[!WARNING]
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
anchore/grype (anchore/grype)
### [`v0.74.6`](https://togithub.com/anchore/grype/releases/tag/v0.74.6)
[Compare Source](https://togithub.com/anchore/grype/compare/v0.74.5...v0.74.6)
##### Bug Fixes
- ensure version output to stdout \[[#1709](https://togithub.com/anchore/grype/pull/1709) [@kzantow](https://togithub.com/kzantow)]
- Seeing "WARN some package(s) are missing CPEs" but it's not clear why \[[#1634](https://togithub.com/anchore/grype/issues/1634) [#1710](https://togithub.com/anchore/grype/pull/1710) [@willmurphyscode](https://togithub.com/willmurphyscode)]
**[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.74.5...v0.74.6)**
anchore/syft (anchore/syft)
### [`v0.105.0`](https://togithub.com/anchore/syft/releases/tag/v0.105.0)
[Compare Source](https://togithub.com/anchore/syft/compare/v0.104.0...v0.105.0)
##### Added Features
- Guess go main module version based on binary contents \[[#2608](https://togithub.com/anchore/syft/pull/2608) [@wagoodman](https://togithub.com/wagoodman)]
- Catalog wordpress plugins \[[#1911](https://togithub.com/anchore/syft/issues/1911) [#2218](https://togithub.com/anchore/syft/pull/2218) [@disc](https://togithub.com/disc)]
##### Bug Fixes
- ensure version output to stdout \[[#2621](https://togithub.com/anchore/syft/pull/2621) [@kzantow](https://togithub.com/kzantow)]
- Survive indexing dead symlinks \[[#2645](https://togithub.com/anchore/syft/pull/2645) [@wagoodman](https://togithub.com/wagoodman)]
- unable to index filesystem for amazonlinux images \[[#2627](https://togithub.com/anchore/syft/issues/2627) [#2644](https://togithub.com/anchore/syft/pull/2644) [@wagoodman](https://togithub.com/wagoodman)]
- CycloneDX OS component does not have a bom-ref \[[#2101](https://togithub.com/anchore/syft/issues/2101) [#2634](https://togithub.com/anchore/syft/pull/2634) [@kzantow](https://togithub.com/kzantow)]
- v0.104.0 interface conversion error when creating bom from singularity image \[[#2628](https://togithub.com/anchore/syft/issues/2628) [#2631](https://togithub.com/anchore/syft/pull/2631) [@wagoodman](https://togithub.com/wagoodman)]
##### Additional Changes
- Rename binary cataloger to be more unique \[[#2633](https://togithub.com/anchore/syft/pull/2633) [@wagoodman](https://togithub.com/wagoodman)]
- Suppress executable parsing issues \[[#2614](https://togithub.com/anchore/syft/pull/2614) [@wagoodman](https://togithub.com/wagoodman)]
- update license list, cpe dictionary \[[#2620](https://togithub.com/anchore/syft/pull/2620) [@spiffcs](https://togithub.com/spiffcs)]
**[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.104.0...v0.105.0)**
helm/helm (helm)
### [`v3.14.1`](https://togithub.com/helm/helm/releases/tag/v3.14.1): Helm v3.14.1
[Compare Source](https://togithub.com/helm/helm/compare/v3.14.0-rc.1...v3.14.1)
Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release.
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.
[Dominykas Blyžė](https://togithub.com/dominykas) with [Nearform Ltd.](https://www.nearform.com/) discovered the vulnerability.
