Commit graph

1393 commits

Author SHA1 Message Date
Keith Zantow
a7f9e30607
chore: update test
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-12 11:56:47 -04:00
Keith Zantow
14b1a8337e
feat: --enrich flag to enable data enrichment
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-09-12 11:50:20 -04:00
dependabot[bot]
9fb219495a
chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2 (#2108)
* chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.12.2

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.11.1 to 1.12.2.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/syft/compare/v1.11.1...v1.12.2)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* pin modernc/sqlite back due to build failure

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* account for new ocaml package

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update comment

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-09-11 16:57:20 +00:00
Alan Pope
e31567b8df
fix: Update gitmodule url (#2106)
As per #2100 - we should not use git protocol URIs for modules as it can be problematic for consumers behind restrictive or poorly configured proxies.

Signed-off-by: Alan Pope <alan.pope@anchore.com>
2024-09-11 10:59:59 -04:00
dependabot[bot]
ffebaee739
chore(deps): bump gorm.io/gorm from 1.25.11 to 1.25.12 (#2103)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.11 to 1.25.12.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.11...v1.25.12)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 11:24:21 -04:00
dependabot[bot]
8b30e0d9b6
chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#2105)
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.7.0 to 1.7.1.
- [Commits](https://github.com/dave/jennifer/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-10 11:23:37 -04:00
dependabot[bot]
6064cfd19b
chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#2098)
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.13 to 1.1.14.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 13:32:17 -04:00
dependabot[bot]
b0da488d52
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 (#2099)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](4320041ed3...8867c4aba1)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 13:32:06 -04:00
dependabot[bot]
fbdab6e1ec
chore(deps): bump github.com/anchore/stereoscope (#2074)
Bumps [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) from 0.0.3-0.20240725180315-50ce3be7aa1f to 0.0.3.
- [Release notes](https://github.com/anchore/stereoscope/releases)
- [Changelog](https://github.com/anchore/stereoscope/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/stereoscope/commits/v0.0.3)

---
updated-dependencies:
- dependency-name: github.com/anchore/stereoscope
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:25:14 -04:00
dependabot[bot]
b8dc27ccac
chore(deps): bump github.com/docker/docker (#2086)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.2+incompatible to 27.2.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.1.2...v27.2.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:25:07 -04:00
dependabot[bot]
fe4df49d11
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 (#2089)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.4 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f0f3afee80...4dd16135b6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:49 -04:00
Christopher Angelo Phillips
b1a0e8ccf2
chore(sec): update Golang and runc to latest releases (#2091)
* chore(deps): update tools to latest versions (#2082)

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* chore: update go version and runc version

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
2024-09-03 12:24:39 -04:00
dependabot[bot]
a80ce02a69
chore(deps): bump github.com/charmbracelet/bubbletea (#2092)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.27.0 to 1.1.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.27.0...v1.1.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:13 -04:00
dependabot[bot]
1f852d43e7
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 (#2093)
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.3 to 3.3.0.
- [Release notes](https://github.com/Masterminds/sprig/releases)
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:24:06 -04:00
anchore-actions-token-generator[bot]
f9d8ac16ad
test: update quality gate db to latest version (#2094)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-03 12:23:56 -04:00
dependabot[bot]
e76eaec1d1
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#2096)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](834a144ee9...50769540e7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:23:34 -04:00
dependabot[bot]
3468694c8f
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 (#2097)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](c5a7806660...4320041ed3)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 12:23:26 -04:00
anchore-actions-token-generator[bot]
7901a57c1e
chore(deps): update tools to latest versions (#2082) 2024-08-29 08:21:08 -04:00
Felix Bünemann
aacf153a17
docs(templates): escape description in junit.tmpl (#2088)
Signed-off-by: Felix Bünemann <Felix.Buenemann@gmail.com>
2024-08-29 08:20:37 -04:00
anchore-actions-token-generator[bot]
95430bbbff
chore(deps): update tools to latest versions (#2080) 2024-08-23 09:08:35 -04:00
dependabot[bot]
76cd5af489
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#2078)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](883d8588e5...f0f3afee80)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:50:28 -04:00
dependabot[bot]
29f5d2a03f
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#2079)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](ab9d16d4b4...61119d458a)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-22 13:50:18 -04:00
anchore-actions-token-generator[bot]
c4d0a877dc
chore(deps): update tools to latest versions (#2072) 2024-08-21 13:09:13 -04:00
dependabot[bot]
dd2bf2df55
chore(deps): bump github.com/charmbracelet/lipgloss (#2073) 2024-08-21 13:08:47 -04:00
Weston Steimel
b65822607e
chore: bump quality gate vuln match labels data (#2069)
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-08-20 14:00:25 -04:00
dependabot[bot]
205ccfb6c9
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#2070)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](429e197704...883d8588e5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-20 13:29:17 -04:00
anchore-actions-token-generator[bot]
8dee469616
chore(deps): update Syft to v1.11.1 (#2071) 2024-08-20 13:26:32 -04:00
Keith Zantow
41cfd42de6
chore: add grype version to db network operations (#2062)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-20 10:54:16 -04:00
Lucas Rodriguez
e7a3c011bc
fix: do not panic when given empty string arg (#2064)
Signed-off-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com>
2024-08-19 12:58:39 -04:00
dependabot[bot]
c1b9498671
chore(deps): bump github.com/charmbracelet/bubbletea (#2067)
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.26.6 to 0.27.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/master/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.26.6...v0.27.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-19 12:48:17 -04:00
Andrei Stefanie
589d86c35a
fix: correctly close the db file in v4/v5 stores (#2066)
Signed-off-by: Andrei Stefanie <andrei.stefanie@gmail.com>
2024-08-19 11:51:59 -04:00
Eiji Ito
7dfa436314
Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. (#2040)
* Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage.

