Commit graph

2250 commits

Author SHA1 Message Date
anchore-actions-token-generator[bot]
06526e2931
chore(deps): update stereoscope to 50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-07-29 10:04:46 -04:00
anchore-actions-token-generator[bot]
a2042e629c
chore(deps): update CPE dictionary index (#3079)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-07-29 10:03:59 -04:00
dependabot[bot]
a35e410c75
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to 0.5.6 (#3082)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.5...v0.5.6)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:03:44 -04:00
dependabot[bot]
8dd7c9c0b9
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#3083)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5cf07d8b70...afb54ba388)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:03:35 -04:00
witchcraze
490e05adb2
fix: traefik classifier (#3077)
Signed-off-by: witchcraze <witchcraze@gmail.com>
2024-07-29 09:46:51 -04:00
mikcl
1cd75b7d68
python-cataloger: fix normalization test (#3073)
Signed-off-by: mikcl <mikesmikes400@gmail.com>
2024-07-25 15:45:14 -04:00
Laurent Goderre
4882d2e8ce
Only match ldflag version if it matches the main module or targets main.version (#3062)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-07-25 13:56:55 -04:00
mikcl
b3848f780f
python cataloger: allow dots in python package names (#3070)
Signed-off-by: mikcl <mikesmikes400@gmail.com>
2024-07-25 13:56:10 -04:00
mikcl
36f95d6828
python-cataloger: normalize package names (#3069)
Signed-off-by: mikcl <mikesmikes400@gmail.com>
2024-07-25 13:54:13 -04:00
dependabot[bot]
68b96ae444
chore(deps): bump github.com/docker/docker (#3066)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.0+incompatible to 27.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.1.0...v27.1.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-25 13:50:33 -04:00
dependabot[bot]
3917989f86
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#3072)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d790406f5...5cf07d8b70)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-25 13:50:06 -04:00
Keith Zantow
741c8fb9bd
fix: SPDX output performance with many relationships (#3053) 2024-07-24 10:14:20 -04:00
Alex Goodman
9573f557d1
better go mod detection from partial package builds (#3060)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-24 09:34:40 -04:00
anchore-actions-token-generator[bot]
ca945d16e0
chore(deps): update tools to latest versions (#3061)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-07-23 10:16:25 -04:00
dependabot[bot]
fe7c5a7174
chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 to 0.12.1 (#3040)
* chore(deps): bump github.com/charmbracelet/lipgloss

Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.11.1...v0.12.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: pin fedora linux/amd64 to sha

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-07-22 10:43:17 -07:00
Keith Zantow
125c787e40
chore: add debug logging for errors reading RPM files (#3051)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-22 13:05:04 -04:00
anchore-actions-token-generator[bot]
bfe6f5204a
chore(deps): update CPE dictionary index (#3035)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2024-07-22 08:56:58 -07:00
dependabot[bot]
aead40e1de
chore(deps): bump github.com/docker/docker (#3055)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v27.0.3...v27.1.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:56:01 -07:00
dependabot[bot]
536611fa25
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 (#3056)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.4...v0.5.5)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:45:25 -07:00
dependabot[bot]
d0a7d4c43e
chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1 (#3057)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.30.2 to 1.31.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.2...v1.31.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:45:01 -07:00
dependabot[bot]
0c53a087f0
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#3058)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 08:44:06 -07:00
dependabot[bot]
b263b1ec1f
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#3059)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4fa2a79536...2d790406f5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 10:55:55 -04:00
anchore-actions-token-generator[bot]
034a98f029
chore(deps): update stereoscope to 487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032)
* chore(deps): update stereoscope to 487b11e5ba2622d976acda10c605da63b4fbbb0a

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: allow unlicense

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-07-18 09:26:01 -07:00
anchore-actions-token-generator[bot]
69031b0646
chore(deps): update tools to latest versions (#3050)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-07-18 08:21:31 -07:00
Alan Pope
761a161e7f
docs: CODE_OF_CONDUCT.md (#3046)
This PR adds a code of conduct document to the repo, as agreed at our recent OSS team catch up.

