Accepting request 1301751 from devel:kubic

update to 1.32.0

OBS-URL: https://build.opensuse.org/request/show/1301751
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/syft?expand=0&rev=106

_service

@@ -3,10 +3,10 @@
     <param name="url">https://github.com/anchore/syft</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.14.1</param>
+    <param name="revision">v1.32.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
   </service>
   <service name="set_version" mode="manual">
     <param name="basename">syft</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/syft</param>
-              <param name="changesrevision">754cebee6414c614acf03ee0f87abfcf6176e051</param></service></servicedata>
+              <param name="changesrevision">2d8e337d3469712c7d92770792f0117ad82c4ad3</param></service></servicedata>

syft-1.14.1.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eefc0cec9db00f232dfefedaf4286efcbae1e924c1e4d7fa34518fcc8562911a
-size 26564109

syft-1.32.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba5919a3a6ff3c298783cb6ceef40e96edf1682574e119618510a9a24ff8dd19
+size 29739533

syft.changes

@@ -1,3 +1,901 @@
+-------------------------------------------------------------------
+Thu Aug 28 04:45:38 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.32.0:
+  * Added Features
+    - Catalog entire build list for Go projects, not just packages
+      listed in go.mod [#432 #4127 @spiffcs]
+    - package.json authors keyword parsing [#2250 #4003 @popey]
+    - Conda ecosystem support (basic) [#4002@SimeonStoykovQC]
+  * Bug Fixes
+    - When scanning the FFmpeg binary with Syft a new package is
+      now added [#3988 #3994 @popey]
+    - Warn loudly if SQLite driver is not present when needed
+      [#3234 #4150 @kzantow]
+  * Additional Changes
+    - Update dependencies to use go.yaml.in/yaml [#4157 @n-bes]
+    - chore(deps): update anchore dependencies (#4169)
+    - chore(deps): bump github.com/diskfs/go-diskfs (#4159)
+    - chore(deps): bump github.com/stretchr/testify from 1.10.0 to
+      1.11.0 (#4160)
+    - chore(deps): update tools to latest versions (#4154)
+    - chore(deps): bump github/codeql-action from 3.29.10 to
+      3.29.11 (#4149)
+    - chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10
+      (#4145)
+    - chore(deps): update CPE dictionary index (#4143)
+    - chore(deps): bump github.com/hashicorp/go-getter from 1.7.8
+      to 1.7.9 (#4144)
+    - chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5
+      (#4141)
+    - chore(deps): update tools to latest versions (#4139)
+
+-------------------------------------------------------------------
+Tue Aug 19 05:14:52 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.31.0:
+  * Added Features
+    - Option to set PackageSupplier in root of SPDX document
+      generated by CLI [#3098 #4131 @spiffcs]
+  * Bug Fixes
+    - closed reader during java binary detection [#4129 @kzantow]
+    - support multiple letters in openssl patch version [#4106
+      @honigbot]
+    - Can not have license ID [#1964 #4132 @spiffcs]
+    - Syft sometimes reports URL for license value when scanning
+      JARs with a URL in Bundle-License field of manifest [#3186]
+  * Dependencies
+    - chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to
+      0.1.2 (#4135)
+    - chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9
+      (#4134)
+    - chore(deps): bump actions/checkout from 4.2.2 to 5.0.0
+      (#4130)
+    - chore(deps): update CPE dictionary index (#4126)
+
+-------------------------------------------------------------------
+Sun Aug 10 07:04:11 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.30.0:
+  * Added Features
+    - add binary classifier for hashicorp vault [#4121
+      @willmurphyscode]
+  * Bug Fixes
+    - fix: update nondeterministic Java archive cataloging and
+      improve groupID [#3521 #4118 @kzantow]
+  * Dependencies
+    - chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
+      (#4122)
+    - chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0
+      (#4123)
+    - chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8
+      (#4124)
+    - chore(deps): bump docker/login-action from 3.4.0 to 3.5.0
+      (#4115)
+    - chore(deps): bump actions/cache from 4.2.3 to 4.2.4 (#4119)
+    - chore(deps): bump actions/cache in /.github/actions/bootstrap
+      (#4120)
+    - chore(deps): update tools to latest versions (#4111)
+    - chore(deps): update CPE dictionary index (#4112)
+    - chore(deps): update tools to latest versions (#4108)
+    - chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5
+      (#4096)
+
+-------------------------------------------------------------------
+Fri Aug 01 08:13:07 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.29.1:
+  * Bug Fixes
+    - Missing license information for tzdata [#4102]
+    - Improve JVM Scan Accuracy for JDK and JRE Detection [#4071
+      #4046 @kzantow]
+    - Azul JDK classified as Oracle JRE [#3893 #4046 @kzantow]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#4104)
+    - chore(deps): update anchore dependencies (#4098)
+    - chore(deps): bump github.com/anchore/stereoscope (#4091)
+    - chore(deps): bump github.com/docker/docker (#4092)
+    - chore(deps): bump modernc.org/sqlite from 1.38.1 to 1.38.2
+      (#4088)
+    - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13
+      to 0.5.14 (#4089)
+    - chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.0
+      to 4.9.1 (#4087)
+    - chore(deps): bump github.com/olekukonko/tablewriter from
+      1.0.8 to 1.0.9 (#4086)
+    - chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.7
+      to 6.6.8 (#4085)
+    - chore(deps): bump modernc.org/sqlite from 1.38.0 to 1.38.1
