v0.104.0
Added Features
- Adding metadata fields when parsing yarn.lock and poetry.lock [#2350 @asi-cider]
- Add Erlang OTP Application cataloger [#2403 @LaurentGoderre]
- Support Conan lockfiles v0.5 [#2050]
- Identify security-features-of-interest within binaries [#2434 #2443 @wagoodman]
- Top-level API should be more composable [#558 #2517 @wagoodman]
- Annotate where each CPE on a package is sourced from [#2282 #2552 @willmurphyscode]
Bug Fixes
- unmarshal key values in Java, Go, and Conan metadata [#2603 @willmurphyscode]
- incorrect conversion between integer types [#2605 @spiffcs]
- prefer portable executable product version when semantically greater than file version [#2600 @westonsteimel]
- Stop iterating maps in catalogers [#2405 #2553 @wagoodman]
- unknown flag: --key when use syft attest --key [KEY] [#2544 #2551 @willmurphyscode]
- purl generation broken for kafka jars [#2385 #2573 @westonsteimel]
Breaking Changes
- Top-level API should be more composable [#558 #2517 @wagoodman]
- Annotate where each CPE on a package is sourced from [#2282 #2552 @willmurphyscode]
Contributors
wagoodman, LaurentGoderre, and 4 other contributors