Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

syft-1.16.0-1.1 RPM for riscv64

From OpenSuSE Ports Tumbleweed for riscv64

Name: syft Distribution: openSUSE Tumbleweed
Version: 1.16.0 Vendor: openSUSE
Release: 1.1 Build date: Tue Nov 5 10:43:28 2024
Group: Unspecified Build host: reproducible
Size: 47533304 Source RPM: syft-1.16.0-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/anchore/syft
Summary: CLI tool and library for generating a Software Bill of Materials
A CLI tool and Go library for generating a Software Bill of Materials (SBOM)
from container images and filesystems. Exceptional for vulnerability detection
when used with a scanner like Grype.

Provides

Requires

License

Apache-2.0

Changelog

* Tue Nov 05 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.16.0:
    * chore: prevent file resolver from bubbling errors in binary
      cataloger (#3410)
    * chore(deps): update stereoscope to
      cbd43fb4e5d348fe680066ee6329385fd6a4f827 (#3411)
    * chore(deps): update CPE dictionary index (#3414)
    * chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
      (#3408)
    * chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
      to 1.0.0 (#3409)
    * chore(deps): update stereoscope to
      2ce1e520983b1c21d5150d7fae2b39e8e5ab9063 (#3405)
    * Issue #3143 – fixed format conversion docs link (#3407)
    * feat: support dependencies and purl for Native Image SBOMs
      (#3399)
    * chore(deps): update stereoscope to
      9c92fe30492ffeba14ed2e23ad1fd923341dda4f (#3398)
    * feat: exclude devDependencies from package-lock.json parsing
      (#3371)
    * chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
      (#3394)
    * chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
      (#3393)
    * fix: stack overflow in spyingIoReadCloser (#3392)
    * fix: bad pom files may cause infinite loop (#3391)
* Tue Oct 29 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.15.0:
    * chore(deps): update stereoscope to
      bcc40c6817524718277256d6b774ce643f98640a (#3388)
    * chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#3384)
    * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
      to 1.1.2 (#3385)
    * chore(deps): update tools to latest versions (#3383)
    * chore(deps): update CPE dictionary index (#3387)
    * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3380)
    * feat: multi-level configuration and profiles (#3337)
    * feat: Java dependency graph information (#3363)
    * Expanded dpkg cataloger globs (#3373)
    * Enable cargo-auditable-binary-cataloger for files/directories
      (#3376)
    * chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
      (#3374)
    * chore(deps): bump github.com/charmbracelet/lipgloss (#3375)
    * chore(deps): update stereoscope to
      6db3c175f1f836e552b01ee70e5d5528cc04bce4 (#3362)
    * chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#3364)
    * chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
      (#3365)
    * chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to
      5.6.0 (#3367)
* Tue Oct 22 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.14.2:
    * Create single license scanner for all catalogers (#3348)
    * chore(deps): update stereoscope to
      a38c93517fc7d67ca1af826ac529a06c05b571d2 (#3357)
    * chore(deps): update CPE dictionary index (#3358)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.6.0 to
      6.6.1 (#3361)
    * update to latest packageurl-go (#3347)
    * chore(deps): update tools to latest versions (#3342)
    * chore(deps): update stereoscope to
      9e57bce5efeb0ffe27770dd0b8eb2eef8b38512f (#3338)
    * chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
      (#3344)
    * fix: use official CPE for linux kernel (#3343)
    * chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
      (#3340)
    * fix: improve mariadb binary classifer to detect older versions
      (#3339)
* Tue Oct 15 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.14.1:
    * fix: stop some log.Warn spam due parsing an empty string as a
      CPE (#3330)
    * chore(deps): update stereoscope to
      1cc8a41d447d0d092699be2b700b8ba62e870434 (#3334)
    * chore(deps): update stereoscope to
      1cc8a41d447d0d092699be2b700b8ba62e870434 (#3332)
    * chore(deps): update stereoscope to
      93f8a11331e3d50f751e4d0ec5b63f3df309e9e5 (#3331)
    * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
      (#3326)
    * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
      (#3327)
    * chore(deps): update CPE dictionary index (#3323)
    * fix: improve go binary semver extraction for traefik (#3325)
    * chore(deps): update stereoscope to
      92e97a1cf36d162bad51ccc6aba0cce7a4dcfbf4 (#3322)
    * chore(deps): update stereoscope to
      c04af061af62ab3ba6ab6760613526eaa7fcb163 (#3319)
    * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.1
      to 4.7.0 (#3321)
    * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.3
      (#3314)
    * shorten release docs (#3318)
    * docs: clearer deprecation message for --file (#3310)
    * [docs] Add mastodon link to README.md (#3306)
    * chore(deps): update stereoscope to
      5bc91bf166769e43d8d0f86c02e877c55eb04aed (#3313)
    * chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#3312)
    * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
      (#3307)
    * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3308)
    * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
      (#3309)
* Wed Oct 09 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.14.0:
    * feat: report unknowns in sbom (#2998)
    * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
      (#3299)
    * chore(deps): update stereoscope to
      efa76446cc1c7e6c4117350943a2754b2453aec4 (#3301)
    * chore(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
      (#3304)
    * chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3305)
    * chore(deps): update CPE dictionary index (#3302)
    * Fix: Parse package.json with non-standard fields in 'author'
      section (#3300)
    * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
      (#3298)
    * chore: add pull request template (#3294)
    * chore(deps): update tools to latest versions (#3296)
    * Track supporting DPKG evidence (#3228)
    * Fix: make failed CPE validation correctly return error (#2762)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to
      6.6.0 (#3293)
    * feat: update haproxy classifier (#3277)
    * chore(deps): update tools to latest versions (#3291)
    * fix: don't use builtin scanner in licensecheck (#3290)
    * chore(deps): update CPE dictionary index (#3288)
    * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
      (#3289)
    * update redis classifier (#3281)
    * fix: improve node classifier version matching (#3284)
    * fix: update ruby classifier for -rc, -dev, etc. versions
      (#3285)
    * chore(deps): update CPE dictionary index (#3262)
    * chore(deps): bump github.com/docker/docker (#3264)
    * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
      (#3275)
    * chore(deps): update stereoscope to
      dc10ea61fd18efa45b516eda4de8bc19d8322429 (#3280)
    * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3283)
    * add awaiting response management (#3272)
    * fix: correct excluded mount point comparison to file paths
      (#3269)
* Tue Sep 24 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.13.0:
    * Add JVM cataloger (#3217)
    * feat: classifier for Dart lang binaries (#3265)
    * Add compliance policy for empty name and version (#3257)
    * chore(deps): bump github.com/github/go-spdx/v2 from 2.3.1 to
      2.3.2 (#3254)
    * chore(deps): bump peter-evans/create-pull-request from 7.0.3 to
      7.0.5 (#3255)
    * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
      (#3256)
    * chore(deps): update tools to latest versions (#3259)
    * chore(deps): bump github.com/docker/docker (#3260)
    * feat: add binary classifiers for lighttp, proftpd, zstd, xz,
      gzip, jq, and sqlcipher (#3252)
    * fix: capture-snippet.sh can handle leading whitespaces now
      (#3249) (#3250)
    * chore(deps): update tools to latest versions (#3251)
    * chore(deps): update tools to latest versions (#3247)
    * chore(deps): update tools to latest versions (#3243)
    * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
      to 0.9.1 (#3242)
    * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
      (#3241)
    * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
      7.0.3 (#3240)
    * chore(deps): update tools to latest versions (#3231)
    * chore(deps): update CPE dictionary index (#3232)
    * chore(deps): update tools to latest versions (#3205)
    * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
      to 1.1.1 (#3225)
    * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
      7.0.2 (#3226)
    * chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
      (#3229)
    * feat: --enrich flag for data enrichment feature enablement
      (#3182)
* Thu Sep 12 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.12.2 (no releases between 1.11.1 and this
    one):
    * chore: make ci-check.sh an executable file (#3220)
    * chore(deps): bump github.com/opencontainers/runc from 1.1.12 to
      1.1.14 (#3219)
    * chore: restore ci-check.sh script (#3218)
    * Add haskell binaries cataloger (#3078)
    * chore(deps): update CPE dictionary index (#3206)
    * chore(deps): bump golang.org/x/net from 0.28.0 to 0.29.0
      (#3203)
    * Add the Ocaml ecosystem (#3112)
    * chore(deps): bump github.com/charmbracelet/bubbles from 0.19.0
      to 0.20.0 (#3209)
    * chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0
      (#3210)
    * chore(deps): bump github.com/docker/docker (#3211)
    * chore(deps): bump github.com/dave/jennifer from 1.7.0 to 1.7.1
      (#3212)
    * dont cleanup cache in forks (#3214)
    * less verbose java logging when non-fatal issues arise (#3208)
    * Slim down docker cache size (#3190)
    * chore(deps): bump peter-evans/create-pull-request from 7.0.0 to
      7.0.1 (#3196)
    * chore(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0
      (#3197)
    * fix: haproxy classifier for versions with -dev suffix (#3180)
    * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to
      3.3.0 (#3177)
    * chore(deps): update CPE dictionary index (#3183)
    * chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0
      (#3184)
    * chore(deps): bump peter-evans/create-pull-request from 6.1.0 to
      7.0.0 (#3187)
    * fix: properly decode SPDX license expressions in CycloneDX
      format (#3175)
    * chore(deps): bump github.com/docker/docker (#3168)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#3171)
    * chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6
      (#3173)
    * fix: cycles resolving relative path parent poms with
      parent-defined variables (#3170)
    * fix: improve generated cpes for binaries with existing
      classifiers (#3169)
    * fix: add log time of task (#3105)
    * fix: improve known CPEs and set NVD as source for all current
      binary classifiers (#3167)
    * respond to authoratative CPEs from catalogers (#3166)
    * set cataloger names within package cataloger task (#3165)
