Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
1129 commits 36 branches 157 tags 14 MiB
Commit graph

335 commits

Author SHA1 Message Date
anchore-actions-token-generator[bot]
90fa3f29fa
chore(deps): update Syft to v0.101.1 (#1669) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2024-01-19 22:25:33 +00:00
dependabot[bot]
acd8c9c81f
chore(deps): bump github.com/docker/docker (#1667) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-19 17:11:39 -05:00
dependabot[bot]
9c0ed56528
chore(deps): bump github.com/google/go-containerregistry (#1665) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-19 10:26:28 -05:00
anchore-actions-token-generator[bot]
85be82158b
chore(deps): update Syft to v0.101.0 (#1663) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2024-01-17 21:06:53 +00:00
Alex Goodman
4569a5ffa6
upgrade syft with latest SBOM creation API (#1662) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-17 12:33:09 -05:00
dependabot[bot]
0a7a15746a
chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 16:20:55 -05:00
anchore-actions-token-generator[bot]
a808408584
chore(deps): update Syft to v0.100.0 (#1649) 
* chore(deps): update Syft to v0.100.0

Signed-off-by: GitHub <noreply@github.com>

* apply CLI options over default cataloging config

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-06 02:27:59 +00:00
dependabot[bot]
55ef6b6108
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1633) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-12-21 12:02:53 -05:00
dependabot[bot]
634cdf3647
chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1641) 2023-12-20 16:30:16 +00:00
dependabot[bot]
010b2583b0
chore(deps): bump github.com/containerd/containerd from 1.7.8 to 1.7.11 (#1642) 2023-12-20 16:27:47 +00:00
dependabot[bot]
7b334451b9
chore(deps): bump github.com/charmbracelet/bubbletea (#1635) 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 17:50:11 -05:00
dependabot[bot]
4ec7a03abd
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#1636) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 11:44:27 -05:00
dependabot[bot]
2e9eff8f74
chore(deps): bump github.com/google/go-containerregistry (#1625) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-30 12:08:31 -05:00
Christopher Angelo Phillips
06b9f1c907
chore: update syft; go mod tidy (#1621) 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-11-29 15:04:17 -05:00
dependabot[bot]
6a1aa587af
chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#1618) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 11:06:18 -05:00
anchore-actions-token-generator[bot]
dbe2a9515a
chore(deps): update Syft to v0.97.1 (#1610) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-11-17 21:27:07 +00:00
anchore-actions-token-generator[bot]
78f57a3c69
chore(deps): update Syft to v0.97.0 (#1608) 
* chore(deps): update Syft to v0.97.0

Signed-off-by: GitHub <noreply@github.com>

* fix syft api usage

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-11-16 19:20:28 -05:00
dependabot[bot]
830da2ff2c
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#1597) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.11 to 0.4.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-09 07:52:24 -08:00
anchore-actions-token-generator[bot]
e44ec4d4bc
chore(deps): update Syft to v0.96.0 (#1596) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
 2023-11-09 14:30:10 +00:00
anchore-actions-token-generator[bot]
1543248822
chore(deps): update Syft to v0.95.0 (#1591) 2023-11-07 15:42:43 -05:00
Alex Goodman
4b06a160e1
chore: account for syft package metadata changes (#1423) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
 2023-11-07 15:17:36 -05:00
William Murphy
7984e0a84f
fix: bump fangs to enable setting golang CPE config using env var (#1585) 
* fix: bump fangs

Bump fangs to pull in https://github.com/anchore/fangs/pull/27, which
fixes an issue where env vars couldn't be used to set fields on embedded
structs in the config struct.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* fix: bump fangs to pull in panic fix

The previous fangs fix panicked when summarizing configs with embedded
structs. Bump fangs to pull in https://github.com/anchore/fangs/pull/29
which fixes this panic.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* commit mod tidy

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* Pull in dependency bumps from main to resolve conflicts

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-11-07 10:59:13 -05:00
dependabot[bot]
2ef5d23844
chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1586) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 21:55:53 -05:00
Alex Goodman
21958a43b5
Incorporate format API changes from syft (#1582) 
* incorporate changes from anchore/syft#2228

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix testing utils to use syft SBOM

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-02 15:25:48 -04:00
dependabot[bot]
3712c1c5c7
chore(deps): bump github.com/docker/docker (#1579) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-31 13:48:52 -04:00
dependabot[bot]
fc7713b763
chore(deps): bump github.com/glebarez/sqlite from 1.9.0 to 1.10.0 (#1583) 
Bumps [github.com/glebarez/sqlite](https://github.com/glebarez/sqlite) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/glebarez/sqlite/releases)
- [Commits](https://github.com/glebarez/sqlite/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/glebarez/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-30 13:39:54 -04:00
Shane Dell
81edd50e1e
Colorize severity in table output (#1284) 
* Colorize severity in table output

