dependabot[bot]
75fdb9e623
chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1 to 0.17.1 ( #2475 )
2024-01-10 16:13:59 +00:00
dependabot[bot]
c209d03fe8
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.2 ( #2476 )
2024-01-10 15:58:09 +00:00
dependabot[bot]
1af68683d0
chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 ( #2482 )
2024-01-10 15:49:18 +00:00
Christopher Angelo Phillips
7182f5b519
Upgrade binary test fixtures management ( #2444 )
...
* test: strip fixtures of any execution permissions
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: add lint check for large files
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* add helper script to capture binary snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* chore: update scripts and add new dir output for snippets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update erlang test to new generated format
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update memcached to new generator pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update openjdk to named version
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: move openjdk lts to versioned folder
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: rename unversioned java to versioned folders
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: migrate bash fixture to new snippet workflow
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update script to size 600 bytes
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update go classifier to new snippet workflow
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: move haproxy new new snippet
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add flatter haproxy example
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: update tests to new pattern
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: final version of snippet script
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* [wip] download bin helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add manager for binary cataloger test fixtures
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add remaining binary cataloger patterns and snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* adjust gitignore to be more permissive to snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add rust darwin snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* skip tests that are missing full binaries
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for binary test fixture manager
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* highlight rows that do not have binaries or snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump fixture limit to 1K (found exceptions when adding snippets)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add redis and postgres snippets
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* improve formating of fixture listing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-05 21:40:03 +00:00
anchore-actions-token-generator[bot]
04e8c96822
chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 ( #2452 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-12-22 09:36:13 -05:00
anchore-actions-token-generator[bot]
56a1ab54d2
chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c ( #2440 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-12-18 06:43:24 -05:00
dependabot[bot]
b83cc8485a
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 ( #2413 )
2023-12-14 17:18:37 -05:00
dependabot[bot]
51831d303c
chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 ( #2429 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 12:38:55 -05:00
dependabot[bot]
67dbd1fe4c
chore(deps): bump github.com/charmbracelet/bubbletea ( #2424 )
...
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea ) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases )
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.2...v0.25.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:21:22 -05:00
dependabot[bot]
402227f0b3
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 ( #2425 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 11:45:04 -05:00
dependabot[bot]
b9462db59e
chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 ( #2415 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.7 to 1.4.8.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.7...v1.4.8 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 12:37:20 -05:00
dependabot[bot]
bfad9659a8
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 ( #2414 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.1 to 5.11.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.1...v5.11.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 08:58:26 -05:00
William Murphy
13758260dd
fix: bump fangs for ptr summarize fix ( #2387 )
...
Previously, pointers to primitive types in config summarization could be
printed literally (like "0x123aefef"). Pull in fangs to get the fix for
this.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-12-01 14:37:42 +00:00
Alex Goodman
4adfbeb5f0
Generalize UI events for cataloging tasks ( #2369 )
...
* generalize ui events for cataloging tasks
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* moderate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename cataloger task progress object
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* migrate cataloger task fn to bus helper
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-30 16:25:50 +00:00
dependabot[bot]
e8119acf93
chore(deps): bump github.com/google/go-containerregistry ( #2377 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-30 09:24:25 -05:00
dependabot[bot]
5d44e49d2f
chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 ( #2361 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.10.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:22:21 -05:00
dependabot[bot]
5dd3b127b0
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 ( #2362 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.10.0 to 5.10.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.10.0...v5.10.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-28 10:21:59 -05:00
Alex Goodman
1676934c63
Add "pretty" json configuration and change default behavior to be space-efficient ( #2275 )
...
* expose underlying format options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove escape html options and address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-20 15:29:34 +00:00
anchore-actions-token-generator[bot]
7cfb5f630a
chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 ( #2336 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-11-17 20:53:01 +00:00
Christopher Angelo Phillips
ba80e490c2
feat: allow for stdout to be buffered on each command ( #2335 )
...
* feat: add preRun func to version to restore stdout
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* test: add test to capture version in output
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* change stdout buffering to log to be opt-in per command
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-17 14:14:13 -05:00
Keith Zantow
1c787f436f
fix: prevent writing non-report output to stdout ( #2324 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-11-16 17:45:25 -05:00
dependabot[bot]
58f310c390
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 ( #2310 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.11 to 0.4.12.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.11...v0.4.12 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 08:06:50 -08:00
dependabot[bot]
a383239217
chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 ( #2311 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 08:06:19 -08:00
dependabot[bot]
220655743b
chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 ( #2293 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-08 10:23:40 -08:00
dependabot[bot]
a4b895d31f
chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 ( #2292 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/mod/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-06 14:12:40 +00:00
dependabot[bot]
a6d73e5659
chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 ( #2279 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.26.0 to 1.27.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 10:35:20 -04:00
dependabot[bot]
f442586ec9
chore(deps): bump github.com/docker/docker ( #2263 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.6+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-30 09:55:19 -04:00
anchore-actions-token-generator[bot]
12877ed863
chore(deps): update stereoscope to 5909e353ee88d7809f0e646c79f110a0e6b1d80d ( #2265 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-10-30 09:51:37 -04:00
dependabot[bot]
58850d3258
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 ( #2262 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 09:55:04 -04:00
dependabot[bot]
ae27dcdfa9
chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 ( #2256 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.9.0 to 5.10.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-25 10:45:27 -04:00
Alex Goodman
7392d607b6
Split the sbom.Format interface by encode and decode use cases ( #2186 )
...