Signed-off-by: Alan Pope <alan@popey.com>
2024-07-17 14:33:17 -07:00
Keith Zantow
ba31c2f1ae
fix: include CPEs with Maven groupId as vendor (#3045)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-17 11:23:58 -07:00
dependabot[bot]
5d729a5e9e
chore(deps): bump github.com/google/go-containerregistry (#3047)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 11:21:23 -07:00
dependabot[bot]
276df95768
chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 (#3048)
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 11:21:14 -07:00
dependabot[bot]
cca9a06a64
chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2 (#3039)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.30.1 to 1.30.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.1...v1.30.2)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-17 09:10:34 -04:00
Bradley Jones
4d23990dd4
docs: link to contrib/dev docs in readme (#3029)
These docs are full of great information so make them easily accessible
from the README so they aren't overlooked.

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
2024-07-16 06:59:31 -07:00
Adam McClenaghan
d4fa61e0a2
chore: Fix apache shield in readme (#3021)
Signed-off-by: Adam McClenaghan <adam@mcclenaghan.co.uk>
2024-07-16 06:59:14 -07:00
anchore-actions-token-generator[bot]
d4d4e003e9
chore(deps): update tools to latest versions (#3031)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-07-16 06:58:33 -07:00
dependabot[bot]
6bf91a410d
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3034)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...4fa2a79536)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 06:58:18 -07:00
dependabot[bot]
77c300d617
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#3044)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](95b086ac30...d94f46e13c)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 06:58:07 -07:00
William Murphy
75902b0540
fix: stop panicking on "devel" version go stdlib (#3043)
Previously, if a Go binary was cataloged with build info indicating that
the go compiler version used was "deve", syft would panic on a nil
pointer dereference. Instead, skip creating a Go stdlib reference and
relationship for such a package.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-07-16 09:51:14 -04:00
Keith Zantow
278b72d39b
chore: pin fedora image for elf binary test (#3041)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-15 16:37:09 +00:00
dependabot[bot]
37245a21cc
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#3023)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](e8d2a6937e...95b086ac30)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 14:50:48 -04:00
anchore-actions-token-generator[bot]
e2fe955262
chore(deps): update stereoscope to 27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-07-11 10:38:10 -07:00
dependabot[bot]
4e09908ba1
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](cdcb360436...0a12ed9d6a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 10:19:48 -07:00
dependabot[bot]
863793a3cc
chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.11.0...v0.11.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-11 10:19:14 -07:00
Christopher Angelo Phillips
f7ffcc534f
fix: stabilize cpe sorting during collection sort (#3009) 2024-07-09 14:24:21 -04:00
Laurent Goderre
b101f44aba
Map the downloadLocation field for PHP Composer packages (#3011)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
2024-07-09 09:01:58 -07:00
anchore-actions-token-generator[bot]
de3313cfb6
chore(deps): update stereoscope to e46739e217969fa67cbe8834b64bb165a10a1548 (#3013)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-07-09 07:53:04 -07:00
dependabot[bot]
b2f9904d74
chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#3015)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/net/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:52:32 -07:00
dependabot[bot]
13d01ecaff
chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 (#3014)
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/mod/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:08:25 -07:00
dependabot[bot]
7dc1b1ce27
chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#3017)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65462800fd...0b2256b8c0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:08:12 -07:00
dependabot[bot]
b8dce675fe
chore(deps): bump github.com/google/go-containerregistry (#3019)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:08:02 -07:00
dependabot[bot]
6dda9edd7c
chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0 (#3020)
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](https://github.com/adrg/xdg/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 07:07:53 -07:00
anchore-actions-token-generator[bot]
04c861bf77
chore(deps): update CPE dictionary index (#3016) 2024-07-08 08:13:17 -04:00
Alex Goodman
573440b7cf
Infer the package type from ELF package notes (#3008)
* fix ELF package types to be honored

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* prefer OS packages over binary packages when there are duplicates

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-02 16:07:08 -04:00