Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-12 23:27:20 +00:00

Author	SHA1	Message	Date
Alex Goodman	48e5672a87	Consider filesystem types for mount points when ignoring system paths (#2675 ) * consider fs types for mount points when ignoring system paths Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-02-28 15:37:17 -05:00
Keith Zantow	a978966cad	feat: add `--from` flag, refactor source providers (#2610 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-02-27 16:44:37 -05:00
dependabot[bot]	928511ea0f	chore(deps): bump modernc.org/sqlite from 1.29.1 to 1.29.2 (#2671 )	2024-02-26 10:57:06 -05:00
anchore-actions-token-generator[bot]	8260bce057	chore(deps): update stereoscope to 6171ee21e1d584f6bde910f354d126c9cd70deaa (#2655 )	2024-02-17 10:22:56 -05:00
dependabot[bot]	a7da2270c7	chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 (#2640 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.0 to 1.29.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.0...v1.29.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-14 09:20:54 -05:00
dependabot[bot]	25d3c06962	chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 (#2629 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.0 to 1.5.2. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.5.0...v1.5.2) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-13 11:23:35 -05:00
dependabot[bot]	79b71be0ee	chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 (#2630 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.28.0 to 1.29.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.28.0...v1.29.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-13 11:23:22 -05:00
dependabot[bot]	e72dec8e9e	chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 (#2607 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.21.0. - [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-12 14:31:44 -05:00
dependabot[bot]	3398e72066	chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 (#2625 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.8 to 1.5.0. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.8...v1.5.0) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-12 14:31:31 -05:00
Keith Zantow	d26a5c4d30	fix: ensure version output to stdout (#2621 )	2024-02-09 20:59:25 +00:00
anchore-actions-token-generator[bot]	737c4e44c5	chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 (#2617 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2024-02-09 14:06:28 -05:00
dependabot[bot]	da31eed637	chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (#2602 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-07 11:31:49 -05:00
dependabot[bot]	704155eb22	chore(deps): bump github.com/docker/docker (#2601 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-07 11:31:41 -05:00
anchore-actions-token-generator[bot]	91d7a8a992	chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c (#2589 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>	2024-02-05 10:27:12 -05:00
dependabot[bot]	e813a427b9	chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#2591 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.0 to 0.5.2. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.2) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-05 10:26:39 -05:00
Laurent Goderre	d7b9cc70b0	Add Erlang OTP Application cataloger (#2403 ) * Add cataloger for Erlang OTP applications Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * Add OTP Package type and Purl for ErLang Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * remove erlang OTP metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use OTP purl type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore otp fixture and adjust tests for dir-only results Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-02-02 13:40:18 -05:00
anchore-actions-token-generator[bot]	4fe50f4169	chore(deps): update stereoscope to 37291e81936d2b43b3cef56667a741ef715fbfe4 (#2583 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>	2024-02-02 10:27:26 -05:00
dependabot[bot]	78d362f91a	chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1 to 0.18.0 (#2584 ) Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles) from 0.17.1 to 0.18.0. - [Release notes](https://github.com/charmbracelet/bubbles/releases) - [Commits](https://github.com/charmbracelet/bubbles/compare/v0.17.1...v0.18.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/bubbles dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-02 10:27:09 -05:00
dependabot[bot]	3ac7e43e3e	chore(deps): bump github.com/docker/docker (#2580 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-01 10:26:25 -05:00
anchore-actions-token-generator[bot]	216e211dc8	chore(deps): update stereoscope to db7a4bedaba6ad93becf22ce794f306dfb07fcb9 (#2577 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>	2024-02-01 08:32:13 +00:00
William Murphy	bbddac1f9d	Fix attest with --key (#2551 ) Fix passing "--key" to the attest command. Additionally, pull in an update to the clio CLI library to permit unit testing that flags and env vars are parsed to the correct field on command options structs. This testing strategy was needed here because testing attestation in an end to end test requires a prohibitive amount of setup. --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Will Murphy <will.murphy@anchore.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-31 16:39:17 -05:00
Alex Goodman	bbe7fa180a	bump archiver and stereoscope (#2570 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-31 11:24:33 -05:00
dependabot[bot]	d4f31d6a3e	chore(deps): bump github.com/google/go-containerregistry (#2561 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-30 13:15:13 -05:00
dependabot[bot]	bd4bcc4e89	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#2562 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.3...v6.5.4) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-30 13:15:06 -05:00
dependabot[bot]	b4f565a620	chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0 to 0.3.0 (#2556 ) Bumps [github.com/sassoftware/go-rpmutils](https://github.com/sassoftware/go-rpmutils) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/sassoftware/go-rpmutils/releases) - [Commits](https://github.com/sassoftware/go-rpmutils/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: github.com/sassoftware/go-rpmutils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-29 12:32:37 -05:00
