Commit graph

2124 commits

Author SHA1 Message Date
William Murphy
93a7d2ee27
fix: better clean up of file handles (#2823)
* always close ELF cataloger file handles

The elf-binary-package-cataloger does its own file IO to account for the
possibility of a logical ELF package being broken across multiple
physical files. However, this casued it to skip the normal invocation
pattern in the generic cataloger code that prevented file leaks. Ensure
this cataloger always closes its file handles.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* defer closing of generic cataloger file handles

Otherwise, a panicking cataloger could leak file handles.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* add unit test for file closed on panic parser

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* make invoke parser a static function

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* push error logging down into invoke parser

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-05-01 12:58:17 -04:00
dependabot[bot]
93a99e36c2
chore(deps): bump github.com/docker/docker (#2827)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.0+incompatible to 26.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.0...v26.1.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-01 11:03:31 -04:00
Keith Zantow
b0c88ddea9
fix(spdx): include required fields (#2168)
* fix(spdx): include required fields

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: missed update due to refactoring

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: update tools-golang

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: add test with packageVerificationCode included and excluded

Signed-off-by: Keith Zantow <kzantow@gmail.com>

---------

Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-04-30 13:28:42 -04:00
Keith Zantow
047e31a969
fix: add correct vendor for dnsmasq CPE (#2659)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-04-30 13:24:01 -04:00
guangwu
25b55e1704
fix: close temp rpmdb file (#2792)
* fix: close temp rpmdb file and db

Signed-off-by: guoguangwu <guoguangwug@gmail.com>

* chore: fix linter

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: guoguangwu <guoguangwug@gmail.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-30 12:47:17 -04:00
dependabot[bot]
02dc2dfa9b
chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 (#2817)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8f596b4ae3...d39d31e687)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-04-30 16:27:14 +00:00
Alex Goodman
5b03788300
Fill in SPDX originator for all supported package types (#2822)
* add failing test + beef up doc comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* cover more metadata types in spdx originator processing

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-04-29 16:33:00 -04:00
dependabot[bot]
9901ea8fe9
chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#2821)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.10 to 0.15.11.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](ab5d7b5f48...7ccf588e3c)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 12:40:43 -04:00
Alex Goodman
87cd6c8c48
update spdx license list to 3.23 (#2818)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-04-26 14:50:55 +00:00
William Murphy
d3310a1830
fix: re-use embedded union reader if possible (#2814)
* fix: re-use embedded union reader if possible

Previously, because file.LocationReadCloser embeds a ReadCloser that
might be a UnionReader, but doesn't implement the interface itself, the
type assertion would fall and Syft would fall back to io.ReadAll to
enable seeking on the underlying reader, resulting in a potentially
large extra allocation.

Instead, check whether the passed ReadCloser is a
file.LocationReadCloser, and if so, try to use the embedded ReadCloser
as a UnionReader.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* lint fix

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* Assert that underlying reader is returned

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-04-26 10:21:38 -04:00
Weston Steimel
8640f978ba
feat: index known CPEs for go modules (#2816)
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-26 09:55:05 -04:00
dependabot[bot]
13b06dad45
chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#2812) 2024-04-25 10:32:10 -04:00
Weston Steimel
9604e3dc9c
feat: support multiple known CPEs in index (#2813)
It is possible that a given package has multiple known "official" CPEs
active in the dictionary at once, so the index should support a slice of
CPE strings per package

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-25 15:22:26 +01:00
anchore-actions-token-generator[bot]
f2fc10aa86
chore(deps): update stereoscope to 8b297badafd5d81fa1187b26ae34dd2a7ce7e425 (#2807)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
2024-04-24 15:19:13 -04:00
dependabot[bot]
21b22555d2
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2809)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1d96c772d1...0ad4b8fada)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-24 15:19:03 -04:00
dependabot[bot]
5326efcef1
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#2810)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.3 to 0.5.4.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.3...v0.5.4)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-24 12:04:09 -04:00
Gijs Calis
b90e7f9437
Fix removing labels in 'Detect schema changes' job (#2772)
* Fix error messages for add & remove label

Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>

* Check if label exists on PR before removing

Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>

---------

Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
2024-04-23 14:42:57 -04:00
dependabot[bot]
fbdd4ee015
chore(deps): bump github.com/docker/docker (#2805)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.2+incompatible to 26.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.2...v26.1.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 14:32:34 -04:00
William Murphy
f154bf570d
Display which provider caused which error in output (#2757)
* Display which provider caused which error in output

Otherwise, the output is very difficult to parse.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* lint fix

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* bump stereoscope to v0.0.2

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-04-23 14:27:39 -04:00
Weston Steimel
99b58db497
fix: prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io (#2806)
Improves the logic for adding known CPEs for Jenkins plugins by
including `plugins.jenkins.io` and prefers non-deprecated CPEs

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-23 11:11:47 -04:00
Weston Steimel
8d960e62c6
feat: index known CPEs for PHP Composer packagist.org packages (#2804)
Indexes known CPEs from `packagist.org`

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-23 10:42:59 -04:00
dependabot[bot]
27a8a1be03
chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2 (#2802)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.1 to 3.25.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c7f9125735...8f596b4ae3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 09:54:36 -04:00
dependabot[bot]
4ccbd17255
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#2803)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](1746f4ab65...65462800fd)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 09:54:28 -04:00
Weston Steimel
891e61a2ef
fix: improvements to known CPE index construction (#2801)
* fix: stop pre-filtering potential known CPE URLs