* split up sbom.Format into encode and decode ops
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update cmd pkg to inject format configs
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump cyclonedx schema to 1.5
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* redact image metadata from github encoder tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add more testing around format decoder identify
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test case for format version options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix CLI test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] - review comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep encoder creation out of post load function
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep decider and identify functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add a few more doc comments
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove format encoder default function helpers
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address PR feedback
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* move back to streaming based decode functions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* with common convention for encoder constructors
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix tests and allow for encoders to be created from cli options
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* buffer reads from stdin to support seeking
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-25 13:43:06 +00:00
dependabot[bot]
5a4778093d
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 ( #2248 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.6.0...v4.6.1 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 10:42:17 -04:00
Alex Goodman
f3ad8cf250
bump clio to get stderr reporting fix ( #2232 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-16 12:47:48 -04:00
dependabot[bot]
1fe0921a5b
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 ( #2222 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 11:10:56 -04:00
dependabot[bot]
7732cd3b48
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 ( #2214 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 13:52:07 -04:00
dependabot[bot]
0302fc5b48
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 ( #2215 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:53:00 -04:00
dependabot[bot]
b899536814
chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 ( #2216 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:52:42 -04:00
dependabot[bot]
87e57aa925
chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible ( #2193 )
...
* chore(deps): bump github.com/docker/distribution
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.2+incompatible to 2.8.3+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update reference import
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-06 12:54:19 -04:00
dependabot[bot]
b23879fd37
chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 ( #2204 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-06 12:01:38 -04:00
dependabot[bot]
127fac8ca9
chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 ( #2198 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.6 to 1.4.7.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.6...v1.4.7 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 13:02:30 -04:00
dependabot[bot]
37bb95f5c9
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 ( #2199 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 11:50:05 -04:00
dependabot[bot]
86005d1593
chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 ( #2189 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.25.0 to 1.26.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.25.0...v1.26.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:34:59 -04:00
dependabot[bot]
45625dae94
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 ( #2191 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.10 to 0.4.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:33:42 -04:00
dependabot[bot]
7b1af8721d
chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 ( #2180 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.5...v1.4.6 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-27 15:04:52 -04:00
dependabot[bot]
534a5f54b0
chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 ( #2174 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.9.5 to 1.10.0.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.9.5...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 15:07:19 -04:00
William Murphy
8a414b5366
chore: bump stereoscope to fix data race in UI code ( #2173 )
...
Pulls in a fix in go-progress that prevents a race in the UI code when
scanning large images.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-25 10:29:56 -04:00
Đỗ Trọng Hải
b7fa75d7f8
chore: switch to stdlib's slices pkg ( #2148 )
...
* chore: switch to stdlib's slices pkg
Signed-off-by: hainenber <dotronghai96@gmail.com>
* fix linting
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: hainenber <dotronghai96@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 18:38:37 +00:00
Keith Zantow
7d0d3e1977
fix: prevent errors from clobbering terminal ( #2161 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-09-20 14:35:41 -04:00
Alex Goodman
58f8c852df
Require ordering of relationships when comparing parser output ( #2160 )
...
* require ordering of relationships when comparing parser output
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* [wip] fix cataloger test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* change method of relationship sort to simple string dump
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-20 17:39:18 +00:00
dependabot[bot]
ba00f3328d
chore(deps): bump github.com/github/go-spdx/v2 from 2.1.2 to 2.2.0 ( #2158 )
...
Bumps [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) from 2.1.2 to 2.2.0.
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.1.2...v2.2.0 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-20 10:12:33 -04:00
Christopher Angelo Phillips
650f71cbe0
chore: update to latest stereoscope ( #2151 )
...
* chore: update to latest stereoscope
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* chore: go mod tidy
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-19 15:22:10 -04:00
anchore-actions-token-generator[bot]
51243aa65f
chore(deps): update stereoscope to 41288870305034fade27388afa7326c44eb8ff17 ( #2149 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-19 09:07:15 -04:00
Shane Dell
23e3de75e3
Add containerd support ( #1793 )
...
* [wip] add containerd UI handlers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* Add containerd support
- Add UI handlers (done by @wagoodman)
- Add containerd types and wrappers (done by @wagoodman)
- Add flag for specifying containerd address
Closes #201
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* Fix lint
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* add containerd ui handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add containerd scheme to readme
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add test for scheme detection
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-18 11:33:43 -04:00
Christopher Angelo Phillips
3e16c6813f
feat: add cyclonedx schema version selection ( #2123 )
...
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-13 14:50:22 -04:00
dependabot[bot]
4a2fc226dd
chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 ( #2125 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.8.1 to 5.9.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:33:47 -04:00
anchore-actions-token-generator[bot]
3a45653cfa
chore(deps): update stereoscope to 2fc2d6c2503b6e2212e04c64ceffd57c3395ae70 ( #2117 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-12 11:49:20 -04:00
anchore-actions-token-generator[bot]
e3c525b4b8
chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de ( #2109 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-09-08 14:10:00 -04:00
Christopher Angelo Phillips
3842d28e90
fix: update codeql-analysis for go 1.21 ( #2108 )
...
