Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
1220 commits 36 branches 157 tags 14 MiB
Commit graph

372 commits

Author SHA1 Message Date
dependabot[bot]
018b415abd
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1805) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-15 12:27:26 -04:00
anchore-actions-token-generator[bot]
9ce3048adb
chore(deps): update Syft to v1.2.0 (#1803) 2024-04-12 18:57:16 +00:00
dependabot[bot]
062217c7b6
chore(deps): bump github.com/docker/docker (#1800) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.0+incompatible to 26.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.0...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-11 13:35:11 -04:00
dependabot[bot]
2d613a816d
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#1791) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.2...v0.5.3)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-08 16:24:35 +00:00
Weston Steimel
420c0cd0b3
test: fuzzy version comparison for java versions (#1788) 
Adds tests to ensure fuzzy version comparison logic works as expected
for java version strings under both the pre version 9 schema and the
modern semver equivalents.  Details of the version schemes can be found
in https://openjdk.org/jeps/223

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
 2024-04-05 13:17:33 -04:00
Christopher Angelo Phillips
57af1c34cb
chore: update syft to latest v1.1.1 (#1784) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2024-04-04 11:52:02 -04:00
dependabot[bot]
c807af5f4f
chore(deps): bump gorm.io/gorm from 1.25.8 to 1.25.9 (#1775) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.8 to 1.25.9.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.8...v1.25.9)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-28 16:35:57 -04:00
anchore-actions-token-generator[bot]
e531660d63
chore(deps): update Syft to v1.1.0 (#1769) 2024-03-26 11:44:13 -04:00
dependabot[bot]
16e954ab35
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#1750) 
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-21 13:22:55 -04:00
dependabot[bot]
32853abe08
chore(deps): bump github.com/glebarez/sqlite from 1.10.0 to 1.11.0 (#1751) 
Bumps [github.com/glebarez/sqlite](https://github.com/glebarez/sqlite) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/glebarez/sqlite/releases)
- [Commits](https://github.com/glebarez/sqlite/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/glebarez/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-21 13:22:27 -04:00
dependabot[bot]
ee402f9020
chore(deps): bump gorm.io/gorm from 1.25.7 to 1.25.8 (#1756) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.7 to 1.25.8.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.7...v1.25.8)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-21 13:22:13 -04:00
dependabot[bot]
270fdd30d4
chore(deps): bump github.com/google/go-containerregistry (#1754) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.0 to 0.19.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-21 13:22:06 -04:00
dependabot[bot]
e864b373d9
chore(deps): bump github.com/anchore/syft from 1.0.0 to 1.0.1 (#1743) 
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/syft/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 12:59:16 -05:00
dependabot[bot]
6bf4b17623
chore(deps): bump github.com/docker/docker (#1744) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.3+incompatible to 25.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.3...v25.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 12:59:05 -05:00
dependabot[bot]
296b0901cf
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#1741) 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.1 to 0.10.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-06 14:26:30 -05:00
dependabot[bot]
ec21e628c7
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1736) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-01 13:08:49 -05:00
dependabot[bot]
484647fcdf
chore(deps): bump github.com/anchore/syft (#1734) 
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.105.2-0.20240227214437-a978966cadfc to 1.0.0.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/anchore/syft/commits/v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-29 10:40:45 -05:00
Keith Zantow
77e00feb42
chore: update syft source providers (#1727) 2024-02-27 20:47:51 -05:00
anchore-actions-token-generator[bot]
987238519b
chore(deps): update Syft to v0.105.1 (#1728) 2024-02-26 12:30:31 -05:00
Seiya
05953ead8c
chore: remove unused file internal/logger/logrus.go (#1721) 
Signed-off-by: seiya <20365512+seiyab@users.noreply.github.com>
 2024-02-20 11:35:38 -05:00
anchore-actions-token-generator[bot]
b9cf0e5cf8
chore(deps): update Syft to v0.105.0 (#1714) 
* chore(deps): update Syft to v0.105.0

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-02-14 22:09:50 +00:00
Keith Zantow
ba0cc19a1e
fix: ensure version output to stdout (#1709) 2024-02-09 21:05:52 +00:00
anchore-actions-token-generator[bot]
74780902ed
chore(deps): update Syft to v0.104.0 (#1704) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
 2024-02-07 16:14:57 -05:00
William Murphy
396cc0aea7
Bump Syft in Grype to pull in unmarshaling fix (#1703) 
* WIP: package builds but tests do not

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* WIP: some unit tests compile

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* WIP: unit tests compile but do not pass

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* Units passing with some changes to syft

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* fix: excludes plus bad sbom should not suppress error

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* add conan entry v2 package test

