Bump github.com/anchore/syft from 0.80.0 to 0.99.0 #542

dependabot · 2023-12-22T05:44:51Z

Bumps github.com/anchore/syft from 0.80.0 to 0.99.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v0.99.0

Added Features

Look for a maven version in a pom from a parent dependency management… [#2423 @coheigea]

Adding the ability to retrieve remote licenses for yarn.lock [#2338 @coheigea]

Retrieve remote licenses using pom.properties when there is no pom.xml [#2315 @coheigea]

Add the option to retrieve remote licenses for projects defined in a … [#2409 @coheigea]

Parse Python licenses from LicenseFile entry in the Wheel Metadata [#2331 @coheigea]

Add binary classifier for the ERLang interpreter [#2417 @LaurentGoderre]

Parse Python licenses from LicenseExpression entry in the Wheel Metadata [#2431 @coheigea]

Add binary classifier for Julia lang [#2427 @LaurentGoderre]

Add binary detection for PHP composer [#2432 @LaurentGoderre]

Bug Fixes

bump fangs for ptr summarize fix [#2387 @willmurphyscode]

improve identification for org.codehaus.groovy artifacts [#2404 @westonsteimel]

improve identification for commons-jelly artifacts [#2399 @westonsteimel]

improve identification for io.minio artifacts [#2398 @westonsteimel]

improve identification for com.graphql-java artifacts [#2397 @westonsteimel]

improve identification for org.apache.tapestry artifacts [#2384 @westonsteimel]

improve identification for io.ratpack artifacts [#2379 @westonsteimel]

improve identification for org.apache.cassandra artifacts [#2386 @westonsteimel]

improve identification for org.neo4j.procedure artifacts [#2388 @westonsteimel]

improve identification for org.elasticsearch artifacts [#2383 @westonsteimel]

improve identification for org.apache.geode artifacts [#2382 @westonsteimel]

improve identification for org.apache.tomcat artifacts [#2381 @westonsteimel]

improve identification for io.projectreactor.netty artifacts [#2378 @westonsteimel]

stop panic when parsing Haskell stack.yaml.lock with missing hackage field [#2421 #2419 @houdini91]

fix detecting the name of the eclipse OSGi artifact [#2314 #2349 @westonsteimel]

File Sources incorrectly exclude files on Windows [#2410 #2411 @Racer159]

Parser for dotnet_portable_executable using wrong attribute name [#2029 #2133 @kzantow]

Breaking Changes

Generalize UI events for cataloging tasks [#2369 @wagoodman]

Additional Changes

refactor pkg.Collection to remove "catalog" references [#2439 @wagoodman]

Expose javascript fields in cataloger configuration [#2438 @wagoodman]

Use common archive catalog configuration [#2437 @wagoodman]

Fix file digest cataloger when passed explicit coordinates [#2436 @wagoodman]

(Full Changelog)

v0.98.0

Added Features

Add binary classifiers for MySQL and MariaDB [#2316 @duanemay]

... (truncated)

Commits

3cffa0b chore: remove execute from test fixtures (#2450)
da03e98 chore(deps): update tools to latest versions (#2447)
4aa2d8c fix: don't panic when hackage missing in haskell stack yaml lock (#2448)
a635d66 Add binary classifier for the ERLang interpretter (#2417)
51d3cd0 Add binary classifier for Julia lang (#2427)
4846639 Add binary detection for PHP composer (#2432)
6030a69 chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2433)
8b9194e chore(deps): update CPE dictionary index (#2442)
56a1ab5 chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (...
f4dd36c fix syft-json test to use pretty json for snapshot testing (#2441)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 0.80.0 to 0.99.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v0.80.0...v0.99.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-01-08T05:20:47Z

Superseded by #543.

dependabot bot requested a review from a team as a code owner December 22, 2023 05:44

dependabot bot added the dependencies Pull requests that update a dependency file label Dec 22, 2023

dependabot bot requested review from ryanmoran and sophiewigmore December 22, 2023 05:44

dependabot bot mentioned this pull request Dec 22, 2023

Bump github.com/anchore/syft from 0.80.0 to 0.98.0 #540

Closed

paketo-bot added the semver:patch A change requiring a patch version bump label Dec 22, 2023

dependabot bot closed this Jan 8, 2024

dependabot bot deleted the dependabot/go_modules/github.com/anchore/syft-0.99.0 branch January 8, 2024 05:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/syft from 0.80.0 to 0.99.0 #542

Bump github.com/anchore/syft from 0.80.0 to 0.99.0 #542

dependabot bot commented on behalf of github Dec 22, 2023

dependabot bot commented on behalf of github Jan 8, 2024

Bump github.com/anchore/syft from 0.80.0 to 0.99.0 #542

Bump github.com/anchore/syft from 0.80.0 to 0.99.0 #542

Conversation

dependabot bot commented on behalf of github Dec 22, 2023

v0.99.0

Added Features

Bug Fixes

Breaking Changes

Additional Changes

v0.98.0

Added Features

dependabot bot commented on behalf of github Jan 8, 2024