+      (#4084)
+    - chore(deps): update tools to latest versions (#4082)
+    - chore(deps): update CPE dictionary index (#4083)
+    - chore(deps): update tools to latest versions (#4079)
+    - chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4
+      (#4080)
+    - chore(deps): update tools to latest versions (#4076)
+    - chore(deps): update tools to latest versions (#4072)
+    - chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3
+      (#4074)
+    - chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4
+      (#4073)
+
+-------------------------------------------------------------------
+Thu Jul 24 08:03:31 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.29.0:
+  * Added Features
+    - Catalog python uv.lock files [#3268 #3763 @jkugler]
+  * Additional Changes
+    - Pkg Metadata type unmarshal bug [#4043 @houdini91]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#4068)
+    - chore(deps): bump pygments (#4064)
+    - chore(deps): update tools to latest versions (#4065)
+    - chore(deps): bump sigstore/cosign-installer from 3.9.1 to
+      3.9.2 (#4066)
+    - chore(deps): update CPE dictionary index (#4067)
+    - chore(deps): bump marocchino/sticky-pull-request-comment
+      (#4063)
+    - chore(deps): update tools to latest versions (#4060)
+    - chore(deps): bump github.com/go-viper/mapstructure/v2 (#4061)
+    - chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.1
+      to 4.9.0 (#4059)
+    - chore(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0
+      (#4054)
+    - chore(deps): update tools to latest versions (#4053)
+    - chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0
+      (#4056)
+    - chore(deps): update CPE dictionary index (#4058)
+    - chore(deps): bump github.com/olekukonko/tablewriter from
+      1.0.7 to 1.0.8 (#4049)
+    - chore(deps): update CPE dictionary index (#4050)
+    - chore(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to
+      2.24.0 (#4051)
+    - chore(deps): bump github.com/charmbracelet/bubbletea from
+      1.3.5 to 1.3.6 (#4052)
+    - chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2
+      (#4048)
+
+-------------------------------------------------------------------
+Thu Jul 03 04:49:33 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.28.0:
+  * Added Features
+    - add native support for snap packages [#1088 #3929 @wagoodman]
+  * Additional Changes
+    - upgrade tablewriter dependency to use new API [#3990
+      @cpanato]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#4047)
+    - chore(deps): update anchore dependencies (#4045)
+    - chore: upgrade tablewriter dependency to use new API (#3990)
+    - chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1
+      to 3.4.0 (#4040)
+    - chore: update tests to read from latest test-fixture-cache
+      and fix cache publish (#4042)
+    - chore(deps): bump github.com/mholt/archives from 0.1.2 to
+      0.1.3 (#4032)
+    - chore(deps): bump marocchino/sticky-pull-request-comment
+      (#4019)
+    - chore(deps): bump sigstore/cosign-installer from 3.9.0 to
+      3.9.1 (#4022)
+    - chore(deps): update tools to latest versions (#4035)
+    - chore(deps): update CPE dictionary index (#4037)
+    - chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2
+      (#4039)
+    - chore(deps): update CPE dictionary index (#4021)
+    - chore(deps): update tools to latest versions (#4016)
+    - chore(deps): update tools to latest versions (#4012)
+    - chore(deps): bump github.com/go-viper/mapstructure/v2 (#4014)
+    - chore(deps): bump sigstore/cosign-installer from 3.8.2 to
+      3.9.0 (#4015)
+    - chore(deps): update CPE dictionary index (#4007)
+    - chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1
+      (#4008)
+    - chore(deps): bump github.com/google/go-containerregistry
+      (#4009)
+    - chore(deps): update tools to latest versions (#3992)
+    - chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0
+      (#4000)
+
+-------------------------------------------------------------------
+Fri Jun 13 04:42:17 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.27.1:
+  * fix: provide separate nonroot image (#3998)
+  * account for non-import shapes (#3997)
+  * Allow decoding of anchorectl json files (#3973)
+  * chore(deps): bump github.com/anchore/stereoscope (#3991)
+
+-------------------------------------------------------------------
+Mon Jun 09 19:34:07 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.27.0:
+  * Added Features
+    - add syft schema version to version command [#3949 @spiffcs]
+  * Bug Fixes
+    - Remove CPE product candidates for phf, prometheus, hyper and
+      Rust crates [#3967 @jayvdb]
+    - Remove CPE product candidates for opentelemetry and redis
+      Rust crates [#3962 @jayvdb]
+    - Harden Container Runtime with Non-Root User [#3941
+      @MikeTheCyberGuy]
+    - terraform provider lock entries should not require
+      constraints [#3934 @ghouscht]
+    - sbom cataloger returning upstream package [#3662 #3981
+      @kzantow]
+    - Syft missing md5 sums and list data for dpkg packages under
+      status.d/ [#3912]
+    - Failure to detect dependency relationships between Python
+      packages [#3958 #3965 @christoph-blessing]
+    - Heavy memory consumption when directory scanning deb source
+      [#3928 #3953 @kzantow]
+    - In versions 1.25.0 and later, graalvm-native-image-cataloger
+      adds 3-6 hours to Syft [#3942 #3944 @kzantow]
+    - Syft incorrectly reports multiple APKs as parents of
+      symlinked files [#3847 #3923 @luhring]
+  * Dependencies
+    - chore(deps): bump modernc.org/sqlite from 1.37.1 to 1.38.0
+      (#3979)
+    - chore(deps): bump github.com/go-git/go-git/v5 from 5.16.1 to