dependabot[bot]	0bb94099b0	chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#2538 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-24 10:11:33 -05:00
dependabot[bot]	97d0108bd5	chore(deps): bump github.com/docker/docker (#2537 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.0+incompatible to 25.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-24 10:11:24 -05:00
dependabot[bot]	935b885ba2	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#2532 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.12 to 0.5.0. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-23 10:13:51 -05:00
William Murphy	c6ce1de928	make AllLocations accept a context (#2518 ) The previous implementation would leak a goroutine if the caller of AllLocations stopped iterating early. Now, accept a context so that the caller can cancel the AllLocations iterator rather than leak the goroutine. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2024-01-22 11:05:59 -05:00
anchore-actions-token-generator[bot]	969b5f1764	chore(deps): update stereoscope to eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2024-01-19 10:25:31 -05:00
dependabot[bot]	1b6c2470b0	chore(deps): bump github.com/docker/docker (#2512 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-19 10:04:07 -05:00
dependabot[bot]	42dd04699f	chore(deps): bump github.com/google/go-containerregistry (#2507 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-18 09:44:45 -05:00
dependabot[bot]	fe271e89f6	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2502 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-17 10:07:57 -05:00
dependabot[bot]	6f4fb61a1c	chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2501 ) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-17 10:08:51 +00:00
Alex Goodman	313d9212b6	Add cataloger list command (#2366 ) * add cataloger list command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * chore: tidy go mod Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2024-01-16 09:41:58 -05:00
dependabot[bot]	41601e60ca	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2494 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-15 14:40:33 -05:00
dependabot[bot]	75fdb9e623	chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1 to 0.17.1 (#2475 )	2024-01-10 16:13:59 +00:00
dependabot[bot]	c209d03fe8	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.2 (#2476 )	2024-01-10 15:58:09 +00:00
dependabot[bot]	1af68683d0	chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 (#2482 )	2024-01-10 15:49:18 +00:00
Christopher Angelo Phillips	7182f5b519	Upgrade binary test fixtures management (#2444 ) * test: strip fixtures of any execution permissions Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * chore: add lint check for large files Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * add helper script to capture binary snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * chore: update scripts and add new dir output for snippets Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update erlang test to new generated format Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update memcached to new generator pattern Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update openjdk to named version Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: move openjdk lts to versioned folder Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: rename unversioned java to versioned folders Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: migrate bash fixture to new snippet workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update script to size 600 bytes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update go classifier to new snippet workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: move haproxy new new snippet Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: add flatter haproxy example Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update tests to new pattern Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: final version of snippet script Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * [wip] download bin helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add manager for binary cataloger test fixtures Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add remaining binary cataloger patterns and snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * adjust gitignore to be more permissive to snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add rust darwin snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * skip tests that are missing full binaries Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for binary test fixture manager Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * highlight rows that do not have binaries or snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump fixture limit to 1K (found exceptions when adding snippets) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add redis and postgres snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve formating of fixture listing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-05 21:40:03 +00:00
anchore-actions-token-generator[bot]	04e8c96822	chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 (#2452 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-12-22 09:36:13 -05:00
anchore-actions-token-generator[bot]	56a1ab54d2	chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-12-18 06:43:24 -05:00
dependabot[bot]	b83cc8485a	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413 )	2023-12-14 17:18:37 -05:00
dependabot[bot]	51831d303c	chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.27.0 to 1.28.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-14 12:38:55 -05:00
dependabot[bot]	67dbd1fe4c	chore(deps): bump github.com/charmbracelet/bubbletea (#2424 ) Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0. - [Release notes](https://github.com/charmbracelet/bubbletea/releases) - [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/bubbletea dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 12:21:22 -05:00
dependabot[bot]	402227f0b3	chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 11:45:04 -05:00
