Accepting request 1208486 from devel:kubic

OBS-URL: https://build.opensuse.org/request/show/1208486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/syft?expand=0&rev=85

_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/anchore/syft</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.11.1</param>
+    <param name="revision">v1.14.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/syft</param>
-              <param name="changesrevision">95b4a88256bddebb91831250f28f602f8c36552a</param></service></servicedata>
+              <param name="changesrevision">754cebee6414c614acf03ee0f87abfcf6176e051</param></service></servicedata>

syft-1.10.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:750f2aaf5011a1b5155c0ac5f11a43cf9c68ec484d7c43d6ccd5b6d6c045aeef
-size 25953805

syft-1.11.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89f386966dfe7a980777c52204ec65e90da673d945540f7d2a4bb5593d65dccf
-size 26077709

syft-1.11.1.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4eb07b043a0d04b537b0101c43896e6581fb851f67e77a125e22befc5ab43da5
-size 26157581

syft-1.14.1.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eefc0cec9db00f232dfefedaf4286efcbae1e924c1e4d7fa34518fcc8562911a
+size 26564109

syft-1.8.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f9be11b5aa77e02f6f5fd42b41d89262f78e28c877801928380e222fbb940106
-size 25907213

syft-1.9.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2b005543f13e07ec24249e51696cb571398e9e4dea2aa02fb8af724828c374f4
-size 25916429