* fix: update codeql-analysis for go 1.21
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* nit: remove comment
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 15:54:42 -04:00
dlorenc
9f22ab6137
Bump the golang.org/x/exp dependency and fix a build breakage. ( #2088 )
...
* Bump the golang.org/x/exp dependency and fix a build breakage.
---------
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:52 -04:00
dependabot[bot]
212aa9b6cf
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 ( #2106 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.7 to 0.4.10.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.7...v0.4.10 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:56:41 -04:00
dependabot[bot]
9caf51596e
chore(deps): bump github.com/saferwall/pe from 1.4.4 to 1.4.5 ( #2096 )
...
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe ) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/saferwall/pe/releases )
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saferwall/pe/compare/v1.4.4...v1.4.5 )
---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:29:06 -04:00
dependabot[bot]
7645d5759d
chore(deps): bump github.com/docker/docker ( #2098 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.5+incompatible to 24.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.6 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:27:21 -04:00
dependabot[bot]
ce32f8bb74
chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 ( #2099 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 09:26:56 -04:00
Alex Goodman
b454160549
tidy gomod and gitignore ( #2082 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-31 14:50:32 +00:00
Keith Zantow
2b7a9d0be3
chore: update CLI to CLIO ( #2001 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 15:52:26 -04:00
5p2O5pe25ouT
b03e9c6868
Add registry certificate verification support ( #1734 )
...
* add registry certificate verification support
* replace stereoscope version
* modify go.mod
* pull in stereoscope update
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* rename registry cert options, add docs, and add test
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update to account for changes in anchore/stereoscope#195
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix cli tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: lishituo <24578666@qq.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 11:45:20 -04:00
Sirish Bathina
62f689824c
Detect golang boring crypto and fipsonly modules ( #2021 )
...
* Extending build info to include crypto settings
Signed-off-by: Sirish Bathina <sirish@kasten.io>
* Use kasten fork for goversion module
Signed-off-by: Sirish Bathina <sirish@kasten.io>
* go mod tidy
Signed-off-by: Sirish Bathina <sirish@kasten.io>
* change key to GoCryptoSettings and lint fix
Signed-off-by: Sirish Bathina <sirish@kasten.io>
* Addressing feedback
Signed-off-by: Sirish Bathina <sirish@kasten.io>
---------
Signed-off-by: Sirish Bathina <sirish@kasten.io>
2023-08-24 09:49:59 -04:00
dependabot[bot]
a2b389523d
chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 ( #2053 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.7.1 to 0.8.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.7.1...v0.8.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-23 13:41:17 -04:00
Alex Goodman
17d4203bbb
Enable reading non-utf-8 encodings for java pom.xml files ( #2047 )
...
* fix reading non utf8 encodings
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* in cases where we cant tell the encoding use the UTF8 replacement char
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* decompose the xml decoding func to get a valid utf8 reader first and test unknown encoding
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-23 10:06:34 -04:00
dependabot[bot]
cf37b17869
chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 ( #2049 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-22 10:42:19 -04:00
dependabot[bot]
f58425a305
chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 ( #2045 )
...
Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier ) from 0.3.5 to 0.4.0.
- [Commits](https://github.com/jinzhu/copier/compare/v0.3.5...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/jinzhu/copier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 10:37:11 -04:00
dependabot[bot]
82eafeaf4a
chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 ( #2008 )
...
* chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0
* refactor: update consumer code to use new optional values
Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom ) from 0.2.2 to 1.0.0.
- [Release notes](https://github.com/vifraa/gopom/releases )
- [Commits](https://github.com/vifraa/gopom/compare/v0.2.2...v1.0.0 )
---
updated-dependencies:
- dependency-name: github.com/vifraa/gopom
dependency-type: direct:production
update-type: version-update:semver-major
...
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-08-09 17:22:51 -04:00
dependabot[bot]
6bf6f85584
chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 ( #2009 )
...
Bumps [github.com/dave/jennifer](https://github.com/dave/jennifer ) from 1.6.1 to 1.7.0.
- [Commits](https://github.com/dave/jennifer/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/dave/jennifer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-09 14:46:11 -04:00
dependabot[bot]
2fc65094b7
chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 ( #2004 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-07 10:34:00 -04:00
dependabot[bot]
d7ff77072a
chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 ( #1998 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.24.0 to 1.25.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.24.0...v1.25.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-04 14:24:31 -04:00
dependabot[bot]
c150b4e358
chore(deps): bump github.com/google/go-containerregistry ( #1993 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.15.2 to 0.16.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-03 10:53:09 -04:00
Keith Zantow
3f0475efb7
chore: update bubbly to fix hanging ( #1990 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-02 10:28:35 -04:00
dependabot[bot]
2e376d067f
chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 ( #1989 )
2023-08-02 14:16:49 +00:00
anchore-actions-token-generator[bot]
f14742b3f3
chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 ( #1975 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-07-31 12:02:33 -04:00
Christopher Angelo Phillips
3aae316456
chore: update to latest commit in tools-golang ( #1969 )
...
