Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/syft
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.29.1
Choose a base ref
...
head repository: anchore/syft
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.30.0
Choose a head ref
  • 12 commits
  • 22 files changed
  • 6 contributors

Commits on Jul 30, 2025

  1. chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 (#4096) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4e828ff...51f7732)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 30, 2025
    1 Configuration menu
    Copy the full SHA
    801b21b View commit details
    Browse the repository at this point in the history

Commits on Jul 31, 2025

  1. chore(deps): update tools to latest versions (#4108) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Jul 31, 2025
    Configuration menu
    Copy the full SHA
    5af72b6 View commit details
    Browse the repository at this point in the history

Commits on Aug 4, 2025

  1. chore(deps): update CPE dictionary index (#4112) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Aug 4, 2025
    Configuration menu
    Copy the full SHA
    3820cba View commit details
    Browse the repository at this point in the history

  2. chore(deps): update tools to latest versions (#4111) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Aug 4, 2025
    Configuration menu
    Copy the full SHA
    fad9340 View commit details
    Browse the repository at this point in the history

Commits on Aug 7, 2025

  1. chore(deps): bump actions/cache in /.github/actions/bootstrap (#4120) 

    Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@5a3ec84...0400d5f)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2025
    Configuration menu
    Copy the full SHA
    b59c902 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/cache from 4.2.3 to 4.2.4 (#4119) 

    Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@5a3ec84...0400d5f)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2025
    Configuration menu
    Copy the full SHA
    118f564 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump docker/login-action from 3.4.0 to 3.5.0 (#4115) 

    Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@74a5d14...184bdaa)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 7, 2025
    Configuration menu
    Copy the full SHA
    d4d3111 View commit details
    Browse the repository at this point in the history

  4. fix: nondeterministic Java archive cataloging and improve groupID (#4118 

    )

Signed-off-by: Keith Zantow <kzantow@gmail.com>
    @kzantow
    kzantow authored Aug 7, 2025
    Configuration menu
    Copy the full SHA
    8c6a2bc View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2025

  1. feat: add binary classifier for hashicorp vault (#4121) 

    * add binary classifier for hashicorp vault

The Go Binary Cataloger isn't able to parse the version out of the
binary shipped in the DockerHub images of hashicorp/vault because the
version of the main module isn't set in the binary. Therefore, add a
binary classifier cataloger for this binary.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* chore: add test fixtures, update vault

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: set binary classifier package type based on PURL

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: use github.com/hashicorp/vault as package name

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: update tests

Signed-off-by: Keith Zantow <kzantow@gmail.com>

---------

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
    @willmurphyscode @kzantow
    willmurphyscode and kzantow authored Aug 8, 2025
    Configuration menu
    Copy the full SHA
    594b309 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 (#4124) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.7 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@51f7732...76621b6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 8, 2025
    Configuration menu
    Copy the full SHA
    7b92913 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 (#4123) 

    Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.26.0 to 0.27.0.
- [Commits](golang/mod@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 8, 2025
    Configuration menu
    Copy the full SHA
    7a9e1e0 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 (#4122) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.42.0 to 0.43.0.
- [Commits](golang/net@v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 8, 2025
    Configuration menu
    Copy the full SHA
    49736e7 View commit details
    Browse the repository at this point in the history
Loading