anchore/syft (anchore/syft)
### [`v1.3.0`](https://togithub.com/anchore/syft/releases/tag/v1.3.0)
[Compare Source](https://togithub.com/anchore/syft/compare/v1.2.0...v1.3.0)
##### Added Features
- index known CPEs for go modules \[[#2816](https://togithub.com/anchore/syft/pull/2816) [@westonsteimel](https://togithub.com/westonsteimel)]
- support multiple known CPEs in index \[[#2813](https://togithub.com/anchore/syft/pull/2813) [@westonsteimel](https://togithub.com/westonsteimel)]
- index known CPEs for PHP Composer packagist.org packages \[[#2804](https://togithub.com/anchore/syft/pull/2804) [@westonsteimel](https://togithub.com/westonsteimel)]
- index known cpes for PHP extensions \[[#2777](https://togithub.com/anchore/syft/pull/2777) [@westonsteimel](https://togithub.com/westonsteimel)]
##### Bug Fixes
- re-use embedded union reader if possible \[[#2814](https://togithub.com/anchore/syft/pull/2814) [@willmurphyscode](https://togithub.com/willmurphyscode)]
- prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io \[[#2806](https://togithub.com/anchore/syft/pull/2806) [@westonsteimel](https://togithub.com/westonsteimel)]
- improvements to known CPE index construction \[[#2801](https://togithub.com/anchore/syft/pull/2801) [@westonsteimel](https://togithub.com/westonsteimel)]
- Syft panics when scanning OCI image that contains packaged helm chart \[[#2745](https://togithub.com/anchore/syft/issues/2745) [#2757](https://togithub.com/anchore/syft/pull/2757) [@willmurphyscode](https://togithub.com/willmurphyscode)]
- Pom parser not resolving all dependency versions \[[#2776](https://togithub.com/anchore/syft/issues/2776) [#2781](https://togithub.com/anchore/syft/pull/2781) [@willmurphyscode](https://togithub.com/willmurphyscode)]
##### Additional Changes
- Fix removing labels in 'Detect schema changes' job \[[#2772](https://togithub.com/anchore/syft/pull/2772) [@GijsCalis](https://togithub.com/GijsCalis)]
- exclude known instrumentation jars from being erroneously identified \[[#2796](https://togithub.com/anchore/syft/pull/2796) [@kzantow](https://togithub.com/kzantow)]
- return empty string if dereferncing pom var fails \[[#2797](https://togithub.com/anchore/syft/pull/2797) [@willmurphyscode](https://togithub.com/willmurphyscode)]
**[(Full Changelog)](https://togithub.com/anchore/syft/compare/v1.2.0...v1.3.0)**
Configuration
📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.2.0->1.3.0Release Notes
anchore/syft (anchore/syft)
### [`v1.3.0`](https://togithub.com/anchore/syft/releases/tag/v1.3.0) [Compare Source](https://togithub.com/anchore/syft/compare/v1.2.0...v1.3.0) ##### Added Features - index known CPEs for go modules \[[#2816](https://togithub.com/anchore/syft/pull/2816) [@westonsteimel](https://togithub.com/westonsteimel)] - support multiple known CPEs in index \[[#2813](https://togithub.com/anchore/syft/pull/2813) [@westonsteimel](https://togithub.com/westonsteimel)] - index known CPEs for PHP Composer packagist.org packages \[[#2804](https://togithub.com/anchore/syft/pull/2804) [@westonsteimel](https://togithub.com/westonsteimel)] - index known cpes for PHP extensions \[[#2777](https://togithub.com/anchore/syft/pull/2777) [@westonsteimel](https://togithub.com/westonsteimel)] ##### Bug Fixes - re-use embedded union reader if possible \[[#2814](https://togithub.com/anchore/syft/pull/2814) [@willmurphyscode](https://togithub.com/willmurphyscode)] - prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io \[[#2806](https://togithub.com/anchore/syft/pull/2806) [@westonsteimel](https://togithub.com/westonsteimel)] - improvements to known CPE index construction \[[#2801](https://togithub.com/anchore/syft/pull/2801) [@westonsteimel](https://togithub.com/westonsteimel)] - Syft panics when scanning OCI image that contains packaged helm chart \[[#2745](https://togithub.com/anchore/syft/issues/2745) [#2757](https://togithub.com/anchore/syft/pull/2757) [@willmurphyscode](https://togithub.com/willmurphyscode)] - Pom parser not resolving all dependency versions \[[#2776](https://togithub.com/anchore/syft/issues/2776) [#2781](https://togithub.com/anchore/syft/pull/2781) [@willmurphyscode](https://togithub.com/willmurphyscode)] ##### Additional Changes - Fix removing labels in 'Detect schema changes' job \[[#2772](https://togithub.com/anchore/syft/pull/2772) [@GijsCalis](https://togithub.com/GijsCalis)] - exclude known instrumentation jars from being erroneously identified \[[#2796](https://togithub.com/anchore/syft/pull/2796) [@kzantow](https://togithub.com/kzantow)] - return empty string if dereferncing pom var fails \[[#2797](https://togithub.com/anchore/syft/pull/2797) [@willmurphyscode](https://togithub.com/willmurphyscode)] **[(Full Changelog)](https://togithub.com/anchore/syft/compare/v1.2.0...v1.3.0)**Configuration
📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.