From 0048af76a304d629f889ae9e5e0ee0fe4a70addfae07c215958f412281e18d9d Mon Sep 17 00:00:00 2001
From: Johannes Kastl <opensuse_buildservice@ojkastl.de>
Date: Wed, 16 Oct 2024 17:26:17 +0000
Subject: [PATCH] update to 1.14.1
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/syft?expand=0&rev=173
---
.gitattributes | 23 +
.gitignore | 1 +
_service | 21 +
_servicedata | 4 +
syft-1.10.0.obscpio | 3 +
syft-1.11.0.obscpio | 3 +
syft-1.11.1.obscpio | 3 +
syft-1.12.2.obscpio | 3 +
syft-1.14.0.obscpio | 3 +
syft-1.14.1.obscpio | 3 +
syft-1.8.0.obscpio | 3 +
syft-1.9.0.obscpio | 3 +
syft.changes | 2286 +++++++++++++++++++++++++++++++++++++++++++
syft.obsinfo | 4 +
syft.spec | 119 +++
vendor.tar.gz | 3 +
16 files changed, 2485 insertions(+)
create mode 100644 .gitattributes
create mode 100644 .gitignore
create mode 100644 _service
create mode 100644 _servicedata
create mode 100644 syft-1.10.0.obscpio
create mode 100644 syft-1.11.0.obscpio
create mode 100644 syft-1.11.1.obscpio
create mode 100644 syft-1.12.2.obscpio
create mode 100644 syft-1.14.0.obscpio
create mode 100644 syft-1.14.1.obscpio
create mode 100644 syft-1.8.0.obscpio
create mode 100644 syft-1.9.0.obscpio
create mode 100644 syft.changes
create mode 100644 syft.obsinfo
create mode 100644 syft.spec
create mode 100644 vendor.tar.gz
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/_service b/_service
new file mode 100644
index 0000000..d86e966
--- /dev/null
+++ b/_service
@@ -0,0 +1,21 @@
+<services>
+ <service name="obs_scm" mode="manual">
+ <param name="url">https://github.com/anchore/syft</param>
+ <param name="scm">git</param>
+ <param name="exclude">.git</param>
+ <param name="revision">v1.14.1</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="changesgenerate">enable</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ </service>
+ <service name="set_version" mode="manual">
+ <param name="basename">syft</param>
+ </service>
+ <service name="tar" mode="buildtime"/>
+ <service name="recompress" mode="buildtime">
+ <param name="file">*.tar</param>
+ <param name="compression">gz</param>
+ </service>
+ <service name="go_modules" mode="manual">
+ </service>
+</services>
diff --git a/_servicedata b/_servicedata
new file mode 100644
index 0000000..d5aab99
--- /dev/null
+++ b/_servicedata
@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+ <param name="url">https://github.com/anchore/syft</param>
+ <param name="changesrevision">754cebee6414c614acf03ee0f87abfcf6176e051</param></service></servicedata>
\ No newline at end of file
diff --git a/syft-1.10.0.obscpio b/syft-1.10.0.obscpio
new file mode 100644
index 0000000..e8183f0
--- /dev/null
+++ b/syft-1.10.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:750f2aaf5011a1b5155c0ac5f11a43cf9c68ec484d7c43d6ccd5b6d6c045aeef
+size 25953805
diff --git a/syft-1.11.0.obscpio b/syft-1.11.0.obscpio
new file mode 100644
index 0000000..c171384
--- /dev/null
+++ b/syft-1.11.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:89f386966dfe7a980777c52204ec65e90da673d945540f7d2a4bb5593d65dccf
+size 26077709
diff --git a/syft-1.11.1.obscpio b/syft-1.11.1.obscpio
new file mode 100644
index 0000000..0788f67
--- /dev/null
+++ b/syft-1.11.1.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4eb07b043a0d04b537b0101c43896e6581fb851f67e77a125e22befc5ab43da5
+size 26157581
diff --git a/syft-1.12.2.obscpio b/syft-1.12.2.obscpio
new file mode 100644
index 0000000..8896b2b
--- /dev/null
+++ b/syft-1.12.2.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3d55f10d26bf4db63d0a32fd737ac5d83c00809b822f44f64ce4ff68ec631b3e
+size 26290189
diff --git a/syft-1.14.0.obscpio b/syft-1.14.0.obscpio
new file mode 100644
index 0000000..454c36e
--- /dev/null
+++ b/syft-1.14.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5ba905939c45f7f4679be69ffa0b7d9dd96e69e46527a3ea3d29c564d0184919
+size 26562573
diff --git a/syft-1.14.1.obscpio b/syft-1.14.1.obscpio
new file mode 100644
index 0000000..cf0f25c
--- /dev/null
+++ b/syft-1.14.1.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eefc0cec9db00f232dfefedaf4286efcbae1e924c1e4d7fa34518fcc8562911a
+size 26564109
diff --git a/syft-1.8.0.obscpio b/syft-1.8.0.obscpio
new file mode 100644
index 0000000..7b8f5b5
--- /dev/null
+++ b/syft-1.8.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f9be11b5aa77e02f6f5fd42b41d89262f78e28c877801928380e222fbb940106
+size 25907213
diff --git a/syft-1.9.0.obscpio b/syft-1.9.0.obscpio
new file mode 100644
index 0000000..f243fdb
--- /dev/null
+++ b/syft-1.9.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b005543f13e07ec24249e51696cb571398e9e4dea2aa02fb8af724828c374f4
+size 25916429
diff --git a/syft.changes b/syft.changes
new file mode 100644
index 0000000..d530d3e
--- /dev/null
+++ b/syft.changes
@@ -0,0 +1,2286 @@
+-------------------------------------------------------------------
+Tue Oct 15 15:36:18 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.14.1:
+ * fix: stop some log.Warn spam due parsing an empty string as a
+ CPE (#3330)
+ * chore(deps): update stereoscope to
+ 1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
+ * chore(deps): update stereoscope to
+ 1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
+ * chore(deps): update stereoscope to
+ 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
+ * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
+ (#3326)
+ * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
+ (#3327)
+ * chore(deps): update CPE dictionary index (#3323)
+ * fix: improve go binary semver extraction for traefik (#3325)
+ * chore(deps): update stereoscope to
+ 92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
+ * chore(deps): update stereoscope to
+ c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
+ * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1
+ to 4.7.0 (#3321)
+ * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3
+ (#3314)
+ * shorten release docs (#3318)
+ * docs: clearer deprecation message for --file (#3310)
+ * [docs] Add mastodon link to README.md (#3306)
+ * chore(deps): update stereoscope to
+ 5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
+ * chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
+ * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
+ (#3307)
+ * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
+ * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
+ (#3309)
+
+-------------------------------------------------------------------
+Wed Oct 09 04:42:52 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.14.0:
+ * feat: report unknowns in sbom (#2998)
+ * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
+ (#3299)
+ * chore(deps): update stereoscope to
+ efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
+ * chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
+ (#3304)
+ * chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
+ * chore(deps): update CPE dictionary index (#3302)
+ * Fix: Parse package.json with non-standard fields in 'author'
+ section (#3300)
+ * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
+ (#3298)
+ * chore: add pull request template (#3294)
+ * chore(deps): update tools to latest versions (#3296)
+ * Track supporting DPKG evidence (#3228)
+ * Fix: make failed CPE validation correctly return error (#2762)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to
+ 6.6.0 (#3293)
+ * feat: update haproxy classifier (#3277)
+ * chore(deps): update tools to latest versions (#3291)
+ * fix: don't use builtin scanner in licensecheck (#3290)
+ * chore(deps): update CPE dictionary index (#3288)
+ * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
+ (#3289)
+ * update redis classifier (#3281)
+ * fix: improve node classifier version matching (#3284)
+ * fix: update ruby classifier for -rc, -dev, etc. versions
+ (#3285)
+ * chore(deps): update CPE dictionary index (#3262)
+ * chore(deps): bump github.com/docker/docker (#3264)
+ * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
+ (#3275)
+ * chore(deps): update stereoscope to
+ dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
+ * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
+ * add awaiting response management (#3272)
+ * fix: correct excluded mount point comparison to file paths
+ (#3269)
+
+-------------------------------------------------------------------
+Tue Sep 24 17:39:53 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.13.0:
+ * Add JVM cataloger (#3217)
+ * feat: classifier for Dart lang binaries (#3265)
+ * Add compliance policy for empty name and version (#3257)
+ * chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to
+ 2.3.2 (#3254)
+ * chore(deps): bump peter-evans/create-pull-request from 7.0.3 to
+ 7.0.5 (#3255)
+ * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
+ (#3256)
+ * chore(deps): update tools to latest versions (#3259)
+ * chore(deps): bump github.com/docker/docker (#3260)
+ * feat: add binary classifiers for lighttp, proftpd, zstd, xz,
+ gzip, jq, and sqlcipher (#3252)
+ * fix: capture-snippet.sh can handle leading whitespaces now
+ (#3249) (#3250)
+ * chore(deps): update tools to latest versions (#3251)
+ * chore(deps): update tools to latest versions (#3247)
+ * chore(deps): update tools to latest versions (#3243)
+ * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
+ to 0.9.1 (#3242)
+ * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
+ (#3241)
+ * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
+ 7.0.3 (#3240)
+ * chore(deps): update tools to latest versions (#3231)
+ * chore(deps): update CPE dictionary index (#3232)
+ * chore(deps): update tools to latest versions (#3205)
+ * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
+ to 1.1.1 (#3225)
+ * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
+ 7.0.2 (#3226)
+ * chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
+ (#3229)
+ * feat: --enrich flag for data enrichment feature enablement
+ (#3182)
+
+-------------------------------------------------------------------
+Thu Sep 12 04:56:01 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.12.2 (no releases between 1.11.1 and this
+ one):
+ * chore: make ci-check.sh an executable file (#3220)
+ * chore(deps): bump github.com/opencontainers/runc from 1.1.12 to
+ 1.1.14 (#3219)
+ * chore: restore ci-check.sh script (#3218)
+ * Add haskell binaries cataloger (#3078)
+ * chore(deps): update CPE dictionary index (#3206)
+ * chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0
+ (#3203)
+ * Add the Ocaml ecosystem (#3112)
+ * chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0
+ to 0.20.0 (#3209)
+ * chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0
+ (#3210)
+ * chore(deps): bump github.com/docker/docker (#3211)
+ * chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
+ (#3212)
+ * dont cleanup cache in forks (#3214)
+ * less verbose java logging when non-fatal issues arise (#3208)
+ * Slim down docker cache size (#3190)
+ * chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
+ 7.0.1 (#3196)
+ * chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0
+ (#3197)
+ * fix: haproxy classifier for versions with -dev suffix (#3180)
+ * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
+ 3.3.0 (#3177)
+ * chore(deps): update CPE dictionary index (#3183)
+ * chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
+ (#3184)
+ * chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
+ 7.0.0 (#3187)
+ * fix: properly decode SPDX license expressions in CycloneDX
+ format (#3175)
+ * chore(deps): bump github.com/docker/docker (#3168)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
+ * chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6
+ (#3173)
+ * fix: cycles resolving relative path parent poms with
+ parent-defined variables (#3170)
+ * fix: improve generated cpes for binaries with existing
+ classifiers (#3169)
+ * fix: add log time of task (#3105)
+ * fix: improve known CPEs and set NVD as source for all current
+ binary classifiers (#3167)
+ * respond to authoratative CPEs from catalogers (#3166)
+ * set cataloger names within package cataloger task (#3165)
+ * fix: use official CPE for curl binary cataloger (#3164)
+ * chore(deps): update tools to latest versions (#3160)
+ * chore(deps): update CPE dictionary index (#3161)
+ * chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5
+ (#3162)
+ * fix ELF package correlations (#3151)
+ * chore(deps): update tools to latest versions (#3144)
+ * feat: detect curl binaries (#3146)
+ * chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
+ (#3155)
+ * chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
+ (#3154)
+ * chore(deps): update stereoscope to
+ e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
+ * chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0
+ to 0.19.0 (#3148)
+ * chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
+ * chore(deps): bump github.com/anchore/stereoscope (#3153)
+ * fix: mysql 8.0.3x binary detection (#3142)
+ * chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
+ (#3139)
+
+-------------------------------------------------------------------
+Tue Aug 20 16:41:18 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.11.1:
+ * fix: logging for remote network calls (#3140)
+ * chore(deps): update CPE dictionary index (#3135)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#3137)
+ * chore(deps): update tools to latest versions (#3121)
