Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync: deps: update dependency anchore/syft to v1.16.0 #76

Open
wants to merge 345 commits into
base: redhat-latest
Choose a base branch
from
Open

sync: deps: update dependency anchore/syft to v1.16.0 #76

wants to merge 345 commits into from

Conversation

github-actions[bot]
Copy link

Synced from #75

This PR updates the Syft version and likely isn't directly merge-able.
To merge it, please follow https://github.com/redhat-appstudio/rh-syft#finish-the-update.

@github-actions github-actions bot force-pushed the downstream/renovate/anchore-syft-1.x branch from 5856af3 to 4d41e71 Compare July 11, 2024 19:59
@github-actions github-actions bot changed the title sync: deps: update dependency anchore/syft to v1.8.0 sync: deps: update dependency anchore/syft to v1.9.0 Jul 11, 2024
dependabot bot and others added 23 commits July 22, 2024 10:55
@dependabot
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#3059)
b263b1e 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4fa2a79...2d79040)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#3058)
0c53a08 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@0d4c9c5...9780b0c)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1 (#3057)
d0a7d4c 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.30.2 to 1.31.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.30.2...v1.31.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5…
536611f 
… (#3056)

Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.4...v0.5.5)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/docker/docker (#3055)
aead40e 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.0.3+incompatible to 27.1.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.0.3...v27.1.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @wagoodman
chore(deps): update CPE dictionary index (#3035)
bfe6f52 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
@kzantow
chore: add debug logging for errors reading RPM files (#3051)
125c787 
Signed-off-by: Keith Zantow <[email protected]>
@dependabot @spiffcs
chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 to 0.…
fe7c5a7 
…12.1 (#3040)

* chore(deps): bump github.com/charmbracelet/lipgloss

Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.11.1 to 0.12.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](charmbracelet/lipgloss@v0.11.1...v0.12.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* chore: pin fedora linux/amd64 to sha

Signed-off-by: Christopher Phillips <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Christopher Phillips <[email protected]>
Signed-off-by: Christopher Angelo Phillips <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Phillips <[email protected]>
@anchore-actions-token-generator @spiffcs
chore(deps): update tools to latest versions (#3061)
ca945d1 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
@wagoodman
better go mod detection from partial package builds (#3060)
9573f55 
Signed-off-by: Alex Goodman <[email protected]>
@kzantow
fix: SPDX output performance with many relationships (#3053)
741c8fb
@dependabot
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#3072)
3917989 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@2d79040...5cf07d8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/docker/docker (#3066)
68b96ae 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.1.0+incompatible to 27.1.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.1.0...v27.1.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Mikcl
python-cataloger: normalize package names (#3069)
36f95d6 
Signed-off-by: mikcl <[email protected]>
@Mikcl
python cataloger: allow dots in python package names (#3070)
b3848f7 
Signed-off-by: mikcl <[email protected]>
@LaurentGoderre
Only match ldflag version if it matches the main module or targets ma…
4882d2e 
…in.version (#3062)

Signed-off-by: Laurent Goderre <[email protected]>
@Mikcl
python-cataloger: fix normalization test (#3073)
1cd75b7 
Signed-off-by: mikcl <[email protected]>
@witchcraze
fix: traefik classifier (#3077)
490e05a 
Signed-off-by: witchcraze <[email protected]>
@dependabot
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#3083)
8dd7c9c 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@5cf07d8...afb54ba)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to 0.5.6…
a35e410 
… (#3082)

Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases)
- [Commits](gkampitakis/go-snaps@v0.5.5...v0.5.6)

---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @wagoodman
chore(deps): update CPE dictionary index (#3079)
a2042e6 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
@anchore-actions-token-generator @kzantow
chore(deps): update stereoscope to 50ce3be7aa1fb8829234ae648215e79071…
06526e2 
…96bfa5 (#3075)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
@kzantow
fix: improve determinism in java archive identification (#3085)
a4b5dcd 
Signed-off-by: Keith Zantow <[email protected]>
@github-actions github-actions bot changed the title sync: deps: update dependency anchore/syft to v1.9.0 sync: deps: update dependency anchore/syft to v1.10.0 Jul 30, 2024
@github-actions github-actions bot force-pushed the downstream/renovate/anchore-syft-1.x branch from 4d41e71 to f999663 Compare July 30, 2024 18:43
LaurentGoderre and others added 3 commits July 31, 2024 16:13
@LaurentGoderre
Added the SWI Prolog (swipl) ecosystem (#3076)
92d63df 
* Add binary classifier for swipl

Signed-off-by: Laurent Goderre <[email protected]>

* Added cataloger for SWI Prolog Pack packages

Signed-off-by: Laurent Goderre <[email protected]>

---------

Signed-off-by: Laurent Goderre <[email protected]>
@kzantow
chore: update release script to use gh from binny (#3084)
05a10e8 
Signed-off-by: Keith Zantow <[email protected]>
@spiffcs
fix: update mainModuleVersion function to always prefix v to findin…
c84cb2c 
…gs (#3087)

