Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

dependabot · 2023-08-28T16:45:28Z

Bumps github.com/anchore/syft from 0.86.1 to 0.88.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.88.0

v0.88.0 (2023-08-25)

Full Changelog

Added Features

Detect golang boring crypto and fipsonly modules [[PR #2021](https://redirect.github.com/Detect golang boring crypto and fipsonly modules anchore/syft#2021)] [bathina2]

feat: 1944 - update purl generation to use a consistent groupID [[PR #2033](https://redirect.github.com/feat: 1944 - update purl generation to use a consistent groupID anchore/syft#2033)] [spiffcs]

Add support to detect bash binaries [[Issue #1963](https://redirect.github.com/Add support to detect bash binaries anchore/syft#1963)] [[PR #2055](https://redirect.github.com/feat: add bash classifier anchore/syft#2055)] [witchcraze]

Bug Fixes

fix: properly parse conan ref and include user and channel [[PR #2034](https://redirect.github.com/fix: properly parse conan ref and include user and channel anchore/syft#2034)] [Pro]

New version notice only showing the version and no text [[PR #2042](https://redirect.github.com/New version notice only showing the version and no text anchore/syft#2042)] [wagoodman]

Fix: don't validate pom declared group [[PR #2054](https://redirect.github.com/Fix: don't validate pom declared group anchore/syft#2054)] [willmurphyscode]

Errors when handling symlinks on Windows with syft v0.85.0 [[Issue #1950](https://redirect.github.com/Errors when handling symlinks on Windows with syft v0.85.0 anchore/syft#1950)] [[PR #2051](https://redirect.github.com/Do not double-prefix symlink paths with base directory when they already contain volume names anchore/syft#2051)] [selzoc]

Syft seems unable to parse non UTF-8 pom.xml files [[Issue #2044](https://redirect.github.com/Syft seems unable to parse non UTF-8 pom.xml files anchore/syft#2044)] [[PR #2047](https://redirect.github.com/Enable reading non-utf-8 encodings for java pom.xml files anchore/syft#2047)] [wagoodman]

Error parsing pom.xml with v0.87.1 [[Issue #2060](https://redirect.github.com/Error parsing pom.xml with v0.87.1 anchore/syft#2060)] [[PR #2064](https://redirect.github.com/Fix panic in pom parsing anchore/syft#2064)] [willmurphyscode]

Invalid CycloneDX: duplicates in relationships section [[Issue #2062](https://redirect.github.com/Generating duplicate in relationships in CycloneDX anchore/syft#2062)] [[PR #2063](https://redirect.github.com/fix: duplicate entries in cyclonedx dependency list anchore/syft#2063)] [kzantow]

v0.87.1

v0.87.1 (2023-08-17)

Full Changelog

Bug Fixes

Use Java package names to determine known groupIDs [[PR #2032](https://redirect.github.com/Use Java package names to determine known groupIDs anchore/syft#2032)] [kzantow]

Relationships section of CycloneDX is not outputting even when the data is present [[Issue #1972](https://redirect.github.com/Relationships section of CycloneDX is not outputting even when the data is present anchore/syft#1972)] [[PR #1974](https://redirect.github.com/Fix for issue #1972: Fixed typecasting, and added more debug logging. anchore/syft#1974)] [markgalpin] [kzantow]

SPDX Tag-Value conversion not handling files directly set on packages [[Issue #2013](https://redirect.github.com/SPDX Tag-Value conversion not handling files directly set on packages anchore/syft#2013)] [[PR #2014](https://redirect.github.com/fix: read direct package files when decoding SPDX tag-value anchore/syft#2014)] [kzantow]

Intermittent binary listings, different results every time [[Issue #2035](https://redirect.github.com/Intermittent binary listings, different results every time anchore/syft#2035)] [[PR #2036](https://redirect.github.com/fix: inconsistent removal of binaries by file overlap anchore/syft#2036)] [kzantow]

v0.87.0

v0.87.0 (2023-08-14)

Full Changelog

Added Features

feat: use originator logic to fill supplier [[PR #1980](https://redirect.github.com/feat: use originator logic to fill supplier anchore/syft#1980)] [spiffcs]

... (truncated)

Commits

dd09e03 chore: update quill to the latest version (#2065)
4ae94c3 fix: duplicate entries in cyclonedx dependency list (#2063)
d08e2be Fix panic in pom parsing (#2064)
faa9022 Fix: don't validate pom declared group (#2054)
9a2a988 chore: trace log pom property reflect usage (#2059)
5ceef48 fix: do not double-prefix symlink paths that already contain volume names (#2...
1848aa2 feat: add bash classifier (#2055)
62f6898 Detect golang boring crypto and fipsonly modules (#2021)
07ac640 fix: properly parse conan ref and include user and channel (#2034)
a2b3895 chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.86.1 to 0.88.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.86.1...v0.88.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-09-04T16:09:47Z

Superseded by #98.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 28, 2023

dependabot bot mentioned this pull request Aug 28, 2023

Bump github.com/anchore/syft from 0.86.1 to 0.87.1 #95

Closed

jetstack-bot added the size/M label Aug 28, 2023

dependabot bot closed this Sep 4, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.88.0 branch September 4, 2023 16:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Uh oh!

dependabot bot commented on behalf of github Aug 28, 2023

Uh oh!

dependabot bot commented on behalf of github Sep 4, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 28, 2023

v0.88.0

v0.88.0 (2023-08-25)

Added Features

Bug Fixes

v0.87.1

v0.87.1 (2023-08-17)

Bug Fixes

v0.87.0

v0.87.0 (2023-08-14)

Added Features

Uh oh!

dependabot bot commented on behalf of github Sep 4, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants