Mirrors/syft

mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00

Author	SHA1	Message	Date
dependabot[bot]	02bd52728e	chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 (#1758 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.21.2 to 1.22.0. - [Release notes](https://gitlab.com/cznic/sqlite/tags) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.21.2...v1.22.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-26 10:37:49 -04:00
Christopher Angelo Phillips	c038f13d44	chore: go-rpmdb update (#1757 ) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-24 10:34:13 -04:00
dependabot[bot]	8102ad4edc	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706 )	2023-04-24 10:20:12 -04:00
Weston Steimel	ee80349ea0	chore: bump stereoscope to latest version (#1741 ) Resolves reporting of GHSA-hw7c-3rfg-p46j Signed-off-by: Weston Steimel <weston.steimel@anchore.com>	2023-04-18 15:44:03 +00:00
dependabot[bot]	66d9c5637b	chore(deps): bump github.com/docker/docker (#1746 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.3+incompatible to 23.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-18 10:22:41 -04:00
Avi Deitcher	b69259534d	feat: Support scanning license files in golang packages over the network (#1630 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Keith Zantow <kzantow@gmail.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Keith Zantow <kzantow@gmail.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 15:13:29 -04:00
Avi Deitcher	cc731c7b19	Add Linux Kernel cataloger (#1694 ) * add kernel handler Signed-off-by: Avi Deitcher <avi@deitcher.net> * [wip] combine kernel and kernel module cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] combine kernel and kernel module cataloging Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Avi Deitcher <avi@deitcher.net> * rename Kernel package to LinuxKernel package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split kernel and module packages within cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up application configuration with kernel cataloger options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont use references for packages on relationships Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting and tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * kernel cataloger should be resistent to partial failure Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * log upon kernel module metadata missing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for linux kernel cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update integration tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update cli package test counts Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add evidence annotations for kernel packages Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * reduce noise in cli test output Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * missed cli test to reduce noise for Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix package counts Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs with linux kernel cataloging refs Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump json schema with new metadata fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Avi Deitcher <avi@deitcher.net> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: <> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>	2023-04-14 14:33:36 -04:00
dependabot[bot]	a260fb2774	chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-07 15:58:21 -04:00
anchore-actions-token-generator[bot]	f83cae35f2	chore(deps): update stereoscope to e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-04-07 08:48:17 -04:00
dependabot[bot]	da44db92e9	chore(deps): bump github.com/docker/docker (#1715 )	2023-04-06 13:44:51 +00:00
dependabot[bot]	4a499c946e	chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713 )	2023-04-06 13:44:41 +00:00
dependabot[bot]	99c28a94a4	chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714 )	2023-04-06 13:36:16 +00:00
dependabot[bot]	f7ac4e98af	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1716 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-06 09:34:59 -04:00
Keith Zantow	7845381331	chore: update tools-golang to v0.5.0 (#1717 ) Signed-off-by: Keith Zantow <kzantow@gmail.com>	2023-04-05 13:59:52 -04:00
dependabot[bot]	2fa238af7c	chore(deps): bump github.com/docker/docker (#1699 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 10:00:37 -04:00
anchore-actions-token-generator[bot]	81b87dd108	chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (#1693 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-03-23 16:30:08 +00:00
dependabot[bot]	539bc2afcb	chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 (#1692 ) Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/vbatts/go-mtree/releases) - [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md) - [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: github.com/vbatts/go-mtree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-23 11:09:32 -04:00
Avi Deitcher	9fd532246a	feat: scan local go mod cache for licenses of golang packages (#1645 ) Signed-off-by: Avi Deitcher <avi@deitcher.net> Co-authored-by: Keith Zantow <kzantow@gmail.com>	2023-03-23 10:38:15 -04:00
dependabot[bot]	168c5aed51	chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1689 )	2023-03-22 14:26:58 -04:00
anchore-actions-token-generator[bot]	7998520848	chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (#1681 )	2023-03-18 10:32:39 -04:00
dependabot[bot]	1899eb50d0	chore(deps): bump github.com/google/go-containerregistry (#1672 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-16 12:07:47 -04:00
dependabot[bot]	f43953d225	chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655 )	2023-03-06 15:49:34 +00:00
dependabot[bot]	eea1b48cbb	chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653 )	2023-03-06 15:38:34 +00:00
dependabot[bot]	a063cf300b	chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 (#1654 )	2023-03-06 15:21:35 +00:00
dependabot[bot]	b73903519c	chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656 )	2023-03-06 15:20:43 +00:00
Keith Zantow	5f90d03718	fix: possible race condition (#1639 )	2023-03-01 15:35:01 -05:00
dependabot[bot]	d23b4d4cbd	chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1625 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 13:14:20 -05:00
dependabot[bot]	284bae9d5f	chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1609 ) Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/spf13/afero/releases) - [Commits](https://github.com/spf13/afero/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/spf13/afero dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-24 15:07:52 -05:00
anchore-actions-token-generator[bot]	aa151da5fe	Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>	2023-02-22 19:08:35 +00:00
anchore-actions-token-generator[bot]	bb52a25c8a	Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602 ) Signed-off-by: GitHub <noreply@github.com>	2023-02-22 08:49:04 +00:00
anchore-actions-token-generator[bot]	2642a36161	Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>	2023-02-16 10:22:43 -05:00
dependabot[bot]	1981b249f1	chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-15 12:54:55 -05:00
dependabot[bot]	3013c8b691	chore(deps): bump github.com/docker/docker (#1563 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.0+incompatible to 23.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-10 10:43:19 -05:00