+      5.16.2 (#3978)
+    - chore(deps): update tools to latest versions (#3977)
+    - chore(deps): update CPE dictionary index (#3976)
+    - chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
+      (#3970)
+    - chore(deps): bump github.com/sergi/go-diff (#3971)
+    - chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0
+      (#3963)
+    - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.12
+      to 0.5.13 (#3964)
+    - chore(deps): bump github.com/go-git/go-git/v5 from 5.16.0 to
+      5.16.1 (#3960)
+    - chore(deps): bump github/codeql-action from 3.28.18 to
+      3.28.19 (#3952)
+    - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.11
+      to 0.5.12 (#3943)
+    - chore(deps): update tools to latest versions (#3945)
+    - chore(deps): update CPE dictionary index (#3947)
+    - chore(deps): bump github.com/google/go-containerregistry
+      (#3933)
+    - chore(deps): update CPE dictionary index (#3935)
+    - chore(deps): bump modernc.org/sqlite from 1.37.0 to 1.37.1
+      (#3926)
+
+-------------------------------------------------------------------
+Thu May 22 13:31:35 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.26.1:
+  * fix(dotnet-deps-cataloger): avoid repeated dependency
+    resolution (#3930)
+  * chore(deps): update tools to latest versions (#3921)
+  * chore(deps): bump github.com/google/go-containerregistry
+    (#3925)
+
+-------------------------------------------------------------------
+Wed May 21 04:30:19 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.26.0:
+  * Added Features
+    - Read version resources from non-.NET DLLs and executables
+      [#3842 #3911 @wagoodman]
+  * Bug Fixes
+    - pkg.JavaArchive.PomProperties is being populated even though
+      no pom.properties file was present for analysis [#3922
+      @wagoodman]
+    - syft 1.24.0 debug container - wget fails TLS [#3891 #3915
+      @spiffcs]
+  * Dependencies
+    - chore(deps): update CPE dictionary index (#3913)
+
+-------------------------------------------------------------------
+Sat May 17 07:14:25 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.25.1:
+  * remove go-rpmdb replace directive [#3908 @wagoodman]
+
+-------------------------------------------------------------------
+Sat May 17 07:05:40 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.25.0:
+  * Added Features
+    - Add PHP interpreter + extensions cataloger [#2585
+      @LaurentGoderre]
+  * Bug Fixes
+    - update license content filtering default case to be 'none'
+      for no content [#3903 @spiffcs]
+    - Distinguish openjdk vs jdk when using file source [#3895
+      @adammcclenaghan]
+    - Make it discoverable if Native Image contains no embedded
+      SBOM [#3731 #3805 @sathiya06]
+  * Dependencies
+    - chore(deps): bump github/codeql-action from 3.28.17 to
+      3.28.18 (#3905)
+    - chore(deps): bump github.com/mholt/archives from 0.1.1 to
+      0.1.2 (#3898)
+    - chore(deps): bump anchore/sbom-action from 0.19.0 to 0.20.0
+      (#3899)
+
+-------------------------------------------------------------------
+Thu May 15 04:47:08 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.24.0:
+  https://github.com/anchore/syft/compare/v1.23.1...v1.24.0
+  * Added Features
+    - Add cataloger for Dart pubspec [#3292 @LaurentGoderre]
+    - Translate Portage license strings to SPDX expressions [#1763
+      @wagoodman]
+    - Use package ID from decoded SBOMs when provided [#1872
+      @jneate]
+    - Annotate visible/hidden paths when all-layers scope [#3855
+      @wagoodman]
+    - Add support for PHP Pear [#2775 @LaurentGoderre]
+    - Detect whether full license text or a license name has been
+      provided [#3088 #3876 @spiffcs #3450 @spiffcs]
+    - Add Cataloger for Homebrew on macOS [#3632 #3724 @rezmoss]
+    - Provide a way to get the LayerID the package was first found
+      in [#435 #3858 @wagoodman #3138 @tomersein]
+    - Go binaries that currently get (devel) as the version should
+      instead stub UNKNOWN based on the compliance policy [#3324
+      #3873 @wagoodman]
+    - Upgrade base Docker image to
+      gcr.io/distroless/static-debian12 [#3840 #3862 @bgoareguer]
+    - Return full license string instead of SHA256 hash when
+      license string exceeds 64 characters [#3780 #3844 @spiffcs]
+    - Detect nix dependencies [#3814 #3837 @wagoodman]
+  * Bug Fixes
+    - update license sort to be stable with contents field [#3860
+      @spiffcs]
+    - Improve detection of erlang binary in alpine Linux [#3839
+      @avodotiiets]
+    - Do not search for main module versions within binary contents
+      by default [#3874 @wagoodman]
+    - dpkg license improvement for non SPDX licenses [#3090 #3888
+      @spiffcs]
+    - CycloneDX group field not symmetrically handled by
+      encoder/decoders [#2981 #3853 @kzantow]
+    - Syft crash [signal SIGSEGV: segmentation violation code=0x80
+      addr=0x0 pc=0x123a0da] [#3872 #3875 @wagoodman]
+    - Syft 1.23.1 shows version (devel) for grafana 12.0.0 [#3864]
+    - .NET cataloger does not always pair up PE binaries and
+      deps.json packages, resulting in duplicate packages on some
+      runs [#3866 #3869 @wagoodman]
+    - Propagate error in FileSourceProvider instead of warn log
+      [#3831 #3845 @Rupikz]
+    - Update github.com/Masterminds/semver package [#3829 #3836
+      @popey]
+    - go-module-file-cataloger fails if symlinks in path [#3614
+      #3783 @VictorHuu]
+    - Support fluent-bit some versions of arm/s390x images [#3793
+      #3817 @VictorHuu]
+  * Additional Changes
+    - update rust test fixtures to latest [#3852 @spiffcs]
+
+-------------------------------------------------------------------