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump syft again

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: fix compiler error in integration tests

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* chore: remove erlang OTP from package types that must be seen in test image

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump syft version used

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-02-07 14:28:48 -05:00
dependabot[bot]
68b2796026
chore(deps): bump github.com/docker/docker (#1702) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 11:32:18 -05:00
dependabot[bot]
705b20a56f
chore(deps): bump gorm.io/gorm from 1.25.6 to 1.25.7 (#1700) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.6 to 1.25.7.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.6...v1.25.7)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-06 11:42:58 -05:00
dependabot[bot]
012026f0aa
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#1697) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.2)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-05 11:18:20 -05:00
dependabot[bot]
6fb147cec6
chore(deps): bump github.com/docker/docker (#1692) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 11:58:46 -05:00
dependabot[bot]
82c7585219
chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#1689) 
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.5 to 1.1.12.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.12)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 06:32:30 +00:00
Alex Goodman
8f3a798451
Upgrade syft to v0.103.1 (#1688) 
* upgrade syft to v0.103.0

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgrade syft to v0.103.1

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-31 17:32:28 +00:00
dependabot[bot]
4150cfb86b
chore(deps): bump github.com/google/go-containerregistry (#1685) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-30 13:14:46 -05:00
dependabot[bot]
7aa4030c6c
chore(deps): bump gorm.io/gorm from 1.25.5 to 1.25.6 (#1683) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.5 to 1.25.6.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.5...v1.25.6)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-26 10:51:38 -05:00
anchore-actions-token-generator[bot]
8376491454
chore(deps): update Syft to v0.102.0 (#1681) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2024-01-26 15:00:41 +00:00
Alex Goodman
3e0aa00242
Fix matching when RPM modularity is a factor (#1679) 
* allow for RPM modularity to be optional

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use latest syft from main

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump syft

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove lint ignores for CPEs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update snapshot tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix: treat oraclelinux default appstream rpm modularity as missing for now

For oraclelinux, the default stream of an installed appstream package does not currently set
the MODULARITYLABEL property in the rpm metadata; however, in their advisory data they do specify
modularity information, so this ends up in a case where the vuln entries have modularity but the
packages coming from the sbom won't, so for now we need to treat the constraint as satisfied when the
modularity label from an oraclelinux package is "".

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

* test: add new appstream images to quality gate and bump labels

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

* chore: bump quality gate labels

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Co-authored-by: Weston Steimel <weston.steimel@anchore.com>
 2024-01-26 09:18:11 -05:00
dependabot[bot]
636248daba
chore(deps): bump github.com/docker/docker (#1677) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.0+incompatible to 25.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 13:09:36 -05:00
dependabot[bot]
c4d5bc8843
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1678) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 13:09:28 -05:00
dependabot[bot]
4172e72194
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#1674) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.12 to 0.5.0.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-23 11:57:21 -05:00
anchore-actions-token-generator[bot]
90fa3f29fa
chore(deps): update Syft to v0.101.1 (#1669) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2024-01-19 22:25:33 +00:00
dependabot[bot]
acd8c9c81f
chore(deps): bump github.com/docker/docker (#1667) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-19 17:11:39 -05:00
dependabot[bot]
9c0ed56528
chore(deps): bump github.com/google/go-containerregistry (#1665) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-19 10:26:28 -05:00
anchore-actions-token-generator[bot]
85be82158b
chore(deps): update Syft to v0.101.0 (#1663) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2024-01-17 21:06:53 +00:00
Alex Goodman
4569a5ffa6
upgrade syft with latest SBOM creation API (#1662) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-17 12:33:09 -05:00
dependabot[bot]
0a7a15746a
chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 16:20:55 -05:00
anchore-actions-token-generator[bot]
a808408584
chore(deps): update Syft to v0.100.0 (#1649) 
* chore(deps): update Syft to v0.100.0

Signed-off-by: GitHub <noreply@github.com>

* apply CLI options over default cataloging config

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-06 02:27:59 +00:00
dependabot[bot]
55ef6b6108
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1633) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-12-21 12:02:53 -05:00
dependabot[bot]
634cdf3647
chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1641) 2023-12-20 16:30:16 +00:00
dependabot[bot]
010b2583b0
chore(deps): bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#1642) 2023-12-20 16:27:47 +00:00
dependabot[bot]
7b334451b9
chore(deps): bump github.com/charmbracelet/bubbletea (#1635) 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 17:50:11 -05:00
dependabot[bot]
4ec7a03abd
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#1636) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 11:44:27 -05:00
dependabot[bot]
2e9eff8f74
chore(deps): bump github.com/google/go-containerregistry (#1625) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-30 12:08:31 -05:00