#### Installation and Upgrading
Download Helm v3.14.1. The common platform binaries are here:
- [MacOS amd64](https://get.helm.sh/helm-v3.14.1-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-darwin-amd64.tar.gz.sha256sum) / 67928236b37c4e780b9fb5e614fb3b9aece90d60f0b1b4cb7406ee292c2dae3b)
- [MacOS arm64](https://get.helm.sh/helm-v3.14.1-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-darwin-arm64.tar.gz.sha256sum) / 96468f927cc6efb4a2b92fd9419f40ed21d634af2f3e84fb8efa59526c7a003b)
- [Linux amd64](https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz.sha256sum) / 75496ea824f92305ff7d28af37f4af57536bf5138399c824dff997b9d239dd42)
- [Linux arm](https://get.helm.sh/helm-v3.14.1-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-arm.tar.gz.sha256sum) / f50c00c262b74435530e677bcec07637aaeda1ed92ef809b49581a4e6182cbbe)
- [Linux arm64](https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz.sha256sum) / f865b8ad4228fd0990bbc5b50615eb6cb9eb31c9a9ca7238401ed897bbbe9033)
- [Linux i386](https://get.helm.sh/helm-v3.14.1-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-386.tar.gz.sha256sum) / 3c94ed0601e0e62c195a7e9b75262b18128c8284662aa0e080bb548dc6d47bcd)
- [Linux ppc64le](https://get.helm.sh/helm-v3.14.1-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-ppc64le.tar.gz.sha256sum) / 4d853ab8fe3462287c7272fbadd5f73531ecdd6fa0db37d31630e41ae1ae21de)
- [Linux s390x](https://get.helm.sh/helm-v3.14.1-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-s390x.tar.gz.sha256sum) / 19bf07999c7244bfeb0fd27152919b9faa1148cf43910edbb98efa9150058a98)
- [Linux riscv64](https://get.helm.sh/helm-v3.14.1-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-riscv64.tar.gz.sha256sum) / 2660bd8eb37aafc071599b788a24bfe244e5d3ffa42da1599da5a5041dafa214)
- [Windows amd64](https://get.helm.sh/helm-v3.14.1-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.14.1-windows-amd64.zip.sha256sum) / 8a6c78a23a4e497ad8bd288138588adb3e5b49be8dbe82a3200fe7b297dac184)
This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`.
The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`.
#### What's Next
- 3.14.2 will contain only bug fixes and be released on March 13, 2024.
- 3.15.0 is the next feature release and will be on May 08, 2024.
Configuration
📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.74.5
->0.74.6
0.104.0
->0.105.0
3.14.0
->3.14.1
Release Notes
anchore/grype (anchore/grype)
### [`v0.74.6`](https://togithub.com/anchore/grype/releases/tag/v0.74.6) [Compare Source](https://togithub.com/anchore/grype/compare/v0.74.5...v0.74.6) ##### Bug Fixes - ensure version output to stdout \[[#1709](https://togithub.com/anchore/grype/pull/1709) [@kzantow](https://togithub.com/kzantow)] - Seeing "WARN some package(s) are missing CPEs" but it's not clear why \[[#1634](https://togithub.com/anchore/grype/issues/1634) [#1710](https://togithub.com/anchore/grype/pull/1710) [@willmurphyscode](https://togithub.com/willmurphyscode)] **[(Full Changelog)](https://togithub.com/anchore/grype/compare/v0.74.5...v0.74.6)**anchore/syft (anchore/syft)
### [`v0.105.0`](https://togithub.com/anchore/syft/releases/tag/v0.105.0) [Compare Source](https://togithub.com/anchore/syft/compare/v0.104.0...v0.105.0) ##### Added Features - Guess go main module version based on binary contents \[[#2608](https://togithub.com/anchore/syft/pull/2608) [@wagoodman](https://togithub.com/wagoodman)] - Catalog wordpress plugins \[[#1911](https://togithub.com/anchore/syft/issues/1911) [#2218](https://togithub.com/anchore/syft/pull/2218) [@disc](https://togithub.com/disc)] ##### Bug Fixes - ensure version output to stdout \[[#2621](https://togithub.com/anchore/syft/pull/2621) [@kzantow](https://togithub.com/kzantow)] - Survive indexing dead symlinks \[[#2645](https://togithub.com/anchore/syft/pull/2645) [@wagoodman](https://togithub.com/wagoodman)] - unable to index filesystem for amazonlinux images \[[#2627](https://togithub.com/anchore/syft/issues/2627) [#2644](https://togithub.com/anchore/syft/pull/2644) [@wagoodman](https://togithub.com/wagoodman)] - CycloneDX OS component does not have a bom-ref \[[#2101](https://togithub.com/anchore/syft/issues/2101) [#2634](https://togithub.com/anchore/syft/pull/2634) [@kzantow](https://togithub.com/kzantow)] - v0.104.0 interface conversion error when creating bom from singularity image \[[#2628](https://togithub.com/anchore/syft/issues/2628) [#2631](https://togithub.com/anchore/syft/pull/2631) [@wagoodman](https://togithub.com/wagoodman)] ##### Additional Changes - Rename binary cataloger to be more unique \[[#2633](https://togithub.com/anchore/syft/pull/2633) [@wagoodman](https://togithub.com/wagoodman)] - Suppress executable parsing issues \[[#2614](https://togithub.com/anchore/syft/pull/2614) [@wagoodman](https://togithub.com/wagoodman)] - update license list, cpe dictionary \[[#2620](https://togithub.com/anchore/syft/pull/2620) [@spiffcs](https://togithub.com/spiffcs)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v0.104.0...v0.105.0)**helm/helm (helm)
### [`v3.14.1`](https://togithub.com/helm/helm/releases/tag/v3.14.1): Helm v3.14.1 [Compare Source](https://togithub.com/helm/helm/compare/v3.14.0-rc.1...v3.14.1) Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release. A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. [Dominykas Blyžė](https://togithub.com/dominykas) with [Nearform Ltd.](https://www.nearform.com/) discovered the vulnerability. #### Installation and Upgrading Download Helm v3.14.1. The common platform binaries are here: - [MacOS amd64](https://get.helm.sh/helm-v3.14.1-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-darwin-amd64.tar.gz.sha256sum) / 67928236b37c4e780b9fb5e614fb3b9aece90d60f0b1b4cb7406ee292c2dae3b) - [MacOS arm64](https://get.helm.sh/helm-v3.14.1-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-darwin-arm64.tar.gz.sha256sum) / 96468f927cc6efb4a2b92fd9419f40ed21d634af2f3e84fb8efa59526c7a003b) - [Linux amd64](https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz.sha256sum) / 75496ea824f92305ff7d28af37f4af57536bf5138399c824dff997b9d239dd42) - [Linux arm](https://get.helm.sh/helm-v3.14.1-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-arm.tar.gz.sha256sum) / f50c00c262b74435530e677bcec07637aaeda1ed92ef809b49581a4e6182cbbe) - [Linux arm64](https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-arm64.tar.gz.sha256sum) / f865b8ad4228fd0990bbc5b50615eb6cb9eb31c9a9ca7238401ed897bbbe9033) - [Linux i386](https://get.helm.sh/helm-v3.14.1-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-386.tar.gz.sha256sum) / 3c94ed0601e0e62c195a7e9b75262b18128c8284662aa0e080bb548dc6d47bcd) - [Linux ppc64le](https://get.helm.sh/helm-v3.14.1-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-ppc64le.tar.gz.sha256sum) / 4d853ab8fe3462287c7272fbadd5f73531ecdd6fa0db37d31630e41ae1ae21de) - [Linux s390x](https://get.helm.sh/helm-v3.14.1-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-s390x.tar.gz.sha256sum) / 19bf07999c7244bfeb0fd27152919b9faa1148cf43910edbb98efa9150058a98) - [Linux riscv64](https://get.helm.sh/helm-v3.14.1-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.14.1-linux-riscv64.tar.gz.sha256sum) / 2660bd8eb37aafc071599b788a24bfe244e5d3ffa42da1599da5a5041dafa214) - [Windows amd64](https://get.helm.sh/helm-v3.14.1-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.14.1-windows-amd64.zip.sha256sum) / 8a6c78a23a4e497ad8bd288138588adb3e5b49be8dbe82a3200fe7b297dac184) This release was signed with ` 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at [@mattfarina](https://togithub.com/mattfarina) [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`. The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`. #### What's Next - 3.14.2 will contain only bug fixes and be released on March 13, 2024. - 3.15.0 is the next feature release and will be on May 08, 2024.Configuration
📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.