Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00

Author	SHA1	Message	Date
dependabot[bot]	e2a9d891b2	chore(deps): bump github.com/docker/docker (#2698 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.3+incompatible to 25.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.3...v25.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-07 13:00:14 -05:00
dependabot[bot]	5b09c154bb	chore(deps): bump modernc.org/sqlite from 1.29.2 to 1.29.3 (#2699 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.2 to 1.29.3. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.2...v1.29.3) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-07 13:00:02 -05:00
dependabot[bot]	1b121ac3f4	chore(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 (#2689 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-06 14:25:56 -05:00
dependabot[bot]	e214645394	chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#2695 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.1 to 0.10.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-06 14:24:46 -05:00
dependabot[bot]	5bd1cd5c13	chore(deps): bump golang.org/x/mod from 0.15.0 to 0.16.0 (#2690 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/mod/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-05 10:15:18 -05:00
dependabot[bot]	fe4f17286f	chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2684 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-01 13:51:18 -05:00
Christopher Angelo Phillips	4d0dd02d5a	chore: update stereoscope (#2683 ) * chore: update stereoscope to account for traversal bug fix Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2024-02-29 13:32:18 -05:00
Alex Goodman	48e5672a87	Consider filesystem types for mount points when ignoring system paths (#2675 ) * consider fs types for mount points when ignoring system paths Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-02-28 15:37:17 -05:00
Keith Zantow	a978966cad	feat: add `--from` flag, refactor source providers (#2610 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2024-02-27 16:44:37 -05:00
dependabot[bot]	928511ea0f	chore(deps): bump modernc.org/sqlite from 1.29.1 to 1.29.2 (#2671 )	2024-02-26 10:57:06 -05:00
anchore-actions-token-generator[bot]	8260bce057	chore(deps): update stereoscope to 6171ee21e1d584f6bde910f354d126c9cd70deaa (#2655 )	2024-02-17 10:22:56 -05:00
dependabot[bot]	a7da2270c7	chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 (#2640 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.0 to 1.29.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.0...v1.29.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-14 09:20:54 -05:00
dependabot[bot]	25d3c06962	chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 (#2629 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.0 to 1.5.2. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.5.0...v1.5.2) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-13 11:23:35 -05:00
dependabot[bot]	79b71be0ee	chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 (#2630 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.28.0 to 1.29.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.28.0...v1.29.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-13 11:23:22 -05:00
dependabot[bot]	e72dec8e9e	chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 (#2607 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.21.0. - [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-12 14:31:44 -05:00
dependabot[bot]	3398e72066	chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 (#2625 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.8 to 1.5.0. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.8...v1.5.0) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-12 14:31:31 -05:00
Keith Zantow	d26a5c4d30	fix: ensure version output to stdout (#2621 )	2024-02-09 20:59:25 +00:00
anchore-actions-token-generator[bot]	737c4e44c5	chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 (#2617 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2024-02-09 14:06:28 -05:00
dependabot[bot]	da31eed637	chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (#2602 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-07 11:31:49 -05:00
dependabot[bot]	704155eb22	chore(deps): bump github.com/docker/docker (#2601 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-07 11:31:41 -05:00
anchore-actions-token-generator[bot]	91d7a8a992	chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c (#2589 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>	2024-02-05 10:27:12 -05:00
dependabot[bot]	e813a427b9	chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#2591 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.0 to 0.5.2. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.2) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-05 10:26:39 -05:00
Laurent Goderre	d7b9cc70b0	Add Erlang OTP Application cataloger (#2403 ) * Add cataloger for Erlang OTP applications Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * Add OTP Package type and Purl for ErLang Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> * remove erlang OTP metadata type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use OTP purl type Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore otp fixture and adjust tests for dir-only results Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Laurent Goderre <laurent.goderre@docker.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-02-02 13:40:18 -05:00
anchore-actions-token-generator[bot]	4fe50f4169	chore(deps): update stereoscope to 37291e81936d2b43b3cef56667a741ef715fbfe4 (#2583 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>	2024-02-02 10:27:26 -05:00
dependabot[bot]	78d362f91a	chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1 to 0.18.0 (#2584 ) Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles) from 0.17.1 to 0.18.0. - [Release notes](https://github.com/charmbracelet/bubbles/releases) - [Commits](https://github.com/charmbracelet/bubbles/compare/v0.17.1...v0.18.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/bubbles dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-02 10:27:09 -05:00
dependabot[bot]	3ac7e43e3e	chore(deps): bump github.com/docker/docker (#2580 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-01 10:26:25 -05:00
anchore-actions-token-generator[bot]	216e211dc8	chore(deps): update stereoscope to db7a4bedaba6ad93becf22ce794f306dfb07fcb9 (#2577 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>	2024-02-01 08:32:13 +00:00
