@ -1,379 +1,3 @@
-------------------------------------------------------------------
Tue Dec 10 08:48:44 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.18.0:
* chore(deps): update anchore dependencies (#3510)
* fix: convert file paths for spdx formats from absolute to
relative (#3509)
* chore(deps): update CPE dictionary index (#3507)
* chore(deps): update tools to latest versions (#3506)
* chore(deps): bump github.com/magiconair/properties from 1.8.7
to 1.8.9 (#3508)
* chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#3503)
* Add relationships for rust audit binary packages (#3500)
* fix order of rust dependencies and support git sources in
Cargo.lock dependencies (#3502)
* chore(deps): update tools to latest versions (#3501)
* chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
(#3499)
* chore: add and document target for updating unit snapshots
(#3498)
* fix: emit NOASSERTION for copyright text to fix SPDX 2.2
validation failure (#3495)
* chore(deps): update tools to latest versions (#3496)
* chore(deps): update tools to latest versions (#3487)
* chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
(#3494)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.2 to
6.6.3 (#3489)
* feat: set max layer size (#3464)
* chore(deps): update CPE dictionary index (#3491)
* chore(deps): bump modernc.org/sqlite from 1.34.1 to 1.34.2
(#3492)
* chore(deps): bump github.com/saferwall/pe from 1.5.5 to 1.5.6
(#3493)
* chore(deps): update tools to latest versions (#3478)
* chore(deps): update CPE dictionary index (#3479)
* chore(deps): bump github.com/stretchr/testify from 1.9.0 to
1.10.0 (#3480)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3
to 1.2.4 (#3482)
* chore(deps): update stereoscope to
be5deed44b7c03fcbfa6f1f42fb67202d31636a9 (#3483)
* fix: dart classifier for 2.x and ARM (#3475)
* Use file indexer directly when scanning with file source
(#3333)
* chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8
(#3476)
* chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
(#3473)
-------------------------------------------------------------------
Thu Nov 21 14:50:55 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.17.0:
* chore(deps): update stereoscope to
aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3472)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2
to 1.2.3 (#3467)
* fix: bump clio to pull in logging fix (#3466)
* 3122 valid license url characters (#3449)
* 3030 license declared spdx correction (#3461)
* chore(deps): update tools to latest versions (#3463)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.1 to
6.6.2 (#3465)
* chore(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.1
(#3460)
* chore(deps): update CPE dictionary index (#3453)
* chore(deps): update tools to latest versions (#3454)
* chore(deps): update tools to latest versions (#3448)
* chore(deps): update tools to latest versions (#3444)
* chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4
(#3446)
* feat: emit dependency relationships found in Cargo.lock (#3443)
* chore(deps): update stereoscope to
aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3442)
* chore(deps): bump github/codeql-action from 3.27.2 to 3.27.3
(#3438)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.1
to 1.2.2 (#3439)
* chore(deps): bump github.com/saferwall/pe from 1.5.4 to 1.5.5
(#3440)
* chore(deps): update tools to latest versions (#3413)
* chore(deps): bump github/codeql-action from 3.27.1 to 3.27.2
(#3436)
* chore(deps): bump golang.org/x/mod from 0.21.0 to 0.22.0
(#3426)
* update node classifier (#3419)
* chore(deps): update stereoscope to
120d9ea511e2f7a9887b443c52e66cd19bb80b43 (#3424)
* chore(deps): update CPE dictionary index (#3429)
* chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1
(#3431)
* chore(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
(#3432)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2
to 1.2.1 (#3433)
* restore log on ui teardown (#3427)
* doc: Add official Syft logo license information (#3421)
* chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7
(#3418)
* chore: build release sbom from go.mod (#3417)
-------------------------------------------------------------------
Tue Nov 05 09:43:28 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.16.0:
* chore: prevent file resolver from bubbling errors in binary
cataloger (#3410)
* chore(deps): update stereoscope to
cbd43fb4e5d348fe680066ee6329385fd6a4f827 (#3411)
* chore(deps): update CPE dictionary index (#3414)
* chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
(#3408)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
to 1.0.0 (#3409)
* chore(deps): update stereoscope to
2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 (#3405)
* Issue #3143 –
* feat: support dependencies and purl for Native Image SBOMs
(#3399)
* chore(deps): update stereoscope to
9c92fe30492ffeba14ed2e23ad1fd923341dda4f (#3398)
* feat: exclude devDependencies from package-lock.json parsing
(#3371)
* chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
(#3394)
* chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
(#3393)
* fix: stack overflow in spyingIoReadCloser (#3392)
* fix: bad pom files may cause infinite loop (#3391)
-------------------------------------------------------------------
Tue Oct 29 14:02:45 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.15.0:
* chore(deps): update stereoscope to
bcc40c6817524718277256d6b774ce643f98640a (#3388)
* chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#3384)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
to 1.1.2 (#3385)
* chore(deps): update tools to latest versions (#3383)
* chore(deps): update CPE dictionary index (#3387)
* chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3380)
* feat: multi-level configuration and profiles (#3337)
* feat: Java dependency graph information (#3363)
* Expanded dpkg cataloger globs (#3373)
* Enable cargo-auditable-binary-cataloger for files/directories
(#3376)
* chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
(#3374)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3375)
* chore(deps): update stereoscope to
6db3c175f1f836e552b01ee70e5d5528cc04bce4 (#3362)
* chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#3364)
* chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
(#3365)
* chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to
5.6.0 (#3367)
-------------------------------------------------------------------
Tue Oct 22 07:09:11 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.14.2:
* Create single license scanner for all catalogers (#3348)
* chore(deps): update stereoscope to
a38c93517fc7d67ca1af826ac529a06c05b571d2 (#3357)
* chore(deps): update CPE dictionary index (#3358)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to
6.6.1 (#3361)
* update to latest packageurl-go (#3347)
* chore(deps): update tools to latest versions (#3342)
* chore(deps): update stereoscope to
9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f (#3338)
* chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
(#3344)
* fix: use official CPE for linux kernel (#3343)
* chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
(#3340)
* fix: improve mariadb binary classifer to detect older versions
(#3339)
-------------------------------------------------------------------
Tue Oct 15 15:36:18 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.14.1:
* fix: stop some log.Warn spam due parsing an empty string as a
CPE (#3330)
* chore(deps): update stereoscope to
1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
* chore(deps): update stereoscope to
1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
* chore(deps): update stereoscope to
93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
* chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
(#3326)
* chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
(#3327)
* chore(deps): update CPE dictionary index (#3323)
* fix: improve go binary semver extraction for traefik (#3325)
* chore(deps): update stereoscope to
92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
* chore(deps): update stereoscope to
c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1
to 4.7.0 (#3321)
* chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3
(#3314)
* shorten release docs (#3318)
* docs: clearer deprecation message for --file (#3310)
* [docs] Add mastodon link to README.md (#3306)
* chore(deps): update stereoscope to
5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
* chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
* chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
(#3307)
* chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
* chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
(#3309)
-------------------------------------------------------------------
Wed Oct 09 04:42:52 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.14.0:
* feat: report unknowns in sbom (#2998)
* chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
(#3299)
* chore(deps): update stereoscope to
efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
* chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
(#3304)
* chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
* chore(deps): update CPE dictionary index (#3302)
* Fix: Parse package.json with non-standard fields in 'author'
section (#3300)
* chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
(#3298)
* chore: add pull request template (#3294)
* chore(deps): update tools to latest versions (#3296)
* Track supporting DPKG evidence (#3228)
* Fix: make failed CPE validation correctly return error (#2762)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to
6.6.0 (#3293)
* feat: update haproxy classifier (#3277)
* chore(deps): update tools to latest versions (#3291)
* fix: don't use builtin scanner in licensecheck (#3290)
* chore(deps): update CPE dictionary index (#3288)
* chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
(#3289)
* update redis classifier (#3281)
* fix: improve node classifier version matching (#3284)
* fix: update ruby classifier for -rc, -dev, etc. versions
(#3285)
