* Thu Jan 23 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.19.0:
* chore(deps): update tools to latest versions (#3602)
* chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2
(#3604)
* chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to
2.23.0 (#3605)
* chore(deps): bump github.com/aquasecurity/go-pep440-version
(#3606)
* chore: bump stereoscope to v0.0.13 (#3601)
* feat(cataloger): add a terraform provider cataloger (#3378)
* chore(deps): update tools to latest versions (#3597)
* chore(deps): update CPE dictionary index (#3599)
* chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#3600)
* feat(golang): add license parsing from vendor dirs (#3522)
* chore: bump packageurl-go with new parsing rules (#3596)
* chore(deps): bump marocchino/sticky-pull-request-comment
(#3595)
* feat: add cataloger for NuGet packages (#3484)
* allow disabling all package catalogers (#3468)
* chore(deps): bump github.com/google/go-containerregistry
(#3592)
* chore(deps): bump modernc.org/sqlite from 1.34.4 to 1.34.5
(#3593)
* chore(deps): update tools to latest versions (#3582)
* chore: update README.md's link to Nixpkgs (#3578)
* chore(deps): bump github.com/sanity-io/litter from 1.5.5 to
1.5.6 (#3579)
* chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0
(#3580)
* chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
(#3581)
* chore(deps): update CPE dictionary index (#3583)
* chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1
(#3584)
* chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to
5.6.2 (#3585)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1
to 4.8.0 (#3586)
* chore(deps): bump github.com/docker/docker (#3587)
* chore(deps): update anchore dependencies (#3571)
* chore(deps): update tools to latest versions (#3567)
* chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
(#3568)
* fix: golang remote license search not executing when error
reading local mod dir (#3549)
* chore(deps): update tools to latest versions (#3564)
* chore(deps): update CPE dictionary index (#3565)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to
0.5.8 (#3548)
* chore(deps): update tools to latest versions (#3560)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to
5.13.1 (#3561)
* Use reader when scanning for package versions over reading
entire binary into memory (#3558)
* chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to
5.6.1 (#3551)
* chore(deps): update tools to latest versions (#3556)
* test: removes latest license list test (#3559)
* chore(deps): bump peter-evans/create-pull-request from 7.0.5 to
7.0.6 (#3547)
* chore(deps): update CPE dictionary index (#3550)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
5.13.0 (#3552)
* chore(deps): update tools to latest versions (#3543)
* chore(deps): update CPE dictionary index (#3544)
* chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4
(#3545)
* chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0
(#3546)
* chore(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
(#3541)
* chore(deps): bump modernc.org/sqlite from 1.34.2 to 1.34.3
(#3542)
* chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
(#3537)
* chore(deps): bump github.com/docker/docker (#3538)
* chore(deps): update CPE dictionary index (#3526)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1
to 0.9.2 (#3530)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.4 to
6.6.5 (#3531)
* chore(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9
(#3532)
* Sat Dec 14 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.18.1:
* chore(deps): update anchore dependencies (#3525)
* chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9
(#3524)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
(#3523)
* chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#3519)
* chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3518)
* chore: make fixes field in PR template match auto-close regex
(#3520)
* fix: stop omitting redundantly parenthesized licenses in CDX
formatter (#3517)
* chore: migrate syft to use the anchore fork of archiver without
replace (#3516)
* Make pre-release integration PRs (#3370)
* chore(deps): bump github.com/docker/docker (#3512)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.3 to
6.6.4 (#3513)
* chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7
(#3514)
* Tue Dec 10 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.18.0:
* chore(deps): update anchore dependencies (#3510)
* fix: convert file paths for spdx formats from absolute to
relative (#3509)
* chore(deps): update CPE dictionary index (#3507)
* chore(deps): update tools to latest versions (#3506)
* chore(deps): bump github.com/magiconair/properties from 1.8.7
to 1.8.9 (#3508)
* chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#3503)
* Add relationships for rust audit binary packages (#3500)
* fix order of rust dependencies and support git sources in
Cargo.lock dependencies (#3502)
* chore(deps): update tools to latest versions (#3501)
* chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
(#3499)
* chore: add and document target for updating unit snapshots
(#3498)
* fix: emit NOASSERTION for copyright text to fix SPDX 2.2
validation failure (#3495)
* chore(deps): update tools to latest versions (#3496)
* chore(deps): update tools to latest versions (#3487)
* chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
(#3494)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.2 to
6.6.3 (#3489)
* feat: set max layer size (#3464)
* chore(deps): update CPE dictionary index (#3491)
* chore(deps): bump modernc.org/sqlite from 1.34.1 to 1.34.2
(#3492)
* chore(deps): bump github.com/saferwall/pe from 1.5.5 to 1.5.6
(#3493)
* chore(deps): update tools to latest versions (#3478)
* chore(deps): update CPE dictionary index (#3479)
* chore(deps): bump github.com/stretchr/testify from 1.9.0 to
1.10.0 (#3480)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3
to 1.2.4 (#3482)
* chore(deps): update stereoscope to
be5deed44b7c03fcbfa6f1f42fb67202d31636a9 (#3483)
* fix: dart classifier for 2.x and ARM (#3475)
* Use file indexer directly when scanning with file source
(#3333)
* chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8
(#3476)
* chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
(#3473)
* Thu Nov 21 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.17.0:
* chore(deps): update stereoscope to
aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3472)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2
to 1.2.3 (#3467)
* fix: bump clio to pull in logging fix (#3466)
* 3122 valid license url characters (#3449)
* 3030 license declared spdx correction (#3461)
* chore(deps): update tools to latest versions (#3463)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.1 to
6.6.2 (#3465)
* chore(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.1
(#3460)
* chore(deps): update CPE dictionary index (#3453)
* chore(deps): update tools to latest versions (#3454)
* chore(deps): update tools to latest versions (#3448)
* chore(deps): update tools to latest versions (#3444)
* chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4
(#3446)
* feat: emit dependency relationships found in Cargo.lock (#3443)
* chore(deps): update stereoscope to
aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3442)
* chore(deps): bump github/codeql-action from 3.27.2 to 3.27.3
(#3438)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.1
to 1.2.2 (#3439)
* chore(deps): bump github.com/saferwall/pe from 1.5.4 to 1.5.5
(#3440)
* chore(deps): update tools to latest versions (#3413)
* chore(deps): bump github/codeql-action from 3.27.1 to 3.27.2
(#3436)
* chore(deps): bump golang.org/x/mod from 0.21.0 to 0.22.0
(#3426)
* update node classifier (#3419)
* chore(deps): update stereoscope to
120d9ea511e2f7a9887b443c52e66cd19bb80b43 (#3424)
* chore(deps): update CPE dictionary index (#3429)
* chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1
(#3431)
* chore(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
(#3432)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2
to 1.2.1 (#3433)
* restore log on ui teardown (#3427)
* doc: Add official Syft logo license information (#3421)
* chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7
(#3418)
* chore: build release sbom from go.mod (#3417)
* Tue Nov 05 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.16.0:
* chore: prevent file resolver from bubbling errors in binary
cataloger (#3410)
* chore(deps): update stereoscope to
cbd43fb4e5d348fe680066ee6329385fd6a4f827 (#3411)
* chore(deps): update CPE dictionary index (#3414)
* chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
(#3408)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
to 1.0.0 (#3409)
* chore(deps): update stereoscope to
2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 (#3405)
* Issue #3143 – fixed format conversion docs link (#3407)
* feat: support dependencies and purl for Native Image SBOMs
(#3399)
* chore(deps): update stereoscope to
9c92fe30492ffeba14ed2e23ad1fd923341dda4f (#3398)
* feat: exclude devDependencies from package-lock.json parsing
(#3371)
* chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
(#3394)
* chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
(#3393)
* fix: stack overflow in spyingIoReadCloser (#3392)
* fix: bad pom files may cause infinite loop (#3391)
* Tue Oct 29 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.15.0:
* chore(deps): update stereoscope to