    * fix: use official CPE for curl binary cataloger (#3164)
    * chore(deps): update tools to latest versions (#3160)
    * chore(deps): update CPE dictionary index (#3161)
    * chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5
      (#3162)
    * fix ELF package correlations (#3151)
    * chore(deps): update tools to latest versions (#3144)
    * feat: detect curl binaries (#3146)
    * chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2
      (#3155)
    * chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4
      (#3154)
    * chore(deps): update stereoscope to
      e6d086e8bef5fab4fcfbd60c9a759c4cb229decf (#3152)
    * chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0
      to 0.19.0 (#3148)
    * chore(deps): bump github.com/charmbracelet/lipgloss (#3147)
    * chore(deps): bump github.com/anchore/stereoscope (#3153)
    * fix: mysql 8.0.3x binary detection (#3142)
    * chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3
      (#3139)
* Tue Aug 20 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.11.1:
    * fix: logging for remote network calls (#3140)
    * chore(deps): update CPE dictionary index (#3135)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#3137)
    * chore(deps): update tools to latest versions (#3121)
    * chore(deps): bump github.com/docker/docker (#3123)
    * chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1
      (#3124)
    * chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2
      (#3129)
    * fix: add nil check to CycloneDX toBomProperties (#3119)
    * fix: read CycloneDX BOM components from metadata (#3092)
    * fix: improve groupid extraction for Jenkins plugins (#2815)
    * chore(deps): update CPE dictionary index (#3116)
    * support .kar files (#3113)
    * chore: fix some comments (#3114)
    * chore: fix failing python relationship test (#3117)
    * update-slack-to-discourse (#3111)
* Fri Aug 09 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.11.0:
    * test: increase java purl generation test coverage (#3110)
    * chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.32.0
      (#3106)
    * chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
      (#3107)
    * chore(deps): update tools to latest versions (#3099)
    * chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0
      (#3101)
    * chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6
      (#3102)
    * chore(deps): bump github.com/google/go-containerregistry
      (#3103)
    * chore(deps): bump golang.org/x/net from 0.27.0 to 0.28.0
      (#3104)
    * chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5
      (#3095)
    * chore(deps): update CPE dictionary index (#3094)
    * chore(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0
      (#3096)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.6 to
      0.5.7 (#3097)
    * feat: improved java maven property resolution (#2769)
    * fix: use organization for package supplier when reading Java
      vendor fields  (#3093)
    * chore(deps): update tools to latest versions (#3091)
    * fix: update 'guessMainPackageNameAndVersionFromPomInfo' and
      'artifactIDMatchesFilename' (#3054)
    * fix: update mainModuleVersion function to always prefix `v` to
      findings (#3087)
    * chore: update release script to use gh from binny (#3084)
    * Added the SWI Prolog (swipl) ecosystem (#3076)
* Thu Aug 01 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.10.0:
    * fix: improve determinism in java archive identification (#3085)
    * chore(deps): update stereoscope to
      50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075)
    * chore(deps): update CPE dictionary index (#3079)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to
      0.5.6 (#3082)
    * chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15
      (#3083)
    * fix: traefik classifier (#3077)
    * python-cataloger: fix normalization test (#3073)
    * Only match ldflag version if it matches the main module or
      targets main.version (#3062)
    * python cataloger: allow dots in python package names (#3070)
    * python-cataloger: normalize package names (#3069)
    * chore(deps): bump github.com/docker/docker (#3066)
    * chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14
      (#3072)
    * fix: SPDX output performance with many relationships (#3053)
    * better go mod detection from partial package builds (#3060)
    * chore(deps): update tools to latest versions (#3061)
    * chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1
      to 0.12.1 (#3040)
    * chore: add debug logging for errors reading RPM files (#3051)
    * chore(deps): update CPE dictionary index (#3035)
    * chore(deps): bump github.com/docker/docker (#3055)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to
      0.5.5 (#3056)
    * chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1
      (#3057)
    * chore(deps): bump docker/login-action from 3.2.0 to 3.3.0
      (#3058)
    * chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13
      (#3059)
    * chore(deps): update stereoscope to
      487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032)
    * chore(deps): update tools to latest versions (#3050)
    * docs: CODE_OF_CONDUCT.md (#3046)
    * fix: include CPEs with Maven groupId as vendor (#3045)
    * chore(deps): bump github.com/google/go-containerregistry
      (#3047)
    * chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to
      0.7.2 (#3048)
    * chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2
      (#3039)
    * docs: link to contrib/dev docs in readme (#3029)
    * chore: Fix apache shield in readme (#3021)
    * chore(deps): update tools to latest versions (#3031)
    * chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12
      (#3034)
    * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0
      (#3044)
    * fix: stop panicking on "devel" version go stdlib (#3043)
    * chore: pin fedora image for elf binary test (#3041)
    * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1
      (#3023)
    * chore(deps): update stereoscope to
      27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026)
* Thu Jul 11 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.9.0:
    * chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027)
    * chore(deps): bump github.com/charmbracelet/lipgloss (#3028)
    * fix: stabilize cpe sorting during collection sort (#3009)
    * Map the downloadLocation field for PHP Composer packages
      (#3011)
    * chore(deps): update stereoscope to
      e46739e217969fa67cbe8834b64bb165a10a1548 (#3013)
    * chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
      (#3015)
    * chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0
      (#3014)
    * chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4
      (#3017)
    * chore(deps): bump github.com/google/go-containerregistry
      (#3019)
    * chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0
      (#3020)
    * chore(deps): update CPE dictionary index (#3016)
    * Infer the package type from ELF package notes (#3008)
    * chore(deps): update tools to latest versions (#3003)
    * chore(deps): update CPE dictionary index (#3002)
    * chore(deps): bump github.com/docker/docker (#3006)
    * chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11
      (#3004)
    * chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4
      (#3005)
    * feat: version 3 support for swift package manager of the
      resolved files (#3001)
    * chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to
      0.5.5 (#2999)
    * chore(deps): bump github.com/docker/docker (#2994)
    * Add detection of Erlang in Alpine linux (#2996)
    * chore(deps): update tools to latest versions (#2991)
    * chore(deps): update stereoscope to
      753b5576fe42bc007b22108ad7911d1729957a46 (#2992)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#2995)
* Tue Jun 25 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.8.0:
    * chore(deps): update CPE dictionary index (#2986)
    * chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1
      (#2988)
    * fix: handle errors reading go licenses (#2985)
    * docs: update cyclone-dx documentation (#2983)
    * feat: update syft to generate cyclone-dx 1.6 by default (#2978)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#2982)
    * chore(deps): bump peter-evans/create-pull-request from 6.0.5 to
      6.1.0 (#2975)
    * fix: detection of arangodb 3.12 (#2979)
    * chore: enable dependabot to keep boostrap action updated
      (#2976)
    * chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to
      2.3.1 (#2973)
    * chore(deps): bump github.com/google/go-containerregistry
      (#2971)
    * chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
      (#2972)
* Sat Jun 15 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.7.0:
    * Added Features
    - index known CPEs for wordpress plugins and themes [#2963
      @westonsteimel]
    - Consider Author field for wordpress plugins when generating
      CPEs [#2946 @wagoodman]
    * Bug Fixes
    - improve version extraction from ldflags for pingcap TiDB
      [#2962 @westonsteimel]
    - Trim whitespace from wordpress values [#2945 @wagoodman]
    - Issue scanning Poetry Project with Syft 1.6 and
      cataloger=python-package-cataloger [#2954 #2965 @spiffcs]
    - Poetry's multiple constraints seems to break the parser
      [#2947 #2965 @spiffcs]
    - Golang: Search remote licenses not working in a CI pipeline
      when scanning Docker image [#2798 #2852 @kzantow]
* Mon Jun 10 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.6.0:
    * Added Features
    - Add relationships for go binary packages [#2912 @wagoodman]
    - Add classifier for util-linux [#2933 @LaurentGoderre]
    - Lua: Add support for more advanced syntax [#2908
      @LaurentGoderre]
    - add license field to ELF binary package metadata [#2890
      @brian-ebarb]
    - install.sh: check checksums file's signature [#2884 #2941
      @wagoodman]
    - Detect ELF package notes from fedora binaries [#2713 #2939
      @wagoodman]
    * Bug Fixes
    - Use redhat as namespace for redhat rpms [#2914 @ralphbean]
    - Close sqlite driver after testing sqlite availability [#2922
      @ttc0419]
    - syft does not find anything in archives if /tmp is a tmpfs
      [#2894 #2918 @willmurphyscode]
    - Scanning a git repository folder present in /tmp produce an
      empty sbom [#2847 #2918 @willmurphyscode]
    * Additional Changes
    - update unit tests to use pinned patch version [#2932
      @spiffcs]
    - fix comments and spelling [#2920 @dufucun]
* Fri May 31 2024 andrea.manzini@suse.com
  - Update to version 1.5.0:
    * feat: detect fluent-bit binaries (#2905)
    * bump dependencies
    * Add python wheel egg relationships (#2903)
    * feat: Add Lua cataloger (#2613)
    * feat: add config command (#2892)
    * feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864)
    * Go Mod Cataloger: Remove Replaced Packages (#2891)
    * chore: Reduce length of readme, moving lengthy content to the wiki (#2882)
    * fix: DecoderCollection discarding input from non-seekable Readers (#2878)
    * Fix outdated spdx links (#2865)