dependabot[bot]	b9462db59e	chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.7 to 1.4.8. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-11 12:37:20 -05:00
dependabot[bot]	bfad9659a8	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.1 to 5.11.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-11 08:58:26 -05:00
William Murphy	13758260dd	fix: bump fangs for ptr summarize fix (#2387 ) Previously, pointers to primitive types in config summarization could be printed literally (like "0x123aefef"). Pull in fangs to get the fix for this. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-12-01 14:37:42 +00:00
Alex Goodman	4adfbeb5f0	Generalize UI events for cataloging tasks (#2369 ) * generalize ui events for cataloging tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * moderate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename cataloger task progress object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate cataloger task fn to bus helper Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-30 16:25:50 +00:00
dependabot[bot]	e8119acf93	chore(deps): bump github.com/google/go-containerregistry (#2377 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-30 09:24:25 -05:00
dependabot[bot]	5d44e49d2f	chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#2361 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:22:21 -05:00
dependabot[bot]	5dd3b127b0	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#2362 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.0 to 5.10.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:21:59 -05:00
Alex Goodman	1676934c63	Add "pretty" json configuration and change default behavior to be space-efficient (#2275 ) * expose underlying format options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove escape html options and address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]	7cfb5f630a	chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-11-17 20:53:01 +00:00
dependabot[bot]	58f310c390	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#2310 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.11 to 0.4.12. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 08:06:50 -08:00
dependabot[bot]	a383239217	chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 (#2311 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 08:06:19 -08:00
dependabot[bot]	220655743b	chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#2293 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-08 10:23:40 -08:00
dependabot[bot]	a4b895d31f	chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 (#2292 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/mod/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-06 14:12:40 +00:00
dependabot[bot]	a6d73e5659	chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 (#2279 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.26.0 to 1.27.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-01 10:35:20 -04:00
dependabot[bot]	f442586ec9	chore(deps): bump github.com/docker/docker (#2263 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-30 09:55:19 -04:00
anchore-actions-token-generator[bot]	12877ed863	chore(deps): update stereoscope to 5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-10-30 09:51:37 -04:00
dependabot[bot]	58850d3258	chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2262 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-27 09:55:04 -04:00
dependabot[bot]	ae27dcdfa9	chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#2256 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.9.0 to 5.10.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-25 10:45:27 -04:00
dependabot[bot]	5a4778093d	chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 (#2248 ) Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 10:42:17 -04:00
Alex Goodman	f3ad8cf250	bump clio to get stderr reporting fix (#2232 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-16 12:47:48 -04:00
dependabot[bot]	1fe0921a5b	chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#2222 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 11:10:56 -04:00
dependabot[bot]	7732cd3b48	chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#2214 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 13:52:07 -04:00
dependabot[bot]	0302fc5b48	chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2215 ) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 09:53:00 -04:00
dependabot[bot]	b899536814	chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#2216 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 09:52:42 -04:00
dependabot[bot]	87e57aa925	chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible (#2193 ) * chore(deps): bump github.com/docker/distribution Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update reference import Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-10-06 12:54:19 -04:00
dependabot[bot]	b23879fd37	chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-06 12:01:38 -04:00
dependabot[bot]	127fac8ca9	chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.6 to 1.4.7. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-05 13:02:30 -04:00
dependabot[bot]	37bb95f5c9	chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-05 11:50:05 -04:00
dependabot[bot]	86005d1593	chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2189 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.25.0 to 1.26.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-02 12:34:59 -04:00
dependabot[bot]	45625dae94	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#2191 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.10 to 0.4.11. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-02 12:33:42 -04:00
dependabot[bot]	7b1af8721d	chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 (#2180 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.5 to 1.4.6. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-27 15:04:52 -04:00
dependabot[bot]	534a5f54b0	chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#2174 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.5 to 1.10.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-25 15:07:19 -04:00