bcc40c6817524718277256d6b774ce643f98640a (#3388)
* chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#3384)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
to 1.1.2 (#3385)
* chore(deps): update tools to latest versions (#3383)
* chore(deps): update CPE dictionary index (#3387)
* chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3380)
* feat: multi-level configuration and profiles (#3337)
* feat: Java dependency graph information (#3363)
* Expanded dpkg cataloger globs (#3373)
* Enable cargo-auditable-binary-cataloger for files/directories
(#3376)
* chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
(#3374)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3375)
* chore(deps): update stereoscope to
6db3c175f1f836e552b01ee70e5d5528cc04bce4 (#3362)
* chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#3364)
* chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
(#3365)
* chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to
5.6.0 (#3367)
* Tue Oct 22 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.14.2:
* Create single license scanner for all catalogers (#3348)
* chore(deps): update stereoscope to
a38c93517fc7d67ca1af826ac529a06c05b571d2 (#3357)
* chore(deps): update CPE dictionary index (#3358)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to
6.6.1 (#3361)
* update to latest packageurl-go (#3347)
* chore(deps): update tools to latest versions (#3342)
* chore(deps): update stereoscope to
9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f (#3338)
* chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
(#3344)
* fix: use official CPE for linux kernel (#3343)
* chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
(#3340)
* fix: improve mariadb binary classifer to detect older versions
(#3339)
* Tue Oct 15 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.14.1:
* fix: stop some log.Warn spam due parsing an empty string as a
CPE (#3330)
* chore(deps): update stereoscope to
1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
* chore(deps): update stereoscope to
1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
* chore(deps): update stereoscope to
93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
* chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
(#3326)
* chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
(#3327)
* chore(deps): update CPE dictionary index (#3323)
* fix: improve go binary semver extraction for traefik (#3325)
* chore(deps): update stereoscope to
92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
* chore(deps): update stereoscope to
c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1
to 4.7.0 (#3321)
* chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3
(#3314)
* shorten release docs (#3318)
* docs: clearer deprecation message for --file (#3310)
* [docs] Add mastodon link to README.md (#3306)
* chore(deps): update stereoscope to
5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
* chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
* chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
(#3307)
* chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
* chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
(#3309)
* Wed Oct 09 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.14.0:
* feat: report unknowns in sbom (#2998)
* chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
(#3299)
* chore(deps): update stereoscope to
efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
* chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
(#3304)
* chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
* chore(deps): update CPE dictionary index (#3302)
* Fix: Parse package.json with non-standard fields in 'author'
section (#3300)
* chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
(#3298)
* chore: add pull request template (#3294)
* chore(deps): update tools to latest versions (#3296)
* Track supporting DPKG evidence (#3228)
* Fix: make failed CPE validation correctly return error (#2762)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to
6.6.0 (#3293)
* feat: update haproxy classifier (#3277)
* chore(deps): update tools to latest versions (#3291)
* fix: don't use builtin scanner in licensecheck (#3290)
* chore(deps): update CPE dictionary index (#3288)
* chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
(#3289)
* update redis classifier (#3281)
* fix: improve node classifier version matching (#3284)
* fix: update ruby classifier for -rc, -dev, etc. versions
(#3285)
* chore(deps): update CPE dictionary index (#3262)
* chore(deps): bump github.com/docker/docker (#3264)
* chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
(#3275)
* chore(deps): update stereoscope to
dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
* chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
* add awaiting response management (#3272)
* fix: correct excluded mount point comparison to file paths
(#3269)
* Tue Sep 24 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.13.0:
* Add JVM cataloger (#3217)
* feat: classifier for Dart lang binaries (#3265)
* Add compliance policy for empty name and version (#3257)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to
2.3.2 (#3254)
* chore(deps): bump peter-evans/create-pull-request from 7.0.3 to
7.0.5 (#3255)
* chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
(#3256)
* chore(deps): update tools to latest versions (#3259)
* chore(deps): bump github.com/docker/docker (#3260)
* feat: add binary classifiers for lighttp, proftpd, zstd, xz,
gzip, jq, and sqlcipher (#3252)
* fix: capture-snippet.sh can handle leading whitespaces now
(#3249) (#3250)
* chore(deps): update tools to latest versions (#3251)
* chore(deps): update tools to latest versions (#3247)
* chore(deps): update tools to latest versions (#3243)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
to 0.9.1 (#3242)
* chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
(#3241)
* chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
7.0.3 (#3240)
* chore(deps): update tools to latest versions (#3231)
* chore(deps): update CPE dictionary index (#3232)
* chore(deps): update tools to latest versions (#3205)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
to 1.1.1 (#3225)
* chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
7.0.2 (#3226)
* chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
(#3229)
* feat: --enrich flag for data enrichment feature enablement
(#3182)
* Thu Sep 12 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.12.2 (no releases between 1.11.1 and this
one):
* chore: make ci-check.sh an executable file (#3220)
* chore(deps): bump github.com/opencontainers/runc from 1.1.12 to
1.1.14 (#3219)
* chore: restore ci-check.sh script (#3218)
* Add haskell binaries cataloger (#3078)
* chore(deps): update CPE dictionary index (#3206)
* chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0
(#3203)
* Add the Ocaml ecosystem (#3112)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0
to 0.20.0 (#3209)
* chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0
(#3210)
* chore(deps): bump github.com/docker/docker (#3211)
* chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
(#3212)
* dont cleanup cache in forks (#3214)
* less verbose java logging when non-fatal issues arise (#3208)
* Slim down docker cache size (#3190)
* chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
7.0.1 (#3196)
* chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0
(#3197)
* fix: haproxy classifier for versions with -dev suffix (#3180)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
3.3.0 (#3177)
* chore(deps): update CPE dictionary index (#3183)
* chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
(#3184)
* chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
7.0.0 (#3187)
* fix: properly decode SPDX license expressions in CycloneDX
format (#3175)
* chore(deps): bump github.com/docker/docker (#3168)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
* chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6
(#3173)
* fix: cycles resolving relative path parent poms with
parent-defined variables (#3170)
* fix: improve generated cpes for binaries with existing
classifiers (#3169)
* fix: add log time of task (#3105)
* fix: improve known CPEs and set NVD as source for all current
binary classifiers (#3167)
* respond to authoratative CPEs from catalogers (#3166)
* set cataloger names within package cataloger task (#3165)
* fix: use official CPE for curl binary cataloger (#3164)
* chore(deps): update tools to latest versions (#3160)
* chore(deps): update CPE dictionary index (#3161)
* chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5
(#3162)
* fix ELF package correlations (#3151)
* chore(deps): update tools to latest versions (#3144)
* feat: detect curl binaries (#3146)
* chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
(#3155)
* chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
(#3154)
* chore(deps): update stereoscope to
e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0
to 0.19.0 (#3148)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
* chore(deps): bump github.com/anchore/stereoscope (#3153)
* fix: mysql 8.0.3x binary detection (#3142)
* chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
(#3139)
* Tue Aug 20 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.11.1:
* fix: logging for remote network calls (#3140)
* chore(deps): update CPE dictionary index (#3135)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3137)
