal go binaries \[[Issue #​2073](https://togithub.com/anchore/syft/issues/2073)] \[[PR #​2078](https://togithub.com/anchore/syft/pull/2078)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] - Disabling catalogers is not working in power user command \[[Issue #​2074](https://togithub.com/anchore/syft/issues/2074)] \[[PR #​2001](https://togithub.com/anchore/syft/pull/2001)] \[[kzantow](https://togithub.com/kzantow)] - Virtual path changes to java cataloger causing creation of extra incorrect packages when jars are renamed \[[Issue #​2077](https://togithub.com/anchore/syft/issues/2077)] \[[PR #​2080](https://togithub.com/anchore/syft/pull/2080)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] ### [`v0.88.0`](https://togithub.com/anchore/syft/releases/tag/v0.88.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.87.1...v0.88.0) ### #### [v0.88.0](https://togithub.com/anchore/syft/tree/v0.88.0) (2023-08-25) [Full Changelog](https://togithub.com/anchore/syft/compare/v0.87.1...v0.88.0) ##### Added Features - Detect golang boring crypto and fipsonly modules \[[PR #​2021](https://togithub.com/anchore/syft/pull/2021)] \[[bathina2](https://togithub.com/bathina2)] - feat: 1944 - update purl generation to use a consistent groupID \[[PR #​2033](https://togithub.com/anchore/syft/pull/2033)] \[[spiffcs](https://togithub.com/spiffcs)] - Add support to detect bash binaries \[[Issue #​1963](https://togithub.com/anchore/syft/issues/1963)] \[[PR #​2055](https://togithub.com/anchore/syft/pull/2055)] \[[witchcraze](https://togithub.com/witchcraze)] ##### Bug Fixes - fix: properly parse conan ref and include user and channel \[[PR #​2034](https://togithub.com/anchore/syft/pull/2034)] \[[Pro](https://togithub.com/Pro)] - New version notice only showing the version and no text \[[PR #​2042](https://togithub.com/anchore/syft/pull/2042)] \[[wagoodman](https://togithub.com/wagoodman)] - Fix: don't validate pom declared group \[[PR #​2054](https://togithub.com/anchore/syft/pull/2054)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] - Errors when handling symlinks on Windows with syft v0.85.0 \[[Issue #​1950](https://togithub.com/anchore/syft/issues/1950)] \[[PR #​2051](https://togithub.com/anchore/syft/pull/2051)] \[[selzoc](https://togithub.com/selzoc)] - Syft seems unable to parse non UTF-8 pom.xml files \[[Issue #​2044](https://togithub.com/anchore/syft/issues/2044)] \[[PR #​2047](https://togithub.com/anchore/syft/pull/2047)] \[[wagoodman](https://togithub.com/wagoodman)] - Error parsing pom.xml with v0.87.1 \[[Issue #​2060](https://togithub.com/anchore/syft/issues/2060)] \[[PR #​2064](https://togithub.com/anchore/syft/pull/2064)] \[[willmurphyscode](https://togithub.com/willmurphyscode)] - Invalid CycloneDX: duplicates in relationships section \[[Issue #​2062](https://togithub.com/anchore/syft/issues/2062)] \[[PR #​2063](https://togithub.com/anchore/syft/pull/2063)] \[[kzantow](https://togithub.com/kzantow)] ### [`v0.87.1`](https://togithub.com/anchore/syft/releases/tag/v0.87.1) [Compare Source](https://togithub.com/anchore/syft/compare/v0.87.0...v0.87.1) ### #### [v0.87.1](https://togithub.com/anchore/syft/tree/v0.87.1) (2023-08-17) [Full Changelog](https://togithub.com/anchore/syft/compare/v0.87.0...v0.87.1) ##### Bug Fixes - Use Java package names to determine known groupIDs \[[PR #​2032](https://togithub.com/anchore/syft/pull/2032)] \[[kzantow](https://togithub.com/kzantow)] - Relationships section of CycloneDX is not outputting even when the data is present \[[Issue #​1972](https://togithub.com/anchore/syft/issues/1972)] \[[PR #​1974](https://togithub.com/anchore/syft/pull/1974)] \[[markgalpin](https://togithub.com/markgalpin)] \[[kzantow](https://togithub.com/kzantow)] - SPDX Tag-Value conversion not handling files directly set on packages \[[Issue #​2013](https://togithub.com/anchore/syft/issues/2013)] \[[PR #​2014](https://togithub.com/anchore/syft/pull/2014)] \[[kzantow](https://togithub.com/kzantow)] - Intermittent binary listings, different results every time \[[Issue #​2035](https://togithub.com/anchore/syft/issues/2035)] \[[PR #​2036](https://togithub.com/anchore/syft/pull/2036)] \[[kzantow](https://togithub.com/kzantow)] </details> <details> <summary>charmbracelet/gum (charmbracelet/gum)</summary> ### [`v0.13.0`](https://togithub.com/charmbracelet/gum/releases/tag/v0.13.0) [Compare Source](https://togithub.com/charmbracelet/gum/compare/v0.12.0...v0.13.0) #### Changelog ##### New Features Add `--select-if-one` flag to `gum choose` and `gum filter`. ```bash > gum choose --select-if-one "option" > option ``` - [`fb6849c`](https://togithub.com/charmbracelet/gum/commit/fb6849ca163779e5fa33786568b78592f433470a): `--select-if-one` flag to `choose`/`filter`. ([#​398](https://togithub.com/charmbracelet/gum/issues/398)) ([@​kennyp](https://togithub.com/kennyp)) ##### Bug fixes - [`5c65944`](https://togithub.com/charmbracelet/gum/commit/5c65944c66156df9eeba7fe742d6837e7869292d): (fix): ShowOutput flag displays in realtime ([#​405](https://togithub.com/charmbracelet/gum/issues/405)) ([@​hopefulTex](https://togithub.com/hopefulTex)) *** <details> <summary>Verifying the artifacts</summary> First, download the [`checksums.txt` file](https://togithub.com/charmbracelet/gum/releases/download/0.13.0/checksums.txt), for example, with `wget`: ```bash wget 'https://github.com/charmbracelet/gum/releases/download/v0.13.0/checksums.txt' ``` Then, verify it using [`cosign`](https://togithub.com/sigstore/cosign): ```bash cosign verify-blob \ --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ --cert 'https://github.com/charmbracelet/gum/releases/download/v0.13.0/checksums.txt.pem' \ --signature 'https://github.com/charmbracelet/gum/releases/download/v0.13.0/checksums.txt.sig' \ ./checksums.txt ``` If the output is `Verified OK`, you can safely use it to verify the checksums of other artifacts you downloaded from the release using `sha256sum`: ```bash sha256sum --ignore-missing -c checksums.txt ``` Done! You artifacts are now verified! </details> <a href="https://charm.sh/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-badge.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [Twitter](https://twitter.com/charmcli), [The Fediverse](https://mastodon.technology/@​charm), or on [Discord](https://charm.sh/chat). ### [`v0.12.0`](https://togithub.com/charmbracelet/gum/releases/tag/v0.12.0) [Compare Source](https://togithub.com/charmbracelet/gum/compare/v0.11.0...v0.12.0) ### Gum Log 🪵 Version 0.12.0 of gum features a brand new `log` command. Gum `log` logs messages to the terminal at using different levels and styling using the [`charmbracelet/log`](https://togithub.com/charmbracelet/log) library. To get started, simply run: gum log ```bash ### Log some debug information. gum log --structured --level debug "Creating file..." name file.txt ### DEBUG Unable to create file. name=temp.txt ### Log some error. gum log --structured --level error "Unable to create file." name file.txt ### ERROR Unable to create file. name=temp.txt ``` See [`charmbracelet/log`](https://togithub.com/charmbracelet/log) for more usage. <img src="https://vhs.charm.sh/vhs-6jupuFM0s2fXiUrBE0I1vU.gif" width="600" alt="Running