William Murphy	bbddac1f9d	Fix attest with --key (#2551 ) Fix passing "--key" to the attest command. Additionally, pull in an update to the clio CLI library to permit unit testing that flags and env vars are parsed to the correct field on command options structs. This testing strategy was needed here because testing attestation in an end to end test requires a prohibitive amount of setup. --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Will Murphy <will.murphy@anchore.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-31 16:39:17 -05:00
Alex Goodman	bbe7fa180a	bump archiver and stereoscope (#2570 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-31 11:24:33 -05:00
dependabot[bot]	d4f31d6a3e	chore(deps): bump github.com/google/go-containerregistry (#2561 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-30 13:15:13 -05:00
dependabot[bot]	bd4bcc4e89	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#2562 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.3...v6.5.4) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-30 13:15:06 -05:00
dependabot[bot]	b4f565a620	chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0 to 0.3.0 (#2556 ) Bumps [github.com/sassoftware/go-rpmutils](https://github.com/sassoftware/go-rpmutils) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/sassoftware/go-rpmutils/releases) - [Commits](https://github.com/sassoftware/go-rpmutils/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: github.com/sassoftware/go-rpmutils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-29 12:32:37 -05:00
dependabot[bot]	0bb94099b0	chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#2538 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-24 10:11:33 -05:00
dependabot[bot]	97d0108bd5	chore(deps): bump github.com/docker/docker (#2537 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.0+incompatible to 25.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-24 10:11:24 -05:00
dependabot[bot]	935b885ba2	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#2532 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.12 to 0.5.0. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-23 10:13:51 -05:00
William Murphy	c6ce1de928	make AllLocations accept a context (#2518 ) The previous implementation would leak a goroutine if the caller of AllLocations stopped iterating early. Now, accept a context so that the caller can cancel the AllLocations iterator rather than leak the goroutine. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2024-01-22 11:05:59 -05:00
anchore-actions-token-generator[bot]	969b5f1764	chore(deps): update stereoscope to eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2024-01-19 10:25:31 -05:00
dependabot[bot]	1b6c2470b0	chore(deps): bump github.com/docker/docker (#2512 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-19 10:04:07 -05:00
dependabot[bot]	42dd04699f	chore(deps): bump github.com/google/go-containerregistry (#2507 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-18 09:44:45 -05:00
dependabot[bot]	fe271e89f6	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2502 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-17 10:07:57 -05:00
dependabot[bot]	6f4fb61a1c	chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2501 ) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-17 10:08:51 +00:00
Alex Goodman	313d9212b6	Add cataloger list command (#2366 ) * add cataloger list command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * chore: tidy go mod Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2024-01-16 09:41:58 -05:00
dependabot[bot]	41601e60ca	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2494 ) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-15 14:40:33 -05:00
dependabot[bot]	75fdb9e623	chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1 to 0.17.1 (#2475 )	2024-01-10 16:13:59 +00:00
dependabot[bot]	c209d03fe8	chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.2 (#2476 )	2024-01-10 15:58:09 +00:00
dependabot[bot]	1af68683d0	chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 (#2482 )	2024-01-10 15:49:18 +00:00
Christopher Angelo Phillips	7182f5b519	Upgrade binary test fixtures management (#2444 ) * test: strip fixtures of any execution permissions Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * chore: add lint check for large files Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * add helper script to capture binary snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * chore: update scripts and add new dir output for snippets Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update erlang test to new generated format Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update memcached to new generator pattern Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update openjdk to named version Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: move openjdk lts to versioned folder Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: rename unversioned java to versioned folders Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: migrate bash fixture to new snippet workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update script to size 600 bytes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update go classifier to new snippet workflow Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: move haproxy new new snippet Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: add flatter haproxy example Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: update tests to new pattern Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: final version of snippet script Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * [wip] download bin helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add manager for binary cataloger test fixtures Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add remaining binary cataloger patterns and snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * adjust gitignore to be more permissive to snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add rust darwin snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * skip tests that are missing full binaries Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tests for binary test fixture manager Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * highlight rows that do not have binaries or snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump fixture limit to 1K (found exceptions when adding snippets) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add redis and postgres snippets Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * improve formating of fixture listing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2024-01-05 21:40:03 +00:00
