Bump github.com/anchore/syft from 0.71.0 to 0.76.0 #20

dependabot · 2023-04-03T02:06:06Z

Bumps github.com/anchore/syft from 0.71.0 to 0.76.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.76.0

Changelog

v0.76.0 (2023-03-31)

Full Changelog

Added Features

Scan local go mod licenses for golang packages [[PR #1645](https://redirect.github.com/Scan local go mod licenses for golang packages anchore/syft#1645)] [deitch]

1577: update and clean license list generation to return more SPDXID for more inputs [[PR #1691](https://redirect.github.com/1577: update and clean license list generation to return more SPDXID for more inputs anchore/syft#1691)] [spiffcs]

argocd binary classifier [[Issue #1606](https://redirect.github.com/argocd binary classifier anchore/syft#1606)] [[PR #1663](https://redirect.github.com/feat: add argocd, helm, kustomize and kubectl binary classifiers anchore/syft#1663)] [y12studio]

Bug Fixes

Defer closing the opened file when using FileScheme [[PR #1668](https://redirect.github.com/Defer closing the opened file when using FileScheme anchore/syft#1668)] [Noxsios]

fix: remove author contributing to javascript CPEs [[PR #1669](https://redirect.github.com/fix: remove author contributing to javascript CPEs anchore/syft#1669)] [kzantow]

fix: reduce logging for bad dpkg lines [[PR #1675](https://redirect.github.com/fix: reduce logging for bad dpkg lines anchore/syft#1675)] [kzantow]

Broken shell completion - Bash [[Issue #962](https://redirect.github.com/Broken shell completion - Bash anchore/syft#962)] [[PR #1688](https://redirect.github.com/Fix shell completion by adding missing usage message required by spf13/cobra anchore/syft#1688)] [DanHam]

syft produces different output when run with sudo [[Issue #1391](https://redirect.github.com/syft produces different output when run with sudo anchore/syft#1391)] [[PR #1693](https://redirect.github.com/chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 anchore/syft#1693)] [anchore-actions-token-generator]

some binary ruby are not detected [[Issue #1677](https://redirect.github.com/some binary ruby are not detected anchore/syft#1677)] [[PR #1678](https://redirect.github.com/fix: ruby classifier anchore/syft#1678)] [witchcraze]

Documentation says that output is SPDX 2.2 [[Issue #1679](https://redirect.github.com/Documentation says that output is SPDX 2.2 anchore/syft#1679)] [[PR #1680](https://redirect.github.com/Update documentation: SPDX 2.2 vs 2.3 anchore/syft#1680)] [vargenau]

Additional Changes

Deprecate config.yaml as valid config source; Add unit regression for correct config paths [[PR #1640](https://redirect.github.com/Deprecate config.yaml as valid config source; Add unit regression for correct config paths anchore/syft#1640)] [AidanDelaney]

fix: move defer after error to protect panic case [[PR #1670](https://redirect.github.com/fix: move defer after error to protect panic case anchore/syft#1670)] [spiffcs]

Remove more side effects from application config testing [[PR #1684](https://redirect.github.com/Remove more side effects from application config testing anchore/syft#1684)] [wagoodman]

chore: tweak some workflow text [[PR #1685](https://redirect.github.com/chore: tweak some workflow text anchore/syft#1685)] [kzantow]

chore: fix flaky license sorting [[PR #1690](https://redirect.github.com/chore: fix flaky license sorting anchore/syft#1690)] [kzantow]

v0.75.0

Changelog

v0.75.0 (2023-03-13)

Full Changelog

Added Features

Catalog ruby binary [[Issue #1650](https://redirect.github.com/Catalog ruby binary anchore/syft#1650)] [[PR #1665](https://redirect.github.com/feat: add ruby classifier anchore/syft#1665)] [witchcraze]

Bug Fixes

more python matching support [[PR #1667](https://redirect.github.com/fix: more python matching support anchore/syft#1667)] [kzantow]

v0.74.1

Changelog

v0.74.1 (2023-03-09)

... (truncated)

Commits

dfcc07e feat: Add config option to allow user to select the default image source loca...
2fa238a chore(deps): bump github.com/docker/docker (#1699)
63bbd1e chore(deps): update bootstrap tools to latest versions (#1697)
81b87dd chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (...
f473bb7 1577 spdxlicense generate (#1691)
539bc2a chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 (#1692)
9fd5322 feat: scan local go mod cache for licenses of golang packages (#1645)
11e926a chore: fix flaky license sorting (#1690)
168c5ae chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1689)
d02c56a fix: shell completion by adding missing usage message required by spf13/cobra...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.71.0 to 0.76.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.71.0...v0.76.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-04-10T02:04:45Z

Superseded by #22.

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 3, 2023

dependabot bot mentioned this pull request Apr 3, 2023

Bump github.com/anchore/syft from 0.71.0 to 0.75.0 #18

Closed

dependabot bot closed this Apr 10, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.76.0 branch April 10, 2023 02:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.71.0 to 0.76.0 #20

Bump github.com/anchore/syft from 0.71.0 to 0.76.0 #20

dependabot bot commented on behalf of github Apr 3, 2023

dependabot bot commented on behalf of github Apr 10, 2023

Bump github.com/anchore/syft from 0.71.0 to 0.76.0 #20

Bump github.com/anchore/syft from 0.71.0 to 0.76.0 #20

Conversation

dependabot bot commented on behalf of github Apr 3, 2023

v0.76.0

Changelog

v0.76.0 (2023-03-31)

Added Features

Bug Fixes

Additional Changes

v0.75.0

Changelog

v0.75.0 (2023-03-13)

Added Features

Bug Fixes

v0.74.1

Changelog

v0.74.1 (2023-03-09)

dependabot bot commented on behalf of github Apr 10, 2023