William Murphy	8a414b5366	chore: bump stereoscope to fix data race in UI code (#2173 ) Pulls in a fix in go-progress that prevents a race in the UI code when scanning large images. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-09-25 10:29:56 -04:00
Đỗ Trọng Hải	b7fa75d7f8	chore: switch to stdlib's slices pkg (#2148 ) * chore: switch to stdlib's slices pkg Signed-off-by: hainenber <dotronghai96@gmail.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: hainenber <dotronghai96@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-20 18:38:37 +00:00
Alex Goodman	58f8c852df	Require ordering of relationships when comparing parser output (#2160 ) * require ordering of relationships when comparing parser output Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] fix cataloger test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * change method of relationship sort to simple string dump Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-20 17:39:18 +00:00
dependabot[bot]	ba00f3328d	chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 (#2158 ) Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) from 2.1.2 to 2.2.0. - [Release notes](https://github.com/github/go-spdx/releases) - [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0) --- updated-dependencies: - dependency-name: github.com/github/go-spdx/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-20 10:12:33 -04:00
Christopher Angelo Phillips	650f71cbe0	chore: update to latest stereoscope (#2151 ) * chore: update to latest stereoscope Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * chore: go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-19 15:22:10 -04:00
anchore-actions-token-generator[bot]	51243aa65f	chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 (#2149 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-19 09:07:15 -04:00
Shane Dell	23e3de75e3	Add containerd support (#1793 ) * [wip] add containerd UI handlers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Add containerd support - Add UI handlers (done by @wagoodman) - Add containerd types and wrappers (done by @wagoodman) - Add flag for specifying containerd address Closes #201 Signed-off-by: Shane Dell <shanedell100@gmail.com> * Fix lint Signed-off-by: Shane Dell <shanedell100@gmail.com> * add containerd ui handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add containerd scheme to readme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test for scheme detection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Shane Dell <shanedell100@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips	3e16c6813f	feat: add cyclonedx schema version selection (#2123 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-13 14:50:22 -04:00
dependabot[bot]	4a2fc226dd	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#2125 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.1 to 5.9.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-13 10:33:47 -04:00
anchore-actions-token-generator[bot]	3a45653cfa	chore(deps): update stereoscope to 2fc2d6c2503b6e2212e04c64ceffd57c3395ae70 (#2117 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-12 11:49:20 -04:00
anchore-actions-token-generator[bot]	e3c525b4b8	chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (#2109 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-08 14:10:00 -04:00
dlorenc	9f22ab6137	Bump the golang.org/x/exp dependency and fix a build breakage. (#2088 ) * Bump the golang.org/x/exp dependency and fix a build breakage. --------- Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-07 14:55:52 -04:00
dependabot[bot]	212aa9b6cf	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.7 to 0.4.10. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:56:41 -04:00
dependabot[bot]	9caf51596e	chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 (#2096 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.4 to 1.4.5. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:29:06 -04:00
dependabot[bot]	7645d5759d	chore(deps): bump github.com/docker/docker (#2098 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:27:21 -04:00
dependabot[bot]	ce32f8bb74	chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 (#2099 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:26:56 -04:00
Keith Zantow	2b7a9d0be3	chore: update CLI to CLIO (#2001 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 15:52:26 -04:00
5p2O5pe25ouT	b03e9c6868	Add registry certificate verification support (#1734 ) * add registry certificate verification support * replace stereoscope version * modify go.mod * pull in stereoscope update Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename registry cert options, add docs, and add test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update to account for changes in anchore/stereoscope#195 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: lishituo <24578666@qq.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 11:45:20 -04:00
Sirish Bathina	62f689824c	Detect golang boring crypto and fipsonly modules (#2021 ) * Extending build info to include crypto settings Signed-off-by: Sirish Bathina <sirish@kasten.io> * Use kasten fork for goversion module Signed-off-by: Sirish Bathina <sirish@kasten.io> * go mod tidy Signed-off-by: Sirish Bathina <sirish@kasten.io> * change key to GoCryptoSettings and lint fix Signed-off-by: Sirish Bathina <sirish@kasten.io> * Addressing feedback Signed-off-by: Sirish Bathina <sirish@kasten.io> --------- Signed-off-by: Sirish Bathina <sirish@kasten.io>	2023-08-24 09:49:59 -04:00
dependabot[bot]	a2b389523d	chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-23 13:41:17 -04:00
Alex Goodman	17d4203bbb	Enable reading non-utf-8 encodings for java pom.xml files (#2047 ) * fix reading non utf8 encodings Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * in cases where we cant tell the encoding use the UTF8 replacement char Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 10:06:34 -04:00
dependabot[bot]	cf37b17869	chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-22 10:42:19 -04:00
dependabot[bot]	f58425a305	chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.5 to 0.4.0. - [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-21 10:37:11 -04:00