    * Use values in relationship To/From fields (#2871)
    * add support for RPM DB package relationships (#2872)
    * fix: capture dependencies when parsing SPDX SBOMs (#2869)
    * Add abstraction for adding relationships from package cataloger results (#2853)
    * chore: fix small tooling error for go.mod (#2868)
* Sun May 12 2024 opensuse_buildservice@ojkastl.de
  - add completion subpackages
  - fix version output
* Fri May 10 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.4.1:
    * fix pruning binary packages when considering ELF packages
      (#2862)
* Thu May 09 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.4.0:
    * feat: add relationships to ELF package discovery (#2715)
    * README.md: link to official wiki (#2858)
    * fix Windows file paths in local go mod cache (#2654)
    * chore(deps): bump github.com/docker/docker (#2859)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#2860)
    * chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4
      (#2855)
    * chore(deps): bump github.com/sassoftware/go-rpmutils from 0.3.0
      to 0.4.0 (#2856)
    * Add relationships for ALPM packages (arch linux) (#2851)
    * Add binary classifier for ArangoDB (#2830)
    * chore(deps): bump golang.org/x/net from 0.24.0 to 0.25.0
      (#2849)
    * chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#2850)
    * chore: use ruleguard to test for missing defer statements
      (#2837)
    * remove homebrew update workflow (#2846)
    * Restore version file update on release (#2844)
    * fix: Add missing CPE for traefik, memcached, and postgres
      binaries (#2845)
    * Add detection for newer version of ErLang/OTP (#2829)
    * fix ui race for package count (#2839)
    * chore(deps): update CPE dictionary index (#2841)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.8 to
      6.5.9 (#2842)
    * chore(deps): bump modernc.org/sqlite from 1.29.8 to 1.29.9
      (#2843)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#2838)
    * add security policy (#2835)
    * chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#2834)
    * chore(deps): update stereoscope to
      2e9894674185d121917b283f773c2b5830f8b360 (#2831)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#2833)
    * chore: fix function name in comment (#2771)
    * chore: enable go-critic deferInLoop lint (#2825)
    * fix: better clean up of file handles (#2823)
    * chore(deps): bump github.com/docker/docker (#2827)
    * fix(spdx): include required fields (#2168)
    * fix: add correct vendor for dnsmasq CPE (#2659)
    * fix: close temp rpmdb file (#2792)
    * chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3
      (#2817)
    * Fill in SPDX originator for all supported package types (#2822)
    * chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11
      (#2821)
* Fri Apr 26 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.3.0:
    * update spdx license list to 3.23 (#2818)
    * fix: re-use embedded union reader if possible (#2814)
    * feat: index known CPEs for go modules (#2816)
    * chore(deps): bump peter-evans/create-pull-request from 6.0.4 to
      6.0.5 (#2812)
    * feat: support multiple known CPEs in index (#2813)
    * chore(deps): update stereoscope to
      8b297badafd5d81fa1187b26ae34dd2a7ce7e425 (#2807)
    * chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2809)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.3 to
      0.5.4 (#2810)
    * Fix removing labels in 'Detect schema changes' job (#2772)
    * chore(deps): bump github.com/docker/docker (#2805)
    * Display which provider caused which error in output (#2757)
    * fix: prefer non-deprecated CPEs and include jenkins plugins
      from plugins.jenkins.io (#2806)
    * feat: index known CPEs for PHP Composer packagist.org packages
      (#2804)
    * chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2
      (#2802)
    * chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3
      (#2803)
    * fix: improvements to known CPE index construction (#2801)
    * fix: exclude known instrumentation jars from being erroneously
      identified (#2796)
    * feat: index known cpes for PHP extensions (#2777)
    * chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#2799)
    * fix: return empty string if dereferncing pom var fails (#2797)
    * chore(deps): bump github.com/docker/docker (#2793)
    * chore(deps): bump modernc.org/sqlite from 1.29.7 to 1.29.8
      (#2794)
    * chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2
      (#2795)
    * chore: cleanup redundant code (#2791)
    * chore(deps): update tools to latest versions (#2789)
    * chore(deps): bump github.com/spdx/tools-golang from 0.5.3 to
      0.5.4 (#2790)
    * chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1
      (#2786)
    * chore(deps): bump peter-evans/create-pull-request from 6.0.3 to
      6.0.4 (#2787)
    * Fix: repeatedly dereference pom variables (#2781)
    * chore(deps): bump modernc.org/sqlite from 1.29.6 to 1.29.7
      (#2783)
    * chore(deps): update CPE dictionary index (#2780)
    * chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0
      (#2779)
    * chore: fix broken cpe index generation task (#2778)
    * chore(deps): bump github.com/docker/docker (#2773)
    * chore(deps): bump peter-evans/create-pull-request from 6.0.2 to
      6.0.3 (#2774)
* Sat Apr 13 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.2.0:
    * fix: more robust go main version extraction (#2767)
    * chore(deps): update tools to latest versions (#2768)
    * fix: binary character in java version (#2766)
    * chore(deps): update tools to latest versions (#2760)
    * chore(deps): bump modernc.org/sqlite from 1.29.5 to 1.29.6
      (#2761)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.6 to
      6.5.8 (#2754)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.2 to
      0.5.3 (#2755)
    * chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10
      (#2756)
    * chore(deps): bump golang.org/x/mod from 0.16.0 to 0.17.0
      (#2751)
    * Differentiate between JRE and JDK (#2748)
    * chore(deps): bump golang.org/x/net from 0.23.0 to 0.24.0
      (#2752)
* Thu Apr 04 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.1.1:
    * chore(deps): update tools to latest versions (#2744)
    * chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0
      (#2747)
    * chore: update anchore/packageurl-go to use latest commits
      (#2746)
    * feat: cataloger for PHP Pecl and PEAR packages (#2604)
    * chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to
      5.12.0 (#2743)
    * chore(deps): update tools to latest versions (#2741)
    * fix: conan poco project cpe (#2740)
    * chore(deps): bump github.com/distribution/reference from 0.5.0
      to 0.6.0 (#2738)
    * chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10
      (#2737)
    * fix: panic scanning binaries without symtab (#2739)
    * chore: remove useless code (#2716)
    * chore(deps): bump google.golang.org/protobuf from 1.31.0 to
      1.33.0 (#2731)
    * chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9
      (#2732)
    * chore(deps): update tools to latest versions (#2733)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.5 to
      6.5.6 (#2734)
    * update release token from readonly to write token (#2735)
* Tue Mar 26 2024 opensuse_buildservice@ojkastl.de
  - Update to version 1.1.0:
    * Adding the ability to retrieve remote licenses from
      package.lock (#2708)
    * dont include labels for dependabot ecosystems (#2720)
    * chore(deps): bump fountainhead/action-wait-for-check from 1.1.0
      to 1.2.0 (#2717)
    * chore(deps): update tools to latest versions (#2726)
    * chore(deps): bump github/codeql-action from 3.24.7 to 3.24.8
      (#2725)
    * chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#2728)
    * chore(deps): bump github.com/docker/docker (#2730)
    * updating credentials to scoped permissions (#2722)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.4 to
      6.5.5 (#2718)
    * chore(deps): bump github.com/google/go-containerregistry
      (#2719)
    * Add detection for Oracle GraalVM (#2705)
    * chore(deps): bump docker/login-action from 3.0.0 to 3.1.0
      (#2714)
    * Add ELF binary package cataloger (#2396)
    * chore(deps): bump modernc.org/sqlite from 1.29.3 to 1.29.5
      (#2710)
    * chore(deps): bump github/codeql-action from 3.24.6 to 3.24.7
      (#2711)
    * chore(deps): bump peter-evans/create-pull-request from 6.0.1 to
      6.0.2 (#2712)
    * Show binary exports, entrypoint, and imports (#2626)
    * chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#2703)
    * chore(deps): bump github.com/knqyf263/go-rpmdb (#2701)
    * chore: reduce duplicate case SwiftPkg (#2696)
    * chore: remove deprecated os.SEEK_SET os.SEEK_CUR (#2693)
    * chore(deps): bump github.com/docker/docker (#2698)
    * chore(deps): bump modernc.org/sqlite from 1.29.2 to 1.29.3
      (#2699)
* Sat Mar 09 2024 andrea.manzini@suse.com
  - Update to version 1.0.1:
    * bump dependencies
    * docs: add simplest example from registry (#2691)
    * fix: Unable to scan OCI images with syft v0.105.1 [#2678 #2683
      @spiffcs]
* Fri Mar 01 2024 andrea.manzini@suse.com
  - Update to version 1.0.0:
    * fix: match OpenSSL letter releases (#2682)
    * Mark duplicated rows in table output (#2679)
    * fix: trim path from deps.json in portable way (#2674)
    * chore(deps): update tools to latest versions (#2680)
    * enforce breaking change bump major version (#2635)
    * docs: fix incorrect flag name in readme (#2677)
    * Consider filesystem types for mount points when ignoring system
      paths (#2675)
    * fix: stop emitting bus events on go mod events (#2673)
    * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to
      6.0.1 (#2676)
    * feat: add `--from` flag, refactor source providers (#2610)
* Tue Feb 27 2024 andrea.manzini@suse.com
  - Update to version 0.105.1:
    * bump deps and build tools
    * fix: SPDX tag value version selector (#2665)
    * fix(install): return appropriate error codes (#2664)
    * chore: update busybox image for acceptance tests (#2663)
    * rename binary classifier cataloger name (#2643)
    * add cataloger selection example (#2646)
    * add syft version used to SBOM tool info by default (#2647)
* Thu Feb 15 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.105.0:
    * Survive indexing dead symlinks (#2645)
    * fix considering base path when ignoring known bad unix paths
      (#2644)
    * test for field conventions in json schema (#2642)
    * feat: Add Wordpress cataloger (#2218)
    * rename binary cataloger to be more unique (#2633)
    * fix: update runner size to use larger HD for codeql (#2641)
    * chore(deps): update tools to latest versions (#2616)
    * chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1
      (#2638)
    * chore(deps): bump dawidd6/action-homebrew-bump-formula (#2639)
    * chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1
      (#2640)
    * fix: add BOMRef to CycloneDX OS Component (#2634)
    * chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2
      (#2629)
    * chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0
      (#2630)