+ * chore(deps): bump github.com/docker/docker (#3123)
+ * chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1
+ (#3124)
+ * chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2
+ (#3129)
+ * fix: add nil check to CycloneDX toBomProperties (#3119)
+ * fix: read CycloneDX BOM components from metadata (#3092)
+ * fix: improve groupid extraction for Jenkins plugins (#2815)
+ * chore(deps): update CPE dictionary index (#3116)
+ * support .kar files (#3113)
+ * chore: fix some comments (#3114)
+ * chore: fix failing python relationship test (#3117)
+ * update-slack-to-discourse (#3111)
+
+-------------------------------------------------------------------
+Fri Aug 09 18:12:40 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.11.0:
+ * test: increase java purl generation test coverage (#3110)
+ * chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0
+ (#3106)
+ * chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
+ (#3107)
+ * chore(deps): update tools to latest versions (#3099)
+ * chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0
+ (#3101)
+ * chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6
+ (#3102)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#3103)
+ * chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0
+ (#3104)
+ * chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5
+ (#3095)
+ * chore(deps): update CPE dictionary index (#3094)
+ * chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0
+ (#3096)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to
+ 0.5.7 (#3097)
+ * feat: improved java maven property resolution (#2769)
+ * fix: use organization for package supplier when reading Java
+ vendor fields (#3093)
+ * chore(deps): update tools to latest versions (#3091)
+ * fix: update 'guessMainPackageNameAndVersionFromPomInfo' and
+ 'artifactIDMatchesFilename' (#3054)
+ * fix: update mainModuleVersion function to always prefix `v` to
+ findings (#3087)
+ * chore: update release script to use gh from binny (#3084)
+ * Added the SWI Prolog (swipl) ecosystem (#3076)
+
+-------------------------------------------------------------------
+Thu Aug 01 07:20:34 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.10.0:
+ * fix: improve determinism in java archive identification (#3085)
+ * chore(deps): update stereoscope to
+ 50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075)
+ * chore(deps): update CPE dictionary index (#3079)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to
+ 0.5.6 (#3082)
+ * chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15
+ (#3083)
+ * fix: traefik classifier (#3077)
+ * python-cataloger: fix normalization test (#3073)
+ * Only match ldflag version if it matches the main module or
+ targets main.version (#3062)
+ * python cataloger: allow dots in python package names (#3070)
+ * python-cataloger: normalize package names (#3069)
+ * chore(deps): bump github.com/docker/docker (#3066)
+ * chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14
+ (#3072)
+ * fix: SPDX output performance with many relationships (#3053)
+ * better go mod detection from partial package builds (#3060)
+ * chore(deps): update tools to latest versions (#3061)
+ * chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1
+ to 0.12.1 (#3040)
+ * chore: add debug logging for errors reading RPM files (#3051)
+ * chore(deps): update CPE dictionary index (#3035)
+ * chore(deps): bump github.com/docker/docker (#3055)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to
+ 0.5.5 (#3056)
+ * chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1
+ (#3057)
+ * chore(deps): bump docker/login-action from 3.2.0 to 3.3.0
+ (#3058)
+ * chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13
+ (#3059)
+ * chore(deps): update stereoscope to
+ 487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032)
+ * chore(deps): update tools to latest versions (#3050)
+ * docs: CODE_OF_CONDUCT.md (#3046)
+ * fix: include CPEs with Maven groupId as vendor (#3045)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#3047)
+ * chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to
+ 0.7.2 (#3048)
+ * chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2
+ (#3039)
+ * docs: link to contrib/dev docs in readme (#3029)
+ * chore: Fix apache shield in readme (#3021)
+ * chore(deps): update tools to latest versions (#3031)
+ * chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12
+ (#3034)
+ * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0
+ (#3044)
+ * fix: stop panicking on "devel" version go stdlib (#3043)
+ * chore: pin fedora image for elf binary test (#3041)
+ * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1
+ (#3023)
+ * chore(deps): update stereoscope to
+ 27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026)
+
+-------------------------------------------------------------------
+Thu Jul 11 18:41:11 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.9.0:
+ * chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
+ * chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
+ * fix: stabilize cpe sorting during collection sort (#3009)
+ * Map the downloadLocation field for PHP Composer packages
+ (#3011)
+ * chore(deps): update stereoscope to
+ e46739e217969fa67cbe8834b64bb165a10a1548 (#3013)
+ * chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
+ (#3015)
+ * chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0
+ (#3014)
+ * chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4
+ (#3017)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#3019)
+ * chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0
+ (#3020)
+ * chore(deps): update CPE dictionary index (#3016)
+ * Infer the package type from ELF package notes (#3008)
+ * chore(deps): update tools to latest versions (#3003)
+ * chore(deps): update CPE dictionary index (#3002)
+ * chore(deps): bump github.com/docker/docker (#3006)
+ * chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11
+ (#3004)
+ * chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4
+ (#3005)
+ * feat: version 3 support for swift package manager of the
+ resolved files (#3001)
+ * chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to
+ 0.5.5 (#2999)
+ * chore(deps): bump github.com/docker/docker (#2994)
+ * Add detection of Erlang in Alpine linux (#2996)
+ * chore(deps): update tools to latest versions (#2991)
+ * chore(deps): update stereoscope to
+ 753b5576fe42bc007b22108ad7911d1729957a46 (#2992)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#2995)
+
+-------------------------------------------------------------------
+Tue Jun 25 04:58:18 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.8.0:
+ * chore(deps): update CPE dictionary index (#2986)
+ * chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1
+ (#2988)
+ * fix: handle errors reading go licenses (#2985)
+ * docs: update cyclone-dx documentation (#2983)
+ * feat: update syft to generate cyclone-dx 1.6 by default (#2978)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
+ * chore(deps): bump peter-evans/create-pull-request from 6.0.5 to
+ 6.1.0 (#2975)
+ * fix: detection of arangodb 3.12 (#2979)
+ * chore: enable dependabot to keep boostrap action updated
+ (#2976)
+ * chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to
+ 2.3.1 (#2973)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#2971)
+ * chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
+ (#2972)
+
+-------------------------------------------------------------------
+Sat Jun 15 16:14:00 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.7.0:
+ * Added Features
+ - index known CPEs for wordpress plugins and themes [#2963
+ @westonsteimel]
+ - Consider Author field for wordpress plugins when generating
+ CPEs [#2946 @wagoodman]
+ * Bug Fixes
+ - improve version extraction from ldflags for pingcap TiDB
+ [#2962 @westonsteimel]
+ - Trim whitespace from wordpress values [#2945 @wagoodman]
+ - Issue scanning Poetry Project with Syft 1.6 and
+ cataloger=python-package-cataloger [#2954 #2965 @spiffcs]
+ - Poetry's multiple constraints seems to break the parser
+ [#2947 #2965 @spiffcs]
+ - Golang: Search remote licenses not working in a CI pipeline
+ when scanning Docker image [#2798 #2852 @kzantow]
+
+-------------------------------------------------------------------
+Mon Jun 10 19:52:37 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.6.0:
+ * Added Features
+ - Add relationships for go binary packages [#2912 @wagoodman]
+ - Add classifier for util-linux [#2933 @LaurentGoderre]
+ - Lua: Add support for more advanced syntax [#2908
+ @LaurentGoderre]
+ - add license field to ELF binary package metadata [#2890
+ @brian-ebarb]
+ - install.sh: check checksums file's signature [#2884 #2941
+ @wagoodman]
+ - Detect ELF package notes from fedora binaries [#2713 #2939
+ @wagoodman]
+ * Bug Fixes
+ - Use redhat as namespace for redhat rpms [#2914 @ralphbean]
+ - Close sqlite driver after testing sqlite availability [#2922
+ @ttc0419]
+ - syft does not find anything in archives if /tmp is a tmpfs
+ [#2894 #2918 @willmurphyscode]
+ - Scanning a git repository folder present in /tmp produce an
+ empty sbom [#2847 #2918 @willmurphyscode]
+ * Additional Changes
+ - update unit tests to use pinned patch version [#2932
+ @spiffcs]
+ - fix comments and spelling [#2920 @dufucun]
+
+-------------------------------------------------------------------
+Fri May 31 14:28:58 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 1.5.0:
+ * feat: detect fluent-bit binaries (#2905)
+ * bump dependencies
+ * Add python wheel egg relationships (#2903)
+ * feat: Add Lua cataloger (#2613)
+ * feat: add config command (#2892)
+ * feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864)
+ * Go Mod Cataloger: Remove Replaced Packages (#2891)
+ * chore: Reduce length of readme, moving lengthy content to the wiki (#2882)
+ * fix: DecoderCollection discarding input from non-seekable Readers (#2878)
+ * Fix outdated spdx links (#2865)
+ * Use values in relationship To/From fields (#2871)
+ * add support for RPM DB package relationships (#2872)
+ * fix: capture dependencies when parsing SPDX SBOMs (#2869)
+ * Add abstraction for adding relationships from package cataloger results (#2853)
+ * chore: fix small tooling error for go.mod (#2868)
+
+-------------------------------------------------------------------
+Sun May 12 07:42:00 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- add completion subpackages
+- fix version output
+
+-------------------------------------------------------------------
+Fri May 10 04:54:24 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.4.1:
+ * fix pruning binary packages when considering ELF packages
+ (#2862)
+
+-------------------------------------------------------------------
+Thu May 09 18:59:36 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.4.0:
+ * feat: add relationships to ELF package discovery (#2715)
+ * README.md: link to official wiki (#2858)
+ * fix Windows file paths in local go mod cache (#2654)
+ * chore(deps): bump github.com/docker/docker (#2859)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#2860)
+ * chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4
+ (#2855)
+ * chore(deps): bump github.com/sassoftware/go-rpmutils from 0.3.0
+ to 0.4.0 (#2856)
+ * Add relationships for ALPM packages (arch linux) (#2851)
+ * Add binary classifier for ArangoDB (#2830)
+ * chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0
+ (#2849)
+ * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#2850)
+ * chore: use ruleguard to test for missing defer statements
+ (#2837)
+ * remove homebrew update workflow (#2846)
+ * Restore version file update on release (#2844)
+ * fix: Add missing CPE for traefik, memcached, and postgres
+ binaries (#2845)
+ * Add detection for newer version of ErLang/OTP (#2829)
+ * fix ui race for package count (#2839)
+ * chore(deps): update CPE dictionary index (#2841)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.8 to
+ 6.5.9 (#2842)
+ * chore(deps): bump modernc.org/sqlite from 1.29.8 to 1.29.9
+ (#2843)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#2838)
+ * add security policy (#2835)
+ * chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#2834)
+ * chore(deps): update stereoscope to
+ 2e9894674185d121917b283f773c2b5830f8b360 (#2831)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#2833)
+ * chore: fix function name in comment (#2771)
+ * chore: enable go-critic deferInLoop lint (#2825)
+ * fix: better clean up of file handles (#2823)
+ * chore(deps): bump github.com/docker/docker (#2827)
+ * fix(spdx): include required fields (#2168)
+ * fix: add correct vendor for dnsmasq CPE (#2659)
+ * fix: close temp rpmdb file (#2792)
+ * chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3
+ (#2817)
+ * Fill in SPDX originator for all supported package types (#2822)
+ * chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11
+ (#2821)
+
+-------------------------------------------------------------------
+Fri Apr 26 16:46:01 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.3.0:
+ * update spdx license list to 3.23 (#2818)
+ * fix: re-use embedded union reader if possible (#2814)
+ * feat: index known CPEs for go modules (#2816)
+ * chore(deps): bump peter-evans/create-pull-request from 6.0.4 to
+ 6.0.5 (#2812)
+ * feat: support multiple known CPEs in index (#2813)