* chore: update to latest commit in tools-golang
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-27 15:29:22 -04:00
Alex Goodman
063e9da65d
Guess unpinned versions in python requirements.txt ( #1966 )
...
* feat: python requirements.txt parsing inclusive
Signed-off-by: manifestori <ori@manifestcyber.com>
* refactor: parseVersion
Signed-off-by: manifestori <ori@manifestcyber.com>
* add python config for optional requirements version constraint resolution
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for python requirements metadata to be optional
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* restore cyclonedx dependency
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: manifestori <ori@manifestcyber.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: manifestori <ori@manifestcyber.com>
2023-07-27 14:26:59 -04:00
dependabot[bot]
bf1102c3f1
chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 ( #1965 )
...
Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom ) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/vifraa/gopom/releases )
- [Commits](https://github.com/vifraa/gopom/compare/v0.2.1...v0.2.2 )
---
updated-dependencies:
- dependency-name: github.com/vifraa/gopom
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-27 13:28:42 -04:00
Keith Zantow
9480f10ccd
feat: support top-level SPDX package and graph ( #1934 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-07-26 13:54:32 -04:00
dependabot[bot]
1e4d26f526
chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 ( #1959 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-26 13:34:03 +00:00
anchore-actions-token-generator[bot]
9a73380f29
chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d ( #1953 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-07-25 10:49:21 -04:00
dependabot[bot]
2e718cf865
chore(deps): bump github.com/docker/docker ( #1955 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.2+incompatible to 24.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.5 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-25 10:37:16 -04:00
dependabot[bot]
4000a84624
chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 ( #1951 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-24 11:28:54 -04:00
dependabot[bot]
3f5c601620
chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 ( #1949 )
...
Bumps [github.com/gookit/color](https://github.com/gookit/color ) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.5.3...v1.5.4 )
---
updated-dependencies:
- dependency-name: github.com/gookit/color
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-21 08:50:47 -04:00
Dan Luhring
8478e0bef7
Add support for parsing .NET assemblies ( #1943 )
...
* Add support for parsing .NET assemblies
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 69c33fe4d77357d843c11590f3b07825bc6249ac
* Add dll and exe files
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: b9d204efa6d2ef385b5fbb7a59a3474ecabea641
* Add PE cataloger to directory catalogers
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 9711c00d9da92e2887e0c1f92edd740ea5345849
* Don't set language to dotnet for PEs
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 368313fddac9160d8a06a01ebe8c5ac7990232f5
* Fix spelling of cataloger in constructor
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: e42fd77b2f8b6d42e076a84f6cce386861260941
* Adjust which cases in PE parsing return errors
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Former-commit-id: 95b25f8fc3a7d4e18fe30e489b09851f316795ff
* remove build binary from branch
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Former-commit-id: fa54c0d0aef0998d5520e9f44cae51f5f9cd38a2
* Fix failing CLI tests
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
---------
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-19 15:34:07 -04:00
Alex Goodman
35699f6fdc
remove jotframe UI ( #1932 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-13 13:21:52 -04:00
Christopher Angelo Phillips
2e7fd031d4
fix: remove indirect dependency of circl v1.1.0 ( #1940 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-07-13 12:30:37 -04:00
Alex Goodman
4fc17edd14
implement ui handle waiter ( #1930 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-12 13:14:54 -04:00
dependabot[bot]
05a61897f2
chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 ( #1928 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.23.1 to 1.24.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.1...v1.24.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-11 14:01:48 -04:00
dependabot[bot]
8ce88e11fd
chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 ( #1916 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-06 16:02:44 -04:00
Alex Goodman
f8b832e6c3
Switch UI to bubbletea ( #1888 )
...
* add bubbletea UI
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* swap pipeline to go 1.20.x and add attest guard for cosign binary
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update note in developing.md about the required golang version
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix merge conflict for windows path handling
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* temp test for attest handler
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add addtional test iterations for background reader
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-07-06 09:00:46 -04:00
dependabot[bot]
e8f7108e6e
chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 ( #1912 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-05 11:06:05 -04:00
dependabot[bot]
023ca1be32
chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 ( #1913 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/term/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-05 11:05:46 -04:00
anchore-actions-token-generator[bot]
791d1f9552
chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 ( #1903 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-06-28 12:05:12 -04:00
anchore-actions-token-generator[bot]
0d4f19043e
chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 ( #1890 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-06-26 13:58:44 -04:00
dependabot[bot]
badb957888
chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 ( #1878 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/mod/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-15 14:10:11 -04:00
dependabot[bot]
a1bba36d51
chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 ( #1874 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.23.0 to 1.23.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 11:45:39 -04:00
anchore-actions-token-generator[bot]
c019cd51da
chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 ( #1871 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-06-14 11:29:39 -04:00
dependabot[bot]
5406d8a366
chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 ( #1876 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-14 10:30:19 -04:00
dependabot[bot]
2c5d64ac9e
chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 ( #1868 )
...
Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang ) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/spdx/tools-golang/releases )
- [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md )
- [Commits](https://github.com/spdx/tools-golang/compare/v0.5.1...v0.5.2 )
---
updated-dependencies:
- dependency-name: github.com/spdx/tools-golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-08 17:01:19 -04:00
dependabot[bot]
c560ffd811
chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 ( #1850 )
...
* chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1
Bumps [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang ) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/spdx/tools-golang/releases )
- [Changelog](https://github.com/spdx/tools-golang/blob/main/RELEASE-NOTES.md )
- [Commits](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1 )
---
updated-dependencies:
- dependency-name: github.com/spdx/tools-golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update fixtures for spdx with new library changes
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-06-05 15:01:06 -04:00
dependabot[bot]
d676e5e781
chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 ( #1862 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 10:48:18 -04:00
dependabot[bot]
903d29b6f7
chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 ( #1863 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.22.1 to 1.23.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.1...v1.23.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 10:47:59 -04:00
dependabot[bot]
1bd9de9047
chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 ( #1851 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-01 08:35:14 -04:00
dependabot[bot]
5842fc2a64
chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 ( #1852 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-30 13:48:54 -04:00
dependabot[bot]
f0307fdd62
chore(deps): bump github.com/docker/docker ( #1849 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.1+incompatible to 24.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.1...v24.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 16:08:20 -04:00
Alex Goodman
74013d7da7
Add test to ensure package metadata is represented in the JSON schema ( #1841 )
...
* [wip] try to reflect metadata types... probably wont work
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* refactor to add unit test to ensure there is coverage in the schema
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] generate metadata container
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add generation of metadata container struct for JSON schema generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update linter script to account for code generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-05-25 13:26:56 -04:00
dependabot[bot]
4bf17a94b9
chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 ( #1843 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-24 11:40:11 -04:00
anchore-actions-token-generator[bot]
798af57853
chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 ( #1834 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-05-23 10:18:39 -04:00
dependabot[bot]
f50302b2ba
chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 ( #1829 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 14:01:17 -04:00
dependabot[bot]
b09cf6c6b5
chore(deps): bump github.com/docker/docker ( #1833 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.0+incompatible to 24.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.0...v24.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 13:07:24 -04:00
Alex Goodman
334a775cb9
Keep original FileInfo persisted on file.Metadata structs ( #1794 )
...
* pull in fileinfo changes from stereoscope #172
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix CLI test assumption about the docker daemon
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: <>
2023-05-19 14:21:10 +00:00
dependabot[bot]
f1b6f38ea8
chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 ( #1827 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-19 09:01:05 -04:00
dependabot[bot]
f6f8332b7f
chore(deps): bump github.com/google/go-containerregistry ( #1823 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 14:34:27 -04:00
dependabot[bot]
74351567ab
chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 ( #1822 )
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 14:33:48 -04:00
dependabot[bot]
51d4c9b4ab
chore(deps): bump github.com/docker/docker ( #1824 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.6+incompatible to 24.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.6...v24.0.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-17 14:33:30 -04:00
Christopher Angelo Phillips
42fa9e4965
feat: update syft license concept to complex struct ( #1743 )
...
this PR makes the following changes to update the underlying license model to have more expressive capabilities
it also provides some guarantee's surrounding the license values themselves
- Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields:
- original `Value` read by syft
- If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption
- the above is run against a generated list of SPDX license ID to try and find the correct ID
- SPDX concluded vs declared is added to the new struct
- URL source for license is added to the new struct
- Location source is added to the new struct to show where the expression was pulled from
2023-05-15 16:23:39 -04:00
William Murphy
e925d9d4a5
feat: warn if parsing newer SBOM ( #1810 )
...
If syft is asked to parse an SBOM that was written by a newer version of
syft, emit a warning, since the current version of syft doesn't know about
fields that may be added in the future.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-05-11 08:55:27 -04:00
dependabot[bot]
ef08d0fa39
chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 ( #1802 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-09 11:59:39 -04:00
dependabot[bot]
75d625b697
chore(deps): bump github.com/docker/docker ( #1795 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.5+incompatible to 23.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.5...v23.0.6 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-08 12:45:50 -04:00
dependabot[bot]
88ba8b78fc
chore(deps): bump github.com/google/go-containerregistry ( #1796 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.14.0 to 0.15.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.14.0...v0.15.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-08 12:45:30 -04:00
dependabot[bot]
e31839a370
chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 ( #1787 )
2023-05-05 18:56:40 +00:00
dependabot[bot]
dd458a2b33
chore(deps): bump github.com/docker/docker ( #1767 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.4+incompatible to 23.0.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.4...v23.0.5 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-02 16:43:16 -04:00
dependabot[bot]
10c3cc27e8
chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 ( #1768 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.22.0 to 1.22.1.
- [Release notes](https://gitlab.com/cznic/sqlite/tags )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.22.0...v1.22.1 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-27 11:58:59 -04:00
dependabot[bot]
02bd52728e
chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 ( #1758 )
...
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) from 1.21.2 to 1.22.0.
- [Release notes](https://gitlab.com/cznic/sqlite/tags )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.21.2...v1.22.0 )
---
updated-dependencies:
- dependency-name: modernc.org/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-26 10:37:49 -04:00
Christopher Angelo Phillips
c038f13d44
chore: go-rpmdb update ( #1757 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-24 10:34:13 -04:00
dependabot[bot]
8102ad4edc
chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 ( #1706 )
2023-04-24 10:20:12 -04:00
Weston Steimel
ee80349ea0
chore: bump stereoscope to latest version ( #1741 )
...
