tally icon indicating copy to clipboard operation
tally copied to clipboard
verified publisher icon jetstack

Bump github.com/anchore/syft from 0.86.1 to 0.90.0

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps github.com/anchore/syft from 0.86.1 to 0.90.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.90.0

v0.90.0 (2023-09-11)

Full Changelog

Added Features

  • Expose cobra command in cli package [[PR #2097](https://redirect.github.com/anchore/syft/pull/2097)] [wagoodman]
  • Explicitly test PURL generation against key packages [[Issue #2071](https://redirect.github.com/anchore/syft/issues/2071)]
  • Add User-Agent with Syft version during update check [[Issue #2072](https://redirect.github.com/anchore/syft/issues/2072)] [[PR #2100](https://redirect.github.com/anchore/syft/pull/2100)] [hainenber]

Bug Fixes

  • fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation [[PR #2075](https://redirect.github.com/anchore/syft/pull/2075)] [willmurphyscode]
  • Cyclonedx external reference URLs are not validated when encoding [[Issue #2079](https://redirect.github.com/anchore/syft/issues/2079)] [[PR #2091](https://redirect.github.com/anchore/syft/pull/2091)] [hainenber]

Additional Changes

  • Bump the golang.org/x/exp dependency and fix a build breakage. [[PR #2088](https://redirect.github.com/anchore/syft/pull/2088)] [dlorenc]
  • fix: update codeql-analysis for go 1.21 [[PR #2108](https://redirect.github.com/anchore/syft/pull/2108)] [spiffcs]

v0.89.0

v0.89.0 (2023-08-31)

Full Changelog

Added Features

  • Add registry certificate verification support [[PR #1734](https://redirect.github.com/anchore/syft/pull/1734)] [5p2O5pe25ouT]
  • Add SYFT_CONFIG environment variable for configuration file path [[Issue #1986](https://redirect.github.com/anchore/syft/issues/1986)] [[PR #2001](https://redirect.github.com/anchore/syft/pull/2001)] [kzantow]

Bug Fixes

  • Fix quiet flag [[PR #2081](https://redirect.github.com/anchore/syft/pull/2081)] [wagoodman]
  • Command line flags not overriding configuration file values [[Issue #1143](https://redirect.github.com/anchore/syft/issues/1143)] [[PR #2001](https://redirect.github.com/anchore/syft/pull/2001)] [kzantow]
  • Django package CPE is not correct [[Issue #1298](https://redirect.github.com/anchore/syft/issues/1298)] [[PR #2068](https://redirect.github.com/anchore/syft/pull/2068)] [witchcraze]
  • Config parsing includes config.yaml in working dir [[Issue #1634](https://redirect.github.com/anchore/syft/issues/1634)] [[PR #2001](https://redirect.github.com/anchore/syft/pull/2001)] [kzantow]
  • Fix a possible panic on universal go binaries [[Issue #2073](https://redirect.github.com/anchore/syft/issues/2073)] [[PR #2078](https://redirect.github.com/anchore/syft/pull/2078)] [willmurphyscode]
  • Disabling catalogers is not working in power user command [[Issue #2074](https://redirect.github.com/anchore/syft/issues/2074)] [[PR #2001](https://redirect.github.com/anchore/syft/pull/2001)] [kzantow]
  • Virtual path changes to java cataloger causing creation of extra incorrect packages when jars are renamed [[Issue #2077](https://redirect.github.com/anchore/syft/issues/2077)] [[PR #2080](https://redirect.github.com/anchore/syft/pull/2080)] [willmurphyscode]

v0.88.0

... (truncated)

Commits
  • b82c0ff fix(help): power-user help text to indicate it supports file-system (#2113)
  • b2be411 chore(deps): bump tibdex/github-app-token from 1 to 2 (#2116)
  • ec22f4b chore(deps): update CPE dictionary index (#2114)
  • e3c525b chore(deps): update stereoscope to 057dda3667e7f2b5e6ec6716747badd5f403c6de (...
  • 3842d28 fix: update codeql-analysis for go 1.21 (#2108)
  • 9f22ab6 Bump the golang.org/x/exp dependency and fix a build breakage. (#2088)
  • 1315cfd chore(deps): bump actions/checkout from 3 to 4 (#2094)
  • 212aa9b chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.7 to 0.4.10 (#2106)
  • 46e4ac1 chore(deps): update bootstrap tools to latest versions (#2086)
  • 6800a5f chore(deps): update CPE dictionary index (#2089)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Sep 18 '23 16:09 dependabot[bot]