    * fix getting union reader for sif images (#2631)
    * chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
      (#2607)
    * chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0
      (#2625)
    * fix: ensure version output to stdout (#2621)
    * Guess go main module version based on binary contents (#2608)
    * chore(deps): update stereoscope to
      681f6715b0e35686d6e6f40bce109176de1ee274 (#2617)
    * fix readme around templating options (#2612)
    * suppress executable parsing issues (#2614)
    * chore: update license list, cpe dictionary (#2620)
    * chore(deps): update tools to latest versions (#2606)
* Thu Feb 08 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.104.0:
    * fix: incorrect conversion between integer types (#2605)
    * chore(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0
      (#2602)
    * chore(deps): bump github.com/docker/docker (#2601)
    * Fix: unmarshal key values in Java, Go, and Conan metadata
      (#2603)
    * fix(dotnet): prefer portable executable product version when
      semantically greater than file version (#2600)
    * Finalize Conan v2 support (#2587)
    * chore(deps): update tools to latest versions (#2595)
    * chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
      (#2597)
    * chore(deps): update stereoscope to
      bfa15e446f061bda7f68305d2d6240b053f17e0c (#2589)
    * chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#2592)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.0 to
      0.5.2 (#2591)
    * chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0
      (#2593)
    * labeler should ignore latest version (#2588)
    * chore: copy latest schema to stable path for easier diff
      (#2586)
    * Adding metadata fields when parsing yarn.lock and poetry.lock
      (#2350)
    * Add Erlang OTP Application cataloger (#2403)
    * Detect ELF security features (#2443)
    * Add API examples (#2517)
    * feat: Record where CPEs come from (#2552)
    * chore(deps): update stereoscope to
      37291e81936d2b43b3cef56667a741ef715fbfe4 (#2583)
    * chore(deps): bump github.com/charmbracelet/bubbles from 0.17.1
      to 0.18.0 (#2584)
    * swap format readseekers for readers (#2581)
    * translate maps to sequences in pkg metadata (#2553)
    * chore(deps): update tools to latest versions (#2576)
    * chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8
      (#2578)
    * chore(deps): bump marocchino/sticky-pull-request-comment
      (#2579)
    * chore(deps): bump github.com/docker/docker (#2580)
    * chore(deps): update stereoscope to
      db7a4bedaba6ad93becf22ce794f306dfb07fcb9 (#2577)
    * Fix attest with --key (#2551)
    * fix(java): improve identification for org.apache.kafka
      artifacts (#2573)
    * chore: pluralize the flag (#2564)
    * chore(deps): update tools to latest versions (#2566)
    * chore(deps): bump peter-evans/create-pull-request from 5.0.2 to
      6.0.0 (#2567)
    * chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7
      (#2568)
    * re-add cosign signing checksums file (#2572)
* Wed Jan 31 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.103.1:
    * revert cosign signing of release checksums file (#2571)
* Wed Jan 31 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.103.0:
    * bump archiver and stereoscope (#2570)
    * fix: Better test for group ID in filename (#2565)
    * Sign checksums file and add SBOMs on release (#2548)
    * chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6
      (#2560)
    * chore(deps): bump github.com/google/go-containerregistry
      (#2561)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to
      6.5.4 (#2562)
    * chore(deps): update tools to latest versions (#2554)
    * chore(deps): bump github.com/sassoftware/go-rpmutils from 0.2.0
      to 0.3.0 (#2556)
    * chore(deps): bump 8398a7/action-slack from 3.15.1 to 3.16.2
      (#2557)
    * chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2
      (#2558)
    * internalize format helpers (#2543)
    * Internalize CPE generation logic (#2541)
    * chore(deps): update tools to latest versions (#2550)
* Fri Jan 26 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.102.0:
    * Implement golang Purl subpath (#2547)
    * fix migration of integration test (#2546)
    * Use the json schema as input for templating (#2542)
    * Unexport types and functions cataloger packages (#2530)
    * Internalize majority of cmd package (#2533)
    * allow for RPM modularity to be optional (#2540)
    * chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0
      (#2536)
    * chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0
      (#2538)
    * chore(deps): bump github.com/docker/docker (#2537)
    * chore: stop re-exporting wfn.Attributes (#2534)
    * swap format readseekers for readers (#2515)
    * chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5
      (#2531)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.12
      to 0.5.0 (#2532)
    * plumb context through catalogers (#2528)
    * Remove CLI and API deprecations (#2508)
    * Turn off the SBOM cataloger by default (#2527)
    * Re-introduce linux kernel cataloger (#2526)
    * make AllLocations accept a context (#2518)
    * chore(deps): update CPE dictionary index (#2523)
    * fix: minor cataloger and docs nits (#2519)
* Sat Jan 20 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.101.1:
    * Deduplicate digests from user configuration (#2522)
    * update readme and help output to be accurate to syft api
      (#2520)
    * fix: remove second call to finalize as the task handles it
      (#2516)
    * chore(deps): update stereoscope to
      eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510)
    * chore(deps): bump github.com/docker/docker (#2512)
    * chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0
      (#2513)
    * chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4
      (#2514)
    * chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1
      (#2506)
    * chore(deps): bump github.com/google/go-containerregistry
      (#2507)
    * chore: enable automatic approval of dependabot PRs (#2505)
* Thu Jan 18 2024 opensuse_buildservice@ojkastl.de
  - Update to version 0.101.0:
    * include binary cataloger configuration defaults (#2504)
    * feat: classifier for wordpress cli binary (#2473)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to
      6.5.3 (#2502)
    * chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#2503)
    * chore(deps): update tools to latest versions (#2500)
    * chore(deps): bump github.com/cloudflare/circl from 1.3.3 to
      1.3.7 (#2501)
    * Add cataloger list command (#2366)
    * condense binary cataloger config in JSON output (#2499)
    * chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0
      (#2495)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to
      6.5.3 (#2494)
    * chore(deps): update CPE dictionary index (#2491)
    * Replace core SBOM-creation API with builder pattern (#1383)
    * chore(deps): update tools to latest versions (#2488)
    * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#2489)
    * chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3
      (#2481)
    * chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1
      to 0.17.1 (#2475)
    * feat: binary classifiers for Percona Software For MySQL (#2478)
    * feat: binary classifier for pypy (#2474)
    * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to
      6.5.2 (#2476)
    * fix: support traefik binary from the official Docker image
      (#2484)
    * feat: binary classifier for GCC (#2479)
    * chore(deps): update tools to latest versions (#2480)
    * chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0
      (#2482)
    * chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0
      (#2477)
    * Upgrade binary test fixtures management (#2444)
* Sat Jan 06 2024 andrea.manzini@suse.com
  - Update to version 0.100.0:
    * Add ability to extend the binaries cataloguers (#2469)
    * chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2
      (#2464)
    * fix: add missing purl for busybox (#2457)
    * Fix diff error obfuscating binary test failures message (#2468)
    * Replace `packages` command with `scan` (#2446)
    * fix: PURLs with "nuget" type are dotnet packages (#2466)
    * chore(deps): update tools to latest versions (#2459)
    * chore(deps): update CPE dictionary index (#2458)
    * chore: update binary to -x (#2456)
    * Add more functionality to the ErLang parser (#2390)
    * Added OpenSSL binary matcher (#2416)
    * chore(deps): update stereoscope to
      590920dabc5479216e755983d41367b6be3544f3 (#2452)
    * chore(deps): update tools to latest versions (#2451)
    * chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12
      (#2455)
* Thu Dec 21 2023 opensuse_buildservice@ojkastl.de
  - Update to version 0.99.0:
    * chore: remove execute from test fixtures (#2450)
    * chore(deps): update tools to latest versions (#2447)
    * fix: don't panic when hackage missing in haskell stack yaml
      lock (#2448)
    * Add binary classifier for the ERLang interpretter (#2417)
    * Add binary classifier for Julia lang (#2427)
    * Add binary detection for PHP composer (#2432)
    * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0
      (#2433)
    * chore(deps): update CPE dictionary index (#2442)
    * chore(deps): update stereoscope to
      4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440)
    * fix syft-json test to use pretty json for snapshot testing
      (#2441)
    * refactor pkg.Collection (#2439)
    * refactor javascript cataloger to use configuration options when
      creating packages (#2438)
    * use single source of truth for archive options (#2437)
    * fix file digest cataloger when passed coordinates (#2436)
    * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2
      to 0.8.0 (#2413)
    * Look for a maven version in a pom from a parent dependency
      management section (#2423)
    * Parse Python licenses from LicenseExpression entry in the Wheel
    Metadata (#2431)
    * chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11
      (#2430)
    * chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0
      (#2429)
    * chore(deps): update tools to latest versions (#2428)
    * Parse Python licenses from LicenseFile entry in the Wheel
      Metadata (#2331)
    * fix: use filepath instead of path for file source exclusions
      (#2411)
    * chore(deps): bump github.com/charmbracelet/bubbletea (#2424)
    * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0
      (#2425)
    * chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10
      (#2426)
    * chore(deps): bump dawidd6/action-homebrew-bump-formula (#2420)
    * feat: add the option to retrieve remote licenses for projects
      defined in a maven pom (#2409)
    * chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9
      (#2400)
    * chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8
      (#2415)
    * chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to
      5.11.0 (#2414)
    * chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#2401)
    * chore(deps): update tools to latest versions (#2408)
    * chore(deps): update CPE dictionary index (#2412)