anchore-actions-token-generator[bot]	04e8c96822	chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 (#2452 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-12-22 09:36:13 -05:00
anchore-actions-token-generator[bot]	56a1ab54d2	chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-12-18 06:43:24 -05:00
dependabot[bot]	b83cc8485a	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413 )	2023-12-14 17:18:37 -05:00
dependabot[bot]	51831d303c	chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.27.0 to 1.28.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-14 12:38:55 -05:00
dependabot[bot]	67dbd1fe4c	chore(deps): bump github.com/charmbracelet/bubbletea (#2424 ) Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0. - [Release notes](https://github.com/charmbracelet/bubbletea/releases) - [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/bubbletea dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 12:21:22 -05:00
dependabot[bot]	402227f0b3	chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 11:45:04 -05:00
dependabot[bot]	b9462db59e	chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.7 to 1.4.8. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-11 12:37:20 -05:00
dependabot[bot]	bfad9659a8	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.1 to 5.11.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-11 08:58:26 -05:00
William Murphy	13758260dd	fix: bump fangs for ptr summarize fix (#2387 ) Previously, pointers to primitive types in config summarization could be printed literally (like "0x123aefef"). Pull in fangs to get the fix for this. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-12-01 14:37:42 +00:00
Alex Goodman	4adfbeb5f0	Generalize UI events for cataloging tasks (#2369 ) * generalize ui events for cataloging tasks Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * moderate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename cataloger task progress object Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * migrate cataloger task fn to bus helper Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-30 16:25:50 +00:00
dependabot[bot]	e8119acf93	chore(deps): bump github.com/google/go-containerregistry (#2377 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-30 09:24:25 -05:00
dependabot[bot]	5d44e49d2f	chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#2361 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:22:21 -05:00
dependabot[bot]	5dd3b127b0	chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#2362 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.0 to 5.10.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 10:21:59 -05:00
Alex Goodman	1676934c63	Add "pretty" json configuration and change default behavior to be space-efficient (#2275 ) * expose underlying format options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove escape html options and address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * incorporate PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]	7cfb5f630a	chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips	ba80e490c2	feat: allow for stdout to be buffered on each command (#2335 ) * feat: add preRun func to version to restore stdout Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * test: add test to capture version in output Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * change stdout buffering to log to be opt-in per command Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-11-17 14:14:13 -05:00
Keith Zantow	1c787f436f	fix: prevent writing non-report output to stdout (#2324 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-11-16 17:45:25 -05:00
dependabot[bot]	58f310c390	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#2310 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.11 to 0.4.12. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 08:06:50 -08:00
dependabot[bot]	a383239217	chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 (#2311 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 08:06:19 -08:00
dependabot[bot]	220655743b	chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#2293 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-08 10:23:40 -08:00
dependabot[bot]	a4b895d31f	chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 (#2292 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/mod/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-06 14:12:40 +00:00
dependabot[bot]	a6d73e5659	chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 (#2279 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.26.0 to 1.27.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-01 10:35:20 -04:00
dependabot[bot]	f442586ec9	chore(deps): bump github.com/docker/docker (#2263 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-30 09:55:19 -04:00
anchore-actions-token-generator[bot]	12877ed863	chore(deps): update stereoscope to 5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-10-30 09:51:37 -04:00
dependabot[bot]	58850d3258	chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2262 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-27 09:55:04 -04:00
dependabot[bot]	ae27dcdfa9	chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#2256 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.9.0 to 5.10.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-25 10:45:27 -04:00
