search

safedep / vet

Tool to achieve policy driven vetting of open source dependencies
https://safedep.io
Apache License 2.0
235 stars 22 forks source link

chore(deps): bump github.com/anchore/syft from 1.11.1 to 1.14.0 #250

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps github.com/anchore/syft from 1.11.1 to 1.14.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.14.0

Added Features

Bug Fixes

Additional Changes

(Full Changelog)

v1.13.0

Added Features

Bug Fixes

  • OpenJDK CPEs [#2422 #3217 @​wagoodman]
  • SBOM generated from poetry lock file contains no license information on any dependencies [#3204]
  • Scanning a folder with a jar archive with no metadata creates a SPDX package without versionInfo (Non-NTIA compliant) [#2039 #3257 @​wagoodman]
  • Using replace in a go.mod creates a SPDX package without versionInfo (Non-NTIA compliant) [#2038 #3257 @​wagoodman]
  • Command make add-snippet can fail in some cases [#3249]

(Full Changelog)

v1.12.2

Added Features

... (truncated)

Commits
  • ccbee94 feat: report unknowns in sbom (#2998)
  • 4d7ed9f chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#3299)
  • 4c4e5cb chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 (...
  • 8b6159d chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#3304)
  • 7b30ce1 chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
  • 27ee203 chore(deps): update CPE dictionary index (#3302)
  • 3b9c55d Fix: Parse package.json with non-standard fields in 'author' section (#3300)
  • 25f5c67 chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#3298)
  • 0d45714 chore: add pull request template (#3294)
  • fc84574 chore(deps): update tools to latest versions (#3296)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
cloudflare-workers-and-pages[bot] commented 1 month ago

Deploying safedep-vet with  Cloudflare Pages  Cloudflare Pages

Latest commit: 44a77a4
Status: ✅  Deploy successful!
Preview URL: https://9188a528.safedep-vet.pages.dev
Branch Preview URL: https://dependabot-go-modules-github-uihy.safedep-vet.pages.dev

View logs

dependabot[bot] commented 1 month ago

Looks like github.com/anchore/syft is up-to-date now, so this is no longer needed.