Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/sbom-action
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.22.2
Choose a base ref
...
head repository: anchore/sbom-action
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.23.0
Choose a head ref
  • 10 commits
  • 32 files changed
  • 5 contributors

Commits on Feb 9, 2026

  1. chore(deps): bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 (#588) 

    Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.4.1 to 0.5.0.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@1356984...0dce257)

---
updated-dependencies:
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 9, 2026
    Configuration menu
    Copy the full SHA
    fff8762 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2026

  1. chore(deps): bump npm-check-updates in the non-major group (#584) 

    Bumps the non-major group with 1 update: [npm-check-updates](https://github.com/raineorshine/npm-check-updates).


Updates `npm-check-updates` from 19.3.1 to 19.3.2
- [Release notes](https://github.com/raineorshine/npm-check-updates/releases)
- [Changelog](https://github.com/raineorshine/npm-check-updates/blob/main/CHANGELOG.md)
- [Commits](raineorshine/npm-check-updates@v19.3.1...v19.3.2)

---
updated-dependencies:
- dependency-name: npm-check-updates
  dependency-version: 19.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 10, 2026
    Configuration menu
    Copy the full SHA
    debc3ee View commit details
    Browse the repository at this point in the history

  2. chore(deps-dev): bump the dev-dependencies group with 4 updates (#583) 

    Bumps the dev-dependencies group with 4 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [type-fest](https://github.com/sindresorhus/type-fest).


Updates `@types/node` from 25.0.10 to 25.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/parser)

Updates `type-fest` from 5.4.1 to 5.4.2
- [Release notes](https://github.com/sindresorhus/type-fest/releases)
- [Commits](sindresorhus/type-fest@v5.4.1...v5.4.2)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: type-fest
  dependency-version: 5.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 10, 2026
    Configuration menu
    Copy the full SHA
    77fae5a View commit details
    Browse the repository at this point in the history

  3. chore(deps): update Syft to v1.42.0 (#589) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Feb 10, 2026
    Configuration menu
    Copy the full SHA
    74c5ce9 View commit details
    Browse the repository at this point in the history

Commits on Feb 11, 2026

  1. fix(dev): switch to esbuild (#590) 

    The newest @vercel/ncc is not able to build with newer dependencies that are
only ESM modules. Therefore, switch to esbuild.

Additionally, include some dependency bumps that were blocked on this issue.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
    @willmurphyscode
    willmurphyscode authored Feb 11, 2026
    Configuration menu
    Copy the full SHA
    2d09430 View commit details
    Browse the repository at this point in the history

Commits on Feb 18, 2026

  1. ci(syft auto update): npm ci, not npm install (#597) 

    Otherwise npm install can introduce needless diff and open a PR even when the
latest syft didn't change.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
    @willmurphyscode
    willmurphyscode authored Feb 18, 2026
    Configuration menu
    Copy the full SHA
    d032d7d View commit details
    Browse the repository at this point in the history

  2. chore(deps-dev): bump the dev-dependencies group with 3 updates (#592) 

    Bumps the dev-dependencies group with 3 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) and [type-fest](https://github.com/sindresorhus/type-fest).


Updates `@types/node` from 25.1.0 to 25.2.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jest` from 29.12.1 to 29.12.2
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v29.12.1...v29.12.2)

Updates `type-fest` from 5.4.2 to 5.4.3
- [Release notes](https://github.com/sindresorhus/type-fest/releases)
- [Commits](sindresorhus/type-fest@v5.4.2...v5.4.3)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: eslint-plugin-jest
  dependency-version: 29.12.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: type-fest
  dependency-version: 5.4.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 18, 2026
    Configuration menu
    Copy the full SHA
    e2bd58a View commit details
    Browse the repository at this point in the history

  3. fix tests and bump fast-xml-parser (#598) 

    * fix(tests): update test import path

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* dependencies: bump fast-xml-parser

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

---------

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
    @willmurphyscode
    willmurphyscode authored Feb 18, 2026
    Configuration menu
    Copy the full SHA
    60619e7 View commit details
    Browse the repository at this point in the history

Commits on Feb 19, 2026

  1. chore(deps): update Syft to v1.42.1 (#599) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Feb 19, 2026
    Configuration menu
    Copy the full SHA
    6d473d3 View commit details
    Browse the repository at this point in the history

Commits on Feb 23, 2026

  1. chore(deps/test): move to es modules, node:test, single dist file (#595) 

    Signed-off-by: Keith Zantow <kzantow@gmail.com>
    @dependabot
    dependabot[bot] authored Feb 23, 2026
    Configuration menu
    Copy the full SHA
    17ae174 View commit details
    Browse the repository at this point in the history
Loading