Alex Goodman	7392d607b6	Split the sbom.Format interface by encode and decode use cases (#2186 ) * split up sbom.Format into encode and decode ops Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update cmd pkg to inject format configs Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump cyclonedx schema to 1.5 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * redact image metadata from github encoder tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add more testing around format decoder identify Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test case for format version options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix CLI test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] - review comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep encoder creation out of post load function Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * keep decider and identify functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add a few more doc comments Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove format encoder default function helpers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * address PR feedback Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * move back to streaming based decode functions Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * with common convention for encoder constructors Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests and allow for encoders to be created from cli options Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * buffer reads from stdin to support seeking Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-25 13:43:06 +00:00
dependabot[bot]	5a4778093d	chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 (#2248 ) Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 10:42:17 -04:00
Alex Goodman	f3ad8cf250	bump clio to get stderr reporting fix (#2232 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-10-16 12:47:48 -04:00
dependabot[bot]	1fe0921a5b	chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#2222 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 11:10:56 -04:00
dependabot[bot]	7732cd3b48	chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#2214 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 13:52:07 -04:00
dependabot[bot]	0302fc5b48	chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2215 ) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 09:53:00 -04:00
dependabot[bot]	b899536814	chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#2216 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-11 09:52:42 -04:00
dependabot[bot]	87e57aa925	chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible (#2193 ) * chore(deps): bump github.com/docker/distribution Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update reference import Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-10-06 12:54:19 -04:00
dependabot[bot]	b23879fd37	chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-06 12:01:38 -04:00
dependabot[bot]	127fac8ca9	chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.6 to 1.4.7. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-05 13:02:30 -04:00
dependabot[bot]	37bb95f5c9	chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-05 11:50:05 -04:00
dependabot[bot]	86005d1593	chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2189 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.25.0 to 1.26.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-02 12:34:59 -04:00
dependabot[bot]	45625dae94	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#2191 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.10 to 0.4.11. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-02 12:33:42 -04:00
dependabot[bot]	7b1af8721d	chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 (#2180 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.5 to 1.4.6. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-27 15:04:52 -04:00
dependabot[bot]	534a5f54b0	chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#2174 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.5 to 1.10.0. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-25 15:07:19 -04:00
William Murphy	8a414b5366	chore: bump stereoscope to fix data race in UI code (#2173 ) Pulls in a fix in go-progress that prevents a race in the UI code when scanning large images. Signed-off-by: Will Murphy <will.murphy@anchore.com>	2023-09-25 10:29:56 -04:00
Đỗ Trọng Hải	b7fa75d7f8	chore: switch to stdlib's slices pkg (#2148 ) * chore: switch to stdlib's slices pkg Signed-off-by: hainenber <dotronghai96@gmail.com> * fix linting Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: hainenber <dotronghai96@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-20 18:38:37 +00:00
Keith Zantow	7d0d3e1977	fix: prevent errors from clobbering terminal (#2161 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-09-20 14:35:41 -04:00
Alex Goodman	58f8c852df	Require ordering of relationships when comparing parser output (#2160 ) * require ordering of relationships when comparing parser output Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * [wip] fix cataloger test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * change method of relationship sort to simple string dump Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-20 17:39:18 +00:00
dependabot[bot]	ba00f3328d	chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 (#2158 ) Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) from 2.1.2 to 2.2.0. - [Release notes](https://github.com/github/go-spdx/releases) - [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0) --- updated-dependencies: - dependency-name: github.com/github/go-spdx/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-20 10:12:33 -04:00
Christopher Angelo Phillips	650f71cbe0	chore: update to latest stereoscope (#2151 ) * chore: update to latest stereoscope Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * chore: go mod tidy Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-19 15:22:10 -04:00
anchore-actions-token-generator[bot]	51243aa65f	chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 (#2149 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-19 09:07:15 -04:00
Shane Dell	23e3de75e3	Add containerd support (#1793 ) * [wip] add containerd UI handlers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * Add containerd support - Add UI handlers (done by @wagoodman) - Add containerd types and wrappers (done by @wagoodman) - Add flag for specifying containerd address Closes #201 Signed-off-by: Shane Dell <shanedell100@gmail.com> * Fix lint Signed-off-by: Shane Dell <shanedell100@gmail.com> * add containerd ui handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add containerd scheme to readme Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test for scheme detection Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Shane Dell <shanedell100@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips	3e16c6813f	feat: add cyclonedx schema version selection (#2123 ) --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-13 14:50:22 -04:00
