Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-09-20 14:11:54 +00:00
Code Issues Projects Releases Packages Wiki Activity
2186 commits 71 branches 208 tags 119 MiB
Commit graph

469 commits

Author SHA1 Message Date
Christopher Angelo Phillips
e100776f22
chore: update anchore/packageurl-go to use latest commits (#2746) 
chore: update packageurl-go dependency to use latest commits
chore: go mod tidy
unit: update + -> %2B
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2024-04-04 10:33:51 -04:00
Laurent Goderre
e0233625cb
feat: cataloger for PHP Pecl and PEAR packages (#2604) 
Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
 2024-04-02 11:55:56 -04:00
dependabot[bot]
e0f5b5a787
chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#2743) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.11.0 to 5.12.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.11.0...v5.12.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-01 14:14:07 -04:00
dependabot[bot]
16edb40c72
chore(deps): bump github.com/distribution/reference from 0.5.0 to 0.6.0 (#2738) 
Bumps [github.com/distribution/reference](https://github.com/distribution/reference) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/distribution/reference/releases)
- [Commits](https://github.com/distribution/reference/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/distribution/reference
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-28 12:22:00 -04:00
dependabot[bot]
57e9cc52a4
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2731) 
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 11:52:50 -04:00
dependabot[bot]
fe3704d4a9
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.5 to 6.5.6 (#2734) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.5...v6.5.6)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 11:50:07 -04:00
dependabot[bot]
c83556e7b6
chore(deps): bump github.com/docker/docker (#2730) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.4+incompatible to 26.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.4...v26.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-21 12:14:32 -04:00
dependabot[bot]
96d2b4a368
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.4 to 6.5.5 (#2718) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.4 to 6.5.5.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.4...v6.5.5)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-15 10:33:11 -04:00
dependabot[bot]
807de976c4
chore(deps): bump github.com/google/go-containerregistry (#2719) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.0 to 0.19.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-15 10:32:51 -04:00
dependabot[bot]
7ab6fc3fe4
chore(deps): bump modernc.org/sqlite from 1.29.3 to 1.29.5 (#2710) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.3 to 1.29.5.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.3...v1.29.5)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-14 09:58:56 -04:00
dependabot[bot]
4ca79c7626
chore(deps): bump github.com/knqyf263/go-rpmdb (#2701) 
Bumps [github.com/knqyf263/go-rpmdb](https://github.com/knqyf263/go-rpmdb) from 0.0.0-20230301153543-ba94b245509b to 0.1.0.
- [Commits](https://github.com/knqyf263/go-rpmdb/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: github.com/knqyf263/go-rpmdb
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-11 11:48:05 -04:00
dependabot[bot]
e2a9d891b2
chore(deps): bump github.com/docker/docker (#2698) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.3+incompatible to 25.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.3...v25.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 13:00:14 -05:00
dependabot[bot]
5b09c154bb
chore(deps): bump modernc.org/sqlite from 1.29.2 to 1.29.3 (#2699) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.2 to 1.29.3.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.2...v1.29.3)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 13:00:02 -05:00
dependabot[bot]
1b121ac3f4
chore(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 (#2689) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-06 14:25:56 -05:00
dependabot[bot]
e214645394
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.1 to 0.10.0 (#2695) 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.1 to 0.10.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.1...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-06 14:24:46 -05:00
dependabot[bot]
5bd1cd5c13
chore(deps): bump golang.org/x/mod from 0.15.0 to 0.16.0 (#2690) 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/mod/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 10:15:18 -05:00
dependabot[bot]
fe4f17286f
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2684) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-01 13:51:18 -05:00
Christopher Angelo Phillips
4d0dd02d5a
chore: update stereoscope (#2683) 
* chore: update stereoscope to account for traversal bug fix

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
 2024-02-29 13:32:18 -05:00
Alex Goodman
48e5672a87
Consider filesystem types for mount points when ignoring system paths (#2675) 
* consider fs types for mount points when ignoring system paths