gum log with debug and error levels" /> #### What's Changed - Pretty Table Print by [@​maaslalani](https://togithub.com/maaslalani) in [https://github.com/charmbracelet/gum/pull/436](https://togithub.com/charmbracelet/gum/pull/436) - Log command by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [https://github.com/charmbracelet/gum/pull/449](https://togithub.com/charmbracelet/gum/pull/449) - Avoid reading from stdin if `--value` is being used by [@​piero-vic](https://togithub.com/piero-vic) in [https://github.com/charmbracelet/gum/pull/448](https://togithub.com/charmbracelet/gum/pull/448) - Made filter work with lists as choose by [@​MikaelFangel](https://togithub.com/MikaelFangel) in [https://github.com/charmbracelet/gum/pull/424](https://togithub.com/charmbracelet/gum/pull/424) #### New Contributors - [@​cglong](https://togithub.com/cglong) made their first contribution in [https://github.com/charmbracelet/gum/pull/401](https://togithub.com/charmbracelet/gum/pull/401) - [@​docwhat](https://togithub.com/docwhat) made their first contribution in [https://github.com/charmbracelet/gum/pull/433](https://togithub.com/charmbracelet/gum/pull/433) - [@​piero-vic](https://togithub.com/piero-vic) made their first contribution in [https://github.com/charmbracelet/gum/pull/448](https://togithub.com/charmbracelet/gum/pull/448) **Full Changelog**: https://github.com/charmbracelet/gum/compare/v0.11.0...v0.12.0 *** <a href="https://charm.sh/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-badge.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [Twitter](https://twitter.com/charmcli), [The Fediverse](https://mastodon.technology/@​charm), or on [Discord](https://charm.sh/chat). </details> <details> <summary>charmbracelet/vhs (charmbracelet/vhs)</summary> ### [`v0.7.1`](https://togithub.com/charmbracelet/vhs/releases/tag/v0.7.1) [Compare Source](https://togithub.com/charmbracelet/vhs/compare/v0.7.0...v0.7.1) ### Freeze Frame ❄️ 📸 With VHS `v0.7.0`, you can capture the any moment during tape execution. Just add in `Screenshot <filename>.png` to your tapes: ```elixir Type ls Enter ### Capture the output of 'ls' Screenshot files.png ### Now, continue as you normally would Type 'cd ..' Enter ``` Your tape outputs a GIF, and outputs a file named `files.png`. ##### Copy-Paste Functionality! VHS can now talk to your system clipboard. Please keep this in mind when executing tapes from unknown sources. > \[!WARNING] > You should never `curl` pipe into VHS, it's similar to executing a bash script on your computer! ```elixir Copy "https://github.com/charmbracelet/huh" Type 'curl ' Paste Enter ``` #### New Modifiers + Keys Alert! VHS `v0.7.0` has some new additions: introducing the top level `Shift+` modifier and the `Insert` + `Delete` keys! ```elixir ### Shift things up a bit! Shift+A Shift+Tab Shift+Enter ### Insert and delete to your hearts desire: Insert Delete ``` *** <a href="https://charm.sh/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-badge.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [Twitter](https://twitter.com/charmcli), [The Fediverse](https://mastodon.social/@​charmcli), or [Discord](https://charm.sh/chat). ### [`v0.7.0`](https://togithub.com/charmbracelet/vhs/releases/tag/v0.7.0) [Compare Source](https://togithub.com/charmbracelet/vhs/compare/v0.6.0...v0.7.0) ### Freeze Frame ❄️ 📸 With VHS `v0.7.0`, you can capture the any moment during tape execution. Just add in `Screenshot <filename>.png` to your tapes: ```elixir Type ls Enter ### Capture the output of 'ls' Screenshot files.png ### Now, continue as you