+ * chore(deps): update stereoscope to
+ 8b297badafd5d81fa1187b26ae34dd2a7ce7e425 (#2807)
+ * chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2809)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to
+ 0.5.4 (#2810)
+ * Fix removing labels in 'Detect schema changes' job (#2772)
+ * chore(deps): bump github.com/docker/docker (#2805)
+ * Display which provider caused which error in output (#2757)
+ * fix: prefer non-deprecated CPEs and include jenkins plugins
+ from plugins.jenkins.io (#2806)
+ * feat: index known CPEs for PHP Composer packagist.org packages
+ (#2804)
+ * chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2
+ (#2802)
+ * chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3
+ (#2803)
+ * fix: improvements to known CPE index construction (#2801)
+ * fix: exclude known instrumentation jars from being erroneously
+ identified (#2796)
+ * feat: index known cpes for PHP extensions (#2777)
+ * chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#2799)
+ * fix: return empty string if dereferncing pom var fails (#2797)
+ * chore(deps): bump github.com/docker/docker (#2793)
+ * chore(deps): bump modernc.org/sqlite from 1.29.7 to 1.29.8
+ (#2794)
+ * chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2
+ (#2795)
+ * chore: cleanup redundant code (#2791)
+ * chore(deps): update tools to latest versions (#2789)
+ * chore(deps): bump github.com/spdx/tools-golang from 0.5.3 to
+ 0.5.4 (#2790)
+ * chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1
+ (#2786)
+ * chore(deps): bump peter-evans/create-pull-request from 6.0.3 to
+ 6.0.4 (#2787)
+ * Fix: repeatedly dereference pom variables (#2781)
+ * chore(deps): bump modernc.org/sqlite from 1.29.6 to 1.29.7
+ (#2783)
+ * chore(deps): update CPE dictionary index (#2780)
+ * chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0
+ (#2779)
+ * chore: fix broken cpe index generation task (#2778)
+ * chore(deps): bump github.com/docker/docker (#2773)
+ * chore(deps): bump peter-evans/create-pull-request from 6.0.2 to
+ 6.0.3 (#2774)
+
+-------------------------------------------------------------------
+Sat Apr 13 09:32:58 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.2.0:
+ * fix: more robust go main version extraction (#2767)
+ * chore(deps): update tools to latest versions (#2768)
+ * fix: binary character in java version (#2766)
+ * chore(deps): update tools to latest versions (#2760)
+ * chore(deps): bump modernc.org/sqlite from 1.29.5 to 1.29.6
+ (#2761)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.6 to
+ 6.5.8 (#2754)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to
+ 0.5.3 (#2755)
+ * chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10
+ (#2756)
+ * chore(deps): bump golang.org/x/mod from 0.16.0 to 0.17.0
+ (#2751)
+ * Differentiate between JRE and JDK (#2748)
+ * chore(deps): bump golang.org/x/net from 0.23.0 to 0.24.0
+ (#2752)
+
+-------------------------------------------------------------------
+Thu Apr 04 16:55:06 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.1.1:
+ * chore(deps): update tools to latest versions (#2744)
+ * chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0
+ (#2747)
+ * chore: update anchore/packageurl-go to use latest commits
+ (#2746)
+ * feat: cataloger for PHP Pecl and PEAR packages (#2604)
+ * chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to
+ 5.12.0 (#2743)
+ * chore(deps): update tools to latest versions (#2741)
+ * fix: conan poco project cpe (#2740)
+ * chore(deps): bump github.com/distribution/reference from 0.5.0
+ to 0.6.0 (#2738)
+ * chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10
+ (#2737)
+ * fix: panic scanning binaries without symtab (#2739)
+ * chore: remove useless code (#2716)
+ * chore(deps): bump google.golang.org/protobuf from 1.31.0 to
+ 1.33.0 (#2731)
+ * chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9
+ (#2732)
+ * chore(deps): update tools to latest versions (#2733)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.5 to
+ 6.5.6 (#2734)
+ * update release token from readonly to write token (#2735)
+
+-------------------------------------------------------------------
+Tue Mar 26 07:19:30 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.1.0:
+ * Adding the ability to retrieve remote licenses from
+ package.lock (#2708)
+ * dont include labels for dependabot ecosystems (#2720)
+ * chore(deps): bump fountainhead/action-wait-for-check from 1.1.0
+ to 1.2.0 (#2717)
+ * chore(deps): update tools to latest versions (#2726)
+ * chore(deps): bump github/codeql-action from 3.24.7 to 3.24.8
+ (#2725)
+ * chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#2728)
+ * chore(deps): bump github.com/docker/docker (#2730)
+ * updating credentials to scoped permissions (#2722)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.4 to
+ 6.5.5 (#2718)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#2719)
+ * Add detection for Oracle GraalVM (#2705)
+ * chore(deps): bump docker/login-action from 3.0.0 to 3.1.0
+ (#2714)
+ * Add ELF binary package cataloger (#2396)
+ * chore(deps): bump modernc.org/sqlite from 1.29.3 to 1.29.5
+ (#2710)
+ * chore(deps): bump github/codeql-action from 3.24.6 to 3.24.7
+ (#2711)
+ * chore(deps): bump peter-evans/create-pull-request from 6.0.1 to
+ 6.0.2 (#2712)
+ * Show binary exports, entrypoint, and imports (#2626)
+ * chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#2703)
+ * chore(deps): bump github.com/knqyf263/go-rpmdb (#2701)
+ * chore: reduce duplicate case SwiftPkg (#2696)
+ * chore: remove deprecated os.SEEK_SET os.SEEK_CUR (#2693)
+ * chore(deps): bump github.com/docker/docker (#2698)
+ * chore(deps): bump modernc.org/sqlite from 1.29.2 to 1.29.3
+ (#2699)
+
+-------------------------------------------------------------------
+Sat Mar 09 08:54:20 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 1.0.1:
+ * bump dependencies
+ * docs: add simplest example from registry (#2691)
+ * fix: Unable to scan OCI images with syft v0.105.1 [#2678 #2683
+ @spiffcs]
+
+-------------------------------------------------------------------
+Fri Mar 01 13:59:28 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 1.0.0:
+ * fix: match OpenSSL letter releases (#2682)
+ * Mark duplicated rows in table output (#2679)
+ * fix: trim path from deps.json in portable way (#2674)
+ * chore(deps): update tools to latest versions (#2680)
+ * enforce breaking change bump major version (#2635)
+ * docs: fix incorrect flag name in readme (#2677)
+ * Consider filesystem types for mount points when ignoring system
+ paths (#2675)
+ * fix: stop emitting bus events on go mod events (#2673)
+ * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to
+ 6.0.1 (#2676)
+ * feat: add `--from` flag, refactor source providers (#2610)
+
+-------------------------------------------------------------------
+Tue Feb 27 12:40:20 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 0.105.1:
+ * bump deps and build tools
+ * fix: SPDX tag value version selector (#2665)
+ * fix(install): return appropriate error codes (#2664)
+ * chore: update busybox image for acceptance tests (#2663)
+ * rename binary classifier cataloger name (#2643)
+ * add cataloger selection example (#2646)
+ * add syft version used to SBOM tool info by default (#2647)
+
+-------------------------------------------------------------------
+Thu Feb 15 06:10:35 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.105.0:
+ * Survive indexing dead symlinks (#2645)
+ * fix considering base path when ignoring known bad unix paths
+ (#2644)
+ * test for field conventions in json schema (#2642)
+ * feat: Add Wordpress cataloger (#2218)
+ * rename binary cataloger to be more unique (#2633)
+ * fix: update runner size to use larger HD for codeql (#2641)
+ * chore(deps): update tools to latest versions (#2616)
+ * chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1
+ (#2638)
+ * chore(deps): bump dawidd6/action-homebrew-bump-formula (#2639)
+ * chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1
+ (#2640)
+ * fix: add BOMRef to CycloneDX OS Component (#2634)
+ * chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2
+ (#2629)
+ * chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0
+ (#2630)
+ * fix getting union reader for sif images (#2631)
+ * chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
+ (#2607)
+ * chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0
+ (#2625)
+ * fix: ensure version output to stdout (#2621)
+ * Guess go main module version based on binary contents (#2608)
+ * chore(deps): update stereoscope to
+ 681f6715b0e35686d6e6f40bce109176de1ee274 (#2617)
+ * fix readme around templating options (#2612)
+ * suppress executable parsing issues (#2614)
+ * chore: update license list, cpe dictionary (#2620)
+ * chore(deps): update tools to latest versions (#2606)
+
+-------------------------------------------------------------------
+Thu Feb 08 06:37:11 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.104.0:
+ * fix: incorrect conversion between integer types (#2605)
+ * chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0
+ (#2602)
+ * chore(deps): bump github.com/docker/docker (#2601)
+ * Fix: unmarshal key values in Java, Go, and Conan metadata
+ (#2603)
+ * fix(dotnet): prefer portable executable product version when
+ semantically greater than file version (#2600)
+ * Finalize Conan v2 support (#2587)
+ * chore(deps): update tools to latest versions (#2595)
+ * chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
+ (#2597)
+ * chore(deps): update stereoscope to
+ bfa15e446f061bda7f68305d2d6240b053f17e0c (#2589)
+ * chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#2592)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to
+ 0.5.2 (#2591)
+ * chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0
+ (#2593)
+ * labeler should ignore latest version (#2588)
+ * chore: copy latest schema to stable path for easier diff
+ (#2586)
+ * Adding metadata fields when parsing yarn.lock and poetry.lock
+ (#2350)
+ * Add Erlang OTP Application cataloger (#2403)
+ * Detect ELF security features (#2443)
+ * Add API examples (#2517)
+ * feat: Record where CPEs come from (#2552)
+ * chore(deps): update stereoscope to
+ 37291e81936d2b43b3cef56667a741ef715fbfe4 (#2583)
+ * chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1
+ to 0.18.0 (#2584)
+ * swap format readseekers for readers (#2581)
+ * translate maps to sequences in pkg metadata (#2553)
+ * chore(deps): update tools to latest versions (#2576)
+ * chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8
+ (#2578)
+ * chore(deps): bump marocchino/sticky-pull-request-comment
+ (#2579)
+ * chore(deps): bump github.com/docker/docker (#2580)
+ * chore(deps): update stereoscope to
+ db7a4bedaba6ad93becf22ce794f306dfb07fcb9 (#2577)
+ * Fix attest with --key (#2551)
+ * fix(java): improve identification for org.apache.kafka
+ artifacts (#2573)
+ * chore: pluralize the flag (#2564)
+ * chore(deps): update tools to latest versions (#2566)
+ * chore(deps): bump peter-evans/create-pull-request from 5.0.2 to
+ 6.0.0 (#2567)
+ * chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7
+ (#2568)
+ * re-add cosign signing checksums file (#2572)
+
+-------------------------------------------------------------------
+Wed Jan 31 17:29:57 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.103.1:
+ * revert cosign signing of release checksums file (#2571)
+
+-------------------------------------------------------------------
+Wed Jan 31 17:26:17 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.103.0:
+ * bump archiver and stereoscope (#2570)
+ * fix: Better test for group ID in filename (#2565)
+ * Sign checksums file and add SBOMs on release (#2548)
+ * chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6
+ (#2560)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#2561)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to
+ 6.5.4 (#2562)
+ * chore(deps): update tools to latest versions (#2554)
+ * chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0
+ to 0.3.0 (#2556)
+ * chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2
+ (#2557)
+ * chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2
+ (#2558)
+ * internalize format helpers (#2543)
+ * Internalize CPE generation logic (#2541)
+ * chore(deps): update tools to latest versions (#2550)
+
+-------------------------------------------------------------------
+Fri Jan 26 19:26:34 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.102.0:
+ * Implement golang Purl subpath (#2547)
+ * fix migration of integration test (#2546)
+ * Use the json schema as input for templating (#2542)
+ * Unexport types and functions cataloger packages (#2530)
+ * Internalize majority of cmd package (#2533)
+ * allow for RPM modularity to be optional (#2540)
+ * chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0
+ (#2536)
+ * chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0
+ (#2538)
+ * chore(deps): bump github.com/docker/docker (#2537)
+ * chore: stop re-exporting wfn.Attributes (#2534)
+ * swap format readseekers for readers (#2515)
+ * chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5
+ (#2531)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12
+ to 0.5.0 (#2532)
+ * plumb context through catalogers (#2528)
+ * Remove CLI and API deprecations (#2508)
+ * Turn off the SBOM cataloger by default (#2527)