+Fri Apr 25 18:25:31 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.23.1:
+  * chore(deps): update tools to latest versions (#3830)
+  * Resolve owned file paths when searching for overlaps (#3828)
+
+-------------------------------------------------------------------
+Fri Apr 25 06:06:26 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.23.0:
+  * Added Features
+    - Support skipping archive extraction with file source [#3795
+      @adammcclenaghan]
+    - Use the R cataloger in directory scans [#3774 @spiffcs]
+    - Add support for detecting javascript assets in .NET projects
+      using libman [#3825 @wagoodman]
+    - Parse GitHub actions comments [#3776 @wagoodman]
+    - Support chrome binary detection [#3174 #3136 @lem-onade]
+    - Add support for detecting undeclared license files scanning
+      from python installations [#2624 #3779 @wagoodman]
+  * Bug Fixes
+    - .NET cataloger should consider compile target paths from
+      deps.json [#3821 @wagoodman]
+    - Skip license scanner injection [#3796 @adammcclenaghan]
+    - Delete collection name/type key entries when empty [#3797
+      @adammcclenaghan]
+    - Use module name over relative paths in go.mod replace
+      directives [#3812 @VictorHuu]
+    - Correct variable names for Conan lock parsing version
+      handling [#3802 @musangk]
+    - Consider DLL claims for dependencies of .NET packages from
+      deps.json [#3822 @wagoodman]
+    - Empty source during decoding an SBOM document should not be
+      fatal [#3791 @wagoodman]
+    - Dpkg are not detected when scanning a directory [#3726 #3820
+      @VictorHuu]
+    - Support golang tip image [#3681 #3757 @VictorHuu]
+    - syft cataloger list should flatten options [#3801 #3804
+      @kzantow]
+    - Unable to generate a correct SBOM for C++ project [#3755]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#3827)
+    - chore(deps): update tools to latest versions (#3823)
+    - chore(deps): bump sigstore/cosign-installer from 3.8.1 to
+      3.8.2 (#3818)
+    - chore(deps): bump github/codeql-action from 3.28.15 to
+      3.28.16 (#3819)
+    - chore(deps): update tools to latest versions (#3815)
+    - chore(deps): update CPE dictionary index (#3813)
+    - chore(deps): update tools to latest versions (#3806)
+    - chore(deps): bump github.com/go-git/go-git/v5 from 5.15.0 to
+      5.16.0 (#3807)
+    - chore(deps): bump github.com/anchore/stereoscope from 0.1.2
+      to 0.1.3 (#3803)
+    - chore(deps): update tools to latest versions (#3798)
+    - chore(deps): update CPE dictionary index (#3799)
+    - chore(deps): bump github.com/mholt/archives from 0.1.0 to
+      0.1.1 (#3778)
+    - chore(deps): bump marocchino/sticky-pull-request-comment
+      (#3788)
+    - chore(deps): bump github.com/magiconair/properties from 1.8.9
+      to 1.8.10 (#3789)
+    - chore(deps): bump github.com/charmbracelet/bubbles from
+      0.20.0 to 0.21.0 (#3790)
+    - chore(deps): bump github.com/go-git/go-git/v5 from 5.14.0 to
+      5.15.0 (#3792)
+    - chore(deps): update tools to latest versions (#3785)
+    - chore(deps): bump github/codeql-action from 3.28.13 to
+      3.28.15 (#3786)
+    - chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
+      (#3787)
+    - chore(deps): update CPE dictionary index (#3782)
+    - chore(deps): update tools to latest versions (#3775)
+
+-------------------------------------------------------------------
+Tue Apr 01 17:31:08 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.22.0:
+  * Added Features
+    - Improve .NET package CPE generation [#3764 @wagoodman]
+    - Catalog deb archives directly [#3315 #3704 @popey]
+  * Bug Fixes
+    - Dotnet-Portable-Executable-Cataloger uses wrong component
+      version for dotnet runtime libraries [#3282 #3768 @wagoodman]
+    - Dotnet deps cataloger returns "wrong" dotnet-framework
+      dependencies and misses out on the runtime (for applications)
+      [#2347 #3768 @wagoodman]
+    - .NET deps.json should be considered as installation evidence
+      [#3570 #3563 @wagoodman]
+    - Dotnet PE binary cataloger is detecting false positives
+      [#3469 #3563 @wagoodman]
+    - Long Processing Time in dpkg-db-cataloger with all-layers
+      Option (Syft 1.20.0) [#3683 #3636 @kzantow]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#3772)
+    - chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
+      (#3766)
+    - chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0
+      (#3767)
+    - chore(deps): bump modernc.org/sqlite from 1.36.1 to 1.37.0
+      (#3771)
+    - chore(deps): update CPE dictionary index (#3769)
+    - chore(deps): bump github/codeql-action from 3.28.12 to
+      3.28.13 (#3758)
+    - chore(deps): update CPE dictionary index (#3756)
+    - chore(deps): update tools to latest versions (#3747)
+    - chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
+      (#3750)
+    - chore(deps): bump github.com/docker/docker (#3749)
+    - chore(deps): bump actions/cache from 4.2.2 to 4.2.3 (#3751)
+    - chore(deps): bump actions/cache in /.github/actions/bootstrap
+      (#3752)
+    - chore(deps): bump actions/setup-go in
+      /.github/actions/bootstrap (#3742)
+    - chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0
+      (#3743)
+    - chore(deps): bump github/codeql-action from 3.28.11 to
+      3.28.12 (#3744)
+    - chore(deps): bump github.com/BurntSushi/toml from 1.4.0 to
+      1.5.0 (#3740)
+    - chore(deps): bump github.com/containerd/containerd from
+      1.7.26 to 1.7.27 (#3738)
+    - chore(deps): update tools to latest versions (#3739)
+
+-------------------------------------------------------------------
+Mon Mar 17 19:49:13 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.21.0:
+  * chore(deps): update anchore dependencies (#3727)
+  * chore(deps): update CPE dictionary index (#3735)
+  * chore(deps): update tools to latest versions (#3722)
+  * chore(deps): bump github.com/spf13/afero from 1.12.0 to 1.14.0
+    (#3736)
+  * chore(deps): bump modernc.org/sqlite from 1.36.0 to 1.36.1
+    (#3737)
+  * chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0
+    to 1.1.0 (#3732)
+  * chore(deps): bump docker/login-action from 3.3.0 to 3.4.0
+    (#3733)
+  * fix(performance): reduce memory allocation in containsPath
+    (#3730)
+  * chore: upload individual binaries as artifacts (#3714)
+  * fix: fetch Dart package versions from sdk entries (#3572)
+  * chore(deps): update tools to latest versions (#3713)
+  * chore(deps): update CPE dictionary index (#3715)
+  * Add set ID to dotnet packages (#3719)
+  * chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11
+    (#3716)
+  * Location order on packages should consider evidence annotations
+    when sorting (#3720)
+  * chore: fix some function names in comment (#3717)
+  * fix: improve fluent-bit binary detection regex pattern (#3701)
+  * chore: updates for go 1.24.1 (#3712)
+  * chore(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0
+    (#3708)
+  * Update rustaudit module name (#3689)
+  * chore(deps): bump golang.org/x/net from 0.35.0 to 0.37.0
+    (#3711)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4
+    to 1.3.4 (#3690)
+  * Add downloadLocation URI validation (#3697)
+  * Native Image SBOM: support extracting symbols in .dynsym
+    section for ELF files (#3647)
+  * chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
+    (#3687)
+  * chore(deps): bump modernc.org/sqlite from 1.35.0 to 1.36.0
+    (#3692)
+  * chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to
+    5.14.0 (#3693)
+  * chore(deps): bump github.com/docker/docker (#3694)
+  * chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#3698)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#3699)
+  * chore(deps): update CPE dictionary index (#3702)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.6 to
+    6.6.7 (#3703)
+  * chore(deps): bump golang.org/x/net from 0.35.0 to 0.36.0
+    (#3709)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.7 to
+    7.0.8 (#3706)
+  * suppress file already closed errors (#3695)
+  * Fix /etc/redhat-release file parsing when resolving distro
+    details (#3688)
+  * chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1
+    (#3675)
+  * chore: disable line wrapping glow output (#3679)
+  * chore(deps): update CPE dictionary index (#3682)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.6 to
+    7.0.7 (#3684)
+  * chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10
+    (#3685)
+  * chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
+    (#3686)
+
+-------------------------------------------------------------------
+Sat Feb 22 09:40:22 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.20.0:
+  * Added Features
+    - Add file catalogers to selection configuration [#3505
+      @wagoodman]
+    - Configuration for including license contents in SBOM [#3626
+      #3631 @spiffcs]
+    - Support Bitnami embedded SBOMs [#3065 #3341 @juan131]
+  * Bug Fixes
+    - Version parse caused by line breaks on different platforms
+      [#3672 @idhyt]
+    - find bitnami files even when no relationships [#3676
+      @willmurphyscode]
+    - License files which do not match an SPDX expression are
+      erroneously handled as 'unlicensed' [#3412 #3366
+      @HeyeOpenSource]
+    - Incorrect URL encoding of package url (purl) [#3533 #3678
+      @kzantow]
+    - syft should not warn on known bad package.json [#3470 #3645
+      @kzantow]
+    - Scanning a project with many DLLs is slow [#3455 #3677
+      @rogueai]
+    - cyclone-dx presenter drops files, includes only packages
+      [#3435 #3539 @spiffcs]
+    - "syft config" output swaps comments for
+      search-indexed-archives / search-unindexed-archives [#3624
+      #3630 @spiffcs]
+    - dpkg license improvement for non SPDX licenses [#3090 #3366
+      @HeyeOpenSource]
+    - RPM-based PURLs sometimes have incorrect namespace
+      (specifically OpenSUSE) [#3534 #3615 @mprpic]
+  * Additional Changes
+    - update to go 1.24.x [#3660 @westonsteimel]
+    - replace all shorthand tags of mapstruct -> mapstructure
+      [#3633 @spiffcs]
+
+-------------------------------------------------------------------
+Thu Jan 23 05:36:08 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.19.0:
+  * chore(deps): update tools to latest versions (#3602)
+  * chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2
+    (#3604)
+  * chore(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to
+    2.23.0 (#3605)
+  * chore(deps): bump github.com/aquasecurity/go-pep440-version
+    (#3606)
+  * chore: bump stereoscope to v0.0.13 (#3601)
+  * feat(cataloger): add a terraform provider cataloger (#3378)
+  * chore(deps): update tools to latest versions (#3597)
+  * chore(deps): update CPE dictionary index (#3599)
+  * chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#3600)
+  * feat(golang): add license parsing from vendor dirs (#3522)
+  * chore: bump packageurl-go with new parsing rules (#3596)
+  * chore(deps): bump marocchino/sticky-pull-request-comment
+    (#3595)
+  * feat: add cataloger for NuGet packages (#3484)
+  * allow disabling all package catalogers (#3468)
+  * chore(deps): bump github.com/google/go-containerregistry
+    (#3592)
+  * chore(deps): bump modernc.org/sqlite from 1.34.4 to 1.34.5
+    (#3593)
+  * chore(deps): update tools to latest versions (#3582)
+  * chore: update README.md's link to Nixpkgs (#3578)