* chore(deps): update CPE dictionary index (#3262)
* chore(deps): bump github.com/docker/docker (#3264)
* chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
(#3275)
* chore(deps): update stereoscope to
dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
* chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
* add awaiting response management (#3272)
* fix: correct excluded mount point comparison to file paths
(#3269)
-------------------------------------------------------------------
Tue Sep 24 17:39:53 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.13.0:
* Add JVM cataloger (#3217)
* feat: classifier for Dart lang binaries (#3265)
* Add compliance policy for empty name and version (#3257)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to
2.3.2 (#3254)
* chore(deps): bump peter-evans/create-pull-request from 7.0.3 to
7.0.5 (#3255)
* chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
(#3256)
* chore(deps): update tools to latest versions (#3259)
* chore(deps): bump github.com/docker/docker (#3260)
* feat: add binary classifiers for lighttp, proftpd, zstd, xz,
gzip, jq, and sqlcipher (#3252)
* fix: capture-snippet.sh can handle leading whitespaces now
(#3249) (#3250)
* chore(deps): update tools to latest versions (#3251)
* chore(deps): update tools to latest versions (#3247)
* chore(deps): update tools to latest versions (#3243)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
to 0.9.1 (#3242)
* chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
(#3241)
* chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
7.0.3 (#3240)
* chore(deps): update tools to latest versions (#3231)
* chore(deps): update CPE dictionary index (#3232)
* chore(deps): update tools to latest versions (#3205)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
to 1.1.1 (#3225)
* chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
7.0.2 (#3226)
* chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
(#3229)
* feat: --enrich flag for data enrichment feature enablement
(#3182)
-------------------------------------------------------------------
Thu Sep 12 04:56:01 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.12.2 (no releases between 1.11.1 and this
one):
* chore: make ci-check.sh an executable file (#3220)
* chore(deps): bump github.com/opencontainers/runc from 1.1.12 to
1.1.14 (#3219)
* chore: restore ci-check.sh script (#3218)
* Add haskell binaries cataloger (#3078)
* chore(deps): update CPE dictionary index (#3206)
* chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0
(#3203)
* Add the Ocaml ecosystem (#3112)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0
to 0.20.0 (#3209)
* chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0
(#3210)
* chore(deps): bump github.com/docker/docker (#3211)
* chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
(#3212)
* dont cleanup cache in forks (#3214)
* less verbose java logging when non-fatal issues arise (#3208)
* Slim down docker cache size (#3190)
* chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
7.0.1 (#3196)
* chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0
(#3197)
* fix: haproxy classifier for versions with -dev suffix (#3180)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
3.3.0 (#3177)
* chore(deps): update CPE dictionary index (#3183)
* chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
(#3184)
* chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
7.0.0 (#3187)
* fix: properly decode SPDX license expressions in CycloneDX
format (#3175)
* chore(deps): bump github.com/docker/docker (#3168)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
* chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6
(#3173)
* fix: cycles resolving relative path parent poms with
parent-defined variables (#3170)
* fix: improve generated cpes for binaries with existing
classifiers (#3169)
* fix: add log time of task (#3105)
* fix: improve known CPEs and set NVD as source for all current
binary classifiers (#3167)
* respond to authoratative CPEs from catalogers (#3166)
* set cataloger names within package cataloger task (#3165)
* fix: use official CPE for curl binary cataloger (#3164)
* chore(deps): update tools to latest versions (#3160)
* chore(deps): update CPE dictionary index (#3161)
* chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5
(#3162)
* fix ELF package correlations (#3151)
* chore(deps): update tools to latest versions (#3144)
* feat: detect curl binaries (#3146)
* chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
(#3155)
* chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
(#3154)
* chore(deps): update stereoscope to
e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0
to 0.19.0 (#3148)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
* chore(deps): bump github.com/anchore/stereoscope (#3153)
* fix: mysql 8.0.3x binary detection (#3142)
* chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
(#3139)
-------------------------------------------------------------------
Tue Aug 20 16:41:18 UTC 2024 - opensuse_buildservice@ojkastl.de