syft.changes

@@ -1,3 +1,198 @@
+-------------------------------------------------------------------
+Tue Oct 15 15:36:18 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.14.1:
+  * fix: stop some log.Warn spam due parsing an empty string as a
+    CPE (#3330)
+  * chore(deps): update stereoscope to
+    1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
+  * chore(deps): update stereoscope to
+    1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
+  * chore(deps): update stereoscope to
+    93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
+  * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
+    (#3326)
+  * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
+    (#3327)
+  * chore(deps): update CPE dictionary index (#3323)
+  * fix: improve go binary semver extraction for traefik (#3325)
+  * chore(deps): update stereoscope to
+    92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
+  * chore(deps): update stereoscope to
+    c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
+  * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1
+    to 4.7.0 (#3321)
+  * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3
+    (#3314)
+  * shorten release docs (#3318)
+  * docs: clearer deprecation message for --file (#3310)
+  * [docs] Add mastodon link to README.md (#3306)
+  * chore(deps): update stereoscope to
+    5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
+  * chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
+  * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
+    (#3307)
+  * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
+  * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
+    (#3309)
+
+-------------------------------------------------------------------
+Wed Oct 09 04:42:52 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.14.0:
+  * feat: report unknowns in sbom (#2998)
+  * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
+    (#3299)
+  * chore(deps): update stereoscope to
+    efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
+  * chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
+    (#3304)
+  * chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
+  * chore(deps): update CPE dictionary index (#3302)
+  * Fix: Parse package.json with non-standard fields in 'author'
+    section (#3300)
+  * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
+    (#3298)
+  * chore: add pull request template (#3294)
+  * chore(deps): update tools to latest versions (#3296)
+  * Track supporting DPKG evidence (#3228)
+  * Fix: make failed CPE validation correctly return error (#2762)
+  * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to
+    6.6.0 (#3293)
+  * feat: update haproxy classifier (#3277)
+  * chore(deps): update tools to latest versions (#3291)
+  * fix: don't use builtin scanner in licensecheck (#3290)
+  * chore(deps): update CPE dictionary index (#3288)
+  * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
+    (#3289)
+  * update redis classifier (#3281)
+  * fix: improve node classifier version matching (#3284)
+  * fix: update ruby classifier for -rc, -dev, etc. versions
+    (#3285)
+  * chore(deps): update CPE dictionary index (#3262)
+  * chore(deps): bump github.com/docker/docker (#3264)
+  * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
+    (#3275)
+  * chore(deps): update stereoscope to
+    dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
+  * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
+  * add awaiting response management (#3272)
+  * fix: correct excluded mount point comparison to file paths
+    (#3269)
+
+-------------------------------------------------------------------
+Tue Sep 24 17:39:53 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.13.0:
+  * Add JVM cataloger (#3217)
+  * feat: classifier for Dart lang binaries (#3265)
+  * Add compliance policy for empty name and version (#3257)
+  * chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to
+    2.3.2 (#3254)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.3 to
+    7.0.5 (#3255)
+  * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
+    (#3256)
+  * chore(deps): update tools to latest versions (#3259)
+  * chore(deps): bump github.com/docker/docker (#3260)
+  * feat: add binary classifiers for lighttp, proftpd, zstd, xz,
+    gzip, jq, and sqlcipher (#3252)
+  * fix: capture-snippet.sh can handle leading whitespaces now
+    (#3249) (#3250)
+  * chore(deps): update tools to latest versions (#3251)
+  * chore(deps): update tools to latest versions (#3247)
+  * chore(deps): update tools to latest versions (#3243)
+  * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
+    to 0.9.1 (#3242)
+  * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
+    (#3241)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
+    7.0.3 (#3240)
+  * chore(deps): update tools to latest versions (#3231)
+  * chore(deps): update CPE dictionary index (#3232)
+  * chore(deps): update tools to latest versions (#3205)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
+    to 1.1.1 (#3225)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
+    7.0.2 (#3226)
+  * chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
+    (#3229)
+  * feat: --enrich flag for data enrichment feature enablement
+    (#3182)
+
+-------------------------------------------------------------------
+Thu Sep 12 04:56:01 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.12.2 (no releases between 1.11.1 and this
+  one):
+  * chore: make ci-check.sh an executable file (#3220)
+  * chore(deps): bump github.com/opencontainers/runc from 1.1.12 to
+    1.1.14 (#3219)
+  * chore: restore ci-check.sh script (#3218)
+  * Add haskell binaries cataloger (#3078)
+  * chore(deps): update CPE dictionary index (#3206)
+  * chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0
+    (#3203)
+  * Add the Ocaml ecosystem (#3112)
+  * chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0
+    to 0.20.0 (#3209)
+  * chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0
+    (#3210)
+  * chore(deps): bump github.com/docker/docker (#3211)
+  * chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
+    (#3212)
+  * dont cleanup cache in forks (#3214)
+  * less verbose java logging when non-fatal issues arise (#3208)
+  * Slim down docker cache size (#3190)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
+    7.0.1 (#3196)
+  * chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0
+    (#3197)
+  * fix: haproxy classifier for versions with -dev suffix (#3180)
+  * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
+    3.3.0 (#3177)
+  * chore(deps): update CPE dictionary index (#3183)
+  * chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
+    (#3184)
+  * chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
+    7.0.0 (#3187)
+  * fix: properly decode SPDX license expressions in CycloneDX
+    format (#3175)
+  * chore(deps): bump github.com/docker/docker (#3168)
+  * chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
+  * chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6
+    (#3173)
+  * fix: cycles resolving relative path parent poms with
+    parent-defined variables (#3170)
+  * fix: improve generated cpes for binaries with existing
+    classifiers (#3169)
+  * fix: add log time of task (#3105)
+  * fix: improve known CPEs and set NVD as source for all current
+    binary classifiers (#3167)
+  * respond to authoratative CPEs from catalogers (#3166)
+  * set cataloger names within package cataloger task (#3165)
+  * fix: use official CPE for curl binary cataloger (#3164)
+  * chore(deps): update tools to latest versions (#3160)
+  * chore(deps): update CPE dictionary index (#3161)
+  * chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5
+    (#3162)
+  * fix ELF package correlations (#3151)
+  * chore(deps): update tools to latest versions (#3144)
+  * feat: detect curl binaries (#3146)
+  * chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
+    (#3155)
+  * chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
+    (#3154)
+  * chore(deps): update stereoscope to
+    e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
+  * chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0
+    to 0.19.0 (#3148)
+  * chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
+  * chore(deps): bump github.com/anchore/stereoscope (#3153)
+  * fix: mysql 8.0.3x binary detection (#3142)
+  * chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
+    (#3139)
+
 -------------------------------------------------------------------
 Tue Aug 20 16:41:18 UTC 2024 - opensuse_buildservice@ojkastl.de
 

syft.obsinfo

@@ -1,4 +1,4 @@
 name: syft
-version: 1.11.1
-mtime: 1724168733
-commit: 95b4a88256bddebb91831250f28f602f8c36552a
+version: 1.14.1
+mtime: 1728996647
+commit: 754cebee6414c614acf03ee0f87abfcf6176e051

syft.spec

@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           syft
-Version:        1.11.1
+Version:        1.14.1
 Release:        0
 Summary:        CLI tool and library for generating a Software Bill of Materials
 License:        Apache-2.0

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9fb668e4364a3833d8aa1803f013447ce8c94532d03b511a65fbc966bbf65144
-size 52648488
+oid sha256:e53b144429ebb3219a13fb6e26aa53f980ef91bf468e892779313d7f230a4c44
+size 51724551