Changelog for syft-fish-completion-1.14.1-196.1.noarch.rpm :

* Tue Oct 15 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.14.1:
* fix: stop some log.Warn spam due parsing an empty string as a CPE (#3330)
* chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
* chore(deps): update stereoscope to 1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
* chore(deps): update stereoscope to 93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
* chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#3326)
* chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#3327)
* chore(deps): update CPE dictionary index (#3323)
* fix: improve go binary semver extraction for traefik (#3325)
* chore(deps): update stereoscope to 92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
* chore(deps): update stereoscope to c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.0 (#3321)
* chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3 (#3314)
* shorten release docs (#3318)
* docs: clearer deprecation message for --file (#3310)
* [docs] Add mastodon link to README.md (#3306)
* chore(deps): update stereoscope to 5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
* chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
* chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#3307)
* chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
* chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#3309)
* Wed Oct 09 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.14.0:
* feat: report unknowns in sbom (#2998)
* chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#3299)
* chore(deps): update stereoscope to efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
* chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 (#3304)
* chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
* chore(deps): update CPE dictionary index (#3302)
* Fix: Parse package.json with non-standard fields in \'author\' section (#3300)
* chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#3298)
* chore: add pull request template (#3294)
* chore(deps): update tools to latest versions (#3296)
* Track supporting DPKG evidence (#3228)
* Fix: make failed CPE validation correctly return error (#2762)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.0 (#3293)
* feat: update haproxy classifier (#3277)
* chore(deps): update tools to latest versions (#3291)
* fix: don\'t use builtin scanner in licensecheck (#3290)
* chore(deps): update CPE dictionary index (#3288)
* chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3289)
* update redis classifier (#3281)
* fix: improve node classifier version matching (#3284)
* fix: update ruby classifier for -rc, -dev, etc. versions (#3285)
* chore(deps): update CPE dictionary index (#3262)
* chore(deps): bump github.com/docker/docker (#3264)
* chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3275)
* chore(deps): update stereoscope to dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
* chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
* add awaiting response management (#3272)
* fix: correct excluded mount point comparison to file paths (#3269)
* Tue Sep 24 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.13.0:
* Add JVM cataloger (#3217)
* feat: classifier for Dart lang binaries (#3265)
* Add compliance policy for empty name and version (#3257)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to 2.3.2 (#3254)
* chore(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#3255)
* chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#3256)
* chore(deps): update tools to latest versions (#3259)
* chore(deps): bump github.com/docker/docker (#3260)
* feat: add binary classifiers for lighttp, proftpd, zstd, xz, gzip, jq, and sqlcipher (#3252)
* fix: capture-snippet.sh can handle leading whitespaces now (#3249) (#3250)
* chore(deps): update tools to latest versions (#3251)
* chore(deps): update tools to latest versions (#3247)
* chore(deps): update tools to latest versions (#3243)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 (#3242)
* chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#3241)
* chore(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3 (#3240)
* chore(deps): update tools to latest versions (#3231)
* chore(deps): update CPE dictionary index (#3232)
* chore(deps): update tools to latest versions (#3205)
* chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 (#3225)
* chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 (#3226)
* chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 (#3229)
* feat: --enrich flag for data enrichment feature enablement (#3182)
* Thu Sep 12 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.12.2 (no releases between 1.11.1 and this one):
* chore: make ci-check.sh an executable file (#3220)
* chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.1.14 (#3219)
* chore: restore ci-check.sh script (#3218)
* Add haskell binaries cataloger (#3078)
* chore(deps): update CPE dictionary index (#3206)
* chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 (#3203)
* Add the Ocaml ecosystem (#3112)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0 to 0.20.0 (#3209)
* chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0 (#3210)
* chore(deps): bump github.com/docker/docker (#3211)
* chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1 (#3212)
* dont cleanup cache in forks (#3214)
* less verbose java logging when non-fatal issues arise (#3208)
* Slim down docker cache size (#3190)
* chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 (#3196)
* chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 (#3197)
* fix: haproxy classifier for versions with -dev suffix (#3180)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 (#3177)
* chore(deps): update CPE dictionary index (#3183)
* chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 (#3184)
* chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 (#3187)
* fix: properly decode SPDX license expressions in CycloneDX format (#3175)
* chore(deps): bump github.com/docker/docker (#3168)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
* chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#3173)
* fix: cycles resolving relative path parent poms with parent-defined variables (#3170)
* fix: improve generated cpes for binaries with existing classifiers (#3169)
* fix: add log time of task (#3105)
* fix: improve known CPEs and set NVD as source for all current binary classifiers (#3167)
* respond to authoratative CPEs from catalogers (#3166)
* set cataloger names within package cataloger task (#3165)
* fix: use official CPE for curl binary cataloger (#3164)
* chore(deps): update tools to latest versions (#3160)
* chore(deps): update CPE dictionary index (#3161)
* chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 (#3162)
* fix ELF package correlations (#3151)
* chore(deps): update tools to latest versions (#3144)
* feat: detect curl binaries (#3146)
* chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#3155)
* chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#3154)
* chore(deps): update stereoscope to e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.19.0 (#3148)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
* chore(deps): bump github.com/anchore/stereoscope (#3153)
* fix: mysql 8.0.3x binary detection (#3142)
* chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#3139)
* Tue Aug 20 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.11.1:
* fix: logging for remote network calls (#3140)
* chore(deps): update CPE dictionary index (#3135)
* chore(deps): bump github.com/charmbracelet/bubbletea (#3137)
* chore(deps): update tools to latest versions (#3121)
* chore(deps): bump github.com/docker/docker (#3123)
* chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#3124)
* chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#3129)
* fix: add nil check to CycloneDX toBomProperties (#3119)
* fix: read CycloneDX BOM components from metadata (#3092)
* fix: improve groupid extraction for Jenkins plugins (#2815)
* chore(deps): update CPE dictionary index (#3116)
* support .kar files (#3113)
* chore: fix some comments (#3114)
* chore: fix failing python relationship test (#3117)
* update-slack-to-discourse (#3111)
* Fri Aug 09 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.11.0:
* test: increase java purl generation test coverage (#3110)
* chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0 (#3106)
* chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#3107)
* chore(deps): update tools to latest versions (#3099)
* chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#3101)
* chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 (#3102)
* chore(deps): bump github.com/google/go-containerregistry (#3103)
* chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 (#3104)
* chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 (#3095)
* chore(deps): update CPE dictionary index (#3094)
* chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 (#3096)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to 0.5.7 (#3097)
* feat: improved java maven property resolution (#2769)
* fix: use organization for package supplier when reading Java vendor fields (#3093)
* chore(deps): update tools to latest versions (#3091)
* fix: update \'guessMainPackageNameAndVersionFromPomInfo\' and \'artifactIDMatchesFilename\' (#3054)
* fix: update mainModuleVersion function to always prefix `v` to findings (#3087)
* chore: update release script to use gh from binny (#3084)
* Added the SWI Prolog (swipl) ecosystem (#3076)
* Thu Aug 01 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.10.0:
* fix: improve determinism in java archive identification (#3085)
* chore(deps): update stereoscope to 50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075)
* chore(deps): update CPE dictionary index (#3079)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to 0.5.6 (#3082)
* chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#3083)
* fix: traefik classifier (#3077)
* python-cataloger: fix normalization test (#3073)
* Only match ldflag version if it matches the main module or targets main.version (#3062)
* python cataloger: allow dots in python package names (#3070)
* python-cataloger: normalize package names (#3069)
* chore(deps): bump github.com/docker/docker (#3066)
* chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#3072)
* fix: SPDX output performance with many relationships (#3053)
* better go mod detection from partial package builds (#3060)
* chore(deps): update tools to latest versions (#3061)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 to 0.12.1 (#3040)
* chore: add debug logging for errors reading RPM files (#3051)
* chore(deps): update CPE dictionary index (#3035)