+  * chore(deps): bump github.com/sanity-io/litter from 1.5.5 to
+    1.5.6 (#3579)
+  * chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0
+    (#3580)
+  * chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
+    (#3581)
+  * chore(deps): update CPE dictionary index (#3583)
+  * chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1
+    (#3584)
+  * chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to
+    5.6.2 (#3585)
+  * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1
+    to 4.8.0 (#3586)
+  * chore(deps): bump github.com/docker/docker (#3587)
+  * chore(deps): update anchore dependencies (#3571)
+  * chore(deps): update tools to latest versions (#3567)
+  * chore(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
+    (#3568)
+  * fix: golang remote license search not executing when error
+    reading local mod dir (#3549)
+  * chore(deps): update tools to latest versions (#3564)
+  * chore(deps): update CPE dictionary index (#3565)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to
+    0.5.8 (#3548)
+  * chore(deps): update tools to latest versions (#3560)
+  * chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to
+    5.13.1 (#3561)
+  * Use reader when scanning for package versions over reading
+    entire binary into memory (#3558)
+  * chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.0 to
+    5.6.1 (#3551)
+  * chore(deps): update tools to latest versions (#3556)
+  * test: removes latest license list test (#3559)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.5 to
+    7.0.6 (#3547)
+  * chore(deps): update CPE dictionary index (#3550)
+  * chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
+    5.13.0 (#3552)
+  * chore(deps): update tools to latest versions (#3543)
+  * chore(deps): update CPE dictionary index (#3544)
+  * chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4
+    (#3545)
+  * chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0
+    (#3546)
+  * chore(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
+    (#3541)
+  * chore(deps): bump modernc.org/sqlite from 1.34.2 to 1.34.3
+    (#3542)
+  * chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
+    (#3537)
+  * chore(deps): bump github.com/docker/docker (#3538)
+  * chore(deps): update CPE dictionary index (#3526)
+  * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1
+    to 0.9.2 (#3530)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.4 to
+    6.6.5 (#3531)
+  * chore(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9
+    (#3532)
+
+-------------------------------------------------------------------
+Sat Dec 14 21:15:40 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.18.1:
+  * chore(deps): update anchore dependencies (#3525)
+  * chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9
+    (#3524)
+  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
+    (#3523)
+  * chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#3519)
+  * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3518)
+  * chore: make fixes field in PR template match auto-close regex
+    (#3520)
+  * fix: stop omitting redundantly parenthesized licenses in CDX
+    formatter (#3517)
+  * chore: migrate syft to use the anchore fork of archiver without
+    replace (#3516)
+  * Make pre-release integration PRs (#3370)
+  * chore(deps): bump github.com/docker/docker (#3512)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.3 to
+    6.6.4 (#3513)
+  * chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7
+    (#3514)
+
+-------------------------------------------------------------------
+Tue Dec 10 08:48:44 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.18.0:
+  * chore(deps): update anchore dependencies (#3510)
+  * fix: convert file paths for spdx formats from absolute to
+    relative (#3509)
+  * chore(deps): update CPE dictionary index (#3507)
+  * chore(deps): update tools to latest versions (#3506)
+  * chore(deps): bump github.com/magiconair/properties from 1.8.7
+    to 1.8.9 (#3508)
+  * chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#3503)
+  * Add relationships for rust audit binary packages (#3500)
+  * fix order of rust dependencies and support git sources in
+    Cargo.lock dependencies (#3502)
+  * chore(deps): update tools to latest versions (#3501)
+  * chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
+    (#3499)
+  * chore: add and document target for updating unit snapshots
+    (#3498)
+  * fix: emit NOASSERTION for copyright text to fix SPDX 2.2
+    validation failure (#3495)
+  * chore(deps): update tools to latest versions (#3496)
+  * chore(deps): update tools to latest versions (#3487)
+  * chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
+    (#3494)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.2 to
+    6.6.3 (#3489)
+  * feat: set max layer size (#3464)
+  * chore(deps): update CPE dictionary index (#3491)
+  * chore(deps): bump modernc.org/sqlite from 1.34.1 to 1.34.2
+    (#3492)
+  * chore(deps): bump github.com/saferwall/pe from 1.5.5 to 1.5.6
+    (#3493)
+  * chore(deps): update tools to latest versions (#3478)
+  * chore(deps): update CPE dictionary index (#3479)
+  * chore(deps): bump github.com/stretchr/testify from 1.9.0 to
+    1.10.0 (#3480)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3
+    to 1.2.4 (#3482)
+  * chore(deps): update stereoscope to
+    be5deed44b7c03fcbfa6f1f42fb67202d31636a9 (#3483)
+  * fix: dart classifier for 2.x and ARM (#3475)
+  * Use file indexer directly when scanning with file source
+    (#3333)
+  * chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8
+    (#3476)
+  * chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
+    (#3473)
+
+-------------------------------------------------------------------