Previously when building the known CPE index, there was logic to
de-duplicate processing based on the normalized CPE name; however, this
means a significant number of known CPE's don't get indexed because the
first instance of that name didn't have a supported collection url but a
later one did.  This isn't code that executes at runtime in syft so
de-duplicating the processing for performance isn't really necessary
here and it doesn't add much to the total runtime anyways

Signed-off-by: Weston Steimel <commits@weston.slmail.me>

* fix: CPE index builder should extract and consider all reference urls

Previously the struct definition for CpeItem caused only the last URL
reference in the list to be kept and processed for inclusion in the
index

Signed-off-by: Weston Steimel <commits@weston.slmail.me>

---------

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-23 09:28:18 -04:00
Keith Zantow
f7d3d552ce
fix: exclude known instrumentation jars from being erroneously identified (#2796)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-04-22 15:03:17 -04:00
Weston Steimel
12ea9912b4
feat: index known cpes for PHP extensions (#2777)
Indexes known CPEs from `pecl.php.net` and `pear.php.net`

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-22 13:43:19 -04:00
dependabot[bot]
cf6f92f2c8
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#2799)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...1d96c772d1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-22 13:29:13 -04:00
William Murphy
6440f26b5a
fix: return empty string if dereferncing pom var fails (#2797)
Previously, Syft would attempt to dereference pom variables, but if it
detected a cycle or failed to get back to a non-variable value, it would
return the last variable. Instead, return an empty string. Otherwise,
certain jars will have versions like "${project.version}" in the SBOM,
which is not helpful.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-04-19 19:38:36 +00:00
dependabot[bot]
f2633800ce
chore(deps): bump github.com/docker/docker (#2793)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.1+incompatible to 26.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.1...v26.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 15:06:57 -04:00
dependabot[bot]
4f227bf447
chore(deps): bump modernc.org/sqlite from 1.29.7 to 1.29.8 (#2794)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.7 to 1.29.8.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.7...v1.29.8)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 15:06:44 -04:00
dependabot[bot]
d70eb3d04b
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#2795)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...1746f4ab65)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-19 15:06:32 -04:00
guangwu
fe4819bc08
chore: cleanup redundant code (#2791)
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
2024-04-19 12:12:48 -04:00
anchore-actions-token-generator[bot]
b26b38d6c5
chore(deps): update tools to latest versions (#2789)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-04-18 12:40:08 -04:00
dependabot[bot]
31969136e3
chore(deps): bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#2790)
Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.3 to 0.5.4.
- [Release notes](https://github.com/spdx/tools-golang/releases)
- [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/spdx/tools-golang/compare/v0.5.3...v0.5.4)

---
updated-dependencies:
- dependency-name: github.com/spdx/tools-golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-18 12:39:42 -04:00
dependabot[bot]
f6845474bd
chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 (#2786)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.0 to 3.25.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](df5a14dc28...c7f9125735)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-17 10:46:34 -04:00
dependabot[bot]
e1cadead1d
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#2787)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](c55203cfde...9153d834b6)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-17 10:46:24 -04:00
William Murphy
3e71f46fc8
Fix: repeatedly dereference pom variables (#2781)
* Fix: repeatedly dereference pom variables

Previously, if there was more than one layer of variable indirection in
the pom property (propert A says it has the same value as property B,
property B says it has the same value as property C), then Syft would
only dereference one layer. Add a loop to dereference variables until
either dereferencing fails, or until the variable is completely
dereferenced back to a literal.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* switch to recursive implementation

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* add test cases for degenerate poms

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* switch to recursive implementation

Signed-off-by: Will Murphy <will.murphy@anchore.com>

* remove redundant pieces of test cases

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-04-16 15:44:02 -04:00
dependabot[bot]
3b01e13f92
chore(deps): bump modernc.org/sqlite from 1.29.6 to 1.29.7 (#2783)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.6 to 1.29.7.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.6...v1.29.7)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-16 11:05:35 -04:00
anchore-actions-token-generator[bot]
25c2e60358
chore(deps): update CPE dictionary index (#2780)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <1593939+westonsteimel@users.noreply.github.com>
2024-04-15 11:15:38 -04:00
dependabot[bot]
dc7fa21980
chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 (#2779)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 3.25.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4355270be1...df5a14dc28)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 10:00:54 -04:00
Weston Steimel
587690b875
chore: fix broken cpe index generation task (#2778)
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-04-15 09:39:57 -04:00
dependabot[bot]
21eaa5c82b
chore(deps): bump github.com/docker/docker (#2773)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.0.0+incompatible to 26.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.0.0...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-12 15:33:27 -04:00
dependabot[bot]
081ec04b3f
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#2774)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](70a41aba78...c55203cfde)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-12 15:31:36 -04:00
Keith Zantow
dde5d349b1
fix: more robust go main version extraction (#2767)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2024-04-11 11:58:51 -04:00
anchore-actions-token-generator[bot]
a5d77b9263
chore(deps): update tools to latest versions (#2768)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-04-11 11:53:55 -04:00
Laurent Goderre
c9aab4863b
fix: binary character in java version (#2766)
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2024-04-11 10:32:24 -04:00
anchore-actions-token-generator[bot]
af1a065d2a
chore(deps): update tools to latest versions (#2760)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-04-09 12:03:12 -04:00
dependabot[bot]
88cef1e05c
chore(deps): bump modernc.org/sqlite from 1.29.5 to 1.29.6 (#2761)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.5 to 1.29.6.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.5...v1.29.6)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-09 12:02:56 -04:00
dependabot[bot]
870d97ca5a
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.6 to 6.5.8 (#2754)
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.6 to 6.5.8.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.6...v6.5.8)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 12:19:45 -04:00
dependabot[bot]
e681bc4780
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#2755)
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.2...v0.5.3)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 12:19:32 -04:00