dependabot[bot]	82eafeaf4a	chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008 ) * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 * refactor: update consumer code to use new optional values Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.2 to 1.0.0. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-major ... --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 17:22:51 -04:00
dependabot[bot]	6bf6f85584	chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 (#2009 ) Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.6.1 to 1.7.0. - [Commits](https://github.com/dave/jennifer/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/dave/jennifer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-09 14:46:11 -04:00
dependabot[bot]	2fc65094b7	chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-07 10:34:00 -04:00
dependabot[bot]	d7ff77072a	chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#1998 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.24.0 to 1.25.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-04 14:24:31 -04:00
dependabot[bot]	c150b4e358	chore(deps): bump github.com/google/go-containerregistry (#1993 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.2 to 0.16.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-03 10:53:09 -04:00
Keith Zantow	3f0475efb7	chore: update bubbly to fix hanging (#1990 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-02 10:28:35 -04:00
dependabot[bot]	2e376d067f	chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1989 )	2023-08-02 14:16:49 +00:00
anchore-actions-token-generator[bot]	f14742b3f3	chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips	3aae316456	chore: update to latest commit in tools-golang (#1969 ) * chore: update to latest commit in tools-golang --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-27 15:29:22 -04:00
Alex Goodman	063e9da65d	Guess unpinned versions in python requirements.txt (#1966 ) * feat: python requirements.txt parsing inclusive Signed-off-by: manifestori <ori@manifestcyber.com> * refactor: parseVersion Signed-off-by: manifestori <ori@manifestcyber.com> * add python config for optional requirements version constraint resolution Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for python requirements metadata to be optional Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore cyclonedx dependency Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: manifestori <ori@manifestcyber.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: manifestori <ori@manifestcyber.com>	2023-07-27 14:26:59 -04:00
dependabot[bot]	bf1102c3f1	chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-27 13:28:42 -04:00
dependabot[bot]	1e4d26f526	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-26 13:34:03 +00:00
anchore-actions-token-generator[bot]	9a73380f29	chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-25 10:49:21 -04:00
dependabot[bot]	2e718cf865	chore(deps): bump github.com/docker/docker (#1955 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-25 10:37:16 -04:00
dependabot[bot]	4000a84624	chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-24 11:28:54 -04:00
dependabot[bot]	3f5c601620	chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1949 ) Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.5.3 to 1.5.4. - [Release notes](https://github.com/gookit/color/releases) - [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4) --- updated-dependencies: - dependency-name: github.com/gookit/color dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-21 08:50:47 -04:00
Dan Luhring	8478e0bef7	Add support for parsing .NET assemblies (#1943 ) * Add support for parsing .NET assemblies Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac * Add dll and exe files Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641 * Add PE cataloger to directory catalogers Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849 * Don't set language to dotnet for PEs Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5 * Fix spelling of cataloger in constructor Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941 * Adjust which cases in PE parsing return errors Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff * remove build binary from branch Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2 * Fix failing CLI tests Signed-off-by: Dan Luhring <dluhring@chainguard.dev> --------- Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-19 15:34:07 -04:00
Alex Goodman	35699f6fdc	remove jotframe UI (#1932 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips	2e7fd031d4	fix: remove indirect dependency of circl v1.1.0 (#1940 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-13 12:30:37 -04:00
Alex Goodman	4fc17edd14	implement ui handle waiter (#1930 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-12 13:14:54 -04:00
dependabot[bot]	05a61897f2	chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1928 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.1 to 1.24.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-11 14:01:48 -04:00
dependabot[bot]	8ce88e11fd	chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-06 16:02:44 -04:00
Alex Goodman	f8b832e6c3	Switch UI to bubbletea (#1888 ) * add bubbletea UI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap pipeline to go 1.20.x and add attest guard for cosign binary Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update note in developing.md about the required golang version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix merge conflict for windows path handling Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * temp test for attest handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add addtional test iterations for background reader Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-06 09:00:46 -04:00
dependabot[bot]	e8f7108e6e	chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:06:05 -04:00
dependabot[bot]	023ca1be32	chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:05:46 -04:00
anchore-actions-token-generator[bot]	791d1f9552	chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]	0d4f19043e	chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-26 13:58:44 -04:00
dependabot[bot]	badb957888	chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-15 14:10:11 -04:00