normally would Type 'cd ..' Enter ``` Your tape outputs a GIF, and outputs a file named `files.png`. ##### Copy-Paste Functionality! VHS can now talk to your system clipboard. Please keep this in mind when executing tapes from unknown sources. > \[!WARNING] > You should never `curl` pipe into VHS, it's similar to executing a bash script on your computer! ```elixir Copy "https://github.com/charmbracelet/huh" Type 'curl ' Paste Enter ``` #### New Modifiers + Keys Alert! VHS `v0.7.0` has some new additions: introducing the top level `Shift+` modifier and the `Insert` + `Delete` keys! ```elixir ### Shift things up a bit! Shift+A Shift+Tab Shift+Enter ### Insert and delete to your hearts desire: Insert Delete ``` *** <a href="https://charm.sh/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-badge.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [Twitter](https://twitter.com/charmcli), [The Fediverse](https://mastodon.social/@​charmcli), or [Discord](https://charm.sh/chat). </details> <details> <summary>direnv/direnv (direnv/direnv)</summary> ### [`v2.33.0`](https://togithub.com/direnv/direnv/releases/tag/v2.33.0) [Compare Source](https://togithub.com/direnv/direnv/compare/v2.32.3...v2.33.0) - doc: add a Nushell section to `hook.md` by [@​amtoine](https://togithub.com/amtoine) in [https://github.com/direnv/direnv/pull/1175](https://togithub.com/direnv/direnv/pull/1175) - doc: fix broken links in installation.md by [@​just1602](https://togithub.com/just1602) in [https://github.com/direnv/direnv/pull/1110](https://togithub.com/direnv/direnv/pull/1110) - doc: show how to run tests by [@​bukzor-sentryio](https://togithub.com/bukzor-sentryio) in [https://github.com/direnv/direnv/pull/1137](https://togithub.com/direnv/direnv/pull/1137) - doc: update NixOS installation instructions by [@​Gerg-L](https://togithub.com/Gerg-L) in [https://github.com/direnv/direnv/pull/1172](https://togithub.com/direnv/direnv/pull/1172) - doc: update direnv.toml.1.md by [@​Ativerc](https://togithub.com/Ativerc) in [https://github.com/direnv/direnv/pull/1099](https://togithub.com/direnv/direnv/pull/1099) - feat: `direnv status --json` by [@​shivaraj-bh](https://togithub.com/shivaraj-bh) in [https://github.com/direnv/direnv/pull/1142](https://togithub.com/direnv/direnv/pull/1142) - feat: add PowerShell Support by [@​bamsammich](https://togithub.com/bamsammich) in [https://github.com/direnv/direnv/pull/1171](https://togithub.com/direnv/direnv/pull/1171) - feat: add mergify configuration by [@​Mic92](https://togithub.com/Mic92) in [https://github.com/direnv/direnv/pull/1147](https://togithub.com/direnv/direnv/pull/1147) - feat: add support for armv7l platform in install.sh by [@​ardje](https://togithub.com/ardje) in [https://github.com/direnv/direnv/pull/1162](https://togithub.com/direnv/direnv/pull/1162) - feat: add watch print command by [@​Mic92](https://togithub.com/Mic92) in [https://github.com/direnv/direnv/pull/1198](https://togithub.com/direnv/direnv/pull/1198) - feat: alias `direnv disallow` to deny by [@​will](https://togithub.com/will) in [https://github.com/direnv/direnv/pull/1182](https://togithub.com/direnv/direnv/pull/1182) - feat: stdlib: create CACHEDIR.TAG inside .direnv by [@​Mic92](https://togithub.com/Mic92) in [https://github.com/direnv/direnv/pull/1148](https://togithub.com/direnv/direnv/pull/1148) - fix: `allowPath` for `LoadedRC` by [@​shivaraj-bh](https://togithub.com/shivaraj-bh) in [https://github.com/direnv/direnv/pull/1157](https://togithub.com/direnv/direnv/pull/1157) - fix: don't prompt to allow if user explicitly denied by [@​Gabriella439](https://togithub.com/Gabriella439) in [https://github.com/direnv/direnv/pull/1158](https://togithub.com/direnv/direnv/pull/1158) - fix: man/direnv-stdlib: fix obsolete opam-env example by [@​mzacho](https://togithub.com/mzacho) in [https://github.com/direnv/direnv/pull/1170](https://togithub.com/direnv/direnv/pull/1170) - fix: print correct path in source_env log message by [@​wentasah](https://togithub.com/wentasah) in [https://github.com/direnv/direnv/pull/1144](https://togithub.com/direnv/direnv/pull/1144) - fix: quote tcsh $PATH, to avoid failure on whitespace by [@​bukzor-sentryio](https://togithub.com/bukzor-sentryio) in [https://github.com/direnv/direnv/pull/1139](https://togithub.com/direnv/direnv/pull/1139) - fix: remove redundant nil check in `CommandsDispatch` by [@​Juneezee](https://togithub.com/Juneezee) in [https://github.com/direnv/direnv/pull/1166](https://togithub.com/direnv/direnv/pull/1166) - fix: update nixpkgs and shellcheck by [@​Mic92](https://togithub.com/Mic92) in [https://github.com/direnv/direnv/pull/1146](https://togithub.com/direnv/direnv/pull/1146) </details> <details> <summary>golang/go (golang/go)</summary> ### [`v1.21.5`](https://togithub.com/golang/go/compare/go1.21.4...go1.21.5) [Compare Source](https://togithub.com/golang/go/compare/go1.21.4...go1.21.5) ### [`v1.21.4`](https://togithub.com/golang/go/compare/go1.21.3...go1.21.4) [Compare Source](https://togithub.com/golang/go/compare/go1.21.3...go1.21.4) ### [`v1.21.3`](https://togithub.com/golang/go/compare/go1.21.2...go1.21.3) [Compare Source](https://togithub.com/golang/go/compare/go1.21.2...go1.21.3) ### [`v1.21.2`](https://togithub.com/golang/go/compare/go1.21.1...go1.21.2) [Compare Source](https://togithub.com/golang/go/compare/go1.21.1...go1.21.2) ### [`v1.21.1`](https://togithub.com/golang/go/compare/go1.21.0...go1.21.1) [Compare Source](https://togithub.com/golang/go/compare/go1.21.0...go1.21.1) </details> <details> <summary>goreleaser/goreleaser (goreleaser/goreleaser)</summary> ### [`v1.22.1`](https://togithub.com/goreleaser/goreleaser/releases/tag/v1.22.1) [Compare Source](https://togithub.com/goreleaser/goreleaser/compare/v1.22.0...v1.22.1) #### Changelog ##### Bug fixes - [`e33d053`](https://togithub.com/goreleaser/goreleaser/commit/e33d0536129abeee90f46fbde5950403ba37cee1): fix: --single-target when no match ([@​caarlos0](https://togithub.com/caarlos0)) - [`c0b2be3`](https://togithub.com/goreleaser/goreleaser/commit/c0b2be344fca8c66fda35391ca76d9c3ca9753c8): fix: handle configs with no explicit targets on --single-target ([@​caarlos0](https://togithub.com/caarlos0)) ##### Build process updates - [`4f17fba`](https://togithub.com/goreleaser/goreleaser/commit/4f17fba173ec6d8feb93b15607fc692dd2b64533): build: fix setup-task rate limit ([@​caarlos0](https://togithub.com/caarlos0)) - [`be9ad4d`](https://togithub.com/goreleaser/goreleaser/commit/be9ad4d47dd09c218c8fd32b321a99ff7eb5956d): build: update workflow ([@​caarlos0](https://togithub.com/caarlos0)) **Full Changelog**: https://github.com/goreleaser/goreleaser/compare/v1.22.0...v1.22.1 #### Helping out This release is only possible thanks to **all** the support of some **awesome people**! Want to be one of them? You can [sponsor](https://goreleaser.com/sponsors/), get a [Pro License](https://goreleaser.com/pro) or [contribute with code](https://goreleaser.com/contributing). #### Where to go next? - Find </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41Mi4wIiwidXBkYXRlZEluVmVyIjoiMzcuNTIuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
- Loading branch information