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* address feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-02-28 15:37:17 -05:00
Keith Zantow
a978966cad
feat: add --from flag, refactor source providers (#2610) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2024-02-27 16:44:37 -05:00
dependabot[bot]
928511ea0f
chore(deps): bump modernc.org/sqlite from 1.29.1 to 1.29.2 (#2671) 2024-02-26 10:57:06 -05:00
anchore-actions-token-generator[bot]
8260bce057
chore(deps): update stereoscope to 6171ee21e1d584f6bde910f354d126c9cd70deaa (#2655) 2024-02-17 10:22:56 -05:00
dependabot[bot]
a7da2270c7
chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 (#2640) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.29.0 to 1.29.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.29.0...v1.29.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-14 09:20:54 -05:00
dependabot[bot]
25d3c06962
chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 (#2629) 
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-13 11:23:35 -05:00
dependabot[bot]
79b71be0ee
chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 (#2630) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.28.0 to 1.29.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.28.0...v1.29.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-13 11:23:22 -05:00
dependabot[bot]
e72dec8e9e
chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 (#2607) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-12 14:31:44 -05:00
dependabot[bot]
3398e72066
chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 (#2625) 
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.8 to 1.5.0.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.8...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-12 14:31:31 -05:00
Keith Zantow
d26a5c4d30
fix: ensure version output to stdout (#2621) 2024-02-09 20:59:25 +00:00
anchore-actions-token-generator[bot]
737c4e44c5
chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 (#2617) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2024-02-09 14:06:28 -05:00
dependabot[bot]
da31eed637
chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (#2602) 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 11:31:49 -05:00
dependabot[bot]
704155eb22
chore(deps): bump github.com/docker/docker (#2601) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.2...v25.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 11:31:41 -05:00
anchore-actions-token-generator[bot]
91d7a8a992
chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c (#2589) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
 2024-02-05 10:27:12 -05:00
dependabot[bot]
e813a427b9
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#2591) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.0...v0.5.2)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-05 10:26:39 -05:00
Laurent Goderre
d7b9cc70b0
Add Erlang OTP Application cataloger (#2403) 
* Add cataloger for Erlang OTP applications

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>

* Add OTP Package type and Purl for ErLang

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>

* remove erlang OTP metadata type

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use OTP purl type

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* restore otp fixture and adjust tests for dir-only results

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-02-02 13:40:18 -05:00
anchore-actions-token-generator[bot]
4fe50f4169
chore(deps): update stereoscope to 37291e81936d2b43b3cef56667a741ef715fbfe4 (#2583) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
 2024-02-02 10:27:26 -05:00
dependabot[bot]
78d362f91a
chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1 to 0.18.0 (#2584) 
Bumps [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles) from 0.17.1 to 0.18.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Commits](https://github.com/charmbracelet/bubbles/compare/v0.17.1...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbles
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-02 10:27:09 -05:00
dependabot[bot]
3ac7e43e3e
chore(deps): bump github.com/docker/docker (#2580) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 10:26:25 -05:00
anchore-actions-token-generator[bot]
216e211dc8
chore(deps): update stereoscope to db7a4bedaba6ad93becf22ce794f306dfb07fcb9 (#2577) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
 2024-02-01 08:32:13 +00:00
William Murphy
bbddac1f9d
Fix attest with --key (#2551) 
Fix passing "--key" to the attest command. Additionally, pull in an update to
the clio CLI library to permit unit testing that flags and env vars are parsed
to the correct field on command options structs. This testing strategy was
needed here because testing attestation in an end to end test requires a
prohibitive amount of setup.

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-31 16:39:17 -05:00
Alex Goodman
bbe7fa180a
bump archiver and stereoscope (#2570) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-31 11:24:33 -05:00
dependabot[bot]
d4f31d6a3e
chore(deps): bump github.com/google/go-containerregistry (#2561) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-30 13:15:13 -05:00
dependabot[bot]
bd4bcc4e89
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#2562) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.3...v6.5.4)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-30 13:15:06 -05:00
dependabot[bot]
b4f565a620
chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0 to 0.3.0 (#2556) 
Bumps [github.com/sassoftware/go-rpmutils](https://github.com/sassoftware/go-rpmutils) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/sassoftware/go-rpmutils/releases)
- [Commits](https://github.com/sassoftware/go-rpmutils/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: github.com/sassoftware/go-rpmutils
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-29 12:32:37 -05:00
dependabot[bot]
0bb94099b0
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#2538) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 10:11:33 -05:00
dependabot[bot]
97d0108bd5
chore(deps): bump github.com/docker/docker (#2537) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.0+incompatible to 25.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.0...v25.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 10:11:24 -05:00
dependabot[bot]
935b885ba2
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#2532) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.12 to 0.5.0.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.12...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-23 10:13:51 -05:00
William Murphy
c6ce1de928
make AllLocations accept a context (#2518) 
The previous implementation would leak a goroutine if the caller of
AllLocations stopped iterating early. Now, accept a context so that the
caller can cancel the AllLocations iterator rather than leak the
goroutine.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2024-01-22 11:05:59 -05:00
anchore-actions-token-generator[bot]
969b5f1764
chore(deps): update stereoscope to eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2024-01-19 10:25:31 -05:00
dependabot[bot]
1b6c2470b0
chore(deps): bump github.com/docker/docker (#2512) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v25.0.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-19 10:04:07 -05:00
dependabot[bot]
42dd04699f
chore(deps): bump github.com/google/go-containerregistry (#2507) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-18 09:44:45 -05:00
dependabot[bot]
fe271e89f6
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2502) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-17 10:07:57 -05:00
dependabot[bot]
6f4fb61a1c
chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2501) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-17 10:08:51 +00:00
Alex Goodman
313d9212b6
Add cataloger list command (#2366) 
* add cataloger list command