* chore(deps): bump github.com/docker/docker (#3055)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to 0.5.5 (#3056)
* chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1 (#3057)
* chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#3058)
* chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#3059)
* chore(deps): update stereoscope to 487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032)
* chore(deps): update tools to latest versions (#3050)
* docs: CODE_OF_CONDUCT.md (#3046)
* fix: include CPEs with Maven groupId as vendor (#3045)
* chore(deps): bump github.com/google/go-containerregistry (#3047)
* chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 (#3048)
* chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2 (#3039)
* docs: link to contrib/dev docs in readme (#3029)
* chore: Fix apache shield in readme (#3021)
* chore(deps): update tools to latest versions (#3031)
* chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3034)
* chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 (#3044)
* fix: stop panicking on \"devel\" version go stdlib (#3043)
* chore: pin fedora image for elf binary test (#3041)
* chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 (#3023)
* chore(deps): update stereoscope to 27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026)
* Thu Jul 11 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.9.0:
* chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
* chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
* fix: stabilize cpe sorting during collection sort (#3009)
* Map the downloadLocation field for PHP Composer packages (#3011)
* chore(deps): update stereoscope to e46739e217969fa67cbe8834b64bb165a10a1548 (#3013)
* chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#3015)
* chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 (#3014)
* chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#3017)
* chore(deps): bump github.com/google/go-containerregistry (#3019)
* chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0 (#3020)
* chore(deps): update CPE dictionary index (#3016)
* Infer the package type from ELF package notes (#3008)
* chore(deps): update tools to latest versions (#3003)
* chore(deps): update CPE dictionary index (#3002)
* chore(deps): bump github.com/docker/docker (#3006)
* chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#3004)
* chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4 (#3005)
* feat: version 3 support for swift package manager of the resolved files (#3001)
* chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to 0.5.5 (#2999)
* chore(deps): bump github.com/docker/docker (#2994)
* Add detection of Erlang in Alpine linux (#2996)
* chore(deps): update tools to latest versions (#2991)
* chore(deps): update stereoscope to 753b5576fe42bc007b22108ad7911d1729957a46 (#2992)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2995)
* Tue Jun 25 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.0:
* chore(deps): update CPE dictionary index (#2986)
* chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#2988)
* fix: handle errors reading go licenses (#2985)
* docs: update cyclone-dx documentation (#2983)
* feat: update syft to generate cyclone-dx 1.6 by default (#2978)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
* chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#2975)
* fix: detection of arangodb 3.12 (#2979)
* chore: enable dependabot to keep boostrap action updated (#2976)
* chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1 (#2973)
* chore(deps): bump github.com/google/go-containerregistry (#2971)
* chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#2972)
* Sat Jun 15 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.7.0:
* Added Features - index known CPEs for wordpress plugins and themes [#2963 AATTwestonsteimel] - Consider Author field for wordpress plugins when generating CPEs [#2946 AATTwagoodman]
* Bug Fixes - improve version extraction from ldflags for pingcap TiDB [#2962 AATTwestonsteimel] - Trim whitespace from wordpress values [#2945 AATTwagoodman] - Issue scanning Poetry Project with Syft 1.6 and cataloger=python-package-cataloger [#2954 #2965 AATTspiffcs] - Poetry\'s multiple constraints seems to break the parser [#2947 #2965 AATTspiffcs] - Golang: Search remote licenses not working in a CI pipeline when scanning Docker image [#2798 #2852 AATTkzantow]
* Mon Jun 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.6.0:
* Added Features - Add relationships for go binary packages [#2912 AATTwagoodman] - Add classifier for util-linux [#2933 AATTLaurentGoderre] - Lua: Add support for more advanced syntax [#2908 AATTLaurentGoderre] - add license field to ELF binary package metadata [#2890 AATTbrian-ebarb] - install.sh: check checksums file\'s signature [#2884 #2941 AATTwagoodman] - Detect ELF package notes from fedora binaries [#2713 #2939 AATTwagoodman]
* Bug Fixes - Use redhat as namespace for redhat rpms [#2914 AATTralphbean] - Close sqlite driver after testing sqlite availability [#2922 AATTttc0419] - syft does not find anything in archives if /tmp is a tmpfs [#2894 #2918 AATTwillmurphyscode] - Scanning a git repository folder present in /tmp produce an empty sbom [#2847 #2918 AATTwillmurphyscode]
* Additional Changes - update unit tests to use pinned patch version [#2932 AATTspiffcs] - fix comments and spelling [#2920 AATTdufucun]
* Fri May 31 2024 andrea.manziniAATTsuse.com- Update to version 1.5.0:
* feat: detect fluent-bit binaries (#2905)
* bump dependencies
* Add python wheel egg relationships (#2903)
* feat: Add Lua cataloger (#2613)
* feat: add config command (#2892)
* feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864)
* Go Mod Cataloger: Remove Replaced Packages (#2891)
* chore: Reduce length of readme, moving lengthy content to the wiki (#2882)
* fix: DecoderCollection discarding input from non-seekable Readers (#2878)
* Fix outdated spdx links (#2865)
* Use values in relationship To/From fields (#2871)
* add support for RPM DB package relationships (#2872)
* fix: capture dependencies when parsing SPDX SBOMs (#2869)
* Add abstraction for adding relationships from package cataloger results (#2853)
* chore: fix small tooling error for go.mod (#2868)
* Sun May 12 2024 opensuse_buildserviceAATTojkastl.de- add completion subpackages- fix version output
* Fri May 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.4.1:
* fix pruning binary packages when considering ELF packages (#2862)
* Thu May 09 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.4.0:
* feat: add relationships to ELF package discovery (#2715)
* README.md: link to official wiki (#2858)
* fix Windows file paths in local go mod cache (#2654)
* chore(deps): bump github.com/docker/docker (#2859)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2860)
* chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4 (#2855)
* chore(deps): bump github.com/sassoftware/go-rpmutils from 0.3.0 to 0.4.0 (#2856)
* Add relationships for ALPM packages (arch linux) (#2851)
* Add binary classifier for ArangoDB (#2830)
* chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 (#2849)
* chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#2850)
* chore: use ruleguard to test for missing defer statements (#2837)
* remove homebrew update workflow (#2846)
* Restore version file update on release (#2844)
* fix: Add missing CPE for traefik, memcached, and postgres binaries (#2845)
* Add detection for newer version of ErLang/OTP (#2829)
* fix ui race for package count (#2839)
* chore(deps): update CPE dictionary index (#2841)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.8 to 6.5.9 (#2842)
* chore(deps): bump modernc.org/sqlite from 1.29.8 to 1.29.9 (#2843)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2838)
* add security policy (#2835)
* chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#2834)
* chore(deps): update stereoscope to 2e9894674185d121917b283f773c2b5830f8b360 (#2831)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2833)
* chore: fix function name in comment (#2771)
* chore: enable go-critic deferInLoop lint (#2825)
* fix: better clean up of file handles (#2823)
* chore(deps): bump github.com/docker/docker (#2827)
* fix(spdx): include required fields (#2168)
* fix: add correct vendor for dnsmasq CPE (#2659)
* fix: close temp rpmdb file (#2792)
* chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 (#2817)
* Fill in SPDX originator for all supported package types (#2822)
* chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 (#2821)
* Fri Apr 26 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.3.0:
* update spdx license list to 3.23 (#2818)
* fix: re-use embedded union reader if possible (#2814)
* feat: index known CPEs for go modules (#2816)
* chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#2812)
* feat: support multiple known CPEs in index (#2813)
* chore(deps): update stereoscope to 8b297badafd5d81fa1187b26ae34dd2a7ce7e425 (#2807)
* chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2809)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to 0.5.4 (#2810)
* Fix removing labels in \'Detect schema changes\' job (#2772)
* chore(deps): bump github.com/docker/docker (#2805)
* Display which provider caused which error in output (#2757)
* fix: prefer non-deprecated CPEs and include jenkins plugins from plugins.jenkins.io (#2806)
* feat: index known CPEs for PHP Composer packagist.org packages (#2804)
* chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2 (#2802)
* chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#2803)
* fix: improvements to known CPE index construction (#2801)
* fix: exclude known instrumentation jars from being erroneously identified (#2796)
* feat: index known cpes for PHP extensions (#2777)
* chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#2799)
* fix: return empty string if dereferncing pom var fails (#2797)
* chore(deps): bump github.com/docker/docker (#2793)
* chore(deps): bump modernc.org/sqlite from 1.29.7 to 1.29.8 (#2794)
* chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#2795)
* chore: cleanup redundant code (#2791)
* chore(deps): update tools to latest versions (#2789)
* chore(deps): bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#2790)
* chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 (#2786)
* chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#2787)
* Fix: repeatedly dereference pom variables (#2781)
* chore(deps): bump modernc.org/sqlite from 1.29.6 to 1.29.7 (#2783)
* chore(deps): update CPE dictionary index (#2780)
* chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 (#2779)
* chore: fix broken cpe index generation task (#2778)
* chore(deps): bump github.com/docker/docker (#2773)
* chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#2774)
* Sat Apr 13 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.2.0:
* fix: more robust go main version extraction (#2767)
* chore(deps): update tools to latest versions (#2768)
* fix: binary character in java version (#2766)
* chore(deps): update tools to latest versions (#2760)
* chore(deps): bump modernc.org/sqlite from 1.29.5 to 1.29.6 (#2761)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.6 to 6.5.8 (#2754)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to 0.5.3 (#2755)
* chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 (#2756)
* chore(deps): bump golang.org/x/mod from 0.16.0 to 0.17.0 (#2751)
* Differentiate between JRE and JDK (#2748)
* chore(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 (#2752)
* Thu Apr 04 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.1:
* chore(deps): update tools to latest versions (#2744)
* chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (#2747)
* chore: update anchore/packageurl-go to use latest commits (#2746)
* feat: cataloger for PHP Pecl and PEAR packages (#2604)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#2743)
* chore(deps): update tools to latest versions (#2741)
* fix: conan poco project cpe (#2740)
* chore(deps): bump github.com/distribution/reference from 0.5.0 to 0.6.0 (#2738)
* chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 (#2737)
* fix: panic scanning binaries without symtab (#2739)
* chore: remove useless code (#2716)
* chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2731)
* chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 (#2732)
* chore(deps): update tools to latest versions (#2733)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.5 to 6.5.6 (#2734)
* update release token from readonly to write token (#2735)
* Tue Mar 26 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.0:
* Adding the ability to retrieve remote licenses from package.lock (#2708)
* dont include labels for dependabot ecosystems (#2720)
* chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 (#2717)
* chore(deps): update tools to latest versions (#2726)
* chore(deps): bump github/codeql-action from 3.24.7 to 3.24.8 (#2725)
* chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#2728)
* chore(deps): bump github.com/docker/docker (#2730)
* updating credentials to scoped permissions (#2722)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.4 to 6.5.5 (#2718)
* chore(deps): bump github.com/google/go-containerregistry (#2719)
* Add detection for Oracle GraalVM (#2705)
* chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#2714)
* Add ELF binary package cataloger (#2396)
* chore(deps): bump modernc.org/sqlite from 1.29.3 to 1.29.5 (#2710)
* chore(deps): bump github/codeql-action from 3.24.6 to 3.24.7 (#2711)
* chore(deps): bump peter-evans/create-pull-request from 6.0.1 to 6.0.2 (#2712)
* Show binary exports, entrypoint, and imports (#2626)
* chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#2703)
* chore(deps): bump github.com/knqyf263/go-rpmdb (#2701)
* chore: reduce duplicate case SwiftPkg (#2696)
* chore: remove deprecated os.SEEK_SET os.SEEK_CUR (#2693)
* chore(deps): bump github.com/docker/docker (#2698)
* chore(deps): bump modernc.org/sqlite from 1.29.2 to 1.29.3 (#2699)
* Sat Mar 09 2024 andrea.manziniAATTsuse.com- Update to version 1.0.1:
* bump dependencies
* docs: add simplest example from registry (#2691)
* fix: Unable to scan OCI images with syft v0.105.1 [#2678 #2683 AATTspiffcs]
* Fri Mar 01 2024 andrea.manziniAATTsuse.com- Update to version 1.0.0:
* fix: match OpenSSL letter releases (#2682)
* Mark duplicated rows in table output (#2679)
* fix: trim path from deps.json in portable way (#2674)
* chore(deps): update tools to latest versions (#2680)
* enforce breaking change bump major version (#2635)
* docs: fix incorrect flag name in readme (#2677)
* Consider filesystem types for mount points when ignoring system paths (#2675)
* fix: stop emitting bus events on go mod events (#2673)
* chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#2676)
* feat: add `--from` flag, refactor source providers (#2610)
* Tue Feb 27 2024 andrea.manziniAATTsuse.com- Update to version 0.105.1:
* bump deps and build tools
* fix: SPDX tag value version selector (#2665)
* fix(install): return appropriate error codes (#2664)
* chore: update busybox image for acceptance tests (#2663)
* rename binary classifier cataloger name (#2643)
* add cataloger selection example (#2646)
* add syft version used to SBOM tool info by default (#2647)
* Thu Feb 15 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.105.0:
* Survive indexing dead symlinks (#2645)
* fix considering base path when ignoring known bad unix paths (#2644)
* test for field conventions in json schema (#2642)
* feat: Add Wordpress cataloger (#2218)
* rename binary cataloger to be more unique (#2633)
* fix: update runner size to use larger HD for codeql (#2641)
* chore(deps): update tools to latest versions (#2616)
* chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 (#2638)
* chore(deps): bump dawidd6/action-homebrew-bump-formula (#2639)
* chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 (#2640)
* fix: add BOMRef to CycloneDX OS Component (#2634)
* chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 (#2629)
* chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 (#2630)
* fix getting union reader for sif images (#2631)
* chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 (#2607)
* chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 (#2625)
* fix: ensure version output to stdout (#2621)
* Guess go main module version based on binary contents (#2608)
* chore(deps): update stereoscope to 681f6715b0e35686d6e6f40bce109176de1ee274 (#2617)
* fix readme around templating options (#2612)
* suppress executable parsing issues (#2614)
* chore: update license list, cpe dictionary (#2620)
* chore(deps): update tools to latest versions (#2606)
* Thu Feb 08 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.104.0:
* fix: incorrect conversion between integer types (#2605)
* chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 (#2602)
* chore(deps): bump github.com/docker/docker (#2601)
* Fix: unmarshal key values in Java, Go, and Conan metadata (#2603)
* fix(dotnet): prefer portable executable product version when semantically greater than file version (#2600)
* Finalize Conan v2 support (#2587)
* chore(deps): update tools to latest versions (#2595)
* chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#2597)
* chore(deps): update stereoscope to bfa15e446f061bda7f68305d2d6240b053f17e0c (#2589)
* chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#2592)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to 0.5.2 (#2591)
* chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 (#2593)
* labeler should ignore latest version (#2588)
* chore: copy latest schema to stable path for easier diff (#2586)
* Adding metadata fields when parsing yarn.lock and poetry.lock (#2350)
* Add Erlang OTP Application cataloger (#2403)
* Detect ELF security features (#2443)
* Add API examples (#2517)
* feat: Record where CPEs come from (#2552)
* chore(deps): update stereoscope to 37291e81936d2b43b3cef56667a741ef715fbfe4 (#2583)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1 to 0.18.0 (#2584)
* swap format readseekers for readers (#2581)
* translate maps to sequences in pkg metadata (#2553)
* chore(deps): update tools to latest versions (#2576)
* chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8 (#2578)
* chore(deps): bump marocchino/sticky-pull-request-comment (#2579)
* chore(deps): bump github.com/docker/docker (#2580)
* chore(deps): update stereoscope to db7a4bedaba6ad93becf22ce794f306dfb07fcb9 (#2577)
* Fix attest with --key (#2551)
* fix(java): improve identification for org.apache.kafka artifacts (#2573)
* chore: pluralize the flag (#2564)
* chore(deps): update tools to latest versions (#2566)
* chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#2567)
* chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 (#2568)
* re-add cosign signing checksums file (#2572)
* Wed Jan 31 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.103.1:
* revert cosign signing of release checksums file (#2571)
* Wed Jan 31 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.103.0:
* bump archiver and stereoscope (#2570)
* fix: Better test for group ID in filename (#2565)
* Sign checksums file and add SBOMs on release (#2548)
* chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (#2560)
* chore(deps): bump github.com/google/go-containerregistry (#2561)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#2562)
* chore(deps): update tools to latest versions (#2554)
* chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0 to 0.3.0 (#2556)
* chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2 (#2557)
* chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#2558)
* internalize format helpers (#2543)
* Internalize CPE generation logic (#2541)
* chore(deps): update tools to latest versions (#2550)
* Fri Jan 26 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.102.0:
* Implement golang Purl subpath (#2547)
* fix migration of integration test (#2546)
* Use the json schema as input for templating (#2542)
* Unexport types and functions cataloger packages (#2530)
* Internalize majority of cmd package (#2533)
* allow for RPM modularity to be optional (#2540)
* chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#2536)
* chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#2538)
* chore(deps): bump github.com/docker/docker (#2537)
* chore: stop re-exporting wfn.Attributes (#2534)
* swap format readseekers for readers (#2515)
* chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (#2531)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12 to 0.5.0 (#2532)
* plumb context through catalogers (#2528)
* Remove CLI and API deprecations (#2508)
* Turn off the SBOM cataloger by default (#2527)
* Re-introduce linux kernel cataloger (#2526)
* make AllLocations accept a context (#2518)
* chore(deps): update CPE dictionary index (#2523)
* fix: minor cataloger and docs nits (#2519)
* Sat Jan 20 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.101.1:
* Deduplicate digests from user configuration (#2522)
* update readme and help output to be accurate to syft api (#2520)
* fix: remove second call to finalize as the task handles it (#2516)
* chore(deps): update stereoscope to eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510)
* chore(deps): bump github.com/docker/docker (#2512)
* chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#2513)
* chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (#2514)
* chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 (#2506)
* chore(deps): bump github.com/google/go-containerregistry (#2507)
* chore: enable automatic approval of dependabot PRs (#2505)
* Thu Jan 18 2024 opensuse_buildserviceAATTojkastl.de- Update to version 0.101.0:
* include binary cataloger configuration defaults (#2504)
* feat: classifier for wordpress cli binary (#2473)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2502)
* chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#2503)
* chore(deps): update tools to latest versions (#2500)
* chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2501)
* Add cataloger list command (#2366)
* condense binary cataloger config in JSON output (#2499)
* chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#2495)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to 6.5.3 (#2494)
* chore(deps): update CPE dictionary index (#2491)
* Replace core SBOM-creation API with builder pattern (#1383)
* chore(deps): update tools to latest versions (#2488)
* chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#2489)
* chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 (#2481)
* chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1 to 0.17.1 (#2475)
* feat: binary classifiers for Percona Software For MySQL (#2478)
* feat: binary classifier for pypy (#2474)
* chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.2 (#2476)
* fix: support traefik binary from the official Docker image (#2484)
* feat: binary classifier for GCC (#2479)
* chore(deps): update tools to latest versions (#2480)
* chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 (#2482)
* chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0 (#2477)
* Upgrade binary test fixtures management (#2444)
* Sat Jan 06 2024 andrea.manziniAATTsuse.com- Update to version 0.100.0:
* Add ability to extend the binaries cataloguers (#2469)
* chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (#2464)
* fix: add missing purl for busybox (#2457)
* Fix diff error obfuscating binary test failures message (#2468)
* Replace `packages` command with `scan` (#2446)
* fix: PURLs with \"nuget\" type are dotnet packages (#2466)
* chore(deps): update tools to latest versions (#2459)
* chore(deps): update CPE dictionary index (#2458)
* chore: update binary to -x (#2456)
* Add more functionality to the ErLang parser (#2390)
* Added OpenSSL binary matcher (#2416)
* chore(deps): update stereoscope to 590920dabc5479216e755983d41367b6be3544f3 (#2452)
* chore(deps): update tools to latest versions (#2451)
* chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12 (#2455)
* Thu Dec 21 2023 opensuse_buildserviceAATTojkastl.de- Update to version 0.99.0:
* chore: remove execute from test fixtures (#2450)
* chore(deps): update tools to latest versions (#2447)
* fix: don\'t panic when hackage missing in haskell stack yaml lock (#2448)
* Add binary classifier for the ERLang interpretter (#2417)
* Add binary classifier for Julia lang (#2427)
* Add binary detection for PHP composer (#2432)
* chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2433)
* chore(deps): update CPE dictionary index (#2442)
* chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440)
* fix syft-json test to use pretty json for snapshot testing (#2441)
* refactor pkg.Collection (#2439)
* refactor javascript cataloger to use configuration options when creating packages (#2438)
* use single source of truth for archive options (#2437)
* fix file digest cataloger when passed coordinates (#2436)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413)
* Look for a maven version in a pom from a parent dependency management section (#2423)
* Parse Python licenses from LicenseExpression entry in the Wheel Metadata (#2431)
* chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (#2430)
* chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429)
* chore(deps): update tools to latest versions (#2428)
* Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331)
* fix: use filepath instead of path for file source exclusions (#2411)
* chore(deps): bump github.com/charmbracelet/bubbletea (#2424)
* chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425)
* chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (#2426)
* chore(deps): bump dawidd6/action-homebrew-bump-formula (#2420)
* feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409)
* chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (#2400)
* chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414)
* chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#2401)
* chore(deps): update tools to latest versions (#2408)
* chore(deps): update CPE dictionary index (#2412)
* fix(java): improve identification for org.codehaus.groovy artifacts (#2404)
* fix(java): improve identification for commons-jelly artifacts (#2399)
* fix(java): improve identification for io.minio artifacts (#2398)
* fix(java): improve identification for com.graphql-java artifacts (#2397)
* chore(deps): update tools to latest versions (#2395)
* chore: enhance java purl generation integration test (#2393)
* feat: add ability to retrieve remote licenses for yarn.lock (#2338)
* chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#2392)
* Retrieve remote licenses using pom.properties when there is no pom.xml (#2315)
* fix(java): improve identification for org.apache.tapestry artifacts (#2384)
* fix(java): improve identification for io.ratpack artifacts (#2379)
* fix(java): improve identification for org.apache.cassandra artifacts (#2386)
* fix(java): improve identification for org.neo4j.procedure artifacts (#2388)
* fix: bump fangs for ptr summarize fix (#2387)
* fix(java): improve identification for org.elasticsearch artifacts (#2383)
* fix(java): improve identification for org.apache.geode artifacts (#2382)
* fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381)
* fix(java): improve identification for io.projectreactor.netty artifacts (#2378)
* fix(java): improve identification for org.eclipse.platform artifacts (#2349)
* Generalize UI events for cataloging tasks (#2369)
* chore(deps): update tools to latest versions (#2376)
* chore(deps): bump github.com/google/go-containerregistry (#2377)
* chore: fix tests failing due to Mac Rosetta cache (#2374)
* fix: improve dotnet portable executable identification (#2133)
* Thu Nov 30 2023 andrea.manziniAATTsuse.com- Update to version 0.98.0:
* fix file metadata cataloger to use resolved locations (#2370)
* fix: logging level for parsing potential PE files (#2367)
* only remove breaking-change label when there are schema changes (#2371)
* fix: capture root command stdout (#2364)
* fix: hardcode xalan group ID (#2368)
* Normalize cataloger configuration patterns (#2365)
* normalize enums to lowercase with hyphens (#2363)
* bump deps version
* fix: index file itself when file scan path has symlink (#2359)
* use read lock in pkg collection (#2341)
* Fix the `attest` command (#2337)
* fix: add manual namespace mapping for org.springframework jars (#2345)
* Add binary classifiers for MySQL and MariaDB (#2316)
* Enhance redis binary classifier (#2329)
* fix: add manual namespace mapping for org.springframework.security jars (#2343)
* fix: add manual namespace mapping for org.bouncycastle jars (#2342)
* Update developer docs to represent the current package layout (#2340)
* Remove the power-user command and related catalogers (#2306)
* Add \"pretty\" json configuration and change default behavior to be space-efficient (#2275)
* Sat Nov 18 2023 kastlAATTb1-systems.de- Update to version 0.97.1:
* chore(deps): update stereoscope to 3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336)
* feat: allow for stdout to be buffered on each command (#2335)
* Fri Nov 17 2023 kastlAATTb1-systems.de- Update to version 0.97.0:
* fix: prevent writing non-report output to stdout (#2324)
* chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7 (#2332)
* export metadata type helper (#2328)
* fix(java): add manual groupid mappings for org.apache.velocity jars (#2327)
* fix(java): skip maven bundle plugin logic if vendor id and symbolic name match (#2326)
* Refine license searching from groupIDFromJavaMetadata to allow for having the artfactId in the groupId (#2313)
* chore(deps): update tools to latest versions (#2325)
* chore(deps): update tools to latest versions (#2318)
* Add license for golang stdlib (#2317)
* chore(deps): bump github/codeql-action from 2.22.5 to 2.22.6 (#2321)
* docs: Update README.md for dotnet-portable-executable (#2322)
* Fall back to searching maven central using groupIDFromJavaMetadata (#2295)
* rename file.Location.VirtualPath to AccessPath (#2288)
* chore(deps): update tools to latest versions (#2308)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11 to 0.4.12 (#2310)
* chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 (#2311)
* Thu Nov 09 2023 kastlAATTb1-systems.de- Update to version 0.96.0:
* include image labels in cycloneDX SBOM (#2294)
* Add accessPath on Location objects to syft-json output (#2287)
* SPDX file has duplicate sha256 tag in versionInfo (#2300)
* Check maven central as well for licenses in parents poms for nested jars (#2302)
* chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#2293)
* chore(deps): update tools to latest versions (#2301)
* fix: identify cyclone-json without $schema (#2303)
* Tue Nov 07 2023 kastlAATTb1-systems.de- Update to version 0.95.0:
* chore: setup release task before calling go releaser (#2297)
* chore(deps): update tools to latest versions (#2296)
* chore(deps): update tools to latest versions (#2289)
* chore(deps): update CPE dictionary index (#2290)
* chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 (#2292)
* Wire though maven-url to java config (#2291)
* Use case-insensitive matching for Go license files (#2286)
* Add a new Java configuration option to recursively search parent poms… (#2274)
* chore(deps): update tools to latest versions (#2280)
* Follow convention for naming catalogers (#2277)
* change dir resolver to include virtual path (#2259)
* fix: syft does not handle the case of parsing a jar with multiple poms (#2231)
* add PURLs when scanning Gradle lock files (#2278)
* chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 (#2279)
* test: remove dll files and updates tests to use versionResources (#2276)
* fix: update dot net binary parsing logic to remove empty space (#2273)
* Read a license from a parent pom stored in Maven Central (#2228)
* Update README.md to use canonical output format names (fixes [#2269]) (#2272)
* Remove MetadataType from core package object and normalize JSON metadataType values (#1983)
* chore(deps): bump github.com/docker/docker (#2263)
* chore(deps): update stereoscope to 5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265)