+ * Re-introduce linux kernel cataloger (#2526)
+ * make AllLocations accept a context (#2518)
+ * chore(deps): update CPE dictionary index (#2523)
+ * fix: minor cataloger and docs nits (#2519)
+
+-------------------------------------------------------------------
+Sat Jan 20 17:00:30 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.101.1:
+ * Deduplicate digests from user configuration (#2522)
+ * update readme and help output to be accurate to syft api
+ (#2520)
+ * fix: remove second call to finalize as the task handles it
+ (#2516)
+ * chore(deps): update stereoscope to
+ eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510)
+ * chore(deps): bump github.com/docker/docker (#2512)
+ * chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0
+ (#2513)
+ * chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4
+ (#2514)
+ * chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1
+ (#2506)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#2507)
+ * chore: enable automatic approval of dependabot PRs (#2505)
+
+-------------------------------------------------------------------
+Thu Jan 18 08:10:11 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.101.0:
+ * include binary cataloger configuration defaults (#2504)
+ * feat: classifier for wordpress cli binary (#2473)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to
+ 6.5.3 (#2502)
+ * chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#2503)
+ * chore(deps): update tools to latest versions (#2500)
+ * chore(deps): bump github.com/cloudflare/circl from 1.3.3 to
+ 1.3.7 (#2501)
+ * Add cataloger list command (#2366)
+ * condense binary cataloger config in JSON output (#2499)
+ * chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0
+ (#2495)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to
+ 6.5.3 (#2494)
+ * chore(deps): update CPE dictionary index (#2491)
+ * Replace core SBOM-creation API with builder pattern (#1383)
+ * chore(deps): update tools to latest versions (#2488)
+ * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#2489)
+ * chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3
+ (#2481)
+ * chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1
+ to 0.17.1 (#2475)
+ * feat: binary classifiers for Percona Software For MySQL (#2478)
+ * feat: binary classifier for pypy (#2474)
+ * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to
+ 6.5.2 (#2476)
+ * fix: support traefik binary from the official Docker image
+ (#2484)
+ * feat: binary classifier for GCC (#2479)
+ * chore(deps): update tools to latest versions (#2480)
+ * chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0
+ (#2482)
+ * chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0
+ (#2477)
+ * Upgrade binary test fixtures management (#2444)
+
+-------------------------------------------------------------------
+Sat Jan 06 15:26:12 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 0.100.0:
+ * Add ability to extend the binaries cataloguers (#2469)
+ * chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2
+ (#2464)
+ * fix: add missing purl for busybox (#2457)
+ * Fix diff error obfuscating binary test failures message (#2468)
+ * Replace `packages` command with `scan` (#2446)
+ * fix: PURLs with "nuget" type are dotnet packages (#2466)
+ * chore(deps): update tools to latest versions (#2459)
+ * chore(deps): update CPE dictionary index (#2458)
+ * chore: update binary to -x (#2456)
+ * Add more functionality to the ErLang parser (#2390)
+ * Added OpenSSL binary matcher (#2416)
+ * chore(deps): update stereoscope to
+ 590920dabc5479216e755983d41367b6be3544f3 (#2452)
+ * chore(deps): update tools to latest versions (#2451)
+ * chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12
+ (#2455)
+
+-------------------------------------------------------------------
+Thu Dec 21 16:26:53 UTC 2023 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.99.0:
+ * chore: remove execute from test fixtures (#2450)
+ * chore(deps): update tools to latest versions (#2447)
+ * fix: don't panic when hackage missing in haskell stack yaml
+ lock (#2448)
+ * Add binary classifier for the ERLang interpretter (#2417)
+ * Add binary classifier for Julia lang (#2427)
+ * Add binary detection for PHP composer (#2432)
+ * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0
+ (#2433)
+ * chore(deps): update CPE dictionary index (#2442)
+ * chore(deps): update stereoscope to
+ 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440)
+ * fix syft-json test to use pretty json for snapshot testing
+ (#2441)
+ * refactor pkg.Collection (#2439)
+ * refactor javascript cataloger to use configuration options when
+ creating packages (#2438)
+ * use single source of truth for archive options (#2437)
+ * fix file digest cataloger when passed coordinates (#2436)
+ * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2
+ to 0.8.0 (#2413)
+ * Look for a maven version in a pom from a parent dependency
+ management section (#2423)
+ * Parse Python licenses from LicenseExpression entry in the Wheel
+ Metadata (#2431)
+ * chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11
+ (#2430)
+ * chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0
+ (#2429)
+ * chore(deps): update tools to latest versions (#2428)
+ * Parse Python licenses from LicenseFile entry in the Wheel
+ Metadata (#2331)
+ * fix: use filepath instead of path for file source exclusions
+ (#2411)
+ * chore(deps): bump github.com/charmbracelet/bubbletea (#2424)
+ * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0
+ (#2425)
+ * chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10
+ (#2426)
+ * chore(deps): bump dawidd6/action-homebrew-bump-formula (#2420)
+ * feat: add the option to retrieve remote licenses for projects
+ defined in a maven pom (#2409)
+ * chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9
+ (#2400)
+ * chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8
+ (#2415)
+ * chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to
+ 5.11.0 (#2414)
+ * chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#2401)
+ * chore(deps): update tools to latest versions (#2408)
+ * chore(deps): update CPE dictionary index (#2412)
+ * fix(java): improve identification for org.codehaus.groovy
+ artifacts (#2404)
+ * fix(java): improve identification for commons-jelly artifacts
+ (#2399)
+ * fix(java): improve identification for io.minio artifacts
+ (#2398)
+ * fix(java): improve identification for com.graphql-java
+ artifacts (#2397)
+ * chore(deps): update tools to latest versions (#2395)
+ * chore: enhance java purl generation integration test (#2393)
+ * feat: add ability to retrieve remote licenses for yarn.lock
+ (#2338)
+ * chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1
+ (#2392)
+ * Retrieve remote licenses using pom.properties when there is no
+ pom.xml (#2315)
+ * fix(java): improve identification for org.apache.tapestry
+ artifacts (#2384)
+ * fix(java): improve identification for io.ratpack artifacts
+ (#2379)
+ * fix(java): improve identification for org.apache.cassandra
+ artifacts (#2386)
+ * fix(java): improve identification for org.neo4j.procedure
+ artifacts (#2388)
+ * fix: bump fangs for ptr summarize fix (#2387)
+ * fix(java): improve identification for org.elasticsearch
+ artifacts (#2383)
+ * fix(java): improve identification for org.apache.geode
+ artifacts (#2382)
+ * fix(java): improve identification for org.apache.tomcat.embed
+ artifacts (#2381)
+ * fix(java): improve identification for io.projectreactor.netty
+ artifacts (#2378)
+ * fix(java): improve identification for org.eclipse.platform
+ artifacts (#2349)
+ * Generalize UI events for cataloging tasks (#2369)
+ * chore(deps): update tools to latest versions (#2376)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#2377)
+ * chore: fix tests failing due to Mac Rosetta cache (#2374)
+ * fix: improve dotnet portable executable identification (#2133)
+
+-------------------------------------------------------------------
+Thu Nov 30 08:14:13 UTC 2023 - andrea.manzini@suse.com
+
+- Update to version 0.98.0:
+ * fix file metadata cataloger to use resolved locations (#2370)
+ * fix: logging level for parsing potential PE files (#2367)
+ * only remove breaking-change label when there are schema changes (#2371)
+ * fix: capture root command stdout (#2364)
+ * fix: hardcode xalan group ID (#2368)
+ * Normalize cataloger configuration patterns (#2365)
+ * normalize enums to lowercase with hyphens (#2363)
+ * bump deps version
+ * fix: index file itself when file scan path has symlink (#2359)
+ * use read lock in pkg collection (#2341)
+ * Fix the `attest` command (#2337)
+ * fix: add manual namespace mapping for org.springframework jars (#2345)
+ * Add binary classifiers for MySQL and MariaDB (#2316)
+ * Enhance redis binary classifier (#2329)
+ * fix: add manual namespace mapping for org.springframework.security jars (#2343)
+ * fix: add manual namespace mapping for org.bouncycastle jars (#2342)
+ * Update developer docs to represent the current package layout (#2340)
+ * Remove the power-user command and related catalogers (#2306)
+ * Add "pretty" json configuration and change default behavior to be space-efficient (#2275)
+
+-------------------------------------------------------------------
+Sat Nov 18 08:51:36 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.97.1:
+ * chore(deps): update stereoscope to
+ 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336)
+ * feat: allow for stdout to be buffered on each command (#2335)
+
+-------------------------------------------------------------------
+Fri Nov 17 05:46:54 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.97.0:
+ * fix: prevent writing non-report output to stdout (#2324)
+ * chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7
+ (#2332)
+ * export metadata type helper (#2328)
+ * fix(java): add manual groupid mappings for org.apache.velocity
+ jars (#2327)
+ * fix(java): skip maven bundle plugin logic if vendor id and
+ symbolic name match (#2326)
+ * Refine license searching from groupIDFromJavaMetadata to allow
+ for having the artfactId in the groupId (#2313)
+ * chore(deps): update tools to latest versions (#2325)
+ * chore(deps): update tools to latest versions (#2318)
+ * Add license for golang stdlib (#2317)
+ * chore(deps): bump github/codeql-action from 2.22.5 to 2.22.6
+ (#2321)
+ * docs: Update README.md for dotnet-portable-executable (#2322)
+ * Fall back to searching maven central using
+ groupIDFromJavaMetadata (#2295)
+ * rename file.Location.VirtualPath to AccessPath (#2288)
+ * chore(deps): update tools to latest versions (#2308)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11
+ to 0.4.12 (#2310)
+ * chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0
+ (#2311)
+
+-------------------------------------------------------------------
+Thu Nov 09 14:48:04 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.96.0:
+ * include image labels in cycloneDX SBOM (#2294)
+ * Add accessPath on Location objects to syft-json output (#2287)
+ * SPDX file has duplicate sha256 tag in versionInfo (#2300)
+ * Check maven central as well for licenses in parents poms for
+ nested jars (#2302)
+ * chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0
+ (#2293)
+ * chore(deps): update tools to latest versions (#2301)
+ * fix: identify cyclone-json without $schema (#2303)
+
+-------------------------------------------------------------------
+Tue Nov 07 20:40:41 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.95.0:
+ * chore: setup release task before calling go releaser (#2297)
+ * chore(deps): update tools to latest versions (#2296)
+ * chore(deps): update tools to latest versions (#2289)
+ * chore(deps): update CPE dictionary index (#2290)
+ * chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0
+ (#2292)
+ * Wire though maven-url to java config (#2291)
+ * Use case-insensitive matching for Go license files (#2286)
+ * Add a new Java configuration option to recursively search
+ parent poms… (#2274)
+ * chore(deps): update tools to latest versions (#2280)
+ * Follow convention for naming catalogers (#2277)
+ * change dir resolver to include virtual path (#2259)
+ * fix: syft does not handle the case of parsing a jar with
+ multiple poms (#2231)
+ * add PURLs when scanning Gradle lock files (#2278)
+ * chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0
+ (#2279)
+ * test: remove dll files and updates tests to use
+ versionResources (#2276)
+ * fix: update dot net binary parsing logic to remove empty space
+ (#2273)
+ * Read a license from a parent pom stored in Maven Central
+ (#2228)
+ * Update README.md to use canonical output format names (fixes
+ #2269) (#2272)
+ * Remove MetadataType from core package object and normalize JSON
+ metadataType values (#1983)
+ * chore(deps): bump github.com/docker/docker (#2263)
+ * chore(deps): update stereoscope to
+ 5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265)
+ * chore(deps): update CPE dictionary index (#2271)
+ * chore: fix cpe generation task (#2270)
+ * chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0
+ (#2262)
+ * chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5
+ (#2261)
+ * chore(deps): update tools to latest versions (#2258)
+ * chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to
+ 5.10.0 (#2256)