dependabot[bot]	4a2fc226dd	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (#2125 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.1 to 5.9.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-13 10:33:47 -04:00
anchore-actions-token-generator[bot]	3a45653cfa	chore(deps): update stereoscope to 2fc2d6c2503b6e2212e04c64ceffd57c3395ae70 (#2117 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-12 11:49:20 -04:00
anchore-actions-token-generator[bot]	e3c525b4b8	chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (#2109 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-09-08 14:10:00 -04:00
Christopher Angelo Phillips	3842d28e90	fix: update codeql-analysis for go 1.21 (#2108 ) * fix: update codeql-analysis for go 1.21 Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * nit: remove comment Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-07 15:54:42 -04:00
dlorenc	9f22ab6137	Bump the golang.org/x/exp dependency and fix a build breakage. (#2088 ) * Bump the golang.org/x/exp dependency and fix a build breakage. --------- Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-09-07 14:55:52 -04:00
dependabot[bot]	212aa9b6cf	chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106 ) Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.7 to 0.4.10. - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10) --- updated-dependencies: - dependency-name: github.com/gkampitakis/go-snaps dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:56:41 -04:00
dependabot[bot]	9caf51596e	chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 (#2096 ) Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.4 to 1.4.5. - [Release notes](https://github.com/saferwall/pe/releases) - [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md) - [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5) --- updated-dependencies: - dependency-name: github.com/saferwall/pe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:29:06 -04:00
dependabot[bot]	7645d5759d	chore(deps): bump github.com/docker/docker (#2098 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:27:21 -04:00
dependabot[bot]	ce32f8bb74	chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 (#2099 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-07 09:26:56 -04:00
Alex Goodman	b454160549	tidy gomod and gitignore (#2082 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-31 14:50:32 +00:00
Keith Zantow	2b7a9d0be3	chore: update CLI to CLIO (#2001 ) Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 15:52:26 -04:00
5p2O5pe25ouT	b03e9c6868	Add registry certificate verification support (#1734 ) * add registry certificate verification support * replace stereoscope version * modify go.mod * pull in stereoscope update Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * rename registry cert options, add docs, and add test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update to account for changes in anchore/stereoscope#195 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix cli tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: lishituo <24578666@qq.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-29 11:45:20 -04:00
Sirish Bathina	62f689824c	Detect golang boring crypto and fipsonly modules (#2021 ) * Extending build info to include crypto settings Signed-off-by: Sirish Bathina <sirish@kasten.io> * Use kasten fork for goversion module Signed-off-by: Sirish Bathina <sirish@kasten.io> * go mod tidy Signed-off-by: Sirish Bathina <sirish@kasten.io> * change key to GoCryptoSettings and lint fix Signed-off-by: Sirish Bathina <sirish@kasten.io> * Addressing feedback Signed-off-by: Sirish Bathina <sirish@kasten.io> --------- Signed-off-by: Sirish Bathina <sirish@kasten.io>	2023-08-24 09:49:59 -04:00
dependabot[bot]	a2b389523d	chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053 ) Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0) --- updated-dependencies: - dependency-name: github.com/charmbracelet/lipgloss dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-23 13:41:17 -04:00
Alex Goodman	17d4203bbb	Enable reading non-utf-8 encodings for java pom.xml files (#2047 ) * fix reading non utf8 encodings Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * in cases where we cant tell the encoding use the UTF8 replacement char Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-08-23 10:06:34 -04:00
dependabot[bot]	cf37b17869	chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-22 10:42:19 -04:00
dependabot[bot]	f58425a305	chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.5 to 0.4.0. - [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-21 10:37:11 -04:00
dependabot[bot]	82eafeaf4a	chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008 ) * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 * refactor: update consumer code to use new optional values Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.2 to 1.0.0. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-major ... --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-08-09 17:22:51 -04:00
dependabot[bot]	6bf6f85584	chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 (#2009 ) Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer) from 1.6.1 to 1.7.0. - [Commits](https://github.com/dave/jennifer/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/dave/jennifer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-09 14:46:11 -04:00
dependabot[bot]	2fc65094b7	chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-07 10:34:00 -04:00
dependabot[bot]	d7ff77072a	chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#1998 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.24.0 to 1.25.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-04 14:24:31 -04:00
dependabot[bot]	c150b4e358	chore(deps): bump github.com/google/go-containerregistry (#1993 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.2 to 0.16.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-03 10:53:09 -04:00
Keith Zantow	3f0475efb7	chore: update bubbly to fix hanging (#1990 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-08-02 10:28:35 -04:00
dependabot[bot]	2e376d067f	chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1989 )	2023-08-02 14:16:49 +00:00