Alex Goodman	988041ba6d	Speed up cataloging by replacing globs searching with index lookups (#1510 ) * replace raw globs with index equivelent operations Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add cataloger test for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix import sorting for binary cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting for mock resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * separate portage cataloger parser impl from cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance cataloger pkgtest utils to account for resolver responses Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for alpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for apkdb cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dpkg cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for cpp cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dart cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for dotnet cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for elixir cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for erlang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for golang cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for haskell cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for java cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for javascript cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for php cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for portage cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for python cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rpm cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for rust cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for sbom cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for swift cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * allow generic catloger to run all mimetype searches at once Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove stutter from php and javascript cataloger constructors Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests for generic.Search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add exceptions for java archive git ignore entries Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * enhance basename and extension resolver methods to be variadic Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * dont allow * prefix on extension searches Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add glob-based cataloger tests for ruby cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove unnecessary string casting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * incorporate surfacing of leaf link resolitions from stereoscope results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] switch to stereoscope file metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip + failing] revert to old globs but keep new resolvers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * index files, links, and dirs within the directory resolver Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix several resolver bugs and inconsistencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move format testutils to internal package Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update syft json to account for file type string normalization Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * split up directory resolver from indexing Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update docs to include details about searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] bump stereoscope to development version Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust symlinks fixture to be fixed to digest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix all-locations resolver tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix test fixture reference Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * rename file.Type Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix PR comment to exclude extra * Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to dev version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * bump to final version of stereoscope Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * move observing resolver to pkgtest Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>	2023-02-09 16:19:47 +00:00
dependabot[bot]	08804842fa	chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-09 09:01:56 -05:00
dependabot[bot]	48528efff3	chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 10:07:37 -05:00
dependabot[bot]	8d856a7c7b	chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551 ) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-08 09:23:31 -05:00
anchore-actions-token-generator[bot]	95201840d2	Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com>	2023-02-07 10:05:18 -05:00
dependabot[bot]	ad8604c223	chore(deps): bump github.com/docker/docker (#1531 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.23+incompatible to 23.0.0+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.23...v23.0.0) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-02 10:53:22 -05:00
Keith Zantow	1530ef354f	chore: update spdx/tools-golang to v0.5.0-rc1 (#1503 )	2023-01-31 11:53:16 -05:00
dependabot[bot]	21ba5d0806	chore(deps): bump github.com/google/go-containerregistry (#1513 ) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.1 to 0.13.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.12.1...v0.13.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 13:41:43 +00:00
dependabot[bot]	3269bc98d4	chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505 ) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/mod/releases) - [Commits](https://github.com/golang/mod/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 15:01:25 -05:00
dependabot[bot]	7f3382f7eb	chore(deps): bump github.com/docker/docker (#1506 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.20+incompatible to 20.10.23+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.20...v20.10.23) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:58:39 -05:00
dependabot[bot]	65e5ff63f0	chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507 ) Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/Masterminds/sprig/releases) - [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/sprig/compare/v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: github.com/Masterminds/sprig/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:48:22 -05:00
dependabot[bot]	d287c22b69	chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508 ) Bumps [github.com/dustin/go-humanize](https://github.com/dustin/go-humanize) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/dustin/go-humanize/releases) - [Commits](https://github.com/dustin/go-humanize/compare/v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/dustin/go-humanize dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-23 14:48:00 -05:00
Luca Comellini	e8be93a8eb	Bump github.com/spdx/tools-golang to v0.4.0 (#1450 ) Signed-off-by: Luca Comellini <luca.com@gmail.com>	2023-01-20 17:00:21 -05:00
dependabot[bot]	285112fe29	chore(deps): bump github.com/facebookincubator/nvdtools (#1499 ) Bumps [github.com/facebookincubator/nvdtools](https://github.com/facebookincubator/nvdtools) from 0.1.4 to 0.1.5. - [Release notes](https://github.com/facebookincubator/nvdtools/releases) - [Commits](https://github.com/facebookincubator/nvdtools/compare/v0.1.4...v0.1.5) --- updated-dependencies: - dependency-name: github.com/facebookincubator/nvdtools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 14:02:47 +00:00
dependabot[bot]	f29bea5921	chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498 ) Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.3.2 to 0.3.5. - [Release notes](https://github.com/jinzhu/copier/releases) - [Commits](https://github.com/jinzhu/copier/compare/v0.3.2...v0.3.5) --- updated-dependencies: - dependency-name: github.com/jinzhu/copier dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:51:20 -05:00
dependabot[bot]	39cdbc42aa	chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497 ) Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) from 0.5.0 to 0.5.2. - [Release notes](https://github.com/vbatts/go-mtree/releases) - [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md) - [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.0...v0.5.2) --- updated-dependencies: - dependency-name: github.com/vbatts/go-mtree dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:50:59 -05:00
dependabot[bot]	27b62ce833	chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496 ) Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.4.2 to 1.5.2. - [Release notes](https://github.com/gookit/color/releases) - [Commits](https://github.com/gookit/color/compare/v1.4.2...v1.5.2) --- updated-dependencies: - dependency-name: github.com/gookit/color dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-20 08:50:37 -05:00

1 2 3 4 5

223 commits