dependabot[bot]	a1bba36d51	chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.0 to 1.23.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]	c019cd51da	chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-14 11:29:39 -04:00
dependabot[bot]	5406d8a366	chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 10:30:19 -04:00
dependabot[bot]	2c5d64ac9e	chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868 ) Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 17:01:19 -04:00
dependabot[bot]	c560ffd811	chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 (#1850 ) * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update fixtures for spdx with new library changes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 15:01:06 -04:00
dependabot[bot]	d676e5e781	chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:48:18 -04:00
dependabot[bot]	903d29b6f7	chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.22.1 to 1.23.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.1...v1.23.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:47:59 -04:00
dependabot[bot]	1bd9de9047	chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.15.0 to 1.16.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-01 08:35:14 -04:00
dependabot[bot]	5842fc2a64	chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-30 13:48:54 -04:00
dependabot[bot]	f0307fdd62	chore(deps): bump github.com/docker/docker (#1849 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.1+incompatible to 24.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.1...v24.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 16:08:20 -04:00
Alex Goodman	74013d7da7	Add test to ensure package metadata is represented in the JSON schema (#1841 ) * [wip] try to reflect metadata types... probably wont work Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor to add unit test to ensure there is coverage in the schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] generate metadata container Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add generation of metadata container struct for JSON schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update linter script to account for code generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-05-25 13:26:56 -04:00
dependabot[bot]	4bf17a94b9	chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-24 11:40:11 -04:00
anchore-actions-token-generator[bot]	798af57853	chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-05-23 10:18:39 -04:00
dependabot[bot]	f50302b2ba	chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-22 14:01:17 -04:00
dependabot[bot]	b09cf6c6b5	chore(deps): bump github.com/docker/docker (#1833 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.0+incompatible to 24.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.0...v24.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-22 13:07:24 -04:00
Alex Goodman	334a775cb9	Keep original FileInfo persisted on file.Metadata structs (#1794 ) * pull in fileinfo changes from stereoscope #172 Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix CLI test assumption about the docker daemon Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <>	2023-05-19 14:21:10 +00:00
dependabot[bot]	f1b6f38ea8	chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#1827 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-19 09:01:05 -04:00
dependabot[bot]	f6f8332b7f	chore(deps): bump github.com/google/go-containerregistry (#1823 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 14:34:27 -04:00
dependabot[bot]	74351567ab	chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 (#1822 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 14:33:48 -04:00
dependabot[bot]	51d4c9b4ab	chore(deps): bump github.com/docker/docker (#1824 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.6+incompatible to 24.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.6...v24.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 14:33:30 -04:00
Christopher Angelo Phillips	42fa9e4965	feat: update syft license concept to complex struct (#1743 ) this PR makes the following changes to update the underlying license model to have more expressive capabilities it also provides some guarantee's surrounding the license values themselves - Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields: - original `Value` read by syft - If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption - the above is run against a generated list of SPDX license ID to try and find the correct ID - SPDX concluded vs declared is added to the new struct - URL source for license is added to the new struct - Location source is added to the new struct to show where the expression was pulled from	2023-05-15 16:23:39 -04:00
William Murphy	e925d9d4a5	feat: warn if parsing newer SBOM (#1810 ) If syft is asked to parse an SBOM that was written by a newer version of syft, emit a warning, since the current version of syft doesn't know about fields that may be added in the future. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-05-11 08:55:27 -04:00
dependabot[bot]	ef08d0fa39	chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-09 11:59:39 -04:00
dependabot[bot]	75d625b697	chore(deps): bump github.com/docker/docker (#1795 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.5+incompatible to 23.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.5...v23.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 12:45:50 -04:00
dependabot[bot]	88ba8b78fc	chore(deps): bump github.com/google/go-containerregistry (#1796 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.0 to 0.15.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.14.0...v0.15.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 12:45:30 -04:00
dependabot[bot]	e31839a370	chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787 )	2023-05-05 18:56:40 +00:00
dependabot[bot]	dd458a2b33	chore(deps): bump github.com/docker/docker (#1767 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.4+incompatible to 23.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.4...v23.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-02 16:43:16 -04:00
dependabot[bot]	10c3cc27e8	chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 (#1768 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.22.0 to 1.22.1. - [Release notes](https://gitlab.com/cznic/sqlite/tags) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.0...v1.22.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 11:58:59 -04:00