+ * feat: Perform case insensitive matching on Java license files
+ (#2235)
+ * Split the sbom.Format interface by encode and decode use cases
+ (#2186)
+ * Upgrade tool management (#2188)
+ * fix: 2179 jar chokes empty lines (#2254)
+ * chore(deps): update CPE dictionary index (#2253)
+ * fix CPE workflow (#2252)
+ * feat: add conaninfo.txt parser to detect conan packages in
+ docker images (#2234)
+ * chore(deps): update bootstrap tools to latest versions (#2245)
+ * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0
+ to 4.6.1 (#2248)
+ * chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4
+ (#2249)
+ * fill version info from release and git directly (#2244)
+ * Add ruby.NewGemSpecCataloger to DirectoryCatalogers. (#1971)
+ * change homebrew release trigger (#2242)
+
+-------------------------------------------------------------------
+Fri Nov 3 09:12:53 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
+
+- BuildRequire go1.21
+
+-------------------------------------------------------------------
+Sat Oct 21 18:16:53 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.94.0:
+ * Label PRs when the json schema changes (#2240)
+ * Add download location when cataloging directory npm package
+ lock (#2238)
+ * fix: allow packages to be captured from DIST/EGG case (#2239)
+ * Account for maven bundle plugin and fix filename matching
+ (#2220)
+ * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236)
+ * Remove internal string set (#2219)
+ * bump clio to get stderr reporting fix (#2232)
+ * Fix panic for empty input to Swift cataloger (#2226)
+ * Add additional license filenames (#2227)
+ * chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3
+ (#2229)
+ * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0
+ to 0.9.1 (#2222)
+ * chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2
+ (#2224)
+ * Detect a license file in the root directory or META-INF of a
+ jar (#2213)
+ * Parse donet dependency trees (#2143)
+ * chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
+ (#2214)
+ * chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
+ (#2215)
+ * chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0
+ to 0.9.0 (#2216)
+ * chore: add automated homebrew action (#2164)
+ * Add relationships for dpkg packages (#2212)
+
+-------------------------------------------------------------------
+Wed Oct 11 04:22:21 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.93.0:
+ * Parse the Maven license from the pom.xml if not contained in
+ the mani… (#2115)
+ * Refine the docs for building a cataloger (#2175)
+ * Fix algo lookup by converting key to lower case (#2207)
+ * chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1
+ (#2208)
+ * feat: add package for go compiler given binary detection
+ (#2195)
+ * chore(deps): bump github.com/docker/distribution from
+ 2.8.2+incompatible to 2.8.3+incompatible (#2193)
+ * chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0
+ (#2202)
+ * chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0
+ (#2204)
+ * chore: update license list to 3.22 (#2201)
+ * Add exact syntax of the conversion formats (#2196)
+ * chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7
+ (#2198)
+ * chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0
+ (#2199)
+ * chore: removes unnecessary conditional (#2194)
+ * chore: improve --output help text and deprecate --file (#2187)
+ * chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0
+ (#2189)
+ * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10
+ to 0.4.11 (#2191)
+ * chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9
+ (#2182)
+ * chore(deps): update bootstrap tools to latest versions (#2178)
+ * chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6
+ (#2180)
+
+-------------------------------------------------------------------
+Thu Oct 05 06:32:34 UTC 2023 - andrea.manzini@suse.com
+
+- Update to version 0.92.0:
+ * bump deps to latest version
+ * fix: deterministic java purls (#2170)
+
+- Update to version 0.91.0:
+ * fix: prevent errors from clobbering terminal (#2161)
+ * Require ordering of relationships when comparing parser output (#2160)
+ * Add containerd support (#1793)
+ * feat: add dependency information to conan lockfile parser (#2131)
+ * fix: encode and decode FileLicenses and FileContents in Syft JSON (#2083)
+ * feat: add cyclonedx schema version selection (#2123)
+ * fix: allow cyclonedx json input with no components (#2127)
+ * fix source-version typo in flag description (#2126)
+
+- Update to version 0.90.0:
+ * fix(help): power-user help text to indicate it supports file-system (#2113)
+ * fix: update codeql-analysis for go 1.21 (#2108)
+ * feat(cmd/update): add UA header with current ver when check for update (#2100)
+ * fix(cdx): validate external refs before encoding (#2091)
+ * fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation (#2075)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:57:48 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.89.0:
+ * tidy gomod and gitignore (#2082)
+ * fix quiet flag (#2081)
+ * fix: in some cases, try to use pom info to guess name and
+ version to top level jar (#2080)
+ * fix: don't panic on universal go binaries (#2078)
+ * chore: update CLI to CLIO (#2001)
+ * Add registry certificate verification support (#1734)
+ * fix: CPE generation for django (#2068)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:54:29 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.88.0:
+ * chore: update quill to the latest version (#2065)
+ * fix: duplicate entries in cyclonedx dependency list (#2063)
+ * Fix panic in pom parsing (#2064)
+ * Fix: don't validate pom declared group (#2054)
+ * chore: trace log pom property reflect usage (#2059)
+ * fix: do not double-prefix symlink paths that already contain
+ volume names (#2051)
+ * feat: add bash classifier (#2055)
+ * Detect golang boring crypto and fipsonly modules (#2021)
+ * fix: properly parse conan ref and include user and channel
+ (#2034)
+ * chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1
+ to 0.8.0 (#2053)
+ * Enable reading non-utf-8 encodings for java pom.xml files
+ (#2047)
+ * feat: 1944 - update purl generation to use a consistent groupID
+ (#2033)
+ * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1
+ (#2049)
+ * chore(deps): update bootstrap tools to latest versions (#2048)
+ * chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0
+ (#2045)
+ * chore(deps): update CPE dictionary index (#2043)
+ * fill out new version notice (#2042)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:49:59 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.87.1:
+ * feat: use java package names to determine known groupids
+ (#2032)
+ * fix: inconsistent removal of binaries by overlap (#2036)
+ * fix: CycloneDX relationships not output or decoded properly
+ (#1974)
+ * chore: restore cataloger.DefaultConfig (#2028)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:31:00 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.87.0:
+ * fix: read direct package files when decoding SPDX tag-value
+ (#2014)
+ * chore(deps): update bootstrap tools to latest versions (#2022)
+ * chore(deps): update CPE dictionary index (#2025)
+ * chore(deps): update bootstrap tools to latest versions (#2012)
+ * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0
+ (#2008)
+ * 1948-filter-pkg-by-type (#2011)
+ * chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0
+ (#2009)
+ * fix: SPDX license values and download location (#2007)
+ * 931: binary cataloger exclusion defaults for ownership by
+ overlap (#1948)
+ * chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
+ (#2004)
+ * chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0
+ (#1998)
+ * test: add coverage for new rpmdb paths (#1999)
+ * chore: improve spdx purl decoding (#1996)
+ * fix: gradle lockfile parser groupId handling (#1995)
+ * fix: update glob to use newer usr/lib/sysimage path (#1997)
+ * fix: opkg search glob (#1994)
+ * feat: nginx binary classifier (#1988)
+ * Expand deb cataloger to include opkg (#1985)
+ * chore(deps): update bootstrap tools to latest versions (#1991)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#1993)
+ * chore: update bubbly to fix hanging (#1990)
+ * chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
+ (#1989)
+ * feat: use originator logic to fill supplier (#1980)
+ * add metadata types to all cpe test fixtures (#1982)
+
+-------------------------------------------------------------------
+Tue Aug 01 10:30:23 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.86.1:
+ * fix: default image source name to user input (#1979)
+
+-------------------------------------------------------------------
+Tue Aug 01 10:17:13 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.86.0:
+ * chore(deps): update stereoscope to
+ d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975)
+ * chore: update to latest commit in tools-golang (#1969)
+ * Guess unpinned versions in python requirements.txt (#1966)
+ * chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2
+ (#1965)
+ * Fix panic condition on docker pull failure (#1968)
+ * bump JSON schema to account for simplified python env markers
+ (#1967)
+ * feat: support top-level SPDX package and graph (#1934)
+ * chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to
+ 5.8.1 (#1959)
+ * Add cataloger for Swift Package Manager. (#1919)
+ * chore(deps): update stereoscope to
+ d515761c6ca2743a67d7d08053db69235ae76d1d (#1953)
+ * chore(deps): bump github.com/docker/docker (#1955)
+ * chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to
+ 5.8.0 (#1951)
+ * Introduce indexed embedded CPE dictionary (#1897)
+ * chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4
+ (#1949)
+ * Add support for parsing .NET assemblies (#1943)
+ * docs: capture artifactory dev settings from 1895 (#1947)
+ * remove build binary and add explicit git ignore
+ * docs: update docs with new docker specific instructions (#1941)
+ * remove jotframe UI (#1932)
+ * fix: remove indirect dependency of circl v1.1.0 (#1940)
+ * chore: move wait before iteration to guarantee read before tea
+ (#1931)
+
+-------------------------------------------------------------------
+Thu Jul 13 04:49:43 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.85.0:
+ * implement ui handle waiter (#1930)
+ * fix: background reader apart from global handler for testing
+ (#1929)
+ * chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0
+ (#1928)
+ * fix: allow valid cyclonedx input with no components (#1873)
+ * fix: "or-later" suffix updated to consider deprecated "+"
+ operator (#1907)
+ * feat: CLI flag for directory base (#1867)
+ * Fix CPE gen for k8s python client (#1921)
+ * chore: update iterations to protect against race (#1927)
+ * chore(deps): update bootstrap tools to latest versions (#1922)
+ * fix: Don't use the actual redis or grpc CPEs for gems (#1926)
+ * fix(install): return with right error code (#1915)
+ * Remove erroneous Java CPEs from generation (#1918)
+ * chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
+ (#1916)
+ * Switch UI to bubbletea (#1888)
+ * fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate
+ the link (#1884)
+ * add file source digest support (#1914)
+ * chore(deps): update bootstrap tools to latest versions (#1908)
+ * chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0
+ (#1912)
+ * chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0
+ (#1913)
+ * doc(readme): add installation section with scoop (#1909)
+ * Refactor source API (#1846)
+ * chore(deps): update bootstrap tools to latest versions (#1905)
+
+-------------------------------------------------------------------
+Fri Jun 30 04:42:50 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.84.1:
+ * chore(deps): update stereoscope to
+ cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903)
+ * chore(deps): update bootstrap tools to latest versions (#1902)
+ * fix: discover deb file relationships in distroless images
+ (#1901)
+ * add oss community board auto-add workflow (#1898)
+ * chore(deps): update stereoscope to
+ 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890)
+ * chore(deps): update bootstrap tools to latest versions (#1894)
+ * fix: add support for Dart SDK package dependencies (#1891)
+ * Simplify the SBOM writer interface (#1892)
+ * fix: improve version detection in Java archive name parsing
+ (#1889)
+ * fix: only output valid cyclonedx license choices (#1879)
+ * docs: clarify reasoning of default catalogers for images or
+ directories (#1887)
+
+-------------------------------------------------------------------
+Wed Jun 21 04:48:16 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.84.0:
+ * Configure chronicle to pre-1.0 mode (#1886)
+ * chore: update SPDX license list to 3.21 (#1885)
+ * chore(deps): update bootstrap tools to latest versions (#1880)
+ * Pad artifact IDs (#1882)
+ * chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0
+ (#1878)
+
+-------------------------------------------------------------------
+Wed Jun 14 18:11:48 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.83.1:
+ * chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1
+ (#1874)
+ * chore(deps): update stereoscope to
+ 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871)
+ * chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0
+ (#1876)