    * fix(java): improve identification for org.codehaus.groovy
      artifacts (#2404)
    * fix(java): improve identification for commons-jelly artifacts
      (#2399)
    * fix(java): improve identification for io.minio artifacts
      (#2398)
    * fix(java): improve identification for com.graphql-java
      artifacts (#2397)
    * chore(deps): update tools to latest versions (#2395)
    * chore: enhance java purl generation integration test (#2393)
    * feat: add ability to retrieve remote licenses for yarn.lock
      (#2338)
    * chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1
      (#2392)
    * Retrieve remote licenses using pom.properties when there is no
      pom.xml (#2315)
    * fix(java): improve identification for org.apache.tapestry
      artifacts (#2384)
    * fix(java): improve identification for io.ratpack artifacts
      (#2379)
    * fix(java): improve identification for org.apache.cassandra
      artifacts (#2386)
    * fix(java): improve identification for org.neo4j.procedure
      artifacts (#2388)
    * fix: bump fangs for ptr summarize fix (#2387)
    * fix(java): improve identification for org.elasticsearch
      artifacts (#2383)
    * fix(java): improve identification for org.apache.geode
      artifacts (#2382)
    * fix(java): improve identification for org.apache.tomcat.embed
      artifacts (#2381)
    * fix(java): improve identification for io.projectreactor.netty
      artifacts (#2378)
    * fix(java): improve identification for org.eclipse.platform
      artifacts (#2349)
    * Generalize UI events for cataloging tasks (#2369)
    * chore(deps): update tools to latest versions (#2376)
    * chore(deps): bump github.com/google/go-containerregistry
      (#2377)
    * chore: fix tests failing due to Mac Rosetta cache (#2374)
    * fix: improve dotnet portable executable identification (#2133)
* Thu Nov 30 2023 andrea.manzini@suse.com
  - Update to version 0.98.0:
    * fix file metadata cataloger to use resolved locations (#2370)
    * fix: logging level for parsing potential PE files (#2367)
    * only remove breaking-change label when there are schema changes (#2371)
    * fix: capture root command stdout (#2364)
    * fix: hardcode xalan group ID (#2368)
    * Normalize cataloger configuration patterns (#2365)
    * normalize enums to lowercase with hyphens (#2363)
    * bump deps version
    * fix: index file itself when file scan path has symlink (#2359)
    * use read lock in pkg collection (#2341)
    * Fix the `attest` command (#2337)
    * fix: add manual namespace mapping for org.springframework jars (#2345)
    * Add binary classifiers for MySQL and MariaDB  (#2316)
    * Enhance redis binary classifier (#2329)
    * fix: add manual namespace mapping for org.springframework.security jars (#2343)
    * fix: add manual namespace mapping for org.bouncycastle jars (#2342)
    * Update developer docs to represent the current package layout (#2340)
    * Remove the power-user command and related catalogers (#2306)
    * Add "pretty" json configuration and change default behavior to be space-efficient (#2275)
* Sat Nov 18 2023 kastl@b1-systems.de
  - Update to version 0.97.1:
    * chore(deps): update stereoscope to
      3610f4ef3e83e8ff2edf8859e8916bce326fa260 (#2336)
    * feat: allow for stdout to be buffered on each command (#2335)
* Fri Nov 17 2023 kastl@b1-systems.de
  - Update to version 0.97.0:
    * fix: prevent writing non-report output to stdout (#2324)
    * chore(deps): bump github/codeql-action from 2.22.6 to 2.22.7
      (#2332)
    * export metadata type helper (#2328)
    * fix(java): add manual groupid mappings for org.apache.velocity
      jars (#2327)
    * fix(java): skip maven bundle plugin logic if vendor id and
      symbolic name match (#2326)
    * Refine license searching from groupIDFromJavaMetadata to allow
      for having the artfactId in the groupId (#2313)
    * chore(deps): update tools to latest versions (#2325)
    * chore(deps): update tools to latest versions (#2318)
    * Add license for golang stdlib (#2317)
    * chore(deps): bump github/codeql-action from 2.22.5 to 2.22.6
      (#2321)
    * docs: Update README.md for dotnet-portable-executable (#2322)
    * Fall back to searching maven central using
      groupIDFromJavaMetadata (#2295)
    * rename file.Location.VirtualPath to AccessPath (#2288)
    * chore(deps): update tools to latest versions (#2308)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.11
      to 0.4.12 (#2310)
    * chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0
      (#2311)
* Thu Nov 09 2023 kastl@b1-systems.de
  - Update to version 0.96.0:
    * include image labels in cycloneDX SBOM (#2294)
    * Add accessPath on Location objects to syft-json output (#2287)
    * SPDX file has duplicate sha256 tag in versionInfo (#2300)
    * Check maven central as well for licenses in parents poms for
      nested jars (#2302)
    * chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0
      (#2293)
    * chore(deps): update tools to latest versions (#2301)
    * fix: identify cyclone-json without $schema (#2303)
* Tue Nov 07 2023 kastl@b1-systems.de
  - Update to version 0.95.0:
    * chore: setup release task before calling go releaser (#2297)
    * chore(deps): update tools to latest versions (#2296)
    * chore(deps): update tools to latest versions (#2289)
    * chore(deps): update CPE dictionary index (#2290)
    * chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0
      (#2292)
    * Wire though maven-url to java config (#2291)
    * Use case-insensitive matching for Go license files (#2286)
    * Add a new Java configuration option to recursively search
      parent poms… (#2274)
    * chore(deps): update tools to latest versions (#2280)
    * Follow convention for naming catalogers (#2277)
    * change dir resolver to include virtual path (#2259)
    * fix: syft does not handle the case of parsing a jar with
      multiple poms (#2231)
    * add PURLs when scanning Gradle lock files (#2278)
    * chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0
      (#2279)
    * test: remove dll files and updates tests to use
      versionResources (#2276)
    * fix: update dot net binary parsing logic to remove empty space
      (#2273)
    * Read a license from a parent pom stored in Maven Central
      (#2228)
    * Update README.md to use canonical output format names (fixes
      [#2269]) (#2272)
    * Remove MetadataType from core package object and normalize JSON
      metadataType values (#1983)
    * chore(deps): bump github.com/docker/docker (#2263)
    * chore(deps): update stereoscope to
      5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265)
    * chore(deps): update CPE dictionary index (#2271)
    * chore: fix cpe generation task (#2270)
    * chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0
      (#2262)
    * chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5
      (#2261)
    * chore(deps): update tools to latest versions (#2258)
    * chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to
      5.10.0 (#2256)
    * feat: Perform case insensitive matching on Java license files
      (#2235)
    * Split the sbom.Format interface by encode and decode use cases
      (#2186)
    * Upgrade tool management (#2188)
    * fix: 2179 jar chokes empty lines (#2254)
    * chore(deps): update CPE dictionary index (#2253)
    * fix CPE workflow (#2252)
    * feat: add conaninfo.txt parser to detect conan packages in
      docker images (#2234)
    * chore(deps): update bootstrap tools to latest versions (#2245)
    * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0
      to 4.6.1 (#2248)
    * chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4
      (#2249)
    * fill version info from release and git directly (#2244)
    * Add ruby.NewGemSpecCataloger to DirectoryCatalogers. (#1971)
    * change homebrew release trigger (#2242)
* Fri Nov 03 2023 Johannes Kastl <kastl@b1-systems.de>
  - BuildRequire go1.21
* Sat Oct 21 2023 kastl@b1-systems.de
  - Update to version 0.94.0:
    * Label PRs when the json schema changes (#2240)
    * Add download location when cataloging directory npm package
      lock (#2238)
    * fix: allow packages to be captured from DIST/EGG case (#2239)
    * Account for maven bundle plugin and fix filename matching
      (#2220)
    * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236)
    * Remove internal string set (#2219)
    * bump clio to get stderr reporting fix (#2232)
    * Fix panic for empty input to Swift cataloger (#2226)
    * Add additional license filenames (#2227)
    * chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3
      (#2229)
    * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0
      to 0.9.1 (#2222)
    * chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2
      (#2224)
    * Detect a license file in the root directory or META-INF of a
      jar (#2213)
    * Parse donet dependency trees (#2143)
    * chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
      (#2214)
    * chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
      (#2215)
    * chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0
      to 0.9.0 (#2216)
    * chore: add automated homebrew action (#2164)
    * Add relationships for dpkg packages (#2212)
* Wed Oct 11 2023 kastl@b1-systems.de
  - Update to version 0.93.0:
    * Parse the Maven license from the pom.xml if not contained in
      the mani… (#2115)
    * Refine the docs for building a cataloger (#2175)
    * Fix algo lookup by converting key to lower case (#2207)
    * chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1
      (#2208)
    * feat: add package for go compiler given binary detection
      (#2195)
    * chore(deps): bump github.com/docker/distribution from
      2.8.2+incompatible to 2.8.3+incompatible (#2193)
    * chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0
      (#2202)
    * chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0
      (#2204)
    * chore: update license list to 3.22 (#2201)
    * Add exact syntax of the conversion formats (#2196)
    * chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7
      (#2198)
    * chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0
      (#2199)
    * chore: removes unnecessary conditional (#2194)
    * chore: improve --output help text and deprecate --file (#2187)
    * chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0
      (#2189)
    * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10
      to 0.4.11 (#2191)
    * chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9
      (#2182)
    * chore(deps): update bootstrap tools to latest versions (#2178)
    * chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6
      (#2180)
* Thu Oct 05 2023 andrea.manzini@suse.com
  - Update to version 0.92.0:
    * bump deps to latest version
    * fix: deterministic java purls (#2170)
  - Update to version 0.91.0:
    * fix: prevent errors from clobbering terminal (#2161)
    * Require ordering of relationships when comparing parser output (#2160)
    * Add containerd support (#1793)
    * feat: add dependency information to conan lockfile parser (#2131)
    * fix: encode and decode FileLicenses and FileContents in Syft JSON (#2083)