anchore-actions-token-generator[bot]	f14742b3f3	chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips	3aae316456	chore: update to latest commit in tools-golang (#1969 ) * chore: update to latest commit in tools-golang --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-27 15:29:22 -04:00
Alex Goodman	063e9da65d	Guess unpinned versions in python requirements.txt (#1966 ) * feat: python requirements.txt parsing inclusive Signed-off-by: manifestori <ori@manifestcyber.com> * refactor: parseVersion Signed-off-by: manifestori <ori@manifestcyber.com> * add python config for optional requirements version constraint resolution Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * allow for python requirements metadata to be optional Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * restore cyclonedx dependency Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: manifestori <ori@manifestcyber.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: manifestori <ori@manifestcyber.com>	2023-07-27 14:26:59 -04:00
dependabot[bot]	bf1102c3f1	chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965 ) Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/vifraa/gopom/releases) - [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: github.com/vifraa/gopom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-27 13:28:42 -04:00
Keith Zantow	9480f10ccd	feat: support top-level SPDX package and graph (#1934 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-07-26 13:54:32 -04:00
dependabot[bot]	1e4d26f526	chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-26 13:34:03 +00:00
anchore-actions-token-generator[bot]	9a73380f29	chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-07-25 10:49:21 -04:00
dependabot[bot]	2e718cf865	chore(deps): bump github.com/docker/docker (#1955 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-25 10:37:16 -04:00
dependabot[bot]	4000a84624	chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-24 11:28:54 -04:00
dependabot[bot]	3f5c601620	chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1949 ) Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.5.3 to 1.5.4. - [Release notes](https://github.com/gookit/color/releases) - [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4) --- updated-dependencies: - dependency-name: github.com/gookit/color dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-21 08:50:47 -04:00
Dan Luhring	8478e0bef7	Add support for parsing .NET assemblies (#1943 ) * Add support for parsing .NET assemblies Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac * Add dll and exe files Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641 * Add PE cataloger to directory catalogers Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849 * Don't set language to dotnet for PEs Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5 * Fix spelling of cataloger in constructor Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941 * Adjust which cases in PE parsing return errors Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff * remove build binary from branch Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2 * Fix failing CLI tests Signed-off-by: Dan Luhring <dluhring@chainguard.dev> --------- Signed-off-by: Dan Luhring <dluhring@chainguard.dev> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-19 15:34:07 -04:00
Alex Goodman	35699f6fdc	remove jotframe UI (#1932 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips	2e7fd031d4	fix: remove indirect dependency of circl v1.1.0 (#1940 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-07-13 12:30:37 -04:00
Alex Goodman	4fc17edd14	implement ui handle waiter (#1930 ) Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-12 13:14:54 -04:00
dependabot[bot]	05a61897f2	chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1928 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.1 to 1.24.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-11 14:01:48 -04:00
dependabot[bot]	8ce88e11fd	chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-06 16:02:44 -04:00
Alex Goodman	f8b832e6c3	Switch UI to bubbletea (#1888 ) * add bubbletea UI Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * swap pipeline to go 1.20.x and add attest guard for cosign binary Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update note in developing.md about the required golang version Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix merge conflict for windows path handling Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * temp test for attest handler Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add addtional test iterations for background reader Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>	2023-07-06 09:00:46 -04:00
dependabot[bot]	e8f7108e6e	chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:06:05 -04:00
dependabot[bot]	023ca1be32	chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-05 11:05:46 -04:00
anchore-actions-token-generator[bot]	791d1f9552	chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]	0d4f19043e	chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-26 13:58:44 -04:00
dependabot[bot]	badb957888	chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-15 14:10:11 -04:00
dependabot[bot]	a1bba36d51	chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.0 to 1.23.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]	c019cd51da	chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-06-14 11:29:39 -04:00
dependabot[bot]	5406d8a366	chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 10:30:19 -04:00
dependabot[bot]	2c5d64ac9e	chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868 ) Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 17:01:19 -04:00
dependabot[bot]	c560ffd811	chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 (#1850 ) * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/spdx/tools-golang/releases) - [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md) - [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/spdx/tools-golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore: update fixtures for spdx with new library changes Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>	2023-06-05 15:01:06 -04:00
dependabot[bot]	d676e5e781	chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:48:18 -04:00
dependabot[bot]	903d29b6f7	chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.22.1 to 1.23.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.1...v1.23.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 10:47:59 -04:00

1 2 3 4 5 ...

508 commits