* chore(deps): update CPE dictionary index (#2271)
* chore: fix cpe generation task (#2270)
* chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2262)
* chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5 (#2261)
* chore(deps): update tools to latest versions (#2258)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 (#2256)
* feat: Perform case insensitive matching on Java license files (#2235)
* Split the sbom.Format interface by encode and decode use cases (#2186)
* Upgrade tool management (#2188)
* fix: 2179 jar chokes empty lines (#2254)
* chore(deps): update CPE dictionary index (#2253)
* fix CPE workflow (#2252)
* feat: add conaninfo.txt parser to detect conan packages in docker images (#2234)
* chore(deps): update bootstrap tools to latest versions (#2245)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 to 4.6.1 (#2248)
* chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4 (#2249)
* fill version info from release and git directly (#2244)
* Add ruby.NewGemSpecCataloger to DirectoryCatalogers. (#1971)
* change homebrew release trigger (#2242)
* Fri Nov 03 2023 Johannes Kastl - BuildRequire go1.21
* Sat Oct 21 2023 kastlAATTb1-systems.de- Update to version 0.94.0:
* Label PRs when the json schema changes (#2240)
* Add download location when cataloging directory npm package lock (#2238)
* fix: allow packages to be captured from DIST/EGG case (#2239)
* Account for maven bundle plugin and fix filename matching (#2220)
* chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236)
* Remove internal string set (#2219)
* bump clio to get stderr reporting fix (#2232)
* Fix panic for empty input to Swift cataloger (#2226)
* Add additional license filenames (#2227)
* chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 (#2229)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#2222)
* chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2 (#2224)
* Detect a license file in the root directory or META-INF of a jar (#2213)
* Parse donet dependency trees (#2143)
* chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#2214)
* chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#2215)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#2216)
* chore: add automated homebrew action (#2164)
* Add relationships for dpkg packages (#2212)
* Wed Oct 11 2023 kastlAATTb1-systems.de- Update to version 0.93.0:
* Parse the Maven license from the pom.xml if not contained in the mani… (#2115)
* Refine the docs for building a cataloger (#2175)
* Fix algo lookup by converting key to lower case (#2207)
* chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1 (#2208)
* feat: add package for go compiler given binary detection (#2195)
* chore(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible (#2193)
* chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0 (#2202)
* chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 (#2204)
* chore: update license list to 3.22 (#2201)
* Add exact syntax of the conversion formats (#2196)
* chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 (#2198)
* chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 (#2199)
* chore: removes unnecessary conditional (#2194)
* chore: improve --output help text and deprecate --file (#2187)
* chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 (#2189)
* chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#2191)
* chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9 (#2182)
* chore(deps): update bootstrap tools to latest versions (#2178)
* chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 (#2180)
* Thu Oct 05 2023 andrea.manziniAATTsuse.com- Update to version 0.92.0:
* bump deps to latest version
* fix: deterministic java purls (#2170)- Update to version 0.91.0:
* fix: prevent errors from clobbering terminal (#2161)
* Require ordering of relationships when comparing parser output (#2160)
* Add containerd support (#1793)
* feat: add dependency information to conan lockfile parser (#2131)
* fix: encode and decode FileLicenses and FileContents in Syft JSON (#2083)
* feat: add cyclonedx schema version selection (#2123)
* fix: allow cyclonedx json input with no components (#2127)
* fix source-version typo in flag description (#2126)- Update to version 0.90.0:
* fix(help): power-user help text to indicate it supports file-system (#2113)
* fix: update codeql-analysis for go 1.21 (#2108)
* feat(cmd/update): add UA header with current ver when check for update (#2100)
* fix(cdx): validate external refs before encoding (#2091)
* fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation (#2075)
* Tue Sep 05 2023 kastlAATTb1-systems.de- Update to version 0.89.0:
* tidy gomod and gitignore (#2082)
* fix quiet flag (#2081)
* fix: in some cases, try to use pom info to guess name and version to top level jar (#2080)
* fix: don\'t panic on universal go binaries (#2078)
* chore: update CLI to CLIO (#2001)
* Add registry certificate verification support (#1734)
* fix: CPE generation for django (#2068)
* Tue Sep 05 2023 kastlAATTb1-systems.de- Update to version 0.88.0:
* chore: update quill to the latest version (#2065)
* fix: duplicate entries in cyclonedx dependency list (#2063)
* Fix panic in pom parsing (#2064)
* Fix: don\'t validate pom declared group (#2054)
* chore: trace log pom property reflect usage (#2059)
* fix: do not double-prefix symlink paths that already contain volume names (#2051)
* feat: add bash classifier (#2055)
* Detect golang boring crypto and fipsonly modules (#2021)
* fix: properly parse conan ref and include user and channel (#2034)
* chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.8.0 (#2053)
* Enable reading non-utf-8 encodings for java pom.xml files (#2047)
* feat: 1944 - update purl generation to use a consistent groupID (#2033)
* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2049)
* chore(deps): update bootstrap tools to latest versions (#2048)
* chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 (#2045)
* chore(deps): update CPE dictionary index (#2043)
* fill out new version notice (#2042)
* Tue Sep 05 2023 kastlAATTb1-systems.de- Update to version 0.87.1:
* feat: use java package names to determine known groupids (#2032)
* fix: inconsistent removal of binaries by overlap (#2036)
* fix: CycloneDX relationships not output or decoded properly (#1974)
* chore: restore cataloger.DefaultConfig (#2028)
* Tue Sep 05 2023 kastlAATTb1-systems.de- Update to version 0.87.0:
* fix: read direct package files when decoding SPDX tag-value (#2014)
* chore(deps): update bootstrap tools to latest versions (#2022)
* chore(deps): update CPE dictionary index (#2025)
* chore(deps): update bootstrap tools to latest versions (#2012)
* chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 (#2008)
* 1948-filter-pkg-by-type (#2011)
* chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 (#2009)
* fix: SPDX license values and download location (#2007)
* 931: binary cataloger exclusion defaults for ownership by overlap (#1948)
* chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#2004)
* chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#1998)
* test: add coverage for new rpmdb paths (#1999)
* chore: improve spdx purl decoding (#1996)
* fix: gradle lockfile parser groupId handling (#1995)
* fix: update glob to use newer usr/lib/sysimage path (#1997)
* fix: opkg search glob (#1994)
* feat: nginx binary classifier (#1988)
* Expand deb cataloger to include opkg (#1985)
* chore(deps): update bootstrap tools to latest versions (#1991)
* chore(deps): bump github.com/google/go-containerregistry (#1993)
* chore: update bubbly to fix hanging (#1990)
* chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1989)
* feat: use originator logic to fill supplier (#1980)
* add metadata types to all cpe test fixtures (#1982)
* Tue Aug 01 2023 kastlAATTb1-systems.de- Update to version 0.86.1:
* fix: default image source name to user input (#1979)
* Tue Aug 01 2023 kastlAATTb1-systems.de- Update to version 0.86.0:
* chore(deps): update stereoscope to d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975)
* chore: update to latest commit in tools-golang (#1969)
* Guess unpinned versions in python requirements.txt (#1966)
* chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 (#1965)
* Fix panic condition on docker pull failure (#1968)
* bump JSON schema to account for simplified python env markers (#1967)
* feat: support top-level SPDX package and graph (#1934)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1959)
* Add cataloger for Swift Package Manager. (#1919)
* chore(deps): update stereoscope to d515761c6ca2743a67d7d08053db69235ae76d1d (#1953)
* chore(deps): bump github.com/docker/docker (#1955)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1951)
* Introduce indexed embedded CPE dictionary (#1897)
* chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 (#1949)
* Add support for parsing .NET assemblies (#1943)
* docs: capture artifactory dev settings from 1895 (#1947)
* remove build binary and add explicit git ignore
* docs: update docs with new docker specific instructions (#1941)
* remove jotframe UI (#1932)
* fix: remove indirect dependency of circl v1.1.0 (#1940)
* chore: move wait before iteration to guarantee read before tea (#1931)
* Thu Jul 13 2023 kastlAATTb1-systems.de- Update to version 0.85.0:
* implement ui handle waiter (#1930)
* fix: background reader apart from global handler for testing (#1929)
* chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 (#1928)
* fix: allow valid cyclonedx input with no components (#1873)
* fix: \"or-later\" suffix updated to consider deprecated \"+\" operator (#1907)
* feat: CLI flag for directory base (#1867)
* Fix CPE gen for k8s python client (#1921)
* chore: update iterations to protect against race (#1927)
* chore(deps): update bootstrap tools to latest versions (#1922)
* fix: Don\'t use the actual redis or grpc CPEs for gems (#1926)
* fix(install): return with right error code (#1915)
* Remove erroneous Java CPEs from generation (#1918)
* chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916)
* Switch UI to bubbletea (#1888)
* fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884)
* add file source digest support (#1914)
* chore(deps): update bootstrap tools to latest versions (#1908)
* chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912)
* chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913)
* doc(readme): add installation section with scoop (#1909)
* Refactor source API (#1846)
* chore(deps): update bootstrap tools to latest versions (#1905)
* Fri Jun 30 2023 kastlAATTb1-systems.de- Update to version 0.84.1:
* chore(deps): update stereoscope to cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903)