    * feat: add cyclonedx schema version selection (#2123)
    * fix: allow cyclonedx json input with no components (#2127)
    * fix source-version typo in flag description (#2126)
  - Update to version 0.90.0:
    * fix(help): power-user help text to indicate it supports file-system (#2113)
    * fix: update codeql-analysis for go 1.21 (#2108)
    * feat(cmd/update): add UA header with current ver when check for update (#2100)
    * fix(cdx): validate external refs before encoding (#2091)
    * fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation (#2075)
* Tue Sep 05 2023 kastl@b1-systems.de
  - Update to version 0.89.0:
    * tidy gomod and gitignore (#2082)
    * fix quiet flag (#2081)
    * fix: in some cases, try to use pom info to guess name and
      version to top level jar (#2080)
    * fix: don't panic on universal go binaries (#2078)
    * chore: update CLI to CLIO (#2001)
    * Add registry certificate verification support  (#1734)
    * fix: CPE generation for django (#2068)
* Tue Sep 05 2023 kastl@b1-systems.de
  - Update to version 0.88.0:
    * chore: update quill to the latest version (#2065)
    * fix: duplicate entries in cyclonedx dependency list (#2063)
    * Fix panic in pom parsing (#2064)
    * Fix: don't validate pom declared group (#2054)
    * chore: trace log pom property reflect usage (#2059)
    * fix: do not double-prefix symlink paths that already contain
      volume names (#2051)
    * feat: add bash classifier (#2055)
    * Detect golang boring crypto and fipsonly modules (#2021)
    * fix: properly parse conan ref and include user and channel
      (#2034)
    * chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1
      to 0.8.0 (#2053)
    * Enable reading non-utf-8 encodings for java pom.xml files
      (#2047)
    * feat: 1944 - update purl generation to use a consistent groupID
      (#2033)
    * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1
      (#2049)
    * chore(deps): update bootstrap tools to latest versions (#2048)
    * chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0
      (#2045)
    * chore(deps): update CPE dictionary index (#2043)
    * fill out new version notice (#2042)
* Tue Sep 05 2023 kastl@b1-systems.de
  - Update to version 0.87.1:
    * feat: use java package names to determine known groupids
      (#2032)
    * fix: inconsistent removal of binaries by overlap (#2036)
    * fix: CycloneDX relationships not output or decoded properly
      (#1974)
    * chore: restore cataloger.DefaultConfig (#2028)
* Tue Sep 05 2023 kastl@b1-systems.de
  - Update to version 0.87.0:
    * fix: read direct package files when decoding SPDX tag-value
      (#2014)
    * chore(deps): update bootstrap tools to latest versions (#2022)
    * chore(deps): update CPE dictionary index (#2025)
    * chore(deps): update bootstrap tools to latest versions (#2012)
    * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0
      (#2008)
    * 1948-filter-pkg-by-type (#2011)
    * chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0
      (#2009)
    * fix: SPDX license values and download location (#2007)
    * 931: binary cataloger exclusion defaults for ownership by
      overlap (#1948)
    * chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
      (#2004)
    * chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0
      (#1998)
    * test: add coverage for new rpmdb paths (#1999)
    * chore: improve spdx purl decoding (#1996)
    * fix: gradle lockfile parser groupId handling (#1995)
    * fix: update glob to use newer usr/lib/sysimage path (#1997)
    * fix: opkg search glob (#1994)
    * feat: nginx binary classifier (#1988)
    * Expand deb cataloger to include opkg (#1985)
    * chore(deps): update bootstrap tools to latest versions (#1991)
    * chore(deps): bump github.com/google/go-containerregistry
      (#1993)
    * chore: update bubbly to fix hanging (#1990)
    * chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
      (#1989)
    * feat: use originator logic to fill supplier (#1980)
    * add metadata types to all cpe test fixtures (#1982)
* Tue Aug 01 2023 kastl@b1-systems.de
  - Update to version 0.86.1:
    * fix: default image source name to user input (#1979)
* Tue Aug 01 2023 kastl@b1-systems.de
  - Update to version 0.86.0:
    * chore(deps): update stereoscope to
      d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975)
    * chore: update to latest commit in tools-golang (#1969)
    * Guess unpinned versions in python requirements.txt (#1966)
    * chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2
      (#1965)
    * Fix panic condition on docker pull failure (#1968)
    * bump JSON schema to account for simplified python env markers
      (#1967)
    * feat: support top-level SPDX package and graph (#1934)
    * chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to
      5.8.1 (#1959)
    * Add cataloger for Swift Package Manager. (#1919)
    * chore(deps): update stereoscope to
      d515761c6ca2743a67d7d08053db69235ae76d1d (#1953)
    * chore(deps): bump github.com/docker/docker (#1955)
    * chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to
      5.8.0 (#1951)
    * Introduce indexed embedded CPE dictionary (#1897)
    * chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4
      (#1949)
    * Add support for parsing .NET assemblies (#1943)
    * docs: capture artifactory dev settings from 1895 (#1947)
    * remove build binary and add explicit git ignore
    * docs: update docs with new docker specific instructions (#1941)
    * remove jotframe UI (#1932)
    * fix: remove indirect dependency of circl v1.1.0 (#1940)
    * chore: move wait before iteration to guarantee read before tea
      (#1931)
* Thu Jul 13 2023 kastl@b1-systems.de
  - Update to version 0.85.0:
    * implement ui handle waiter (#1930)
    * fix: background reader apart from global handler for testing
      (#1929)
    * chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0
      (#1928)
    * fix: allow valid cyclonedx input with no components (#1873)
    * fix: "or-later" suffix updated to consider deprecated "+"
      operator (#1907)
    * feat: CLI flag for directory base (#1867)
    * Fix CPE gen for k8s python client (#1921)
    * chore: update iterations to protect against race (#1927)
    * chore(deps): update bootstrap tools to latest versions (#1922)
    * fix: Don't use the actual redis or grpc CPEs for gems (#1926)
    * fix(install): return with right error code (#1915)
    * Remove erroneous Java CPEs from generation (#1918)
    * chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
      (#1916)
    * Switch UI to bubbletea (#1888)
    * fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate
      the link (#1884)
    * add file source digest support (#1914)
    * chore(deps): update bootstrap tools to latest versions (#1908)
    * chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0
      (#1912)
    * chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0
      (#1913)
    * doc(readme): add installation section with scoop (#1909)
    * Refactor source API (#1846)
    * chore(deps): update bootstrap tools to latest versions (#1905)
* Fri Jun 30 2023 kastl@b1-systems.de
  - Update to version 0.84.1:
    * chore(deps): update stereoscope to
      cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903)
    * chore(deps): update bootstrap tools to latest versions (#1902)
    * fix: discover deb file relationships in distroless images
      (#1901)
    * add oss community board auto-add workflow (#1898)
    * chore(deps): update stereoscope to
      8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890)
    * chore(deps): update bootstrap tools to latest versions (#1894)
    * fix: add support for Dart SDK package dependencies (#1891)
    * Simplify the SBOM writer interface (#1892)
    * fix: improve version detection in Java archive name parsing
      (#1889)
    * fix: only output valid cyclonedx license choices (#1879)
    * docs: clarify reasoning of default catalogers for images or
      directories (#1887)
* Wed Jun 21 2023 kastl@b1-systems.de
  - Update to version 0.84.0:
    * Configure chronicle to pre-1.0 mode (#1886)
    * chore: update SPDX license list to 3.21 (#1885)
    * chore(deps): update bootstrap tools to latest versions (#1880)
    * Pad artifact IDs (#1882)
    * chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0
      (#1878)
* Wed Jun 14 2023 kastl@b1-systems.de
  - Update to version 0.83.1:
    * chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1
      (#1874)
    * chore(deps): update stereoscope to
      5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871)
    * chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0
      (#1876)
    * fix: pom properties not setting artifact id (#1870)
    * chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to
      0.5.2 (#1868)
* Mon Jun 12 2023 kastl@b1-systems.de
  - Update to version 0.83.0:
    * fix: handle invalid symlinks (#1861)
    * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to
      0.5.1 (#1850)
    * chore(deps): update bootstrap tools to latest versions (#1857)
    * Pr 1825 (#1865)
    * chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to
      1.9.3 (#1862)
    * chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0
      (#1863)
    * feat: source-version flag (#1859)
    * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0
      (#1851)
    * accept main.version ldflags even without vcs (#1855)
    * feat: add scope to pom properties (#1779)
    * chore(deps): bump github.com/stretchr/testify from 1.8.3 to
      1.8.4 (#1852)
    * chore(deps): bump github.com/docker/docker (#1849)
    * Add test to ensure package metadata is represented in the JSON
      schema (#1841)
    * Fix directory resolver to consider CWD and root path input
      correctly (#1840)
    * Migrate location-related structs to the file package (#1751)
    * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to
      5.7.0 (#1843)
* Tue May 23 2023 kastl@b1-systems.de
  - Update to version 0.82.0:
    * fix: add panic recovery for license parse (#1839)
    * chore: return both failures when failed to retrieve an image
      with a scheme (#1801)
    * Extract go module versions from ldflags for binaries built by
      go (#1832)
    * fix: duplicate packages, support pnpm lockfile v6 (#1778)
    * chore(deps): update stereoscope to
      e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834)
    * chore(deps): bump github.com/stretchr/testify from 1.8.2 to
      1.8.3 (#1829)
    * chore(deps): bump github.com/docker/docker (#1833)
* Tue May 23 2023 kastl@b1-systems.de
  - Update to version 0.81.0:
    * Keep original FileInfo persisted on file.Metadata structs
      (#1794)
    * chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to
      1.9.2 (#1827)
    * chore(deps): bump github.com/google/go-containerregistry
      (#1823)
    * chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to
      1.9.1 (#1822)
    * chore(deps): bump github.com/docker/docker (#1824)
    * fix: update field plurality of 8.0.0 schema before release
      (#1820)
    * fix: update cataloger to check for expressions before split
      (#1819)
    * feat: update syft license concept to complex struct (#1743)