+Thu Nov 21 14:50:55 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.17.0:
+  * chore(deps): update stereoscope to
+    aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3472)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2
+    to 1.2.3 (#3467)
+  * fix: bump clio to pull in logging fix (#3466)
+  * 3122 valid license url characters (#3449)
+  * 3030 license declared spdx correction (#3461)
+  * chore(deps): update tools to latest versions (#3463)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.1 to
+    6.6.2 (#3465)
+  * chore(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.1
+    (#3460)
+  * chore(deps): update CPE dictionary index (#3453)
+  * chore(deps): update tools to latest versions (#3454)
+  * chore(deps): update tools to latest versions (#3448)
+  * chore(deps): update tools to latest versions (#3444)
+  * chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4
+    (#3446)
+  * feat: emit dependency relationships found in Cargo.lock (#3443)
+  * chore(deps): update stereoscope to
+    aa3a3ef4efe8d8759c9aa87261b405cc003bfc9a (#3442)
+  * chore(deps): bump github/codeql-action from 3.27.2 to 3.27.3
+    (#3438)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.1
+    to 1.2.2 (#3439)
+  * chore(deps): bump github.com/saferwall/pe from 1.5.4 to 1.5.5
+    (#3440)
+  * chore(deps): update tools to latest versions (#3413)
+  * chore(deps): bump github/codeql-action from 3.27.1 to 3.27.2
+    (#3436)
+  * chore(deps): bump golang.org/x/mod from 0.21.0 to 0.22.0
+    (#3426)
+  * update node classifier (#3419)
+  * chore(deps): update stereoscope to
+    120d9ea511e2f7a9887b443c52e66cd19bb80b43 (#3424)
+  * chore(deps): update CPE dictionary index (#3429)
+  * chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1
+    (#3431)
+  * chore(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
+    (#3432)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2
+    to 1.2.1 (#3433)
+  * restore log on ui teardown (#3427)
+  * doc: Add official Syft logo license information (#3421)
+  * chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7
+    (#3418)
+  * chore: build release sbom from go.mod (#3417)
+
+-------------------------------------------------------------------
+Tue Nov 05 09:43:28 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.16.0:
+  * chore: prevent file resolver from bubbling errors in binary
+    cataloger (#3410)
+  * chore(deps): update stereoscope to
+    cbd43fb4e5d348fe680066ee6329385fd6a4f827 (#3411)
+  * chore(deps): update CPE dictionary index (#3414)
+  * chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
+    (#3408)
+  * chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
+    to 1.0.0 (#3409)
+  * chore(deps): update stereoscope to
+    2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 (#3405)
+  * Issue #3143 – fixed format conversion docs link (#3407)
+  * feat: support dependencies and purl for Native Image SBOMs
+    (#3399)
+  * chore(deps): update stereoscope to
+    9c92fe30492ffeba14ed2e23ad1fd923341dda4f (#3398)
+  * feat: exclude devDependencies from package-lock.json parsing
+    (#3371)
+  * chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
+    (#3394)
+  * chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
+    (#3393)
+  * fix: stack overflow in spyingIoReadCloser (#3392)
+  * fix: bad pom files may cause infinite loop (#3391)
+
+-------------------------------------------------------------------
+Tue Oct 29 14:02:45 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.15.0:
+  * chore(deps): update stereoscope to
+    bcc40c6817524718277256d6b774ce643f98640a (#3388)
+  * chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#3384)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
+    to 1.1.2 (#3385)
+  * chore(deps): update tools to latest versions (#3383)
+  * chore(deps): update CPE dictionary index (#3387)
+  * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3380)
+  * feat: multi-level configuration and profiles (#3337)
+  * feat: Java dependency graph information (#3363)
+  * Expanded dpkg cataloger globs (#3373)
+  * Enable cargo-auditable-binary-cataloger for files/directories
+    (#3376)
+  * chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
+    (#3374)
+  * chore(deps): bump github.com/charmbracelet/lipgloss (#3375)
+  * chore(deps): update stereoscope to
+    6db3c175f1f836e552b01ee70e5d5528cc04bce4 (#3362)
+  * chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#3364)
+  * chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
+    (#3365)
+  * chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to
+    5.6.0 (#3367)
+
+-------------------------------------------------------------------
+Tue Oct 22 07:09:11 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.14.2:
+  * Create single license scanner for all catalogers (#3348)
+  * chore(deps): update stereoscope to
+    a38c93517fc7d67ca1af826ac529a06c05b571d2 (#3357)
+  * chore(deps): update CPE dictionary index (#3358)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to
+    6.6.1 (#3361)
+  * update to latest packageurl-go (#3347)
+  * chore(deps): update tools to latest versions (#3342)
+  * chore(deps): update stereoscope to
+    9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f (#3338)
+  * chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
+    (#3344)
+  * fix: use official CPE for linux kernel (#3343)
+  * chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
+    (#3340)
+  * fix: improve mariadb binary classifer to detect older versions
+    (#3339)
+
 -------------------------------------------------------------------
 Tue Oct 15 15:36:18 UTC 2024 - opensuse_buildservice@ojkastl.de
 