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* chore: tidy go mod

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2024-01-16 09:41:58 -05:00
dependabot[bot]
41601e60ca
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2494) 
Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](https://github.com/jedib0t/go-pretty/compare/v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-15 14:40:33 -05:00
dependabot[bot]
75fdb9e623
chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1 to 0.17.1 (#2475) 2024-01-10 16:13:59 +00:00
dependabot[bot]
c209d03fe8
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.2 (#2476) 2024-01-10 15:58:09 +00:00
dependabot[bot]
1af68683d0
chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 (#2482) 2024-01-10 15:49:18 +00:00
Christopher Angelo Phillips
7182f5b519
Upgrade binary test fixtures management (#2444) 
* test: strip fixtures of any execution permissions

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* chore: add lint check for large files

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* add helper script to capture binary snippets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* chore: update scripts and add new dir output for snippets

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update erlang test to new generated format

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update memcached to new generator pattern

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update openjdk to named version

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: move openjdk lts to versioned folder

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: rename unversioned java to versioned folders

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: migrate bash fixture to new snippet workflow

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update script to size 600 bytes

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update go classifier to new snippet workflow

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: move haproxy new new snippet

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: add flatter haproxy example

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: update tests to new pattern

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: final version of snippet script

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* [wip] download bin helpers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add manager for binary cataloger test fixtures

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add remaining binary cataloger patterns and snippets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* adjust gitignore to be more permissive to snippets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add rust darwin snippets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* skip tests that are missing full binaries

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* address PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add tests for binary test fixture manager

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* highlight rows that do not have binaries or snippets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump fixture limit to 1K (found exceptions when adding snippets)

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add redis and postgres snippets

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* improve formating of fixture listing

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2024-01-05 21:40:03 +00:00
anchore-actions-token-generator[bot]
04e8c96822
chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 (#2452) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-12-22 09:36:13 -05:00
anchore-actions-token-generator[bot]
56a1ab54d2
chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-12-18 06:43:24 -05:00
dependabot[bot]
b83cc8485a
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413) 2023-12-14 17:18:37 -05:00
dependabot[bot]
51831d303c
chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-14 12:38:55 -05:00
dependabot[bot]
67dbd1fe4c
chore(deps): bump github.com/charmbracelet/bubbletea (#2424) 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 12:21:22 -05:00
dependabot[bot]
402227f0b3
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-13 11:45:04 -05:00
dependabot[bot]
b9462db59e
chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415) 
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.7 to 1.4.8.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-11 12:37:20 -05:00
dependabot[bot]
bfad9659a8
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.1 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-11 08:58:26 -05:00
William Murphy
13758260dd
fix: bump fangs for ptr summarize fix (#2387) 
Previously, pointers to primitive types in config summarization could be
printed literally (like "0x123aefef"). Pull in fangs to get the fix for
this.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-12-01 14:37:42 +00:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks (#2369) 
* generalize ui events for cataloging tasks

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* moderate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* rename cataloger task progress object

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* migrate cataloger task fn to bus helper

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-30 16:25:50 +00:00
dependabot[bot]
e8119acf93
chore(deps): bump github.com/google/go-containerregistry (#2377) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-30 09:24:25 -05:00
dependabot[bot]
5d44e49d2f
chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 (#2361) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 10:22:21 -05:00
dependabot[bot]
5dd3b127b0
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#2362) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.10.0 to 5.10.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 10:21:59 -05:00
Alex Goodman
1676934c63
Add "pretty" json configuration and change default behavior to be space-efficient (#2275) 
* expose underlying format options