+ * fix: pom properties not setting artifact id (#1870)
+ * chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to
+ 0.5.2 (#1868)
+
+-------------------------------------------------------------------
+Mon Jun 12 19:35:49 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.83.0:
+ * fix: handle invalid symlinks (#1861)
+ * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to
+ 0.5.1 (#1850)
+ * chore(deps): update bootstrap tools to latest versions (#1857)
+ * Pr 1825 (#1865)
+ * chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to
+ 1.9.3 (#1862)
+ * chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0
+ (#1863)
+ * feat: source-version flag (#1859)
+ * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0
+ (#1851)
+ * accept main.version ldflags even without vcs (#1855)
+ * feat: add scope to pom properties (#1779)
+ * chore(deps): bump github.com/stretchr/testify from 1.8.3 to
+ 1.8.4 (#1852)
+ * chore(deps): bump github.com/docker/docker (#1849)
+ * Add test to ensure package metadata is represented in the JSON
+ schema (#1841)
+ * Fix directory resolver to consider CWD and root path input
+ correctly (#1840)
+ * Migrate location-related structs to the file package (#1751)
+ * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to
+ 5.7.0 (#1843)
+
+-------------------------------------------------------------------
+Tue May 23 17:54:05 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.82.0:
+ * fix: add panic recovery for license parse (#1839)
+ * chore: return both failures when failed to retrieve an image
+ with a scheme (#1801)
+ * Extract go module versions from ldflags for binaries built by
+ go (#1832)
+ * fix: duplicate packages, support pnpm lockfile v6 (#1778)
+ * chore(deps): update stereoscope to
+ e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834)
+ * chore(deps): bump github.com/stretchr/testify from 1.8.2 to
+ 1.8.3 (#1829)
+ * chore(deps): bump github.com/docker/docker (#1833)
+
+-------------------------------------------------------------------
+Tue May 23 07:31:00 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.81.0:
+ * Keep original FileInfo persisted on file.Metadata structs
+ (#1794)
+ * chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to
+ 1.9.2 (#1827)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#1823)
+ * chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to
+ 1.9.1 (#1822)
+ * chore(deps): bump github.com/docker/docker (#1824)
+ * fix: update field plurality of 8.0.0 schema before release
+ (#1820)
+ * fix: update cataloger to check for expressions before split
+ (#1819)
+ * feat: update syft license concept to complex struct (#1743)
+ * fix: cyclonedx depends-on relationship inverted (#1816)
+ * fix: retain sbom cataloger relationships (#1509)
+ * feat: warn if parsing newer SBOM (#1810)
+ * feat: Add R cataloger (#1790)
+ * update cosign to v2 release (different go module) (#1805)
+ * fix: Reduce log spam on unknown relationship type (#1797)
+ * chore(deps): update bootstrap tools to latest versions (#1807)
+ * chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802)
+ * chore(deps): bump github.com/docker/docker (#1795)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#1796)
+ * chore(deps): update bootstrap tools to latest versions (#1792)
+ * Print package list when extra packages found (#1791)
+ * chore(deps): update bootstrap tools to latest versions (#1786)
+ * chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787)
+
+-------------------------------------------------------------------
+Fri May 05 19:51:00 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.80.0:
+ * Update the CPE generation for spring-security-core (#1789)
+ * chore: do not HTML escape PackageURLs (#1782)
+ * chore: do not include kernel module cataloger by default
+ (#1784)
+ * chore(docs): Update lists of catalogers (#1780)
+ * chore: add more detail on SPDX file IDs (#1769)
+ * Search /usr/share for rpmdb to fix scan on ostree-managed
+ images (#1756)
+ * chore(deps): bump github.com/docker/docker (#1767)
+ * rename sbom.PackageCatalog to sbom.Packages (#1773)
+ * chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1
+ (#1768)
+ * Create python requirements metadata (#1759)
+ * chore: update test redactor ordering (#1765)
+ * rename pkg.Catalog to pkg.Collection (#1764)
+ * chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0
+ (#1758)
+ * chore: go-rpmdb update (#1757)
+ * chore(deps): bump github.com/CycloneDX/cyclonedx-go from
+ 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706)
+ * fix: Improve pnpm support (#1752)
+
+-------------------------------------------------------------------
+Sat Apr 22 14:33:37 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.79.0:
+ * feat: Add template func `hasField` (#1754)
+ * fix: only cache java packages and not source content (#1750)
+ * Add sections of interest for Gemfile.lock cataloger (#1749)
+ * fix: update cache.fingerprint file to java-builds dir (#1748)
+ * Add ALPM Metadata to CYCLONEDX and SPDX output formats (#1747)
+ * chore: bump stereoscope to latest version (#1741)
+ * chore(deps): update bootstrap tools to latest versions (#1744)
+ * chore(deps): bump github.com/docker/docker (#1746)
+
+-------------------------------------------------------------------
+Tue Apr 18 04:55:15 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.78.0:
+ * Create consul binary classifier (#1738)
+ * chore(deps): update bootstrap tools to latest versions (#1740)
+ * Fix kernel cataloger test fixtures (#1742)
+ * feat: Support scanning license files in golang packages over
+ the network (#1630)
+ * Add package-to-file location evidence relationships (#1698)
+ * Add Linux Kernel cataloger (#1694)
+ * Add annotations for evidence on package locations (#1723)
+ * add format make target (#1733)
+ * Update tests to not fail on Mac M1's. (#1730)
+
+-------------------------------------------------------------------
+Thu Apr 13 07:22:19 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.77.0:
+ * chore(deps): update bootstrap tools to latest versions (#1728)
+ * Add support for nar files. (#1727)
+ * add highlevel details about catalogers (#1726)
+ * chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722)
+ * chore(deps): update stereoscope to
+ e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721)
+ * feat: gradle lockfile support (#1719)
+ * chore(deps): bump github.com/docker/docker (#1715)
+ * chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713)
+ * chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714)
+ * chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
+ (#1716)
+ * chore(deps): bump peter-evans/create-pull-request from 4 to 5
+ (#1712)
+
+-------------------------------------------------------------------
+Thu Apr 06 03:25:22 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.76.1:
+ * chore: update tools-golang to v0.5.0 (#1717)
+ * Add Nix cataloger (#1696)
+ * refactor spdx tooling test to reduce intermittent failures
+ (#1707)
+ * Capture file ownership relationships from portage ecosystem
+ (#1702)
+ * chore: update deprecated set-output calls (#1705)
+
+-------------------------------------------------------------------
+Mon Apr 03 12:04:58 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.76.0:
+ * feat: Add config option to allow user to select the default
+ image source location
+ * chore(deps): bump github.com/docker/docker (#1699)
+ * chore(deps): update bootstrap tools to latest versions (#1697)
+ * chore(deps): update stereoscope to
+ d7551b7f46f53179922d6229709d3d1602881080 (#1693)
+ * 1577 spdxlicense generate (#1691)
+ * chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to
+ 0.5.3 (#1692)
+ * feat: scan local go mod cache for licenses of golang packages
+ (#1645)
+ * chore: fix flaky license sorting (#1690)
+ * chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3
+ (#1689)
+ * fix: shell completion by adding missing usage message required
+ by spf13/cobra (#1688)
+ * chore(deps): update bootstrap tools to latest versions (#1686)
+ * chore: tweak some workflow text (#1685)
+ * Remove more side effects from application config testing
+ (#1684)
+ * Deprecate config.yaml as valid config source; Add unit
+ regression for correct config paths (#1640)
+ * chore: Update syft bootstrap tools to latest versions. (#1682)
+ * Update documentation: (#1680)
+ * chore: Update Stereoscope to
+ 7928713c391e20abaede6a029f4ce37b628a4c8b (#1681)
+ * fix: reduce logging for bad dpkg lines (#1675)
+ * fix ruby classifier (#1678)
+ * feat: add shared dir for easier cleanup (#1676)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#1672)
+ * chore(deps): bump actions/setup-go from 3 to 4 (#1671)
+ * fix: move defer after error to protect panic case (#1670)
+ * feat: add argocd, helm, kustomize and kubectl binary
+ classifiers (#1663)
+ * defer closing file (#1668)
+ * fix: remove author contributing to javascript CPEs (#1669)
+
+-------------------------------------------------------------------
+Mon Mar 13 19:15:25 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.75.0:
+ * fix: more python matching support (#1667)
+ * Update syft bootstrap tools to latest versions. (#1666)
+ * feat: add ruby classifier (#1665)
+
+-------------------------------------------------------------------
+Thu Mar 09 15:31:12 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.74.1:
+ * Update syft bootstrap tools to latest versions. (#1658)
+ * fix: improved Python binary detection (#1648)
+ * fix: suppress some known incorrect vendor candidates for npm
+ CPEs (#1659)
+ * fix: sanitize SPDX LicenseRefs (#1657)
+ * chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655)
+ * chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653)
+ * chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5
+ (#1654)
+ * chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656)
+ * fix: dotnet PURL types are invalid (#1649)
+ * feat: disable cpe vendor wildcards to reduce false positives
+ (#1647)
+ * read relative etc/apk/repositories for alpine version when no
+ OS provided (#1615)
+
+-------------------------------------------------------------------
+Fri Mar 03 05:40:08 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.74.0:
+ * fix: possible race condition (#1639)
+ * fix: remove APK OriginPackage cpe candidates (#1637)
+ * fix: rebar lock file decoding panic (#1628)
+ * fix: handle individual cataloger panics (#1636)
+ * fix: apk product/vendor generation for old metadata (#1635)
+ * feat: rust toolchain binary cataloger (#1601)
+ * feat: retain go package info when no module declared (#1632)
+ * fix: improved CPE-generation for several more APK packages
+ (#1631)
+ * chore: update deprecated release flag (#1629)
+ * chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
+ * feat: add support for SUPPORT_END in /etc/os-release (#1612)
+ * fix: further improvements to CPE generation for apk packages
+ (#1623)
+ * chore(deps): bump github.com/stretchr/testify from 1.8.1 to
+ 1.8.2 (#1625)
+ * chore(deps): bump actions/checkout from 2 to 3 (#1626)
+ * feat: set cosign attest predicate type based on Syft output
+ type (#1598)
+ * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4
+ (#1609)
+ * fix: correct apk purls for other distros (#1620)
+ * refactor: move apk upstream logic to apk metadata (#1619)
+ * fix: decoding null apk metadata pullDependencies (#1614)
+ * feat: haproxy binary matcher (#1591)
+ * fix: determine upstream for apk version streams (#1610)
+ * fix: improve CPE generation for curl APK (#1608)
+ * Revert "add workaround for macos github actions cache issue
+ (#1584)" (#1605)
+
+-------------------------------------------------------------------
+Thu Feb 23 10:37:37 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.73.0:
+ * Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604)
+ * chore: fix cataloger_test (#1603)
+ * fix: merging of binary packages (#1583)
+ * fix: issue when matching format versions (#1585)
+ * chore: update syft bootstrap tools to latest versions. (#1593)
+ * feat: add perl binary classifier (#1592)
+ * Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602)
+ * Update SPDX license list to 3.20 (#1600)
+ * chore: update SPDX license list (#1599)
+ * fix cataloger selection to be more specific (#1582)
+ * add workaround for macos github actions cache issue (#1584)
+
+-------------------------------------------------------------------
+Thu Feb 16 17:31:12 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.72.0:
+ * Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576)
+ * chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574)
+ * chore: update bug issue template (#1571)
+ * allow convert to take stdin (#1570)
+ * fix: improve CPE and upstream generation logic for Alpine packages (#1567)
+ * fix: missing APK node vulnerabilities (#1565)
+ * fix: python CPE generation for alpine (#1564)
+ * chore(deps): bump github.com/docker/docker (#1563)
+
+-------------------------------------------------------------------
+Fri Feb 10 06:19:19 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.71.0:
+ * switch from trigger-release target to release target (#1560)
+ * Speed up cataloging by replacing globs searching with index lookups (#1510)
+ * Update syft bootstrap tools to latest versions. (#1549)
+ * Fix installed versions (#1556)
+ * chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558)
+ * feat: add postgresql classifier (#1536)
+ * Add release trigger (#1501)
+ * chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552)
+ * chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551)
+ * fix: add support for licenses not found on list (#1540)
+ * Update syft bootstrap tools to latest versions. (#1541)
+ * feat: Allow specific versions of formats to be specified (#1543)
+ * Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539)
+ * source: when base is set, responsePath should be absolute (#1542)
+
+-------------------------------------------------------------------
+Sat Feb 04 07:45:37 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.70.0:
+ * fix: update config struct to not decode password/key (#1538)
+ * Update syft bootstrap tools to latest versions. (#1537)
+ * feat: add traefik classifier (#1504)
+ * fix: don't hardcode Cosign attest type (#1533)
+ * chore(deps): bump github.com/docker/docker (#1531)
+ * Update syft bootstrap tools to latest versions. (#1530)
+
+-------------------------------------------------------------------
+Thu Feb 02 06:48:23 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.69.1:
+ * chore: update spdx/tools-golang to v0.5.0-rc1 (#1503)
+ * feat: update golang to 1.19 (#1526)
+ * Update syft bootstrap tools to latest versions. (#1525)
+
+-------------------------------------------------------------------
+Tue Jan 31 15:04:23 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.69.0:
+ * Allow scanning unpacked container filesystems (#1485)
+ * fix: allow template for syft convert (#1521)
+ * 1465 attestation with private key (#1502)
+
+-------------------------------------------------------------------
+Thu Jan 26 06:37:19 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.68.1:
+ * fix: add relevant CPEs to python and busybox classifiers (#1517)
+ * Update syft bootstrap tools to latest versions. (#1515)
+ * chore: correct bootstrap tool script (#1514)
+ * chore(deps): bump github.com/google/go-containerregistry (#1513)
+ * Fix AssertEncoderAgainstGoldenSnapshot calls to conditionally update (#1511)
+ * chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505)
+ * chore(deps): bump github.com/docker/docker (#1506)
+ * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507)
+ * chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508)
+ * Bump github.com/spdx/tools-golang to v0.4.0 (#1450)
+
+-------------------------------------------------------------------
+Sat Jan 21 07:53:06 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.68.0:
+ * Fix panic in apkdb parsing on empty "provides" values (#1494)
+ * push detailed log statements to trace-level (#1500)
+ * npm: package-lock license decoding to accept string or array (#1482)
+ * always set the package ID for java packages (#1493)
+ * fix: skip filling in empty fields in APK metadata (#1484)
+ * chore(deps): bump github.com/facebookincubator/nvdtools (#1499)
+ * chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498)
+ * chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497)
+ * chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496)
+ * chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495)
+ * Relax error conditions for catalogers (#1492)
+ * feat: add memcached classifier (#1486)
+ * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488)
+ * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489)
+ * chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490)
+ * chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491)
+ * chore(deps): bump github.com/google/go-containerregistry (#1487)
+ * chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475)
+ * chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477)
+ * chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476)
+ * chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474)
+ * chore(deps): bump github/codeql-action from 1 to 2 (#1473)
+ * chore(deps): bump actions/setup-go from 2 to 3 (#1472)
+ * Add dependabot (#1451)
+- skip non-existent release 0.67.x
+
+-------------------------------------------------------------------
+Fri Jan 20 09:56:19 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.66.2:
+ * chore: use checkout v3 with new depth (#1471)
+ * chore: use checkout v2 for tag depth (#1470)
+ * fix: nil panic in graalvm cataloger (#1468)
+ * add linter for type assertion checks (#1469)
+ * fix: bump golang.org/x/net to v0.4.0 (#1467)
+ * fix: bump golang.org/x/text to v0.3.8 (#1466)
+ * bootstrap within composite action (#1461)
+ * chore: revert GolangBinMetadata name and make analogous GolangModMetadata (#1458)
+ * README: update Nix installation instructions (#1455)
+
+-------------------------------------------------------------------
+Fri Jan 13 06:11:18 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.66.1:
+ * fix: update graalvm cataloger to fix panic (#1454)
+ * chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452)
+
+-------------------------------------------------------------------
+Fri Jan 13 06:09:05 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.66.0:
+ * feat: Add the origin field to the output format of syftjson (#1327)
+ * chore: update schema (#1449)
+ * feat: prefer known CPE vendors over other candidates (#1294)
+ * fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442)
+ * feat: add BeamVM Hex support (#1073)
+ * feat: add apache httpd binary classifier (#1448)
+ * chore: claim artifacthub package ownership from developer-guy (#881)
+ * Parallel package catalog processing (#1355)
+ * feat: Add php binary catalogers (#1444)
+ * Update syft bootstrap tools to latest versions. (#1443)
+ * fix: duplicate file in tar archive causes read to fail (#1445)
+ * Add support for GraalVM Native Image executables. (#1276)
+ * Add redis binary classifier (#1438)
+ * docs: add cataloger construction summary (#1434)
+ * chore: update bootstrap tools to latest versions. (#1428)
+ * Add alpine type to purl (#1431)
+
+-------------------------------------------------------------------
+Thu Jan 05 14:00:02 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.65.0:
+ * adding purl types for binary classifiers (#1435)
+ * chore: refactor basic CPE functionality to its own package (#1436)
+ * fix: typo in os.Getwd error message (#1433)
+ * fix: additional excessive go binary warnings (#1432)
+ * docs: migrate to homebrew-core (#1427)
+
+-------------------------------------------------------------------
+Wed Jan 04 15:47:49 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 0.64.0:
+ * fix: unicode output in cyclonedx-json format (#1420)
+ * fix: excessive go binary warnings (#1424)
+ * feat: update spdx format model to produce valid spdx json documents (#1418)
+ * clean package names in python parsers (#1417)
+ * docs: update schema name to 2.3 (#1416)
+ * feat: add h1digest when scanning go.mod (#1405)
+ * feat: Add license parsing for java (#1385)
+ * fix: cyclonedx component type for binaries (#1406)
+ * fix: openjdk detection pattern (#1415)
+ * bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (#1404)
+ * Add NetBSD support. (#1412)
+
+-------------------------------------------------------------------
+Fri Dec 16 12:37:58 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.63.0:
+ * feat: add catalog delete (#1377)
+ * docs: remove file classifier (#1397)
+ * chore: update latest cyclonedx library (#1390)
+ * feat: Add Java binary catalogers (#1392)
+ * chore: Update SPDX license list to 3.19 (#1389)
+ * fix: add manual vendor/product removal to fix false flags (#1070)
+ * Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (#1395)
+ * chore: fix test busybox image sha (#1393)
+ * fix: go version not properly identified in binary (#1384)
+
+-------------------------------------------------------------------
+Thu Dec 01 05:41:03 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.62.3:
+ * Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (#1376)
+ * fix: Update node binary package name (#1375)
+ * feat: Generic Binary Cataloger (#1336)
+ * recover from bad parsing of golang binary (#1371)
+ * Fix parsing of apk databases with large entries (#1365)
+ * Update syft bootstrap tools to latest versions. (#1369)
+
+-------------------------------------------------------------------
+Mon Nov 28 18:06:04 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.62.2:
+ * fix: guard for locations < 1 in alpmdb parse (#1366)
+ * fix: remove cabal.project.freeze panic on last pkg (#1363)
+ * fix: requirements.txt - return unicode only letter/num for version (#1361)
+ * Update syft bootstrap tools to latest versions. (#1356)
+
+-------------------------------------------------------------------
+Mon Nov 21 15:12:29 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.62.1:
+ * fix: sort relationships in SPDX output (#1350)
+ * chore: add debug logging for decode errors (#1352)
+ * feat(npm): handle aliases in package-lock.json (#1349)
+
+-------------------------------------------------------------------
+Sat Nov 19 12:04:28 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.62.0:
+ * fix: spdx java checksum correctness (#1348)
+ * feat: Add support for npm lockfile version 3 (#1206)
+
+-------------------------------------------------------------------
+Fri Nov 18 15:38:51 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.61.0:
+ * 1111 clean name bug (#1347)
+ * Add spdx relationship encoding for dependencies (#1342)
+ * feat: SPDX 2.3 support (#1311)
+ * SBOM cataloger (#1029)
+ * chore: clean up linting configuration (#1343)
+ * fix: Unmarshal Syft JSON with missing metadata (#1338)
+ * fix apk decode for older data shapes (#1341)
+ * chore: add unit test for wolfi os release identification (#1340)
+ * fix: Output only valid CPEs for CycloneDX OS components (#1339)
+ * feat: Add `--name` option to override name in output (#1269)
+ * Add support for dependency relationships for alpine (apk) (#1063)
+ * normalize alpm md5 refs (#1333)
+ * Update java generic cataloger (#1329)
+ * Support encoding map types to CycloneDX properties (#1332)
+ * Update swift cataloger to generic cataloger (#1324)
+ * port rust cataloger to new generic cataloger pattern (#1323)
+ * port ruby cataloger to new generic cataloger pattern (#1322)
+ * port rpm cataloger to new generic cataloger pattern (#1321)
+ * port python cataloger to new generic cataloger pattern (#1319)
+ * Update portage cataloger to new generic cataloger (#1316)
+ * port php cataloger to new generic cataloger pattern (#1315)
+
+-------------------------------------------------------------------
+Tue Nov 15 09:52:45 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.60.3:
+ * javascript cataloger: node binary: nil pointer dereference (#1313)
+ * Fix: Include version information in binary cataloger CPEs (#1310)
+ * fix: only generate PURL on empty string (#1312)
+ * add s3 credentials to release (#1309)
+ * port javascript cataloger to new generic cataloger pattern (#1308)
+
+-------------------------------------------------------------------
+Tue Nov 15 09:44:11 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.60.2:
+ * chore: update goreleaser brew token (#1306)
+ * fix: Decode binary and unknown metadata (#1307)
+
+-------------------------------------------------------------------
+Tue Nov 15 09:39:47 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.60.1:
+ * chore: update github token permissions for goreleaser (#1305)
+
+-------------------------------------------------------------------
+Tue Nov 15 09:29:12 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.60.0:
+ * fix: update ci secret to use new password (#1304)
+ * fix: update secret value to use new cert cahin (#1303)
+ * fix: verbose quill release failures (#1302)
+ * fix: unterminated quoted string (#1300)
+ * fix: update Makefile to remove old signing arch (#1299)
+ * feat: add nodejs-binary package classifier (#1296)
+ * update go-rpmdb to improve parsing of installed files (#1297)
+ * docs: update attestation directions with new cosign changes
+ * fix: Continue parsing Python RECORD files when bad lines encountered (#1295)
+ * Fix #1245 Update SPDX license list to 3.18 (#1259)
+ * fix: Resolve Maven POM expressions (#1251) (#1278)
+ * port haskell cataloger to new generic cataloger pattern (#1290)
+ * port golang cataloger to new generic cataloger pattern (#1289)
+ * port deb/dpkg cataloger to new generic cataloger pattern (#1288)
+ * update cataloger tests to use pkgtest utils (#1287)
+ * port dotnet cataloger to new generic cataloger pattern (#1286)
+ * port dart cataloger to new generic cataloger pattern (#1285)
+ * port conan cataloger to new generic cataloger pattern (#1284)
+ * port apk cataloger to new generic cataloger pattern (#1283)
+ * replace signing tooling with quill (#1280)
+ * Upgrade generic cataloger (#1281)
+ * Update syft bootstrap tools to latest versions. (#1282)
+ * replace logger interface with anchore/go-logger (#1279)
+ * Update syft bootstrap tools to latest versions. (#1267)
+ * Add go binary h1 digest to SPDX (#1265)
+ * fix: move reproduction to top of issue (#1264)
+ * fix: update syftjson ID to match major schema version (#1274)
+ * Use in-toto CycloneDX predicate to be compatible with cosign (#1270)