dependabot[bot]	02bd52728e	chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 (#1758 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.21.2 to 1.22.0. - [Release notes](https://gitlab.com/cznic/sqlite/tags) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.21.2...v1.22.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-26 10:37:49 -04:00
Christopher Angelo Phillips	c038f13d44	chore: go-rpmdb update (#1757 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-24 10:34:13 -04:00
dependabot[bot]	8102ad4edc	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706 )	2023-04-24 10:20:12 -04:00
Weston Steimel	ee80349ea0	chore: bump stereoscope to latest version (#1741 ) Resolves reporting of GHSA-hw7c-3rfg-p46j Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-04-18 15:44:03 +00:00
dependabot[bot]	66d9c5637b	chore(deps): bump github.com/docker/docker (#1746 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.3+incompatible to 23.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-18 10:22:41 -04:00
Avi Deitcher	b69259534d	feat: Support scanning license files in golang packages over the network (#1630 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 15:13:29 -04:00
Avi Deitcher	cc731c7b19	Add Linux Kernel cataloger (#1694 ) * add kernel handler Signed-off-by: Avi Deitcher <avi@deitcher.net> * [wip] combine kernel and kernel module cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] combine kernel and kernel module cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Avi Deitcher <avi@deitcher.net> * rename Kernel package to LinuxKernel package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split kernel and module packages within cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up application configuration with kernel cataloger options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont use references for packages on relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting and tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * kernel cataloger should be resistent to partial failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * log upon kernel module metadata missing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for linux kernel cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update integration tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update cli package test counts Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence annotations for kernel packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * reduce noise in cli test output Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * missed cli test to reduce noise for Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix package counts Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs with linux kernel cataloging refs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema with new metadata fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 14:33:36 -04:00
dependabot[bot]	a260fb2774	chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-07 15:58:21 -04:00
anchore-actions-token-generator[bot]	f83cae35f2	chore(deps): update stereoscope to e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-04-07 08:48:17 -04:00
dependabot[bot]	da44db92e9	chore(deps): bump github.com/docker/docker (#1715 )	2023-04-06 13:44:51 +00:00
dependabot[bot]	4a499c946e	chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713 )	2023-04-06 13:44:41 +00:00
dependabot[bot]	99c28a94a4	chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714 )	2023-04-06 13:36:16 +00:00
dependabot[bot]	f7ac4e98af	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1716 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-06 09:34:59 -04:00
Keith Zantow	7845381331	chore: update tools-golang to v0.5.0 (#1717 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-04-05 13:59:52 -04:00
dependabot[bot]	2fa238af7c	chore(deps): bump github.com/docker/docker (#1699 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 10:00:37 -04:00
anchore-actions-token-generator[bot]	81b87dd108	chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (#1693 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-03-23 16:30:08 +00:00
dependabot[bot]	539bc2afcb	chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 (#1692 ) Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/vbatts/go-mtree/releases) - [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md) - [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: github.com/vbatts/go-mtree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-23 11:09:32 -04:00
Avi Deitcher	9fd532246a	feat: scan local go mod cache for licenses of golang packages (#1645 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-03-23 10:38:15 -04:00
dependabot[bot]	168c5aed51	chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1689 )	2023-03-22 14:26:58 -04:00
anchore-actions-token-generator[bot]	7998520848	chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (#1681 )	2023-03-18 10:32:39 -04:00
dependabot[bot]	1899eb50d0	chore(deps): bump github.com/google/go-containerregistry (#1672 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-16 12:07:47 -04:00
dependabot[bot]	f43953d225	chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655 )	2023-03-06 15:49:34 +00:00
dependabot[bot]	eea1b48cbb	chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653 )	2023-03-06 15:38:34 +00:00
dependabot[bot]	a063cf300b	chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 (#1654 )	2023-03-06 15:21:35 +00:00
dependabot[bot]	b73903519c	chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656 )	2023-03-06 15:20:43 +00:00
Keith Zantow	5f90d03718	fix: possible race condition (#1639 )	2023-03-01 15:35:01 -05:00
dependabot[bot]	d23b4d4cbd	chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1625 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 13:14:20 -05:00
dependabot[bot]	284bae9d5f	chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1609 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-24 15:07:52 -05:00
anchore-actions-token-generator[bot]	aa151da5fe	Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-02-22 19:08:35 +00:00