syft.obsinfo

@@ -1,4 +1,4 @@
 name: syft
-version: 1.14.1
-mtime: 1728996647
-commit: 754cebee6414c614acf03ee0f87abfcf6176e051
+version: 1.32.0
+mtime: 1756242260
+commit: 2d8e337d3469712c7d92770792f0117ad82c4ad3

syft.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package syft
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,23 @@
 #
 
 
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
-
 Name:           syft
-Version:        1.14.1
+Version:        1.32.0
 Release:        0
 Summary:        CLI tool and library for generating a Software Bill of Materials
 License:        Apache-2.0
 URL:            https://github.com/anchore/syft
 Source:         syft-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  go >= 1.22
+BuildRequires:  bash-completion
+BuildRequires:  fish
+BuildRequires:  go >= 1.24
+BuildRequires:  zsh
 
 %description
-A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype.
+A CLI tool and Go library for generating a Software Bill of Materials (SBOM)
+from container images and filesystems. Exceptional for vulnerability detection
+when used with a scanner like Grype.
 
 %package -n %{name}-bash-completion
 Summary:        Bash Completion for %{name}
@@ -94,8 +97,8 @@ mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
 %{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
 
 # create the zsh completion file
-mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
-%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name}
+mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/
+%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{name}
 
 %files
 %doc README.md
@@ -103,17 +106,12 @@ mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
 %{_bindir}/%{name}
 
 %files -n %{name}-bash-completion
-%dir %{_datarootdir}/bash-completion/completions/
 %{_datarootdir}/bash-completion/completions/%{name}
 
 %files -n %{name}-fish-completion
-%dir %{_datarootdir}/fish
-%dir %{_datarootdir}/fish/vendor_completions.d
 %{_datarootdir}/fish/vendor_completions.d/%{name}.fish
 
 %files -n %{name}-zsh-completion
-%defattr(-,root,root)
-%dir %{_datarootdir}/zsh_completion.d/
-%{_datarootdir}/zsh_completion.d/_%{name}
+%{_datarootdir}/zsh/site-functions/_%{name}
 
 %changelog

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e53b144429ebb3219a13fb6e26aa53f980ef91bf468e892779313d7f230a4c44
-size 51724551
+oid sha256:3c7cc3bde27d4795b536f765b021f517a1570bf283f48ca2760ddcd78dd34cd2
+size 59407848