sync: deps: update dependency anchore/syft to v1.42.4#127
Open
github-actions[bot] wants to merge 431 commits into
Open
sync: deps: update dependency anchore/syft to v1.42.4#127github-actions[bot] wants to merge 431 commits into
github-actions[bot] wants to merge 431 commits into
Conversation
github-actions
Bot
changed the title
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
2 times, most recently
from
f49e983 to
68e4515
Compare
github-actions
Bot
changed the title
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
2 times, most recently
from
a4d0289 to
618f58d
Compare
chmeliik
changed the title
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
from
618f58d to
cf44e95
Compare
github-actions
Bot
changed the title
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
from
cf44e95 to
85b764d
Compare
github-actions
Bot
changed the title
github-actions
Bot
changed the title
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
2 times, most recently
from
4c792d7 to
305f8d0
Compare
github-actions
Bot
changed the title
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
from
305f8d0 to
815bfca
Compare
github-actions
Bot
changed the title
* chore: new tool checks --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
… (#4355) Bumps [github.com/jedib0t/go-pretty/v6](https://github.com/jedib0t/go-pretty) from 6.7.0 to 6.7.1. - [Release notes](https://github.com/jedib0t/go-pretty/releases) - [Commits](jedib0t/go-pretty@v6.7.0...v6.7.1) --- updated-dependencies: - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.7.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….1 (#4354) Bumps [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter) from 1.0.9 to 1.1.1. - [Commits](olekukonko/tablewriter@v1.0.9...v1.1.1) --- updated-dependencies: - dependency-name: github.com/olekukonko/tablewriter dependency-version: 1.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add documentation to key fields Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * regenerate json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Adam Chovanec <git@adamchovanec.cz>
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.29.0 to 0.30.0. - [Commits](golang/mod@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
--------- Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
…029) --------- Signed-off-by: Kudryavcev Nikolay <kydry.nikolau@gmail.com> Signed-off-by: Christopher Phillips <spiffcs@users.noreply.github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0499de3...014f16e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
* fix pdm Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add test for metadata construction Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add missing test fixture Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * conserve markers Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update json schema Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add additional tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* pin python dependencies Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pin rust dependencies Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * pin php deps Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * update and pin http and curl fixtures Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
…(#4752) Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.40.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.96.0 to 1.97.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.96.0...service/s3/v1.97.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.97.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Nadim Zubidat <nadimz@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Nadim Zubidat <nadimz@users.noreply.github.com>
Signed-off-by: Rez Moss <hi@rezmoss.com>
Passing '%q' to format strings for integer types is a go vet error in recent go versions, and likely a bug. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com> Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
* fix(javascript): ensure deterministic pnpm lockfile parsing Replace nondeterministic Go map iteration with sorted key iteration in both v6 and v9 pnpm lockfile parsers. When multiple lockfile keys collapse to the same package key after peer dependency stripping, the unsorted map iteration caused different entries to win on each run, producing unstable artifact IDs and non-reproducible SBOM output. Fixes #4648 Signed-off-by: lawrence3699 <lawrence3699@users.noreply.github.com> * add regression test Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: lawrence3699 <lawrence3699@users.noreply.github.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: lawrence3699 <lawrence3699@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: witchcraze <witchcraze@gmail.com>
Signed-off-by: Yoav Alon <yoav@orca.security>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: witchcraze <witchcraze@gmail.com>
Signed-off-by: David Dashti <david.dashti@hermesmedical.com>
The JRuby project migrated their downloads from S3 to GitHub Releases, causing the old S3 URLs to return HTTP 403 Forbidden and breaking test fixture image builds. Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com> Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
…#4792) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.0 to 5.18.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.17.0...v5.18.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.18.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…th 2 updates (#4790) Bumps the actions-minor-patch group with 2 updates in the / directory: [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `marocchino/sticky-pull-request-comment` from 3.0.2 to 3.0.3 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](marocchino/sticky-pull-request-comment@70d2764...d4d6b09) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) --- updated-dependencies: - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 3.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: witchcraze <witchcraze@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Ensures the correct distro id for AlmaLinux and Rocky Linux when falling back to parsing distro information from the redhat-release file. Also sets the idlike to `rhel` for these instances as that is necessary to ensure correct vulnerability data matching. Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
* chore(deps): update anchore dependencies Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com> * chore: update test to account for sync wrapping panic Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> --------- Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com> Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com> Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com> Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Signed-off-by: downstream-sync <downstream-sync@rh-syft.org>
Signed-off-by: downstream-sync <downstream-sync@rh-syft.org>
Signed-off-by: downstream-sync <downstream-sync@rh-syft.org>
Signed-off-by: downstream-sync <downstream-sync@rh-syft.org>
github-actions
Bot
force-pushed
the
downstream/renovate/anchore-syft-1.x
branch
from
24ba631 to
d3fa84a
Compare
github-actions
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Synced from #126
This PR updates the Syft version and likely isn't directly merge-able.
To merge it, please follow https://github.com/redhat-appstudio/rh-syft#finish-the-update.