* chore: basic fix
Signed-off-by: Christopher Phillips <[email protected]>
* test: make sure ldflags are prefixed with v
---------
Signed-off-by: Christopher Phillips <[email protected]>
dependabot bot and others added 29 commits November 12, 2024 08:36
@dependabot
chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#3431)
013a2fe 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@6624720...4f3212b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @wagoodman
chore(deps): update CPE dictionary index (#3429)
7c6483f 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
@anchore-actions-token-generator @kzantow
chore(deps): update stereoscope to 120d9ea511e2f7a9887b443c52e66cd19b…
e463206 
…b80b43 (#3424)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
@witchcraze
update node classifier (#3419)
066aadb 
Signed-off-by: witchcraze <[email protected]>
@dependabot
chore(deps): bump golang.org/x/mod from 0.21.0 to 0.22.0 (#3426)
5187240 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.21.0 to 0.22.0.
- [Commits](golang/mod@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github/codeql-action from 3.27.1 to 3.27.2 (#3436)
abd6abe 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4f3212b...9278e42)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @spiffcs @wagoodman
chore(deps): update tools to latest versions (#3413)
ac8be4a 
* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix linting

Signed-off-by: Alex Goodman <[email protected]>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <[email protected]>
Co-authored-by: spiffcs <[email protected]>
Co-authored-by: Alex Goodman <[email protected]>
@dependabot
chore(deps): bump github.com/saferwall/pe from 1.5.4 to 1.5.5 (#3440)
5624d48 
Bumps [github.com/saferwall/pe](https://github.com/saferwall/pe) from 1.5.4 to 1.5.5.
- [Release notes](https://github.com/saferwall/pe/releases)
- [Changelog](https://github.com/saferwall/pe/blob/main/CHANGELOG.md)
- [Commits](saferwall/pe@v1.5.4...v1.5.5)

---
updated-dependencies:
- dependency-name: github.com/saferwall/pe
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.1 to 1.…
94dd634 
…2.2 (#3439)

Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](charmbracelet/bubbletea@v1.2.1...v1.2.2)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github/codeql-action from 3.27.2 to 3.27.3 (#3438)
a15c5f6 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.2 to 3.27.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9278e42...396bb3e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @kzantow
chore(deps): update stereoscope to aa3a3ef4efe8d8759c9aa87261b405cc00…
926486a 
…3bfc9a (#3442)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <[email protected]>
@willmurphyscode
feat: emit dependency relationships found in Cargo.lock (#3443)
bc35345 
* feat: emit dependency relationships found in Cargo.lock

Include updating test Cargo.lock to have dependencies on multiple
versions of the same crate.

Signed-off-by: Will Murphy <[email protected]>
@dependabot
chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#3446)
e41f8df 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.3 to 3.27.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@396bb3e...ea9e4e3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @spiffcs
chore(deps): update tools to latest versions (#3444)
70ef3f2 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
@anchore-actions-token-generator @spiffcs
chore(deps): update tools to latest versions (#3448)
93d90cb 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
@anchore-actions-token-generator @spiffcs
chore(deps): update tools to latest versions (#3454)
215ae2b 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
@anchore-actions-token-generator @wagoodman
chore(deps): update CPE dictionary index (#3453)
d91150e 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
@dependabot
chore(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.1 (#3460)
1c61e9c 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.33.1 to 1.34.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.1...v1.34.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.1 to 6.6.2…
35fa0cc 
… (#3465)

Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.6.1 to 6.6.2.
- [Release notes](https://github.com/jedib0t/go-pretty/releases)
- [Commits](jedib0t/go-pretty@v6.6.1...v6.6.2)

---
updated-dependencies:
- dependency-name: github.com/jedib0t/go-pretty/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @spiffcs
chore(deps): update tools to latest versions (#3463)
8aef0c9 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
@spiffcs
3030 license declared spdx correction (#3461)
e7b65c2 
* feat: update hasExtractedLicense field to include license-ref candidates
---------
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
3122 valid license url characters (#3449)
f4cad63 
* chore: strip unwanted characters from license URL
---------
Signed-off-by: Christopher Phillips <[email protected]>
@willmurphyscode
fix: bump clio to pull in logging fix (#3466)
e65fe24 
Previously, if SYFT_LOG_FILE was not set, and no TTY was present,
log.Warn messages were discarded instead of being sent to stderr.

Signed-off-by: Will Murphy <[email protected]>
@dependabot
chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2 to 1.…
19a30b9 
…2.3 (#3467)

Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](charmbracelet/bubbletea@v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@anchore-actions-token-generator @willmurphyscode
chore(deps): update stereoscope to aa3a3ef4efe8d8759c9aa87261b405cc00…
a8d4202 
…3bfc9a (#3472)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <[email protected]>
Remove unwanted CI setup
9c10849 
Signed-off-by: downstream-sync <[email protected]>
Remove fluff to avoid SAST false positives
91158a0 
Signed-off-by: downstream-sync <[email protected]>
Apply Red Hat specific modifications
e86f80e 
Signed-off-by: downstream-sync <[email protected]>
Copy Tekton pipelines from 'redhat-latest' branch
f93deb3 
Signed-off-by: downstream-sync <[email protected]>
@github-actions github-actions bot force-pushed the downstream/renovate/anchore-syft-1.x branch from edb4613 to f93deb3 Compare November 21, 2024 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.