anchore-actions-token-generator[bot]	bb52a25c8a	Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602 ) Signed-off-by: GitHub <noreply@github.com>	2023-02-22 08:49:04 +00:00
anchore-actions-token-generator[bot]	2642a36161	Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>	2023-02-16 10:22:43 -05:00
dependabot[bot]	1981b249f1	chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-15 12:54:55 -05:00
dependabot[bot]	3013c8b691	chore(deps): bump github.com/docker/docker (#1563 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.0+incompatible to 23.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-10 10:43:19 -05:00
Alex Goodman	988041ba6d	Speed up cataloging by replacing globs searching with index lookups (#1510 ) * replace raw globs with index equivelent operations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cataloger test for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix import sorting for binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting for mock resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * separate portage cataloger parser impl from cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance cataloger pkgtest utils to account for resolver responses Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for apkdb cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dpkg cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for cpp cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dart cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dotnet cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for elixir cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for erlang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for golang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for haskell cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for java cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for javascript cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for php cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for portage cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for python cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rust cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for sbom cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for swift cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow generic catloger to run all mimetype searches at once Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove stutter from php and javascript cataloger constructors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for generic.Search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add exceptions for java archive git ignore entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance basename and extension resolver methods to be variadic Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont allow * prefix on extension searches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for ruby cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove unnecessary string casting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate surfacing of leaf link resolitions from stereoscope results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] switch to stereoscope file metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip + failing] revert to old globs but keep new resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * index files, links, and dirs within the directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix several resolver bugs and inconsistencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move format testutils to internal package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json to account for file type string normalization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split up directory resolver from indexing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to include details about searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] bump stereoscope to development version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust symlinks fixture to be fixed to digest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix all-locations resolver tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix test fixture reference Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename file.Type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix PR comment to exclude extra * Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to dev version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to final version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move observing resolver to pkgtest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-02-09 16:19:47 +00:00
dependabot[bot]	08804842fa	chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-09 09:01:56 -05:00
dependabot[bot]	48528efff3	chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 10:07:37 -05:00
dependabot[bot]	8d856a7c7b	chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 09:23:31 -05:00
anchore-actions-token-generator[bot]	95201840d2	Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-02-07 10:05:18 -05:00
dependabot[bot]	ad8604c223	chore(deps): bump github.com/docker/docker (#1531 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.23+incompatible to 23.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.23...v23.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-02 10:53:22 -05:00
Keith Zantow	1530ef354f	chore: update spdx/tools-golang to v0.5.0-rc1 (#1503 )	2023-01-31 11:53:16 -05:00
dependabot[bot]	21ba5d0806	chore(deps): bump github.com/google/go-containerregistry (#1513 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.1 to 0.13.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.12.1...v0.13.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 13:41:43 +00:00
dependabot[bot]	3269bc98d4	chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 15:01:25 -05:00
dependabot[bot]	7f3382f7eb	chore(deps): bump github.com/docker/docker (#1506 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.20+incompatible to 20.10.23+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.20...v20.10.23) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:58:39 -05:00

... 2 3 4 5 6 ...

530 commits