* chore(deps): update bootstrap tools to latest versions (#1902)
* fix: discover deb file relationships in distroless images (#1901)
* add oss community board auto-add workflow (#1898)
* chore(deps): update stereoscope to 8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890)
* chore(deps): update bootstrap tools to latest versions (#1894)
* fix: add support for Dart SDK package dependencies (#1891)
* Simplify the SBOM writer interface (#1892)
* fix: improve version detection in Java archive name parsing (#1889)
* fix: only output valid cyclonedx license choices (#1879)
* docs: clarify reasoning of default catalogers for images or directories (#1887)
* Wed Jun 21 2023 kastlAATTb1-systems.de- Update to version 0.84.0:
* Configure chronicle to pre-1.0 mode (#1886)
* chore: update SPDX license list to 3.21 (#1885)
* chore(deps): update bootstrap tools to latest versions (#1880)
* Pad artifact IDs (#1882)
* chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1878)
* Wed Jun 14 2023 kastlAATTb1-systems.de- Update to version 0.83.1:
* chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1874)
* chore(deps): update stereoscope to 5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871)
* chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1876)
* fix: pom properties not setting artifact id (#1870)
* chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to 0.5.2 (#1868)
* Mon Jun 12 2023 kastlAATTb1-systems.de- Update to version 0.83.0:
* fix: handle invalid symlinks (#1861)
* chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to 0.5.1 (#1850)
* chore(deps): update bootstrap tools to latest versions (#1857)
* Pr 1825 (#1865)
* chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862)
* chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863)
* feat: source-version flag (#1859)
* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851)
* accept main.version ldflags even without vcs (#1855)
* feat: add scope to pom properties (#1779)
* chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852)
* chore(deps): bump github.com/docker/docker (#1849)
* Add test to ensure package metadata is represented in the JSON schema (#1841)
* Fix directory resolver to consider CWD and root path input correctly (#1840)
* Migrate location-related structs to the file package (#1751)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843)
* Tue May 23 2023 kastlAATTb1-systems.de- Update to version 0.82.0:
* fix: add panic recovery for license parse (#1839)
* chore: return both failures when failed to retrieve an image with a scheme (#1801)
* Extract go module versions from ldflags for binaries built by go (#1832)
* fix: duplicate packages, support pnpm lockfile v6 (#1778)
* chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834)
* chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829)
* chore(deps): bump github.com/docker/docker (#1833)
* Tue May 23 2023 kastlAATTb1-systems.de- Update to version 0.81.0:
* Keep original FileInfo persisted on file.Metadata structs (#1794)
* chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#1827)
* chore(deps): bump github.com/google/go-containerregistry (#1823)
* chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 (#1822)
* chore(deps): bump github.com/docker/docker (#1824)
* fix: update field plurality of 8.0.0 schema before release (#1820)
* fix: update cataloger to check for expressions before split (#1819)
* feat: update syft license concept to complex struct (#1743)
* fix: cyclonedx depends-on relationship inverted (#1816)
* fix: retain sbom cataloger relationships (#1509)
* feat: warn if parsing newer SBOM (#1810)
* feat: Add R cataloger (#1790)
* update cosign to v2 release (different go module) (#1805)
* fix: Reduce log spam on unknown relationship type (#1797)
* chore(deps): update bootstrap tools to latest versions (#1807)
* chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802)
* chore(deps): bump github.com/docker/docker (#1795)
* chore(deps): bump github.com/google/go-containerregistry (#1796)
* chore(deps): update bootstrap tools to latest versions (#1792)
* Print package list when extra packages found (#1791)
* chore(deps): update bootstrap tools to latest versions (#1786)
* chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787)
* Fri May 05 2023 kastlAATTb1-systems.de- Update to version 0.80.0:
* Update the CPE generation for spring-security-core (#1789)
* chore: do not HTML escape PackageURLs (#1782)
* chore: do not include kernel module cataloger by default (#1784)
* chore(docs): Update lists of catalogers (#1780)
* chore: add more detail on SPDX file IDs (#1769)
* Search /usr/share for rpmdb to fix scan on ostree-managed images (#1756)
* chore(deps): bump github.com/docker/docker (#1767)
* rename sbom.PackageCatalog to sbom.Packages (#1773)
* chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 (#1768)
* Create python requirements metadata (#1759)
* chore: update test redactor ordering (#1765)
* rename pkg.Catalog to pkg.Collection (#1764)
* chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 (#1758)
* chore: go-rpmdb update (#1757)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706)
* fix: Improve pnpm support (#1752)
* Sat Apr 22 2023 kastlAATTb1-systems.de- Update to version 0.79.0:
* feat: Add template func `hasField` (#1754)
* fix: only cache java packages and not source content (#1750)
* Add sections of interest for Gemfile.lock cataloger (#1749)
* fix: update cache.fingerprint file to java-builds dir (#1748)
* Add ALPM Metadata to CYCLONEDX and SPDX output formats (#1747)
* chore: bump stereoscope to latest version (#1741)
* chore(deps): update bootstrap tools to latest versions (#1744)
* chore(deps): bump github.com/docker/docker (#1746)
* Tue Apr 18 2023 kastlAATTb1-systems.de- Update to version 0.78.0:
* Create consul binary classifier (#1738)
* chore(deps): update bootstrap tools to latest versions (#1740)
* Fix kernel cataloger test fixtures (#1742)
* feat: Support scanning license files in golang packages over the network (#1630)
* Add package-to-file location evidence relationships (#1698)
* Add Linux Kernel cataloger (#1694)
* Add annotations for evidence on package locations (#1723)
* add format make target (#1733)
* Update tests to not fail on Mac M1\'s. (#1730)
* Thu Apr 13 2023 kastlAATTb1-systems.de- Update to version 0.77.0:
* chore(deps): update bootstrap tools to latest versions (#1728)
* Add support for nar files. (#1727)
* add highlevel details about catalogers (#1726)
* chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722)
* chore(deps): update stereoscope to e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721)
* feat: gradle lockfile support (#1719)
* chore(deps): bump github.com/docker/docker (#1715)
* chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713)
* chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714)
* chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1716)
* chore(deps): bump peter-evans/create-pull-request from 4 to 5 (#1712)
* Thu Apr 06 2023 kastlAATTb1-systems.de- Update to version 0.76.1:
* chore: update tools-golang to v0.5.0 (#1717)
* Add Nix cataloger (#1696)
* refactor spdx tooling test to reduce intermittent failures (#1707)
* Capture file ownership relationships from portage ecosystem (#1702)
* chore: update deprecated set-output calls (#1705)
* Mon Apr 03 2023 kastlAATTb1-systems.de- Update to version 0.76.0:
* feat: Add config option to allow user to select the default image source location
* chore(deps): bump github.com/docker/docker (#1699)
* chore(deps): update bootstrap tools to latest versions (#1697)
* chore(deps): update stereoscope to d7551b7f46f53179922d6229709d3d1602881080 (#1693)
* 1577 spdxlicense generate (#1691)
* chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to 0.5.3 (#1692)
* feat: scan local go mod cache for licenses of golang packages (#1645)
* chore: fix flaky license sorting (#1690)
* chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1689)
* fix: shell completion by adding missing usage message required by spf13/cobra (#1688)
* chore(deps): update bootstrap tools to latest versions (#1686)
* chore: tweak some workflow text (#1685)
* Remove more side effects from application config testing (#1684)
* Deprecate config.yaml as valid config source; Add unit regression for correct config paths (#1640)
* chore: Update syft bootstrap tools to latest versions. (#1682)
* Update documentation: (#1680)
* chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (#1681)
* fix: reduce logging for bad dpkg lines (#1675)
* fix ruby classifier (#1678)
* feat: add shared dir for easier cleanup (#1676)
* chore(deps): bump github.com/google/go-containerregistry (#1672)
* chore(deps): bump actions/setup-go from 3 to 4 (#1671)
* fix: move defer after error to protect panic case (#1670)
* feat: add argocd, helm, kustomize and kubectl binary classifiers (#1663)
* defer closing file (#1668)
* fix: remove author contributing to javascript CPEs (#1669)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 0.75.0:
* fix: more python matching support (#1667)
* Update syft bootstrap tools to latest versions. (#1666)
* feat: add ruby classifier (#1665)
* Thu Mar 09 2023 kastlAATTb1-systems.de- Update to version 0.74.1:
* Update syft bootstrap tools to latest versions. (#1658)
* fix: improved Python binary detection (#1648)
* fix: suppress some known incorrect vendor candidates for npm CPEs (#1659)
* fix: sanitize SPDX LicenseRefs (#1657)
* chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655)
* chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653)
* chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 (#1654)
* chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656)
* fix: dotnet PURL types are invalid (#1649)
* feat: disable cpe vendor wildcards to reduce false positives (#1647)
* read relative etc/apk/repositories for alpine version when no OS provided (#1615)
* Fri Mar 03 2023 kastlAATTb1-systems.de- Update to version 0.74.0:
* fix: possible race condition (#1639)
* fix: remove APK OriginPackage cpe candidates (#1637)
* fix: rebar lock file decoding panic (#1628)
* fix: handle individual cataloger panics (#1636)
* fix: apk product/vendor generation for old metadata (#1635)
* feat: rust toolchain binary cataloger (#1601)
* feat: retain go package info when no module declared (#1632)
* fix: improved CPE-generation for several more APK packages (#1631)
* chore: update deprecated release flag (#1629)
* chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
* feat: add support for SUPPORT_END in /etc/os-release (#1612)
* fix: further improvements to CPE generation for apk packages (#1623)
* chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1625)
* chore(deps): bump actions/checkout from 2 to 3 (#1626)