+ * chore: handle deprecated SPDX license: StandardML-NJ (#1266)
+
+-------------------------------------------------------------------
+Tue Oct 18 05:11:08 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.59.0:
+ * Fixes #1179 Deprecated SPDX license (#1263)
+ * feat: add RelationshipsBySourceOwnership to syft json output (#1248)
+ * fix: reset merged package into map; (#1258)
+ * refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
+ * Update syft bootstrap tools to latest versions. (#1254)
+ * Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
+ * Update syft bootstrap tools to latest versions. (#1244)
+ * fix apkdb checksum representation (#1247)
+ * feat: add identifiable field to source object (#1243)
+ * feat: attest support for Singularity images (#1201)
+ * Update syft bootstrap tools to latest versions. (#1239)
+ * Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240)
+ * fix: Follow symlinks when searching for globs in all-layers scope (#1221)
+ * update requires to use list; remove field (#1234)
+
+-------------------------------------------------------------------
+Fri Sep 30 05:10:45 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.58.0:
+ * Add Conan (C/C++) conan.lock file support (#1230)
+ * add sequence diagrams and flesh out TODO notes (#1233)
+ * Do not fail if unable to parse `.rpm` file (#1232)
+ * fix: support exclude patterns on Windows (#1228)
+ * Update syft bootstrap tools to latest versions. (#1225)
+ * Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224)
+ * Update syft bootstrap tools to latest versions. (#1223)
+ * Update syft bootstrap tools to latest versions. (#1220)
+
+-------------------------------------------------------------------
+Wed Sep 21 08:27:42 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.57.0:
+ * feat: catalog python files for installed-files.txt file metadata (#1217)
+ * Stabilize SPDX JSON output sorting (#1216)
+ * bug: remove chance for panic; provide default attestation path (#1214)
+ * refactor: update Makefile organization; update DEVELOPING.md instructions (#1212)
+ * refactor: replace ioutil=>io; update linter (#1211)
+ * Update bootstrap tools to latest versions. (#1204)
+ * Add gosimports (#1205)
+ * refactor: move formats from internal into syft module (#1172)
+
+-------------------------------------------------------------------
+Tue Sep 13 12:42:32 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.56.0:
+ * warn on errors from RPM DB parsing (#1200)
+ * docs: improve Singularity image source docs (#1190)
+ * Add RPM file scanning support (#1188)
+ * Normalize syft-json output (#1194)
+ * Revert "External sources configuration (#1158)" (#1191)
+ * Update syft bootstrap tools to latest versions. (#1186)
+ * Fix RPM DB license handling (#1184)
+ * Update syft bootstrap tools to latest versions. (#1182)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:42:57 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.55.0:
+ * update stereoscope to latest (#1181)
+ * Update syft bootstrap tools to latest versions. (#1180)
+ * Bug fix for 1095 - syft conversion option error (#1177)
+ * Update syft bootstrap tools to latest versions. (#1176)
+ * enhance development support on macOS ARM (#1163)
+ * Capture if a node module is private (#1161)
+ * Find version numbers from jars with different naming conventions (#1174)
+ * Update syft bootstrap tools to latest versions. (#1171)
+ * Fix update-bootstrap-tools workflow (#1170)
+ * workflow to create automated PRs to update bootstrap tools (#1167)
+ * feat: add support for licenses in package-lock json v2 (#1164)
+ * External sources configuration (#1158)
+ * feat: add support for pnpm (#1166)
+ * Prevent symlinks causing duplicate package-file relationships (#1168)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:38:56 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.54.0:
+ * Associate node package licenses from node_modules (#1152)
+ * Give the contributing guide a substantial rework (#1155)
+ * fix: extract file ids correctly for spdx-json (#1156)
+ * metadata decoding should be optional (#1154)
+ * Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151)
+ * Add modularitylabel metadata to RPM type records generated by syft (#1148)
+ * Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149)
+ * retraction for mispublished versions (#1147)
+ * cataloger configuration is respected regardless of source (#1142)
+ * Update README.md (#1146)
+ * bump cosign to v1.10.1 (#1144)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:35:58 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.53.4:
+ * Update stereoscope to get rid of the replace directive (#1140)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:33:24 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.53.3:
+ * Correct squashfs import and fix incorrect bouncer configuration (#1138)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:31:12 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.53.2:
+ * Overwrite deprecated SPDX licenses automatically (#1009)
+ * disable release for docker assets (#1137)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:29:04 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.53.1:
+ * improve docker release bootstrap (#1136)
+ * Singularity Image Support (#974)
+
+-------------------------------------------------------------------
+Wed Sep 07 05:25:20 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.53.0:
+ * remove docker login from keychain (#1135)
+ * remove ENV checks from siging script (#1134)
+ * remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133)
+ * remove prefixed v from tag to match release (#1131)
+ * rollback actions-setup-docker to earlier version (#1130)
+ * Bump go-rustaudit to support rustaudit 0.2.0 (#1127)
+ * bump bouncer to v0.4.0 (#1125)
+ * Added ppc64le supported to the syft:debug image (#1124)
+ * add a cataloger for binaries built with rust-audit (#1116)
+ * bump goreleaser to v1.10.3 (#1123)
+ * bump golangci-lint to v1.47.2 (#1122)
+ * bump cosign in bootstrap-tools to v1.10.0 (#1121)
+ * Added s390x support (#1117)
+ * Delete pr_action.yaml (#1120)
+ * fix: use generic instead of not generating purl (#1119)
+ * bump cosign to v1.10.0 (#1114)
+
+-------------------------------------------------------------------
+Thu Jul 21 15:12:29 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.52.0:
+ * Update sigstore/rekor dependency (#1112)
+ * Added ppc64le support (#1099)
+ * patch-distroless-ghcr (#1110)
+ * add distroless debug image to published release (#1106)
+ * update help formatting (#1105)
+ * feat: implement haskell support (#1096)
+ * Add the -r argument for gnu xargs (#1103)
+ * fix: -o output option to include formats (#1102)
+ * moves go-rpmdb to latest; libc => v1.16.7 (#1098)
+
+-------------------------------------------------------------------
+Sat Jul 16 19:00:04 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.51.0:
+ * feat: add support for cocoapods (Swift/Objective-C) (#1081)
+ * Fix package url for Go modules with no / (#1092)
+ * Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090)
+ * feat: output attestation to file (#1087)
+ * Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089)
+ * Add portage support for Gentoo Linux (#1076)
+ * Add PR action back to workflow with new token (#1086)
+
+-------------------------------------------------------------------
+Wed Jul 06 18:12:23 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.50.0:
+ * feat: add new login cmd (#1068)
+ * update AltRpmDbGlob with comment and context (#1085)
+ * feat: add support for conan packages (C/C++) (#1083)
+ * add golang main module and pseudo-version (#916)
+ * fix: add glob to filter list to ensure rpm metadata files are matched… (#1079)
+ * remove pr automation until service account creation (#1080)
+ * fix: purl generation for pom.xml (#1078)
+ * Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072)
+ * fix: add new languages found in cpes (#1069)
+ * fix: add php catalogers to all catalogers (#1065)
+ * feat: add use-all-catalogers flag (#1050)
+
+-------------------------------------------------------------------
+Mon Jun 27 13:20:51 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.49.0:
+ * Updates parsing of `yarn.lock` to use `resolved` URLs that are pulled from yarn and npm registries (#926)
+ * remove OSS Meetup message (#1057)
+ * add pom.xml cataloger (#1055)
+ * Add support for CBL-Mariner distroless images (#1045)
+ * Add catalogers configuration (#1038)
+ * add template output (#1051)
+
+-------------------------------------------------------------------
+Wed Jun 22 08:47:26 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.48.1:
+ * update stereoscope to latest version (#1052)
+
+-------------------------------------------------------------------
+Wed Jun 22 08:34:13 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.48.0:
+ * update zip_read_closer to incorporate zip64 support (#1041)
+ * Add pacman (alpm) parser support (#943)
+
+-------------------------------------------------------------------
+Wed Jun 22 08:23:30 UTC 2022 - kastl@b1-systems.de
+
+- Update to version 0.47.0:
+ * Update of README.md (#1027)
+ * bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025)
+ * add workflows to test new project automation (#1023)
+ * improve LanguageByName and add unit tests (#1034)
+ * Read Description from dpkg status files (#996)
+ * Add announcement for Anchore OSS Virtual Meetup (#1033)
+ * add main module field to go bin metadata (#1026)
+ * Add filters to package cataloger (#1021)
+ * change draft to false for release process (#1016)
+ * Support RPM distros with newer RPM db formats (#1018)
+ * fix: add component list to prevent cyclone-dx panic (#1015)
+
+-------------------------------------------------------------------
+Mon Jun 6 19:43:54 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
+
+- first version of package syft at version 0.46.3
diff --git a/syft.obsinfo b/syft.obsinfo
new file mode 100644
index 0000000..8106d22
--- /dev/null
+++ b/syft.obsinfo
@@ -0,0 +1,4 @@
+name: syft
+version: 1.14.1
+mtime: 1728996647
+commit: 754cebee6414c614acf03ee0f87abfcf6176e051
diff --git a/syft.spec b/syft.spec
new file mode 100644
index 0000000..027bb71
--- /dev/null
+++ b/syft.spec
@@ -0,0 +1,119 @@
+#
+# spec file for package syft
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
+
+Name: syft
+Version: 1.14.1
+Release: 0
+Summary: CLI tool and library for generating a Software Bill of Materials
+License: Apache-2.0
+URL: https://github.com/anchore/syft
+Source: syft-%{version}.tar.gz
+Source1: vendor.tar.gz
+BuildRequires: go >= 1.22
+
+%description
+A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype.
+
+%package -n %{name}-bash-completion
+Summary: Bash Completion for %{name}
+Group: System/Shells
+Requires: %{name} = %{version}
+Requires: bash-completion
+Supplements: (%{name} and bash-completion)
+BuildArch: noarch
+
+%description -n %{name}-bash-completion
+Bash command line completion support for %{name}.
+
+%package -n %{name}-fish-completion
+Summary: Fish Completion for %{name}
+Group: System/Shells
+Requires: %{name} = %{version}
+Supplements: (%{name} and fish)
+BuildArch: noarch
+
+%description -n %{name}-fish-completion
+Fish command line completion support for %{name}.
+
+%package -n %{name}-zsh-completion
+Summary: Zsh Completion for %{name}
+Group: System/Shells
+Requires: %{name} = %{version}
+Supplements: (%{name} and zsh)
+BuildArch: noarch
+
+%description -n %{name}-zsh-completion
+zsh command line completion support for %{name}.
+
+%prep
+%autosetup -p 1 -a 1
+
+%build
+COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)"
+
+DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
+BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
+
+go build \
+ -mod=vendor \
+ -buildmode=pie \
+ -ldflags=" \
+ -X main.version=%{version} \
+ -X main.gitCommit=${COMMIT_HASH} \
+ -X main.gitDescription=v%{version} \
+ -X main.buildDate=$BUILD_DATE" \
+ -o bin/syft ./cmd/syft
+
+%install
+# Install the binary.
+install -D -m 0755 bin/%{name} "%{buildroot}/%{_bindir}/%{name}"
+
+# create the bash completion file
+mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/
+%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name}
+
+# create the fish completion file
+mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
+%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
+
+# create the zsh completion file
+mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
+%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name}
+
+%files
+%doc README.md
+%license LICENSE
+%{_bindir}/%{name}
+
+%files -n %{name}-bash-completion
+%dir %{_datarootdir}/bash-completion/completions/
+%{_datarootdir}/bash-completion/completions/%{name}
+
+%files -n %{name}-fish-completion
+%dir %{_datarootdir}/fish
+%dir %{_datarootdir}/fish/vendor_completions.d
+%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
+
+%files -n %{name}-zsh-completion
+%defattr(-,root,root)
+%dir %{_datarootdir}/zsh_completion.d/
+%{_datarootdir}/zsh_completion.d/_%{name}
+
+%changelog
diff --git a/vendor.tar.gz b/vendor.tar.gz
new file mode 100644
index 0000000..ec7beb5
--- /dev/null
+++ b/vendor.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e53b144429ebb3219a13fb6e26aa53f980ef91bf468e892779313d7f230a4c44
+size 51724551