Signed-off-by: Eiji Ito <aeffy7@gmail.com>

* Remove unused errNoCPEs and update error handling in findApkPackage function.

Signed-off-by: Eiji Ito <aeffy7@gmail.com>

* test: prove test fails without fix

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* fix: revert contributed fix

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: Eiji Ito <aeffy7@gmail.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Eiji Ito <aeffy7@gmail.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 19:13:06 +00:00
anchore-actions-token-generator[bot]
a758b01d17
chore(deps): update tools to latest versions (#2055)
* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: fix linter for non-const format

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-08-16 17:58:10 +00:00
dependabot[bot]
c5fb1a3f9d
chore(deps): bump github.com/docker/docker (#2052)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.1+incompatible to 27.1.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.1.1...v27.1.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-16 13:47:48 -04:00
Shane Dell
d21c5490e0
fix: fail when grype cant check for db update (#1247)
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-08-15 14:39:24 -04:00
dependabot[bot]
b26f3e29ee
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#2053)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](d94f46e13c...ab9d16d4b4)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:26 -04:00
dependabot[bot]
db73c2c7d0
chore(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 (#2056)
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.5...v1.7.6)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:40:15 -04:00
dependabot[bot]
1fe0b74704
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#2060)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](eb055d739a...429e197704)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-15 13:39:14 -04:00
GGMU
e7ceffadc8
feat: add db search subcommand (#2031)
Signed-off-by: Tomer Seinfeld <tomersein@gmail.com>
2024-08-12 17:45:25 -04:00
Alex Goodman
89c4190914
do not fail when inflating DB records (#2049)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-08-12 16:20:46 +00:00
Keith Zantow
b12a6f2dc9
chore: remove quality gate Makefile db age check (#2036)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-08-12 11:59:53 -04:00
Alan Pope
4ec46b5e24
doc: Updates for the Slack to Discourse migration (#2046)
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:43 +01:00
Keith Zantow
4dfd9d76d1
feat: update to Syft 1.11.0 (#2047) 2024-08-09 14:32:05 -04:00
William Murphy
f9b6365146
fix: higher default timeout for database download (#2033)
Depending on region and network conditions, 120s was not enough time for
many clients, leading to some complaints. Raise the default timeout to
five minutes.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2024-08-09 08:39:17 -04:00
dependabot[bot]
a0d1c959f6
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2045)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](59acb6260d...4959ce089c)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-08 15:03:26 -04:00
dependabot[bot]
ec491ee45c
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#2035)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](89ef406dd8...834a144ee9)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:43:47 -04:00
anchore-actions-token-generator[bot]
8f18cdc380
chore(deps): update tools to latest versions (#2038)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-08-07 14:27:33 -04:00
dependabot[bot]
d1eebcc41a
chore(deps): bump github.com/google/go-containerregistry (#2043)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:57 -04:00
dependabot[bot]
904e4b406c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#2044)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...eb055d739a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 14:26:45 -04:00
anchore-actions-token-generator[bot]
8642eba1b0
test: update quality gate db to latest version (#2034)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2024-08-06 07:48:26 -04:00