* feat: set cosign attest predicate type based on Syft output type (#1598)
* chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 (#1609)
* fix: correct apk purls for other distros (#1620)
* refactor: move apk upstream logic to apk metadata (#1619)
* fix: decoding null apk metadata pullDependencies (#1614)
* feat: haproxy binary matcher (#1591)
* fix: determine upstream for apk version streams (#1610)
* fix: improve CPE generation for curl APK (#1608)
* Revert \"add workaround for macos github actions cache issue (#1584)\" (#1605)
* Thu Feb 23 2023 kastlAATTb1-systems.de- Update to version 0.73.0:
* Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604)
* chore: fix cataloger_test (#1603)
* fix: merging of binary packages (#1583)
* fix: issue when matching format versions (#1585)
* chore: update syft bootstrap tools to latest versions. (#1593)
* feat: add perl binary classifier (#1592)
* Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602)
* Update SPDX license list to 3.20 (#1600)
* chore: update SPDX license list (#1599)
* fix cataloger selection to be more specific (#1582)
* add workaround for macos github actions cache issue (#1584)
* Thu Feb 16 2023 kastlAATTb1-systems.de- Update to version 0.72.0:
* Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576)
* chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574)
* chore: update bug issue template (#1571)
* allow convert to take stdin (#1570)
* fix: improve CPE and upstream generation logic for Alpine packages (#1567)
* fix: missing APK node vulnerabilities (#1565)
* fix: python CPE generation for alpine (#1564)
* chore(deps): bump github.com/docker/docker (#1563)
* Fri Feb 10 2023 kastlAATTb1-systems.de- Update to version 0.71.0:
* switch from trigger-release target to release target (#1560)
* Speed up cataloging by replacing globs searching with index lookups (#1510)
* Update syft bootstrap tools to latest versions. (#1549)
* Fix installed versions (#1556)
* chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558)
* feat: add postgresql classifier (#1536)
* Add release trigger (#1501)
* chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552)
* chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551)
* fix: add support for licenses not found on list (#1540)
* Update syft bootstrap tools to latest versions. (#1541)
* feat: Allow specific versions of formats to be specified (#1543)
* Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539)
* source: when base is set, responsePath should be absolute (#1542)
* Sat Feb 04 2023 kastlAATTb1-systems.de- Update to version 0.70.0:
* fix: update config struct to not decode password/key (#1538)
* Update syft bootstrap tools to latest versions. (#1537)
* feat: add traefik classifier (#1504)
* fix: don\'t hardcode Cosign attest type (#1533)
* chore(deps): bump github.com/docker/docker (#1531)
* Update syft bootstrap tools to latest versions. (#1530)
* Thu Feb 02 2023 kastlAATTb1-systems.de- Update to version 0.69.1:
* chore: update spdx/tools-golang to v0.5.0-rc1 (#1503)
* feat: update golang to 1.19 (#1526)
* Update syft bootstrap tools to latest versions. (#1525)
* Tue Jan 31 2023 kastlAATTb1-systems.de- Update to version 0.69.0:
* Allow scanning unpacked container filesystems (#1485)
* fix: allow template for syft convert (#1521)
* 1465 attestation with private key (#1502)
* Thu Jan 26 2023 kastlAATTb1-systems.de- Update to version 0.68.1:
* fix: add relevant CPEs to python and busybox classifiers (#1517)
* Update syft bootstrap tools to latest versions. (#1515)
* chore: correct bootstrap tool script (#1514)
* chore(deps): bump github.com/google/go-containerregistry (#1513)
* Fix AssertEncoderAgainstGoldenSnapshot calls to conditionally update (#1511)
* chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505)
* chore(deps): bump github.com/docker/docker (#1506)
* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507)
* chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508)
* Bump github.com/spdx/tools-golang to v0.4.0 (#1450)
* Sat Jan 21 2023 kastlAATTb1-systems.de- Update to version 0.68.0:
* Fix panic in apkdb parsing on empty \"provides\" values (#1494)
* push detailed log statements to trace-level (#1500)
* npm: package-lock license decoding to accept string or array (#1482)
* always set the package ID for java packages (#1493)
* fix: skip filling in empty fields in APK metadata (#1484)
* chore(deps): bump github.com/facebookincubator/nvdtools (#1499)
* chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498)
* chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497)
* chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496)
* chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495)
* Relax error conditions for catalogers (#1492)
* feat: add memcached classifier (#1486)
* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488)
* chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489)
* chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490)
* chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491)
* chore(deps): bump github.com/google/go-containerregistry (#1487)
* chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475)
* chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477)
* chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476)
* chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474)
* chore(deps): bump github/codeql-action from 1 to 2 (#1473)
* chore(deps): bump actions/setup-go from 2 to 3 (#1472)
* Add dependabot (#1451)- skip non-existent release 0.67.x
* Fri Jan 20 2023 kastlAATTb1-systems.de- Update to version 0.66.2:
* chore: use checkout v3 with new depth (#1471)
* chore: use checkout v2 for tag depth (#1470)
* fix: nil panic in graalvm cataloger (#1468)
* add linter for type assertion checks (#1469)
* fix: bump golang.org/x/net to v0.4.0 (#1467)
* fix: bump golang.org/x/text to v0.3.8 (#1466)
* bootstrap within composite action (#1461)
* chore: revert GolangBinMetadata name and make analogous GolangModMetadata (#1458)
* README: update Nix installation instructions (#1455)
* Fri Jan 13 2023 kastlAATTb1-systems.de- Update to version 0.66.1:
* fix: update graalvm cataloger to fix panic (#1454)
* chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452)
* Fri Jan 13 2023 kastlAATTb1-systems.de- Update to version 0.66.0:
* feat: Add the origin field to the output format of syftjson (#1327)
* chore: update schema (#1449)
* feat: prefer known CPE vendors over other candidates (#1294)
* fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442)
* feat: add BeamVM Hex support (#1073)
* feat: add apache httpd binary classifier (#1448)
* chore: claim artifacthub package ownership from developer-guy (#881)
* Parallel package catalog processing (#1355)
* feat: Add php binary catalogers (#1444)
* Update syft bootstrap tools to latest versions. (#1443)
* fix: duplicate file in tar archive causes read to fail (#1445)
* Add support for GraalVM Native Image executables. (#1276)
* Add redis binary classifier (#1438)
* docs: add cataloger construction summary (#1434)
* chore: update bootstrap tools to latest versions. (#1428)
* Add alpine type to purl (#1431)
* Thu Jan 05 2023 kastlAATTb1-systems.de- Update to version 0.65.0:
* adding purl types for binary classifiers (#1435)
* chore: refactor basic CPE functionality to its own package (#1436)
* fix: typo in os.Getwd error message (#1433)
* fix: additional excessive go binary warnings (#1432)
* docs: migrate to homebrew-core (#1427)
* Wed Jan 04 2023 kastlAATTb1-systems.de- Update to version 0.64.0:
* fix: unicode output in cyclonedx-json format (#1420)
* fix: excessive go binary warnings (#1424)
* feat: update spdx format model to produce valid spdx json documents (#1418)
* clean package names in python parsers (#1417)
* docs: update schema name to 2.3 (#1416)
* feat: add h1digest when scanning go.mod (#1405)
* feat: Add license parsing for java (#1385)
* fix: cyclonedx component type for binaries (#1406)
* fix: openjdk detection pattern (#1415)
* bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (#1404)
* Add NetBSD support. (#1412)
* Fri Dec 16 2022 kastlAATTb1-systems.de- Update to version 0.63.0:
* feat: add catalog delete (#1377)
* docs: remove file classifier (#1397)
* chore: update latest cyclonedx library (#1390)
* feat: Add Java binary catalogers (#1392)
* chore: Update SPDX license list to 3.19 (#1389)
* fix: add manual vendor/product removal to fix false flags (#1070)
* Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (#1395)
* chore: fix test busybox image sha (#1393)
* fix: go version not properly identified in binary (#1384)
* Thu Dec 01 2022 kastlAATTb1-systems.de- Update to version 0.62.3:
* Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (#1376)
* fix: Update node binary package name (#1375)
* feat: Generic Binary Cataloger (#1336)
* recover from bad parsing of golang binary (#1371)
* Fix parsing of apk databases with large entries (#1365)
* Update syft bootstrap tools to latest versions. (#1369)
* Mon Nov 28 2022 kastlAATTb1-systems.de- Update to version 0.62.2:
* fix: guard for locations < 1 in alpmdb parse (#1366)
* fix: remove cabal.project.freeze panic on last pkg (#1363)
* fix: requirements.txt - return unicode only letter/num for version (#1361)
* Update syft bootstrap tools to latest versions. (#1356)
* Mon Nov 21 2022 kastlAATTb1-systems.de- Update to version 0.62.1:
* fix: sort relationships in SPDX output (#1350)
* chore: add debug logging for decode errors (#1352)
* feat(npm): handle aliases in package-lock.json (#1349)
* Sat Nov 19 2022 kastlAATTb1-systems.de- Update to version 0.62.0:
* fix: spdx java checksum correctness (#1348)
* feat: Add support for npm lockfile version 3 (#1206)
* Fri Nov 18 2022 kastlAATTb1-systems.de- Update to version 0.61.0:
* 1111 clean name bug (#1347)
* Add spdx relationship encoding for dependencies (#1342)
* feat: SPDX 2.3 support (#1311)
* SBOM cataloger (#1029)
* chore: clean up linting configuration (#1343)
* fix: Unmarshal Syft JSON with missing metadata (#1338)
* fix apk decode for older data shapes (#1341)
* chore: add unit test for wolfi os release identification (#1340)
* fix: Output only valid CPEs for CycloneDX OS components (#1339)
* feat: Add `--name` option to override name in output (#1269)
* Add support for dependency relationships for alpine (apk) (#1063)
* normalize alpm md5 refs (#1333)
* Update java generic cataloger (#1329)
* Support encoding map types to CycloneDX properties (#1332)
* Update swift cataloger to generic cataloger (#1324)
* port rust cataloger to new generic cataloger pattern (#1323)
* port ruby cataloger to new generic cataloger pattern (#1322)
* port rpm cataloger to new generic cataloger pattern (#1321)
