Bump github.com/anchore/syft from 0.73.0 to 0.74.0 #207

dependabot · 2023-03-03T10:23:43Z

Bumps github.com/anchore/syft from 0.73.0 to 0.74.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.74.0

Changelog

(v0.74.0) (2023-03-02)

Full Changelog

Added Features

rust toolchain binary cataloger [[PR #1601](https://github-redirect.dependabot.com/feat: rust toolchain binary cataloger anchore/syft#1601)] [westonsteimel]

Add support for SUPPORT_END in distro [[PR #1612](https://github-redirect.dependabot.com/Add support for SUPPORT_END in distro anchore/syft#1612)] [noqcks]

Catalog haproxy binary [[Issue #1512](https://github-redirect.dependabot.com/Catalog haproxy binary anchore/syft#1512)] [[PR #1591](https://github-redirect.dependabot.com/haproxy binary matcher anchore/syft#1591)] [noqcks]

Handle cataloger panics [[Issue #1624](https://github-redirect.dependabot.com/Handle cataloger panics anchore/syft#1624)] [[PR #1636](https://github-redirect.dependabot.com/fix: handle individual cataloger panics anchore/syft#1636)] [kzantow]

set cosign attest predicate type based on Syft output type [[PR #1598](https://github-redirect.dependabot.com/feat: set cosign attest predicate type based on Syft output type anchore/syft#1598)] [Nirusu]

retain go package info when no module declared [[PR #1632](https://github-redirect.dependabot.com/feat: retain go package info when no module declared anchore/syft#1632)] [westonsteimel]

Bug Fixes

improve CPE generation for curl APK [[PR #1608](https://github-redirect.dependabot.com/fix: improve CPE generation for curl APK anchore/syft#1608)] [westonsteimel]

determine upstream for apk version streams [[PR #1610](https://github-redirect.dependabot.com/fix: determine upstream for apk version streams anchore/syft#1610)] [westonsteimel]

decoding null apk metadata pullDependencies [[PR #1614](https://github-redirect.dependabot.com/fix: decoding null apk metadata pullDependencies anchore/syft#1614)] [kzantow]

correct apk purls for other distros [[PR #1620](https://github-redirect.dependabot.com/fix: correct apk purls for other distros anchore/syft#1620)] [westonsteimel]

further improvements to CPE generation for apk packages [[PR #1623](https://github-redirect.dependabot.com/fix: further improvements to CPE generation for apk packages anchore/syft#1623)] [westonsteimel]

improved CPE-generation for several more APK packages [[PR #1631](https://github-redirect.dependabot.com/fix: improved CPE-generation for several more APK packages anchore/syft#1631)] [westonsteimel]

apk product/vendor generation for old metadata [[PR #1635](https://github-redirect.dependabot.com/fix: apk product/vendor generation for old metadata anchore/syft#1635)] [westonsteimel]

Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [[Issue #1586](https://github-redirect.dependabot.com/Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards anchore/syft#1586)] [[PR #1604](https://github-redirect.dependabot.com/Update Stereoscope to incorporate symlink resolution fixes anchore/syft#1604)] [wagoodman]

syft erlang cataloger can segfault when analyzing an erlang project containing rebar.lock with nested deps [[Issue #1621](https://github-redirect.dependabot.com/syft erlang cataloger can segfault when analyzing an erlang project containing rebar.lock with nested deps anchore/syft#1621)] [[PR #1628](https://github-redirect.dependabot.com/fix: rebar lock file decoding panic anchore/syft#1628)] [kzantow]

Go tests detecting race cataloging packages [[Issue #1633](https://github-redirect.dependabot.com/Go tests detecting race cataloging packages anchore/syft#1633)] [[PR #1639](https://github-redirect.dependabot.com/fix: possible race condition anchore/syft#1639)] [kzantow]

Commits

5f90d03 fix: possible race condition (#1639)
e2ebc97 fix: remove APK OriginPackage cpe candidates (#1637)
2e6e3b0 fix: rebar lock file decoding panic (#1628)
24584a4 fix: handle individual cataloger panics (#1636)
8e1205f fix: apk product/vendor generation for old metadata (#1635)
e92b0fa feat: rust toolchain binary cataloger (#1601)
bcc0751 feat: retain go package info when no module declared (#1632)
f1169e5 fix: improved CPE-generation for several more APK packages (#1631)
98e737f chore: update deprecated release flag (#1629)
ff34594 chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.73.0 to 0.74.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.73.0...v0.74.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from a team as a code owner March 3, 2023 10:23

dependabot bot requested review from robdimsdale and paketo-bot-reviewer March 3, 2023 10:23

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 3, 2023

paketo-bot added the semver:patch A change requiring a patch version bump label Mar 3, 2023

paketo-bot-reviewer approved these changes Mar 3, 2023

View reviewed changes

paketo-bot enabled auto-merge (rebase) March 3, 2023 10:28

paketo-bot merged commit 5d40105 into main Mar 3, 2023

paketo-bot deleted the dependabot/go_modules/github.com/anchore/syft-0.74.0 branch March 3, 2023 10:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.73.0 to 0.74.0 #207

Bump github.com/anchore/syft from 0.73.0 to 0.74.0 #207

dependabot bot commented on behalf of github Mar 3, 2023

Bump github.com/anchore/syft from 0.73.0 to 0.74.0 #207

Bump github.com/anchore/syft from 0.73.0 to 0.74.0 #207

Conversation

dependabot bot commented on behalf of github Mar 3, 2023

v0.74.0

Changelog

(v0.74.0) (2023-03-02)

Added Features

Bug Fixes