Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

dependabot · 2023-08-28T16:45:28Z

Bumps github.com/anchore/syft from 0.86.1 to 0.88.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.88.0

v0.88.0 (2023-08-25)

Full Changelog

Added Features

Detect golang boring crypto and fipsonly modules [[PR #2021](https://redirect.github.com/Detect golang boring crypto and fipsonly modules anchore/syft#2021)] [bathina2]

feat: 1944 - update purl generation to use a consistent groupID [[PR #2033](https://redirect.github.com/feat: 1944 - update purl generation to use a consistent groupID anchore/syft#2033)] [spiffcs]

Add support to detect bash binaries [[Issue #1963](https://redirect.github.com/Add support to detect bash binaries anchore/syft#1963)] [[PR #2055](https://redirect.github.com/feat: add bash classifier anchore/syft#2055)] [witchcraze]

Bug Fixes

fix: properly parse conan ref and include user and channel [[PR #2034](https://redirect.github.com/fix: properly parse conan ref and include user and channel anchore/syft#2034)] [Pro]

New version notice only showing the version and no text [[PR #2042](https://redirect.github.com/New version notice only showing the version and no text anchore/syft#2042)] [wagoodman]

Fix: don't validate pom declared group [[PR #2054](https://redirect.github.com/Fix: don't validate pom declared group anchore/syft#2054)] [willmurphyscode]

Errors when handling symlinks on Windows with syft v0.85.0 [[Issue #1950](https://redirect.github.com/Errors when handling symlinks on Windows with syft v0.85.0 anchore/syft#1950)] [[PR #2051](https://redirect.github.com/Do not double-prefix symlink paths with base directory when they already contain volume names anchore/syft#2051)] [selzoc]

Syft seems unable to parse non UTF-8 pom.xml files [[Issue #2044](https://redirect.github.com/Syft seems unable to parse non UTF-8 pom.xml files anchore/syft#2044)] [[PR #2047](https://redirect.github.com/Enable reading non-utf-8 encodings for java pom.xml files anchore/syft#2047)] [wagoodman]

Error parsing pom.xml with v0.87.1 [[Issue #2060](https://redirect.github.com/Error parsing pom.xml with v0.87.1 anchore/syft#2060)] [[PR #2064](https://redirect.github.com/Fix panic in pom parsing anchore/syft#2064)] [willmurphyscode]

Invalid CycloneDX: duplicates in relationships section [[Issue #2062](https://redirect.github.com/Generating duplicate in relationships in CycloneDX anchore/syft#2062)] [[PR #2063](https://redirect.github.com/fix: duplicate entries in cyclonedx dependency list anchore/syft#2063)] [kzantow]

v0.87.1

v0.87.1 (2023-08-17)

Full Changelog

Bug Fixes

Use Java package names to determine known groupIDs [[PR #2032](https://redirect.github.com/Use Java package names to determine known groupIDs anchore/syft#2032)] [kzantow]

Relationships section of CycloneDX is not outputting even when the data is present [[Issue #1972](https://redirect.github.com/Relationships section of CycloneDX is not outputting even when the data is present anchore/syft#1972)] [[PR #1974](https://redirect.github.com/Fix for issue #1972: Fixed typecasting, and added more debug logging. anchore/syft#1974)] [markgalpin] [kzantow]

SPDX Tag-Value conversion not handling files directly set on packages [[Issue #2013](https://redirect.github.com/SPDX Tag-Value conversion not handling files directly set on packages anchore/syft#2013)] [[PR #2014](https://redirect.github.com/fix: read direct package files when decoding SPDX tag-value anchore/syft#2014)] [kzantow]

Intermittent binary listings, different results every time [[Issue #2035](https://redirect.github.com/Intermittent binary listings, different results every time anchore/syft#2035)] [[PR #2036](https://redirect.github.com/fix: inconsistent removal of binaries by file overlap anchore/syft#2036)] [kzantow]

v0.87.0

v0.87.0 (2023-08-14)

Full Changelog

Added Features

feat: use originator logic to fill supplier [[PR #1980](https://redirect.github.com/feat: use originator logic to fill supplier anchore/syft#1980)] [spiffcs]

... (truncated)

Commits

dd09e03 chore: update quill to the latest version (#2065)
4ae94c3 fix: duplicate entries in cyclonedx dependency list (#2063)
d08e2be Fix panic in pom parsing (#2064)
faa9022 Fix: don't validate pom declared group (#2054)
9a2a988 chore: trace log pom property reflect usage (#2059)
5ceef48 fix: do not double-prefix symlink paths that already contain volume names (#2...
1848aa2 feat: add bash classifier (#2055)
62f6898 Detect golang boring crypto and fipsonly modules (#2021)
07ac640 fix: properly parse conan ref and include user and channel (#2034)
a2b3895 chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.86.1 to 0.88.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.86.1...v0.88.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2023-09-04T16:09:47Z

Superseded by #98.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 28, 2023

dependabot bot mentioned this pull request Aug 28, 2023

Bump github.com/anchore/syft from 0.86.1 to 0.87.1 #95

Closed

jetstack-bot added the size/M label Aug 28, 2023

dependabot bot closed this Sep 4, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.88.0 branch September 4, 2023 16:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

dependabot bot commented on behalf of github Aug 28, 2023

dependabot bot commented on behalf of github Sep 4, 2023

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Bump github.com/anchore/syft from 0.86.1 to 0.88.0 #97

Conversation

dependabot bot commented on behalf of github Aug 28, 2023

v0.88.0

v0.88.0 (2023-08-25)

Added Features

Bug Fixes

v0.87.1

v0.87.1 (2023-08-17)

Bug Fixes

v0.87.0

v0.87.0 (2023-08-14)

Added Features

dependabot bot commented on behalf of github Sep 4, 2023