* port python cataloger to new generic cataloger pattern (#1319)
* Update portage cataloger to new generic cataloger (#1316)
* port php cataloger to new generic cataloger pattern (#1315)
* Tue Nov 15 2022 kastlAATTb1-systems.de- Update to version 0.60.3:
* javascript cataloger: node binary: nil pointer dereference (#1313)
* Fix: Include version information in binary cataloger CPEs (#1310)
* fix: only generate PURL on empty string (#1312)
* add s3 credentials to release (#1309)
* port javascript cataloger to new generic cataloger pattern (#1308)
* Tue Nov 15 2022 kastlAATTb1-systems.de- Update to version 0.60.2:
* chore: update goreleaser brew token (#1306)
* fix: Decode binary and unknown metadata (#1307)
* Tue Nov 15 2022 kastlAATTb1-systems.de- Update to version 0.60.1:
* chore: update github token permissions for goreleaser (#1305)
* Tue Nov 15 2022 kastlAATTb1-systems.de- Update to version 0.60.0:
* fix: update ci secret to use new password (#1304)
* fix: update secret value to use new cert cahin (#1303)
* fix: verbose quill release failures (#1302)
* fix: unterminated quoted string (#1300)
* fix: update Makefile to remove old signing arch (#1299)
* feat: add nodejs-binary package classifier (#1296)
* update go-rpmdb to improve parsing of installed files (#1297)
* docs: update attestation directions with new cosign changes
* fix: Continue parsing Python RECORD files when bad lines encountered (#1295)
* Fix #1245 Update SPDX license list to 3.18 (#1259)
* fix: Resolve Maven POM expressions (#1251) (#1278)
* port haskell cataloger to new generic cataloger pattern (#1290)
* port golang cataloger to new generic cataloger pattern (#1289)
* port deb/dpkg cataloger to new generic cataloger pattern (#1288)
* update cataloger tests to use pkgtest utils (#1287)
* port dotnet cataloger to new generic cataloger pattern (#1286)
* port dart cataloger to new generic cataloger pattern (#1285)
* port conan cataloger to new generic cataloger pattern (#1284)
* port apk cataloger to new generic cataloger pattern (#1283)
* replace signing tooling with quill (#1280)
* Upgrade generic cataloger (#1281)
* Update syft bootstrap tools to latest versions. (#1282)
* replace logger interface with anchore/go-logger (#1279)
* Update syft bootstrap tools to latest versions. (#1267)
* Add go binary h1 digest to SPDX (#1265)
* fix: move reproduction to top of issue (#1264)
* fix: update syftjson ID to match major schema version (#1274)
* Use in-toto CycloneDX predicate to be compatible with cosign (#1270)
* chore: handle deprecated SPDX license: StandardML-NJ (#1266)
* Tue Oct 18 2022 kastlAATTb1-systems.de- Update to version 0.59.0:
* Fixes #1179 Deprecated SPDX license (#1263)
* feat: add RelationshipsBySourceOwnership to syft json output (#1248)
* fix: reset merged package into map; (#1258)
* refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
* Update syft bootstrap tools to latest versions. (#1254)
* Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
* Update syft bootstrap tools to latest versions. (#1244)
* fix apkdb checksum representation (#1247)
* feat: add identifiable field to source object (#1243)
* feat: attest support for Singularity images (#1201)
* Update syft bootstrap tools to latest versions. (#1239)
* Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240)
* fix: Follow symlinks when searching for globs in all-layers scope (#1221)
* update requires to use list; remove field (#1234)
* Fri Sep 30 2022 kastlAATTb1-systems.de- Update to version 0.58.0:
* Add Conan (C/C++) conan.lock file support (#1230)
* add sequence diagrams and flesh out TODO notes (#1233)
* Do not fail if unable to parse `.rpm` file (#1232)
* fix: support exclude patterns on Windows (#1228)
* Update syft bootstrap tools to latest versions. (#1225)
* Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224)
* Update syft bootstrap tools to latest versions. (#1223)
* Update syft bootstrap tools to latest versions. (#1220)
* Wed Sep 21 2022 kastlAATTb1-systems.de- Update to version 0.57.0:
* feat: catalog python files for installed-files.txt file metadata (#1217)
* Stabilize SPDX JSON output sorting (#1216)
* bug: remove chance for panic; provide default attestation path (#1214)
* refactor: update Makefile organization; update DEVELOPING.md instructions (#1212)
* refactor: replace ioutil=>io; update linter (#1211)
* Update bootstrap tools to latest versions. (#1204)
* Add gosimports (#1205)
* refactor: move formats from internal into syft module (#1172)
* Tue Sep 13 2022 kastlAATTb1-systems.de- Update to version 0.56.0:
* warn on errors from RPM DB parsing (#1200)
* docs: improve Singularity image source docs (#1190)
* Add RPM file scanning support (#1188)
* Normalize syft-json output (#1194)
* Revert \"External sources configuration (#1158)\" (#1191)
* Update syft bootstrap tools to latest versions. (#1186)
* Fix RPM DB license handling (#1184)
* Update syft bootstrap tools to latest versions. (#1182)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.55.0:
* update stereoscope to latest (#1181)
* Update syft bootstrap tools to latest versions. (#1180)
* Bug fix for 1095 - syft conversion option error (#1177)
* Update syft bootstrap tools to latest versions. (#1176)
* enhance development support on macOS ARM (#1163)
* Capture if a node module is private (#1161)
* Find version numbers from jars with different naming conventions (#1174)
* Update syft bootstrap tools to latest versions. (#1171)
* Fix update-bootstrap-tools workflow (#1170)
* workflow to create automated PRs to update bootstrap tools (#1167)
* feat: add support for licenses in package-lock json v2 (#1164)
* External sources configuration (#1158)
* feat: add support for pnpm (#1166)
* Prevent symlinks causing duplicate package-file relationships (#1168)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.54.0:
* Associate node package licenses from node_modules (#1152)
* Give the contributing guide a substantial rework (#1155)
* fix: extract file ids correctly for spdx-json (#1156)
* metadata decoding should be optional (#1154)
* Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151)
* Add modularitylabel metadata to RPM type records generated by syft (#1148)
* Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149)
* retraction for mispublished versions (#1147)
* cataloger configuration is respected regardless of source (#1142)
* Update README.md (#1146)
* bump cosign to v1.10.1 (#1144)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.53.4:
* Update stereoscope to get rid of the replace directive (#1140)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.53.3:
* Correct squashfs import and fix incorrect bouncer configuration (#1138)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.53.2:
* Overwrite deprecated SPDX licenses automatically (#1009)
* disable release for docker assets (#1137)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.53.1:
* improve docker release bootstrap (#1136)
* Singularity Image Support (#974)
* Wed Sep 07 2022 kastlAATTb1-systems.de- Update to version 0.53.0:
* remove docker login from keychain (#1135)
* remove ENV checks from siging script (#1134)
* remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133)
* remove prefixed v from tag to match release (#1131)
* rollback actions-setup-docker to earlier version (#1130)
* Bump go-rustaudit to support rustaudit 0.2.0 (#1127)
* bump bouncer to v0.4.0 (#1125)
* Added ppc64le supported to the syft:debug image (#1124)
* add a cataloger for binaries built with rust-audit (#1116)
* bump goreleaser to v1.10.3 (#1123)
* bump golangci-lint to v1.47.2 (#1122)
* bump cosign in bootstrap-tools to v1.10.0 (#1121)
* Added s390x support (#1117)
* Delete pr_action.yaml (#1120)
* fix: use generic instead of not generating purl (#1119)
* bump cosign to v1.10.0 (#1114)
* Thu Jul 21 2022 kastlAATTb1-systems.de- Update to version 0.52.0:
* Update sigstore/rekor dependency (#1112)
* Added ppc64le support (#1099)
* patch-distroless-ghcr (#1110)
* add distroless debug image to published release (#1106)
* update help formatting (#1105)
* feat: implement haskell support (#1096)
* Add the -r argument for gnu xargs (#1103)
* fix: -o output option to include formats (#1102)
* moves go-rpmdb to latest; libc => v1.16.7 (#1098)
* Sat Jul 16 2022 kastlAATTb1-systems.de- Update to version 0.51.0:
* feat: add support for cocoapods (Swift/Objective-C) (#1081)
* Fix package url for Go modules with no / (#1092)
* Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090)
* feat: output attestation to file (#1087)
* Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089)
* Add portage support for Gentoo Linux (#1076)
* Add PR action back to workflow with new token (#1086)
* Wed Jul 06 2022 kastlAATTb1-systems.de- Update to version 0.50.0:
* feat: add new login cmd (#1068)
* update AltRpmDbGlob with comment and context (#1085)
* feat: add support for conan packages (C/C++) (#1083)
* add golang main module and pseudo-version (#916)
* fix: add glob to filter list to ensure rpm metadata files are matched… (#1079)
* remove pr automation until service account creation (#1080)
* fix: purl generation for pom.xml (#1078)
* Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072)
* fix: add new languages found in cpes (#1069)
* fix: add php catalogers to all catalogers (#1065)
* feat: add use-all-catalogers flag (#1050)
* Mon Jun 27 2022 kastlAATTb1-systems.de- Update to version 0.49.0:
* Updates parsing of `yarn.lock` to use `resolved` URLs that are pulled from yarn and npm registries (#926)
* remove OSS Meetup message (#1057)
* add pom.xml cataloger (#1055)
* Add support for CBL-Mariner distroless images (#1045)
* Add catalogers configuration (#1038)
* add template output (#1051)
* Wed Jun 22 2022 kastlAATTb1-systems.de- Update to version 0.48.1:
* update stereoscope to latest version (#1052)
* Wed Jun 22 2022 kastlAATTb1-systems.de- Update to version 0.48.0:
* update zip_read_closer to incorporate zip64 support (#1041)
* Add pacman (alpm) parser support (#943)
* Wed Jun 22 2022 kastlAATTb1-systems.de- Update to version 0.47.0:
* Update of README.md (#1027)
* bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025)
* add workflows to test new project automation (#1023)
* improve LanguageByName and add unit tests (#1034)
* Read Description from dpkg status files (#996)
* Add announcement for Anchore OSS Virtual Meetup (#1033)
* add main module field to go bin metadata (#1026)
* Add filters to package cataloger (#1021)
* change draft to false for release process (#1016)
* Support RPM distros with newer RPM db formats (#1018)
* fix: add component list to prevent cyclone-dx panic (#1015)
* Mon Jun 06 2022 Johannes Kastl - first version of package syft at version 0.46.3