chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 #97

dependabot · 2024-06-25T12:40:38Z

Bumps github.com/anchore/syft from 1.7.0 to 1.8.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.8.0

Added Features

Add CycloneDX 1.6 Support [#2974 #2978 @ragaskar]

Bug Fixes

Fixed the detection of arangodb 3.12 [#2979 @LaurentGoderre]

Syft tries to create the cache directory at a location that has no permission [#2984 #2985 @kzantow]

(Full Changelog)

Commits

1eae933 chore(deps): update CPE dictionary index (#2986)
863891f chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 (#2988)
bd1c1d2 fix: handle errors reading go licenses (#2985)
f5a917a docs: update cyclone-dx documentation (#2983)
ae06830 feat: update syft to generate cyclone-dx 1.6 by default (#2978)
9b17817 chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
e947779 chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#2975)
7a35de0 fix: detection of arangodb 3.12 (#2979)
246df97 chore: enable dependabot to keep boostrap action updated (#2976)
750d37f chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to 2.3.1 (#2973)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/anchore/syft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 25, 2024

github-actions bot approved these changes Jun 25, 2024

View reviewed changes

spiffcs merged commit 924ce11 into main Jul 2, 2024
3 checks passed

spiffcs deleted the dependabot/go_modules/github.com/anchore/syft-1.8.0 branch July 2, 2024 14:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 #97

chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 #97

dependabot bot commented on behalf of github Jun 25, 2024

chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 #97

chore(deps): bump github.com/anchore/syft from 1.7.0 to 1.8.0 #97

Conversation

dependabot bot commented on behalf of github Jun 25, 2024

v1.8.0

Added Features

Bug Fixes