Bump github.com/anchore/syft from 0.34.0 to 0.68.0 #75

dependabot · 2023-01-23T23:06:28Z

Bumps github.com/anchore/syft from 0.34.0 to 0.68.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.68.0

Changelog

v0.68.0 (2023-01-20)

Full Changelog

Added Features

Catalog memcached binary [[Issue #1459](https://github-redirect.dependabot.com/Catalog memcached binary anchore/syft#1459)] [@witchcraze]

Bug Fixes

Relax error conditions for catalogers [[PR #1492](https://github-redirect.dependabot.com/Relax error conditions for catalogers anchore/syft#1492)] [wagoodman]

Always set the package ID for java packages [[PR #1493](https://github-redirect.dependabot.com/Always set the package ID for java packages anchore/syft#1493)] [wagoodman]

Fix panic in APK version specifier handling [[PR #1494](https://github-redirect.dependabot.com/Fix panic in APK version specifier handling anchore/syft#1494)] [luhring]

ZERO npm dependencies discovered if any npm dependency has an array as a license [[Issue #1479](https://github-redirect.dependabot.com/ZERO npm dependencies discovered if any npm dependency has an array as a license anchore/syft#1479)]

Syft panics on APK parsing when Dependencies or Provides holds an empty string [[Issue #1483](https://github-redirect.dependabot.com/Syft panics on APK parsing when Dependencies or Provides holds an empty string anchore/syft#1483)]

v0.66.2

Changelog

v0.66.2 (2023-01-17)

Full Changelog

Bug Fixes

update dependency golang.org/x/text [[Issue #1457](https://github-redirect.dependabot.com/CVE-2022-32149 in bin/syft (gobinary) dependency golang.org/x/text anchore/syft#1457)]

syft is now throwing panic with version 0.66.1 [[Issue #1462](https://github-redirect.dependabot.com/syft is now throwing panic with version 0.66.1 anchore/syft#1462)]

v0.66.1

Changelog

v0.66.1 (2023-01-12)

Full Changelog

Bug Fixes

update graalvm cataloger to fix panic [[PR #1454](https://github-redirect.dependabot.com/fix: update graalvm cataloger to fix panic anchore/syft#1454)] [kzantow]

... (truncated)

Commits

e58050b Fix panic in apkdb parsing on empty "provides" values (#1494)
36a0945 push detailed log statements to trace-level (#1500)
396441e npm: package-lock license decoding to accept string or array (#1482)
972e4cd always set the package ID for java packages (#1493)
99f55f6 fix: skip filling in empty fields in APK metadata (#1484)
285112f chore(deps): bump github.com/facebookincubator/nvdtools (#1499)
f29bea5 chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498)
39cdbc4 chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497)
27b62ce chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496)
499e7c4 chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.34.0 to 0.68.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.34.0...v0.68.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-01-30T23:08:19Z

Superseded by #77.

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 23, 2023

dependabot bot mentioned this pull request Jan 23, 2023

Bump github.com/anchore/syft from 0.34.0 to 0.66.1 #74

Closed

dependabot bot closed this Jan 30, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.68.0 branch January 30, 2023 23:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.34.0 to 0.68.0 #75

Bump github.com/anchore/syft from 0.34.0 to 0.68.0 #75

dependabot bot commented on behalf of github Jan 23, 2023

dependabot bot commented on behalf of github Jan 30, 2023

Bump github.com/anchore/syft from 0.34.0 to 0.68.0 #75

Bump github.com/anchore/syft from 0.34.0 to 0.68.0 #75

Conversation

dependabot bot commented on behalf of github Jan 23, 2023

v0.68.0

Changelog

v0.68.0 (2023-01-20)

Added Features

Bug Fixes

v0.66.2

Changelog

v0.66.2 (2023-01-17)

Bug Fixes

v0.66.1

Changelog

v0.66.1 (2023-01-12)

Bug Fixes

dependabot bot commented on behalf of github Jan 30, 2023