    * fix: cyclonedx depends-on relationship inverted (#1816)
    * fix: retain sbom cataloger relationships (#1509)
    * feat: warn if parsing newer SBOM (#1810)
    * feat: Add R cataloger (#1790)
    * update cosign to v2 release (different go module) (#1805)
    * fix: Reduce log spam on unknown relationship type (#1797)
    * chore(deps): update bootstrap tools to latest versions (#1807)
    * chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802)
    * chore(deps): bump github.com/docker/docker (#1795)
    * chore(deps): bump github.com/google/go-containerregistry
      (#1796)
    * chore(deps): update bootstrap tools to latest versions (#1792)
    * Print package list when extra packages found (#1791)
    * chore(deps): update bootstrap tools to latest versions (#1786)
    * chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787)
* Fri May 05 2023 kastl@b1-systems.de
  - Update to version 0.80.0:
    * Update the CPE generation for spring-security-core (#1789)
    * chore: do not HTML escape PackageURLs (#1782)
    * chore: do not include kernel module cataloger by default
      (#1784)
    * chore(docs): Update lists of catalogers (#1780)
    * chore: add more detail on SPDX file IDs (#1769)
    * Search /usr/share for rpmdb to fix scan on ostree-managed
      images (#1756)
    * chore(deps): bump github.com/docker/docker (#1767)
    * rename sbom.PackageCatalog to sbom.Packages (#1773)
    * chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1
      (#1768)
    * Create python requirements metadata (#1759)
    * chore: update test redactor ordering (#1765)
    * rename pkg.Catalog to pkg.Collection (#1764)
    * chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0
      (#1758)
    * chore: go-rpmdb update (#1757)
    * chore(deps): bump github.com/CycloneDX/cyclonedx-go from
      0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706)
    * fix: Improve pnpm support (#1752)
* Sat Apr 22 2023 kastl@b1-systems.de
  - Update to version 0.79.0:
    * feat: Add template func `hasField` (#1754)
    * fix: only cache java packages and not source content (#1750)
    * Add sections of interest for Gemfile.lock cataloger (#1749)
    * fix: update cache.fingerprint file to java-builds dir (#1748)
    * Add ALPM Metadata to CYCLONEDX and SPDX output formats (#1747)
    * chore: bump stereoscope to latest version (#1741)
    * chore(deps): update bootstrap tools to latest versions (#1744)
    * chore(deps): bump github.com/docker/docker (#1746)
* Tue Apr 18 2023 kastl@b1-systems.de
  - Update to version 0.78.0:
    * Create consul binary classifier (#1738)
    * chore(deps): update bootstrap tools to latest versions (#1740)
    * Fix kernel cataloger test fixtures (#1742)
    * feat: Support scanning license files in golang packages over
      the network (#1630)
    * Add package-to-file location evidence relationships (#1698)
    * Add Linux Kernel cataloger (#1694)
    * Add annotations for evidence on package locations (#1723)
    * add format make target (#1733)
    * Update tests to not fail on Mac M1's. (#1730)
* Thu Apr 13 2023 kastl@b1-systems.de
  - Update to version 0.77.0:
    * chore(deps): update bootstrap tools to latest versions (#1728)
    * Add support for nar files. (#1727)
    * add highlevel details about catalogers (#1726)
    * chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722)
    * chore(deps): update stereoscope to
      e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721)
    * feat: gradle lockfile support (#1719)
    * chore(deps): bump github.com/docker/docker (#1715)
    * chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713)
    * chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714)
    * chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
      (#1716)
    * chore(deps): bump peter-evans/create-pull-request from 4 to 5
      (#1712)
* Thu Apr 06 2023 kastl@b1-systems.de
  - Update to version 0.76.1:
    * chore: update tools-golang to v0.5.0 (#1717)
    * Add Nix cataloger (#1696)
    * refactor spdx tooling test to reduce intermittent failures
      (#1707)
    * Capture file ownership relationships from portage ecosystem
      (#1702)
    * chore: update deprecated set-output calls (#1705)
* Mon Apr 03 2023 kastl@b1-systems.de
  - Update to version 0.76.0:
    * feat: Add config option to allow user to select the default
      image source location
    * chore(deps): bump github.com/docker/docker (#1699)
    * chore(deps): update bootstrap tools to latest versions (#1697)
    * chore(deps): update stereoscope to
      d7551b7f46f53179922d6229709d3d1602881080 (#1693)
    * 1577 spdxlicense generate (#1691)
    * chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to
      0.5.3 (#1692)
    * feat: scan local go mod cache for licenses of golang packages
      (#1645)
    * chore: fix flaky license sorting (#1690)
    * chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3
      (#1689)
    * fix: shell completion by adding missing usage message required
      by spf13/cobra (#1688)
    * chore(deps): update bootstrap tools to latest versions (#1686)
    * chore: tweak some workflow text (#1685)
    * Remove more side effects from application config testing
      (#1684)
    * Deprecate config.yaml as valid config source; Add unit
      regression for correct config paths (#1640)
    * chore: Update syft bootstrap tools to latest versions. (#1682)
    * Update documentation: (#1680)
    * chore: Update Stereoscope to
      7928713c391e20abaede6a029f4ce37b628a4c8b (#1681)
    * fix: reduce logging for bad dpkg lines (#1675)
    * fix ruby classifier (#1678)
    * feat: add shared dir for easier cleanup (#1676)
    * chore(deps): bump github.com/google/go-containerregistry
      (#1672)
    * chore(deps): bump actions/setup-go from 3 to 4 (#1671)
    * fix: move defer after error to protect panic case (#1670)
    * feat: add argocd, helm, kustomize and kubectl binary
      classifiers (#1663)
    * defer closing file (#1668)
    * fix: remove author contributing to javascript CPEs (#1669)
* Mon Mar 13 2023 kastl@b1-systems.de
  - Update to version 0.75.0:
    * fix: more python matching support (#1667)
    * Update syft bootstrap tools to latest versions. (#1666)
    * feat: add ruby classifier (#1665)
* Thu Mar 09 2023 kastl@b1-systems.de
  - Update to version 0.74.1:
    * Update syft bootstrap tools to latest versions. (#1658)
    * fix: improved Python binary detection (#1648)
    * fix: suppress some known incorrect vendor candidates for npm
      CPEs (#1659)
    * fix: sanitize SPDX LicenseRefs (#1657)
    * chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655)
    * chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653)
    * chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5
      (#1654)
    * chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656)
    * fix: dotnet PURL types are invalid (#1649)
    * feat: disable cpe vendor wildcards to reduce false positives
      (#1647)
    * read relative etc/apk/repositories for alpine version when no
      OS provided (#1615)
* Fri Mar 03 2023 kastl@b1-systems.de
  - Update to version 0.74.0:
    * fix: possible race condition (#1639)
    * fix: remove APK OriginPackage cpe candidates (#1637)
    * fix: rebar lock file decoding panic (#1628)
    * fix: handle individual cataloger panics (#1636)
    * fix: apk product/vendor generation for old metadata (#1635)
    * feat: rust toolchain binary cataloger (#1601)
    * feat: retain go package info when no module declared (#1632)
    * fix: improved CPE-generation for several more APK packages
      (#1631)
    * chore: update deprecated release flag (#1629)
    * chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
    * feat: add support for SUPPORT_END in /etc/os-release (#1612)
    * fix: further improvements to CPE generation for apk packages
      (#1623)
    * chore(deps): bump github.com/stretchr/testify from 1.8.1 to
      1.8.2 (#1625)
    * chore(deps): bump actions/checkout from 2 to 3 (#1626)
    * feat: set cosign attest predicate type based on Syft output
      type (#1598)
    * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4
      (#1609)
    * fix: correct apk purls for other distros (#1620)
    * refactor: move apk upstream logic to apk metadata (#1619)
    * fix: decoding null apk metadata pullDependencies (#1614)
    * feat: haproxy binary matcher (#1591)
    * fix: determine upstream for apk version streams (#1610)
    * fix: improve CPE generation for curl APK (#1608)
    * Revert "add workaround for macos github actions cache issue
      (#1584)" (#1605)
* Thu Feb 23 2023 kastl@b1-systems.de
  - Update to version 0.73.0:
    * Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604)
    * chore: fix cataloger_test (#1603)
    * fix: merging of binary packages (#1583)
    * fix: issue when matching format versions (#1585)
    * chore: update syft bootstrap tools to latest versions. (#1593)
    * feat: add perl binary classifier (#1592)
    * Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602)
    * Update SPDX license list to 3.20 (#1600)
    * chore: update SPDX license list (#1599)
    * fix cataloger selection to be more specific (#1582)
    * add workaround for macos github actions cache issue (#1584)
* Thu Feb 16 2023 kastl@b1-systems.de
  - Update to version 0.72.0:
    * Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576)
    * chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574)
    * chore: update bug issue template (#1571)
    * allow convert to take stdin (#1570)
    * fix: improve CPE and upstream generation logic for Alpine packages (#1567)
    * fix: missing APK node vulnerabilities (#1565)
    * fix: python CPE generation for alpine (#1564)
    * chore(deps): bump github.com/docker/docker (#1563)
* Fri Feb 10 2023 kastl@b1-systems.de
  - Update to version 0.71.0:
    * switch from trigger-release target to release target (#1560)
    * Speed up cataloging by replacing globs searching with index lookups (#1510)
    * Update syft bootstrap tools to latest versions. (#1549)
    * Fix installed versions (#1556)
    * chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558)
    * feat: add postgresql classifier (#1536)
    * Add release trigger (#1501)
    * chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552)
    * chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551)
    * fix: add support for licenses not found on list (#1540)
    * Update syft bootstrap tools to latest versions. (#1541)
    * feat: Allow specific versions of formats to be specified (#1543)
    * Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539)
    * source: when base is set, responsePath should be absolute (#1542)
* Sat Feb 04 2023 kastl@b1-systems.de
  - Update to version 0.70.0:
    * fix: update config struct to not decode password/key (#1538)
    * Update syft bootstrap tools to latest versions. (#1537)
    * feat: add traefik classifier (#1504)
    * fix: don't hardcode Cosign attest type (#1533)
    * chore(deps): bump github.com/docker/docker (#1531)
    * Update syft bootstrap tools to latest versions. (#1530)
* Thu Feb 02 2023 kastl@b1-systems.de
  - Update to version 0.69.1:
    * chore: update spdx/tools-golang to v0.5.0-rc1 (#1503)