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove escape html options and address PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* incorporate PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]
7cfb5f630a
chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
 2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips
ba80e490c2
feat: allow for stdout to be buffered on each command (#2335) 
* feat: add preRun func to version to restore stdout

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* test: add test to capture version in output

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* change stdout buffering to log to be opt-in per command

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-11-17 14:14:13 -05:00
Keith Zantow
1c787f436f
fix: prevent writing non-report output to stdout (#2324) 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
 2023-11-16 17:45:25 -05:00
dependabot[bot]
58f310c390
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#2310) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.11 to 0.4.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-09 08:06:50 -08:00
dependabot[bot]
a383239217
chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 (#2311) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-09 08:06:19 -08:00
dependabot[bot]
220655743b
chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#2293) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-08 10:23:40 -08:00
dependabot[bot]
a4b895d31f
chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 (#2292) 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/mod/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 14:12:40 +00:00
dependabot[bot]
a6d73e5659
chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 (#2279) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.26.0 to 1.27.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-01 10:35:20 -04:00
dependabot[bot]
f442586ec9
chore(deps): bump github.com/docker/docker (#2263) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-30 09:55:19 -04:00
anchore-actions-token-generator[bot]
12877ed863
chore(deps): update stereoscope to 5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265) 
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
 2023-10-30 09:51:37 -04:00
dependabot[bot]
58850d3258
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2262) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-27 09:55:04 -04:00
dependabot[bot]
ae27dcdfa9
chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#2256) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.9.0 to 5.10.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-25 10:45:27 -04:00
Alex Goodman
7392d607b6
Split the sbom.Format interface by encode and decode use cases (#2186) 
* split up sbom.Format into encode and decode ops

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update cmd pkg to inject format configs

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* bump cyclonedx schema to 1.5

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* redact image metadata from github encoder tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add more testing around format decoder identify

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add test case for format version options

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix CLI test

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* [wip] - review comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* keep encoder creation out of post load function

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* keep decider and identify functions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* add a few more doc comments

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* remove format encoder default function helpers

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* address PR feedback

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* move back to streaming based decode functions

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* with common convention for encoder constructors

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix tests and allow for encoders to be created from cli options

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix cli tests

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fix linting

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* buffer reads from stdin to support seeking

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-10-25 13:43:06 +00:00
dependabot[bot]
5a4778093d
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 (#2248) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 10:42:17 -04:00
Alex Goodman
f3ad8cf250
bump clio to get stderr reporting fix (#2232) 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
 2023-10-16 12:47:48 -04:00
dependabot[bot]
1fe0921a5b
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#2222) 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 11:10:56 -04:00
dependabot[bot]
7732cd3b48
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#2214) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-11 13:52:07 -04:00
dependabot[bot]
0302fc5b48
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2215) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-11 09:53:00 -04:00
dependabot[bot]
b899536814
chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#2216) 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-11 09:52:42 -04:00
dependabot[bot]
87e57aa925
chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible (#2193) 
* chore(deps): bump github.com/docker/distribution

Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update reference import

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
 2023-10-06 12:54:19 -04:00
dependabot[bot]
b23879fd37
chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-06 12:01:38 -04:00
dependabot[bot]
127fac8ca9
chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198) 
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.6 to 1.4.7.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-05 13:02:30 -04:00
dependabot[bot]
37bb95f5c9
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199) 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-05 11:50:05 -04:00
dependabot[bot]
86005d1593
chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2189) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.25.0 to 1.26.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 12:34:59 -04:00
dependabot[bot]
45625dae94
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#2191) 
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.4.10 to 0.4.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 12:33:42 -04:00
dependabot[bot]
7b1af8721d
chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 (#2180) 
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-27 15:04:52 -04:00
dependabot[bot]
534a5f54b0
chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 (#2174) 
Bumps [github.com/spf13/afero](https://github.com/spf13/afero) from 1.9.5 to 1.10.0.
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/afero
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-25 15:07:19 -04:00
William Murphy
8a414b5366
chore: bump stereoscope to fix data race in UI code (#2173) 
Pulls in a fix in go-progress that prevents a race in the UI code when
scanning large images.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
 2023-09-25 10:29:56 -04:00