Resolves reporting of GHSA-hw7c-3rfg-p46j
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-04-18 15:44:03 +00:00
dependabot[bot]
66d9c5637b
chore(deps): bump github.com/docker/docker ( #1746 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.3+incompatible to 23.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.3...v23.0.4 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-18 10:22:41 -04:00
Avi Deitcher
b69259534d
feat: Support scanning license files in golang packages over the network ( #1630 )
...
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-14 15:13:29 -04:00
Avi Deitcher
cc731c7b19
Add Linux Kernel cataloger ( #1694 )
...
* add kernel handler
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* [wip] combine kernel and kernel module cataloging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] combine kernel and kernel module cataloging
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
* rename Kernel package to LinuxKernel package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* split kernel and module packages within cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* wire up application configuration with kernel cataloger options
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* dont use references for packages on relationships
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting and tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* kernel cataloger should be resistent to partial failure
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* log upon kernel module metadata missing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests for linux kernel cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update integration tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update cli package test counts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add evidence annotations for kernel packages
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* reduce noise in cli test output
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* missed cli test to reduce noise for
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix package counts
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs with linux kernel cataloging refs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump json schema with new metadata fields
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: <>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-04-14 14:33:36 -04:00
dependabot[bot]
a260fb2774
chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 ( #1722 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-07 15:58:21 -04:00
anchore-actions-token-generator[bot]
f83cae35f2
chore(deps): update stereoscope to e95d60a265e384df29b7a139f5c5402d6ad72e06 ( #1721 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-04-07 08:48:17 -04:00
dependabot[bot]
da44db92e9
chore(deps): bump github.com/docker/docker ( #1715 )
2023-04-06 13:44:51 +00:00
dependabot[bot]
4a499c946e
chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 ( #1713 )
2023-04-06 13:44:41 +00:00
dependabot[bot]
99c28a94a4
chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 ( #1714 )
2023-04-06 13:36:16 +00:00
dependabot[bot]
f7ac4e98af
chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 ( #1716 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-06 09:34:59 -04:00
Keith Zantow
7845381331
chore: update tools-golang to v0.5.0 ( #1717 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-05 13:59:52 -04:00
dependabot[bot]
2fa238af7c
chore(deps): bump github.com/docker/docker ( #1699 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.1+incompatible to 23.0.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-29 10:00:37 -04:00
anchore-actions-token-generator[bot]
81b87dd108
chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 ( #1693 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-03-23 16:30:08 +00:00
dependabot[bot]
539bc2afcb
chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 ( #1692 )
...
Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree ) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/vbatts/go-mtree/releases )
- [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md )
- [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.2...v0.5.3 )
---
updated-dependencies:
- dependency-name: github.com/vbatts/go-mtree
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-23 11:09:32 -04:00
Avi Deitcher
9fd532246a
feat: scan local go mod cache for licenses of golang packages ( #1645 )
...
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2023-03-23 10:38:15 -04:00
dependabot[bot]
168c5aed51
chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 ( #1689 )
2023-03-22 14:26:58 -04:00
anchore-actions-token-generator[bot]
7998520848
chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b ( #1681 )
2023-03-18 10:32:39 -04:00
dependabot[bot]
1899eb50d0
chore(deps): bump github.com/google/go-containerregistry ( #1672 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-16 12:07:47 -04:00
dependabot[bot]
f43953d225
chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 ( #1655 )
2023-03-06 15:49:34 +00:00
dependabot[bot]
eea1b48cbb
chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 ( #1653 )
2023-03-06 15:38:34 +00:00
dependabot[bot]
a063cf300b
chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 ( #1654 )
2023-03-06 15:21:35 +00:00
dependabot[bot]
b73903519c
chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 ( #1656 )
2023-03-06 15:20:43 +00:00
Keith Zantow
5f90d03718
fix: possible race condition ( #1639 )
2023-03-01 15:35:01 -05:00
dependabot[bot]
d23b4d4cbd
chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 ( #1625 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 13:14:20 -05:00
dependabot[bot]
284bae9d5f
chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 ( #1609 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.9.3...v1.9.4 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-24 15:07:52 -05:00
anchore-actions-token-generator[bot]
aa151da5fe
Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 ( #1604 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-02-22 19:08:35 +00:00
anchore-actions-token-generator[bot]
bb52a25c8a
Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df ( #1602 )
...
Signed-off-by: GitHub <noreply@github.com>
2023-02-22 08:49:04 +00:00
anchore-actions-token-generator[bot]
2642a36161
Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 ( #1576 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-02-16 10:22:43 -05:00
dependabot[bot]
1981b249f1
chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 ( #1574 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-15 12:54:55 -05:00
dependabot[bot]
3013c8b691
chore(deps): bump github.com/docker/docker ( #1563 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.0+incompatible to 23.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.0...v23.0.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-10 10:43:19 -05:00
Alex Goodman
988041ba6d
Speed up cataloging by replacing globs searching with index lookups ( #1510 )
...