- Create flag "--no-color" to allow disabling the color. By default its enabled.
- When "--no-color" not specified highlight severity in its color:
  - Critical -> Bold Red
  - High -> Red
  - Medium -> Yellow
  - Low -> Green
  - Negligible -> Blue
  - Note: Golang doesn't have all colors available. Also, doesn't seem to be able use hex codes properly.
- Add termenv to check if the terminal color profile supports colored output. If it doesn't default to noColor

Closes #225

Signed-off-by: Shane Dell <shanedell100@gmail.com>

* fix: adopt EnvColorProfile to support NO_COLOR

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* fix linting and update snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-10-30 13:57:46 +00:00
Christopher Angelo Phillips
401d67cd96
feat: add custom maven comparator (#1571) 
This PR takes the recommendation from #1526 and adapts the go-mvn-version to be used as a custom comparator for matching against packages that have the JavaPkg type. Packages of type JavaPkg will no longer use the stock matcher.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-10-27 14:24:56 -04:00
dependabot[bot]
a2fdccdfc6
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1575) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-26 13:30:37 -04:00
dependabot[bot]
66a47594f1
chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.3 (#1573) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.0...v1.56.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-25 21:45:45 -04:00
anchore-actions-token-generator[bot]
04df28051b
chore(deps): update Syft to v0.94.0 (#1566) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-10-20 17:57:36 +00:00
Alex Goodman
156c081d3e
Incorporate Syft java detection improvements (#1555) 
* incorporate anchore/syft#2220

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate .net core improvements

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-10-20 13:34:36 -04:00
Christopher Angelo Phillips
72390f87e9
feat: update go-sarif library to use latest release (#1563) 
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-10-17 11:18:22 -04:00
Alex Goodman
7d039cde2d
bump clio to get stderr reporting fix (#1561) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-10-16 11:58:02 -04:00
dependabot[bot]
96f3b2c68a
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#1558) 
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases)
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 15:39:09 -04:00
dependabot[bot]
9c9c2fbc02
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#1557) 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 15:39:00 -04:00
dependabot[bot]
3d582fd851
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#1554) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 09:08:51 -04:00
dependabot[bot]
bcbc7e4bdc
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1552) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-11 13:51:20 -04:00
anchore-actions-token-generator[bot]
7e5df38029
chore(deps): update Syft to v0.93.0 (#1550) 
* chore(deps): update Syft to v0.93.0

Signed-off-by: GitHub <noreply@github.com>

* fix test to account for go pkg stdlib

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-10-10 18:26:34 +00:00
dependabot[bot]
07677b1d9a
chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.4 to 1.25.5.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.4...v1.25.5)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-10 13:33:26 -04:00
dependabot[bot]
32a2083896
chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#1548) 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-10 13:33:06 -04:00
dependabot[bot]
afa1b896c4
chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#1549) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-10 13:32:48 -04:00
dependabot[bot]
4531528099
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#1533) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.10 to 0.4.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 12:35:31 -04:00
anchore-actions-token-generator[bot]
dec563669d
chore(deps): update Syft to v0.92.0 (#1527) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
 2023-09-27 12:27:32 -04:00
William Murphy
6f898b5d50
chore: bump stereoscope to fix data race in UI (#1517) 
Pulls in a fix to go-progress so that scanning large images no longer
results in a data race in the UI code.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-09-25 11:56:51 -04:00
dependabot[bot]
f7c70be0f3
chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#1514) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.5 to 1.10.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-22 13:34:47 -04:00
William Murphy
2f405f0680
fix: use PEP440 for Python package version comparison (#1510) 
Previously, grype used fuzzy matcher for Python packages, since
there are cases in PEP440 that are not strictly semver. Switch to a
library that does PEP440 parsing and comparison for python version 
constraints.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-09-22 13:32:48 -04:00
Alex Goodman
18241e8986
Upgrade syft to v0.91.0 (#1508) 
* bump syft to main

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgdate cyclonedx presenter fixtures (bump from cdx 1.4 to 1.5)

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update cyclonedx schema

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* allow for pkg type exceptions for github actions and workflows

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update cyclonedx json schema from v1.4 to v1.5

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump to syft v0.91.0

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* upgrade go-setup action to v4

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove asset upload from release workflow

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-09-20 16:39:23 -04:00
Keith Zantow
3a6f3a3278
fix: terminal clobbering when commands return errors (#1505) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-09-20 12:17:33 -04:00
dependabot[bot]
6c99b95189
chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 (#1448) 
* chore: remove dependency on sqlite fork
* chore(deps): bump gorm.io/gorm from 1.23.10 to 1.25.4

Removed the dependency on github.com/anchore/sqlite because the diff
added to that fork was no longer needed. 

Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.23.10 to 1.25.4.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.23.10...v1.25.4)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
 2023-09-18 11:34:54 -04:00