* chore(deps): update tools to latest versions (#3121)
* chore(deps): bump github.com/docker/docker (#3123)
* chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1
(#3124)
* chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2
(#3129)
* fix: add nil check to CycloneDX toBomProperties (#3119)
* fix: read CycloneDX BOM components from metadata (#3092)
* fix: improve groupid extraction for Jenkins plugins (#2815)
* chore(deps): update CPE dictionary index (#3116)
* support .kar files (#3113)
* chore: fix some comments (#3114)
* chore: fix failing python relationship test (#3117)
* update-slack-to-discourse (#3111)
* Fri Aug 09 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.11.0:
* test: increase java purl generation test coverage (#3110)
* chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0
(#3106)
* chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
(#3107)
* chore(deps): update tools to latest versions (#3099)
* chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0
(#3101)
* chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6
(#3102)
* chore(deps): bump github.com/google/go-containerregistry
(#3103)
* chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0
(#3104)
* chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5
(#3095)
* chore(deps): update CPE dictionary index (#3094)
* chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0
(#3096)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to
0.5.7 (#3097)
* feat: improved java maven property resolution (#2769)
* fix: use organization for package supplier when reading Java
vendor fields (#3093)
* chore(deps): update tools to latest versions (#3091)
* fix: update 'guessMainPackageNameAndVersionFromPomInfo' and
'artifactIDMatchesFilename' (#3054)
* fix: update mainModuleVersion function to always prefix `v` to
findings (#3087)
* chore: update release script to use gh from binny (#3084)
* Added the SWI Prolog (swipl) ecosystem (#3076)
* Thu Aug 01 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.10.0:
* fix: improve determinism in java archive identification (#3085)
* chore(deps): update stereoscope to
50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075)
* chore(deps): update CPE dictionary index (#3079)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to
0.5.6 (#3082)
* chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15
(#3083)
* fix: traefik classifier (#3077)
* python-cataloger: fix normalization test (#3073)
* Only match ldflag version if it matches the main module or
targets main.version (#3062)
* python cataloger: allow dots in python package names (#3070)
* python-cataloger: normalize package names (#3069)
* chore(deps): bump github.com/docker/docker (#3066)
* chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14
(#3072)
* fix: SPDX output performance with many relationships (#3053)
* better go mod detection from partial package builds (#3060)
* chore(deps): update tools to latest versions (#3061)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1
to 0.12.1 (#3040)
* chore: add debug logging for errors reading RPM files (#3051)
* chore(deps): update CPE dictionary index (#3035)
* chore(deps): bump github.com/docker/docker (#3055)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to
0.5.5 (#3056)
* chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1
(#3057)
* chore(deps): bump docker/login-action from 3.2.0 to 3.3.0
(#3058)
* chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13
(#3059)
* chore(deps): update stereoscope to
487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032)
* chore(deps): update tools to latest versions (#3050)
* docs: CODE_OF_CONDUCT.md (#3046)
* fix: include CPEs with Maven groupId as vendor (#3045)
* chore(deps): bump github.com/google/go-containerregistry
(#3047)
* chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to
0.7.2 (#3048)
* chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2
(#3039)
* docs: link to contrib/dev docs in readme (#3029)
* chore: Fix apache shield in readme (#3021)
* chore(deps): update tools to latest versions (#3031)
* chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12
(#3034)
* chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0
(#3044)
* fix: stop panicking on "devel" version go stdlib (#3043)
* chore: pin fedora image for elf binary test (#3041)
* chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1
(#3023)
* chore(deps): update stereoscope to
27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026)
* Thu Jul 11 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.9.0:
* chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
* fix: stabilize cpe sorting during collection sort (#3009)
* Map the downloadLocation field for PHP Composer packages