* replace raw globs with index equivelent operations
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add cataloger test for alpm cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix import sorting for binary cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting for mock resolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* separate portage cataloger parser impl from cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enhance cataloger pkgtest utils to account for resolver responses
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for alpm cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for apkdb cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for dpkg cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for cpp cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for dart cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for dotnet cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for elixir cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for erlang cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for golang cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for haskell cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for java cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for javascript cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for php cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for portage cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for python cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for rpm cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for rust cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for sbom cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for swift cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* allow generic catloger to run all mimetype searches at once
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove stutter from php and javascript cataloger constructors
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add tests for generic.Search
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add exceptions for java archive git ignore entries
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* enhance basename and extension resolver methods to be variadic
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* dont allow * prefix on extension searches
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add glob-based cataloger tests for ruby cataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove unnecessary string casting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* incorporate surfacing of leaf link resolitions from stereoscope results
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] switch to stereoscope file metadata
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip + failing] revert to old globs but keep new resolvers
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* index files, links, and dirs within the directory resolver
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix several resolver bugs and inconsistencies
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move format testutils to internal package
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update syft json to account for file type string normalization
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* split up directory resolver from indexing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update docs to include details about searching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* [wip] bump stereoscope to development version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix linting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* adjust symlinks fixture to be fixed to digest
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix all-locations resolver tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix test fixture reference
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* rename file.Type
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix PR comment to exclude extra *
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump to dev version of stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump to final version of stereoscope
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* move observing resolver to pkgtest
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---------
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-02-09 16:19:47 +00:00
dependabot[bot]
08804842fa
chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 ( #1558 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-09 09:01:56 -05:00
dependabot[bot]
48528efff3
chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 ( #1552 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/mod/releases )
- [Commits](https://github.com/golang/mod/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-08 10:07:37 -05:00
dependabot[bot]
8d856a7c7b
chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 ( #1551 )
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/term/releases )
- [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-08 09:23:31 -05:00
anchore-actions-token-generator[bot]
95201840d2
Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b ( #1539 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
2023-02-07 10:05:18 -05:00
dependabot[bot]
ad8604c223
chore(deps): bump github.com/docker/docker ( #1531 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 20.10.23+incompatible to 23.0.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v20.10.23...v23.0.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-02 10:53:22 -05:00
Keith Zantow
1530ef354f
chore: update spdx/tools-golang to v0.5.0-rc1 ( #1503 )
2023-01-31 11:53:16 -05:00
Bradley Jones
cdac2245b5
feat: update golang to 1.19 ( #1526 )
...
* feat: update golang to 1.19
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
* chore: break out json schema drift check into separate script
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* chore: update git index refresh
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---------
Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-01-31 11:39:57 -05:00
dependabot[bot]
21ba5d0806
chore(deps): bump github.com/google/go-containerregistry ( #1513 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.1...v0.13.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 13:41:43 +00:00
dependabot[bot]
3269bc98d4
chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 ( #1505 )
...
Bumps [golang.org/x/mod](https://github.com/golang/mod ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/mod/releases )
- [Commits](https://github.com/golang/mod/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-23 15:01:25 -05:00
dependabot[bot]
7f3382f7eb
chore(deps): bump github.com/docker/docker ( #1506 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 20.10.20+incompatible to 20.10.23+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v20.10.20...v20.10.23 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-23 14:58:39 -05:00
dependabot[bot]
65e5ff63f0
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 ( #1507 )
...
Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig ) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/Masterminds/sprig/releases )
- [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/sprig/compare/v3.2.2...v3.2.3 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/sprig/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-23 14:48:22 -05:00
dependabot[bot]
d287c22b69
chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 ( #1508 )
...
Bumps [github.com/dustin/go-humanize](https://github.com/dustin/go-humanize ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/dustin/go-humanize/releases )
- [Commits](https://github.com/dustin/go-humanize/compare/v1.0.0...v1.0.1 )
---
updated-dependencies:
- dependency-name: github.com/dustin/go-humanize
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-23 14:48:00 -05:00
Luca Comellini
e8be93a8eb
Bump github.com/spdx/tools-golang to v0.4.0 ( #1450 )
...
Signed-off-by: Luca Comellini <luca.com@gmail.com>
2023-01-20 17:00:21 -05:00
dependabot[bot]
285112fe29
chore(deps): bump github.com/facebookincubator/nvdtools ( #1499 )
...
Bumps [github.com/facebookincubator/nvdtools](https://github.com/facebookincubator/nvdtools ) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/facebookincubator/nvdtools/releases )
- [Commits](https://github.com/facebookincubator/nvdtools/compare/v0.1.4...v0.1.5 )
---
updated-dependencies:
- dependency-name: github.com/facebookincubator/nvdtools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 14:02:47 +00:00
dependabot[bot]
f29bea5921
chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 ( #1498 )
...
Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier ) from 0.3.2 to 0.3.5.
- [Release notes](https://github.com/jinzhu/copier/releases )
- [Commits](https://github.com/jinzhu/copier/compare/v0.3.2...v0.3.5 )
---
updated-dependencies:
- dependency-name: github.com/jinzhu/copier
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 08:51:20 -05:00
dependabot[bot]
39cdbc42aa
chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 ( #1497 )
...
Bumps [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree ) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/vbatts/go-mtree/releases )
- [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md )
- [Commits](https://github.com/vbatts/go-mtree/compare/v0.5.0...v0.5.2 )
---
updated-dependencies:
- dependency-name: github.com/vbatts/go-mtree
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 08:50:59 -05:00
dependabot[bot]
27b62ce833
chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 ( #1496 )
...
Bumps [github.com/gookit/color](https://github.com/gookit/color ) from 1.4.2 to 1.5.2.
- [Release notes](https://github.com/gookit/color/releases )
- [Commits](https://github.com/gookit/color/compare/v1.4.2...v1.5.2 )
---
updated-dependencies:
- dependency-name: github.com/gookit/color
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 08:50:37 -05:00
dependabot[bot]
499e7c4e16
chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 ( #1495 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.14.0...v1.15.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-20 08:50:19 -05:00
dependabot[bot]
09a5baf523
chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 ( #1488 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.13.0...v1.14.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-19 10:39:04 -05:00
dependabot[bot]
33c08c8545
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 ( #1489 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.0.2 to 4.6.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.0.2...v4.6.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-19 10:38:50 -05:00
dependabot[bot]
fd002db802
chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 ( #1490 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-19 14:16:50 +00:00
dependabot[bot]
cb3e4b8e49
chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 ( #1491 )
...
Bumps [github.com/go-test/deep](https://github.com/go-test/deep ) from 1.0.8 to 1.1.0.
- [Release notes](https://github.com/go-test/deep/releases )
- [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md )
- [Commits](https://github.com/go-test/deep/compare/v1.0.8...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/go-test/deep
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-19 14:01:33 +00:00
dependabot[bot]
5917f8d8f9
chore(deps): bump github.com/google/go-containerregistry ( #1487 )
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.11.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.11.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-19 13:47:36 +00:00
dependabot[bot]
70e6d0f2e3
chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 ( #1475 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 14:39:50 +00:00
dependabot[bot]
31a763c46d
chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 ( #1477 )
...
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg ) from 0.3.3 to 0.4.0.
- [Release notes](https://github.com/adrg/xdg/releases )
- [Commits](https://github.com/adrg/xdg/compare/v0.3.3...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:39:35 -05:00
dependabot[bot]
ae6c9c2e97
chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 ( #1476 )
...
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff ) from 1.2.0 to 1.3.1.
- [Release notes](https://github.com/sergi/go-diff/releases )
- [Commits](https://github.com/sergi/go-diff/compare/v1.2.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/sergi/go-diff
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:39:15 -05:00
dependabot[bot]
f6a0dd33d1
chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 ( #1474 )
...
Bumps [github.com/vifraa/gopom](https://github.com/vifraa/gopom ) from 0.1.0 to 0.2.1.
- [Release notes](https://github.com/vifraa/gopom/releases )
- [Commits](https://github.com/vifraa/gopom/compare/v0.1.0...v0.2.1 )
---
updated-dependencies:
- dependency-name: github.com/vifraa/gopom
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-18 09:38:30 -05:00
Weston Steimel
fc4d28f365
fix: bump golang.org/x/net to v0.4.0 ( #1467 )
...
resolves reporting of CVE-2022-41717
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-01-17 17:02:34 +00:00
Weston Steimel
5290dfb9c2
fix: bump golang.org/x/text to v0.3.8 ( #1466 )
...
This resolves reporting of GHSA-69ch-w2m2-3vjp
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-01-17 15:50:02 +00:00
Christopher Angelo Phillips
44e8ae2577
fix: update attestation code to remove library dependencies and shellout for keyless flow ( #1442 )
...
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2023-01-12 17:22:05 +00:00
Benji Visser
bb6fc6525c
Add alpine type to purl ( #1431 )
...
Signed-off-by: Benji Visser <benji@093b.org>
2023-01-04 17:35:46 -05:00
Keith Zantow
e1e489a284
fix: unicode output in cyclonedx-json format ( #1420 )
2022-12-23 08:37:47 -05:00
Christopher Angelo Phillips
0f1e8fca14
bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents ( #1404 )
2022-12-20 00:10:35 +00:00
Christopher Angelo Phillips
730d3e3187
chore: update latest cyclonedx library ( #1390 )
2022-12-08 11:36:08 -05:00
anchore-actions-token-generator[bot]
f1a124209a
Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e ( #1395 )
...
Signed-off-by: GitHub <noreply@github.com>
2022-12-08 08:32:49 +00:00
anchore-actions-token-generator[bot]
247b054ab5
Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 ( #1376 )
...
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2022-11-30 16:11:57 +00:00
Keith Zantow
42cb0a47a4
feat: SPDX 2.3 support ( #1311 )
2022-11-18 08:54:39 -05:00
Alex Goodman
d7a51a69dd
Update java generic cataloger ( #1329 )
...
* remove centralize pURL generation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* port java cataloger to new generic cataloger pattern
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* remove common.GenericCataloger
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* update format test fixtures to reflect ID updates
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* fix package sort instability for encode-decode-encode cycles
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-11-09 14:55:54 +00:00