chore(deps): bump github.com/anchore/syft from 1.12.2 to 1.14.0 #3077

dependabot · 2024-10-08T00:13:28Z

Bumps github.com/anchore/syft from 1.12.2 to 1.14.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.14.0

Added Features

Report known unknowns directly in the output SBOM [#518 #2998 @kzantow]

Identify bash.preinst [#3191 #3228 @wagoodman]

Support HAProxy rc and some old versions [#3233 #3277 @witchcraze]

Support Redis arm/v5, arm/v7, 386 in 7.2, 7.4, 8.0 [#3279 #3281 @witchcraze]

Support node old versions [#3236 #3284 @witchcraze]

Support rubylang/ruby dev versions [#3239 #3285 @witchcraze]

Support ruby rc, preview [#3238 #3285 @witchcraze]

Bug Fixes

performance: instantiate license check scanner to prevent memory leak [#3290 @govrin]

Parse package.json with non-standard fields in 'author' section [#3300 @nuada]

make failed CPE validation correctly return error [#2762 @willmurphyscode]

Improve subpath to mount matching [#3269 @cdupuis]

Additional Changes

add pull request template [#3294 @willmurphyscode]

(Full Changelog)

v1.13.0

Added Features

--enrich flag for data enrichment feature enablement [#3182 @kzantow]

Add classifier for Dart lang [#3265 @LaurentGoderre]

add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher [#3252 @krysgor]

Catalog JDKs more completely [#3188 #3217 @wagoodman]

Show richer information for JVM installations [#1426 #3217 @wagoodman]

Allow for stubbing unknown versions over dropping packages [#2652 #3257 @wagoodman]

Name and Version empty for Java package when scanning provided image [#2132 #3257 @wagoodman]

Support bitnami/mysql:8.x [#3025]

Bug Fixes

OpenJDK CPEs [#2422 #3217 @wagoodman]

SBOM generated from poetry lock file contains no license information on any dependencies [#3204]

Scanning a folder with a jar archive with no metadata creates a SPDX package without versionInfo (Non-NTIA compliant) [#2039 #3257 @wagoodman]

Using replace in a go.mod creates a SPDX package without versionInfo (Non-NTIA compliant) [#2038 #3257 @wagoodman]

Command make add-snippet can fail in some cases [#3249]

(Full Changelog)

Commits

ccbee94 feat: report unknowns in sbom (#2998)
4d7ed9f chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#3299)
4c4e5cb chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 (...
8b6159d chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#3304)
7b30ce1 chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
27ee203 chore(deps): update CPE dictionary index (#3302)
3b9c55d Fix: Parse package.json with non-standard fields in 'author' section (#3300)
25f5c67 chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#3298)
0d45714 chore: add pull request template (#3294)
fc84574 chore(deps): update tools to latest versions (#3296)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

netlify · 2024-10-08T00:13:43Z

✅ Deploy Preview for zarf-docs ready!

Name	Link
🔨 Latest commit	`ca0ce7a`
🔍 Latest deploy log	https://app.netlify.com/sites/zarf-docs/deploys/670646527b93f000085d71c8
😎 Deploy Preview	https://deploy-preview-3077--zarf-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.12.2 to 1.14.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v1.12.2...v1.14.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: Philip Laine <philip.laine@gmail.com>

codecov · 2024-10-09T09:06:10Z

Codecov Report

All modified and coverable lines are covered by tests ✅

see 7 files with indirect coverage changes

…-dev#3077) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Philip Laine <philip.laine@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Philip Laine <philip.laine@gmail.com> Signed-off-by: Micah Nagel <micah.nagel@defenseunicorns.com>

dependabot bot requested review from a team as code owners October 8, 2024 00:13

dependabot bot added dependencies go Pull requests that update Go code labels Oct 8, 2024

dependabot bot mentioned this pull request Oct 8, 2024

chore(deps): bump github.com/anchore/syft from 1.12.2 to 1.13.0 #3056

Closed

dependabot bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.14.0 branch 2 times, most recently from 3fe4f69 to f640c7f Compare October 8, 2024 11:50

dependabot bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.14.0 branch from f640c7f to d2eb179 Compare October 8, 2024 12:54

update docs

ca0ce7a

Signed-off-by: Philip Laine <philip.laine@gmail.com>

phillebaba approved these changes Oct 9, 2024

View reviewed changes

phillebaba enabled auto-merge October 9, 2024 09:01

phillebaba added this pull request to the merge queue Oct 9, 2024

Merged via the queue into main with commit 87dfbcd Oct 9, 2024
38 checks passed

phillebaba deleted the dependabot/go_modules/github.com/anchore/syft-1.14.0 branch October 9, 2024 09:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github.com/anchore/syft from 1.12.2 to 1.14.0 #3077

chore(deps): bump github.com/anchore/syft from 1.12.2 to 1.14.0 #3077

dependabot bot commented on behalf of github Oct 8, 2024 •

edited

Loading

netlify bot commented Oct 8, 2024 •

edited

Loading

codecov bot commented Oct 9, 2024

chore(deps): bump github.com/anchore/syft from 1.12.2 to 1.14.0 #3077

chore(deps): bump github.com/anchore/syft from 1.12.2 to 1.14.0 #3077

Conversation

dependabot bot commented on behalf of github Oct 8, 2024 • edited Loading

v1.14.0

Added Features

Bug Fixes

Additional Changes

v1.13.0

Added Features

Bug Fixes

netlify bot commented Oct 8, 2024 • edited Loading

✅ Deploy Preview for zarf-docs ready!

codecov bot commented Oct 9, 2024

Codecov Report

dependabot bot commented on behalf of github Oct 8, 2024 •

edited

Loading

netlify bot commented Oct 8, 2024 •

edited

Loading