(#3011)
* chore(deps): update stereoscope to
e46739e217969fa67cbe8834b64bb165a10a1548 (#3013)
* chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
(#3015)
* chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0
(#3014)
* chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4
(#3017)
* chore(deps): bump github.com/google/go-containerregistry
(#3019)
* chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0
(#3020)
* chore(deps): update CPE dictionary index (#3016)
* Infer the package type from ELF package notes (#3008)
* chore(deps): update tools to latest versions (#3003)
* chore(deps): update CPE dictionary index (#3002)
* chore(deps): bump github.com/docker/docker (#3006)
* chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11
(#3004)
* chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4
(#3005)
* feat: version 3 support for swift package manager of the
resolved files (#3001)
* chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to
0.5.5 (#2999)
* chore(deps): bump github.com/docker/docker (#2994)
* Add detection of Erlang in Alpine linux (#2996)
* chore(deps): update tools to latest versions (#2991)
* chore(deps): update stereoscope to
753b5576fe42bc007b22108ad7911d1729957a46 (#2992)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2995)
* Tue Jun 25 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.8.0:
* chore(deps): update CPE dictionary index (#2986)
* chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1
(#2988)
* fix: handle errors reading go licenses (#2985)
* docs: update cyclone-dx documentation (#2983)
* feat: update syft to generate cyclone-dx 1.6 by default (#2978)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
* chore(deps): bump peter-evans/create-pull-request from 6.0.5 to
6.1.0 (#2975)
* fix: detection of arangodb 3.12 (#2979)
* chore: enable dependabot to keep boostrap action updated
(#2976)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to
2.3.1 (#2973)
* chore(deps): bump github.com/google/go-containerregistry
(#2971)
* chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
(#2972)
* Sat Jun 15 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.7.0:
* Added Features
- index known CPEs for wordpress plugins and themes [#2963
@westonsteimel]
- Consider Author field for wordpress plugins when generating
CPEs [#2946 @wagoodman]
* Bug Fixes
- improve version extraction from ldflags for pingcap TiDB
[#2962 @westonsteimel]
- Trim whitespace from wordpress values [#2945 @wagoodman]
- Issue scanning Poetry Project with Syft 1.6 and
cataloger=python-package-cataloger [#2954 #2965 @spiffcs]
- Poetry's multiple constraints seems to break the parser
[#2947 #2965 @spiffcs]
- Golang: Search remote licenses not working in a CI pipeline
when scanning Docker image [#2798 #2852 @kzantow]
* Mon Jun 10 2024 opensuse_buildservice@ojkastl.de
- Update to version 1.6.0:
* Added Features
- Add relationships for go binary packages [#2912 @wagoodman]
- Add classifier for util-linux [#2933 @LaurentGoderre]
- Lua: Add support for more advanced syntax [#2908
@LaurentGoderre]
- add license field to ELF binary package metadata [#2890
@brian-ebarb]
- install.sh: check checksums file's signature [#2884 #2941
@wagoodman]
- Detect ELF package notes from fedora binaries [#2713 #2939
@wagoodman]
* Bug Fixes
- Use redhat as namespace for redhat rpms [#2914 @ralphbean]
- Close sqlite driver after testing sqlite availability [#2922
@ttc0419]
- syft does not find anything in archives if /tmp is a tmpfs
[#2894 #2918 @willmurphyscode]
- Scanning a git repository folder present in /tmp produce an
empty sbom [#2847 #2918 @willmurphyscode]
* Additional Changes
- update unit tests to use pinned patch version [#2932
@spiffcs]
- fix comments and spelling [#2920 @dufucun]
* Fri May 31 2024 andrea.manzini@suse.com
- Update to version 1.5.0:
* feat: detect fluent-bit binaries (#2905)
* bump dependencies
* Add python wheel egg relationships (#2903)
* feat: Add Lua cataloger (#2613)
* feat: add config command (#2892)
* feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864)
* Go Mod Cataloger: Remove Replaced Packages (#2891)
* chore: Reduce length of readme, moving lengthy content to the wiki (#2882)
* fix: DecoderCollection discarding input from non-seekable Readers (#2878)
* Fix outdated spdx links (#2865)
* Use values in relationship To/From fields (#2871)
* add support for RPM DB package relationships (#2872)
* fix: capture dependencies when parsing SPDX SBOMs (#2869)
* Add abstraction for adding relationships from package cataloger results (#2853)
* chore: fix small tooling error for go.mod (#2868)
* Sun May 12 2024 opensuse_buildservice@ojkastl.de
- add completion subpackages
- fix version output