    * feat: update golang to 1.19 (#1526)
    * Update syft bootstrap tools to latest versions. (#1525)
* Tue Jan 31 2023 kastl@b1-systems.de
  - Update to version 0.69.0:
    * Allow scanning unpacked container filesystems (#1485)
    * fix: allow template for syft convert (#1521)
    * 1465 attestation with private key (#1502)
* Thu Jan 26 2023 kastl@b1-systems.de
  - Update to version 0.68.1:
    * fix: add relevant CPEs to python and busybox classifiers (#1517)
    * Update syft bootstrap tools to latest versions. (#1515)
    * chore: correct bootstrap tool script (#1514)
    * chore(deps): bump github.com/google/go-containerregistry (#1513)
    * Fix AssertEncoderAgainstGoldenSnapshot calls to conditionally update (#1511)
    * chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505)
    * chore(deps): bump github.com/docker/docker (#1506)
    * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507)
    * chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508)
    * Bump github.com/spdx/tools-golang to v0.4.0 (#1450)
* Sat Jan 21 2023 kastl@b1-systems.de
  - Update to version 0.68.0:
    * Fix panic in apkdb parsing on empty "provides" values (#1494)
    * push detailed log statements to trace-level (#1500)
    * npm: package-lock license decoding to accept string or array (#1482)
    * always set the package ID for java packages (#1493)
    * fix: skip filling in empty fields in APK metadata (#1484)
    * chore(deps): bump github.com/facebookincubator/nvdtools (#1499)
    * chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498)
    * chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497)
    * chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496)
    * chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495)
    * Relax error conditions for catalogers (#1492)
    * feat: add memcached classifier (#1486)
    * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488)
    * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489)
    * chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490)
    * chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491)
    * chore(deps): bump github.com/google/go-containerregistry (#1487)
    * chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475)
    * chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477)
    * chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476)
    * chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474)
    * chore(deps): bump github/codeql-action from 1 to 2 (#1473)
    * chore(deps): bump actions/setup-go from 2 to 3 (#1472)
    * Add dependabot (#1451)
  - skip non-existent release 0.67.x
* Fri Jan 20 2023 kastl@b1-systems.de
  - Update to version 0.66.2:
    * chore: use checkout v3 with new depth (#1471)
    * chore: use checkout v2 for tag depth (#1470)
    * fix: nil panic in graalvm cataloger (#1468)
    * add linter for type assertion checks (#1469)
    * fix: bump golang.org/x/net to v0.4.0 (#1467)
    * fix: bump golang.org/x/text to v0.3.8 (#1466)
    * bootstrap within composite action (#1461)
    * chore: revert GolangBinMetadata name and make analogous GolangModMetadata (#1458)
    * README: update Nix installation instructions (#1455)
* Fri Jan 13 2023 kastl@b1-systems.de
  - Update to version 0.66.1:
    * fix: update graalvm cataloger to fix panic (#1454)
    * chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452)
* Fri Jan 13 2023 kastl@b1-systems.de
  - Update to version 0.66.0:
    * feat: Add the origin field to the output format of syftjson (#1327)
    * chore: update schema (#1449)
    * feat: prefer known CPE vendors over other candidates (#1294)
    * fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442)
    * feat: add BeamVM Hex support (#1073)
    * feat: add apache httpd binary classifier (#1448)
    * chore: claim artifacthub package ownership from developer-guy (#881)
    * Parallel package catalog processing (#1355)
    * feat: Add php binary catalogers (#1444)
    * Update syft bootstrap tools to latest versions. (#1443)
    * fix: duplicate file in tar archive causes read to fail (#1445)
    * Add support for GraalVM Native Image executables. (#1276)
    * Add redis binary classifier (#1438)
    * docs: add cataloger construction summary (#1434)
    * chore: update bootstrap tools to latest versions. (#1428)
    * Add alpine type to purl (#1431)
* Thu Jan 05 2023 kastl@b1-systems.de
  - Update to version 0.65.0:
    * adding purl types for binary classifiers (#1435)
    * chore: refactor basic CPE functionality to its own package (#1436)
    * fix: typo in os.Getwd error message (#1433)
    * fix: additional excessive go binary warnings (#1432)
    * docs: migrate to homebrew-core (#1427)
* Wed Jan 04 2023 kastl@b1-systems.de
  - Update to version 0.64.0:
    * fix: unicode output in cyclonedx-json format (#1420)
    * fix: excessive go binary warnings (#1424)
    * feat: update spdx format model to produce valid spdx json documents (#1418)
    * clean package names in python parsers (#1417)
    * docs: update schema name to 2.3 (#1416)
    * feat: add h1digest when scanning go.mod (#1405)
    * feat: Add license parsing for java (#1385)
    * fix: cyclonedx component type for binaries (#1406)
    * fix: openjdk detection pattern (#1415)
    * bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (#1404)
    * Add NetBSD support. (#1412)
* Fri Dec 16 2022 kastl@b1-systems.de
  - Update to version 0.63.0:
    * feat: add catalog delete (#1377)
    * docs: remove file classifier (#1397)
    * chore: update latest cyclonedx library (#1390)
    * feat: Add Java binary catalogers (#1392)
    * chore: Update SPDX license list to 3.19 (#1389)
    * fix: add manual vendor/product removal to fix false flags (#1070)
    * Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (#1395)
    * chore: fix test busybox image sha (#1393)
    * fix: go version not properly identified in binary (#1384)
* Thu Dec 01 2022 kastl@b1-systems.de
  - Update to version 0.62.3:
    * Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (#1376)
    * fix: Update node binary package name (#1375)
    * feat: Generic Binary Cataloger (#1336)
    * recover from bad parsing of golang binary (#1371)
    * Fix parsing of apk databases with large entries (#1365)
    * Update syft bootstrap tools to latest versions. (#1369)
* Mon Nov 28 2022 kastl@b1-systems.de
  - Update to version 0.62.2:
    * fix: guard for locations < 1 in alpmdb parse (#1366)
    * fix: remove cabal.project.freeze panic on last pkg (#1363)
    * fix: requirements.txt - return unicode only letter/num for version (#1361)
    * Update syft bootstrap tools to latest versions. (#1356)
* Mon Nov 21 2022 kastl@b1-systems.de
  - Update to version 0.62.1:
    * fix: sort relationships in SPDX output (#1350)
    * chore: add debug logging for decode errors (#1352)
    * feat(npm): handle aliases in package-lock.json (#1349)
* Sat Nov 19 2022 kastl@b1-systems.de
  - Update to version 0.62.0:
    * fix: spdx java checksum correctness (#1348)
    * feat: Add support for npm lockfile version 3 (#1206)
* Fri Nov 18 2022 kastl@b1-systems.de
  - Update to version 0.61.0:
    * 1111 clean name bug (#1347)
    * Add spdx relationship encoding for dependencies (#1342)
    * feat: SPDX 2.3 support (#1311)
    * SBOM cataloger (#1029)
    * chore: clean up linting configuration (#1343)
    * fix: Unmarshal Syft JSON with missing metadata (#1338)
    * fix apk decode for older data shapes (#1341)
    * chore: add unit test for wolfi os release identification (#1340)
    * fix: Output only valid CPEs for CycloneDX OS components (#1339)
    * feat: Add `--name` option to override name in output (#1269)
    * Add support for dependency relationships for alpine (apk) (#1063)
    * normalize alpm md5 refs (#1333)
    * Update java generic cataloger (#1329)
    * Support encoding map types to CycloneDX properties (#1332)
    * Update swift cataloger to generic cataloger (#1324)
    * port rust cataloger to new generic cataloger pattern (#1323)
    * port ruby cataloger to new generic cataloger pattern (#1322)
    * port rpm cataloger to new generic cataloger pattern (#1321)
    * port python cataloger to new generic cataloger pattern (#1319)
    * Update portage cataloger to new generic cataloger (#1316)
    * port php cataloger to new generic cataloger pattern (#1315)
* Tue Nov 15 2022 kastl@b1-systems.de
  - Update to version 0.60.3:
    * javascript cataloger: node binary: nil pointer dereference (#1313)
    * Fix: Include version information in binary cataloger CPEs (#1310)
    * fix: only generate PURL on empty string (#1312)
    * add s3 credentials to release (#1309)
    * port javascript cataloger to new generic cataloger pattern (#1308)
* Tue Nov 15 2022 kastl@b1-systems.de
  - Update to version 0.60.2:
    * chore: update goreleaser brew token (#1306)
    * fix: Decode binary and unknown metadata (#1307)
* Tue Nov 15 2022 kastl@b1-systems.de
  - Update to version 0.60.1:
    * chore: update github token permissions for goreleaser (#1305)
* Tue Nov 15 2022 kastl@b1-systems.de
  - Update to version 0.60.0:
    * fix: update ci secret to use new password (#1304)
    * fix: update secret value to use new cert cahin (#1303)
    * fix: verbose quill release failures (#1302)
    * fix: unterminated quoted string (#1300)
    * fix: update Makefile to remove old signing arch (#1299)
    * feat: add nodejs-binary package classifier (#1296)
    * update go-rpmdb to improve parsing of installed files (#1297)
    * docs: update attestation directions with new cosign changes
    * fix: Continue parsing Python RECORD files when bad lines encountered (#1295)
    * Fix #1245 Update SPDX license list to 3.18 (#1259)
    * fix: Resolve Maven POM expressions (#1251) (#1278)
    * port haskell cataloger to new generic cataloger pattern (#1290)
    * port golang cataloger to new generic cataloger pattern (#1289)
    * port deb/dpkg cataloger to new generic cataloger pattern (#1288)
    * update cataloger tests to use pkgtest utils (#1287)
    * port dotnet cataloger to new generic cataloger pattern (#1286)
    * port dart cataloger to new generic cataloger pattern (#1285)
    * port conan cataloger to new generic cataloger pattern (#1284)
    * port apk cataloger to new generic cataloger pattern (#1283)
    * replace signing tooling with quill (#1280)
    * Upgrade generic cataloger (#1281)
    * Update syft bootstrap tools to latest versions. (#1282)
    * replace logger interface with anchore/go-logger (#1279)
    * Update syft bootstrap tools to latest versions. (#1267)
    * Add go binary h1 digest to SPDX (#1265)
    * fix: move reproduction to top of issue (#1264)
    * fix: update syftjson ID to match major schema version (#1274)
    * Use in-toto CycloneDX predicate to be compatible with cosign (#1270)
    * chore: handle deprecated SPDX license: StandardML-NJ (#1266)
* Tue Oct 18 2022 kastl@b1-systems.de
  - Update to version 0.59.0:
    * Fixes #1179 Deprecated SPDX license (#1263)
    * feat: add RelationshipsBySourceOwnership to syft json output (#1248)
    * fix: reset merged package into map; (#1258)
    * refactor: Remove experimental Anchore Enterprise upload functionality (#1257)
    * Update syft bootstrap tools to latest versions. (#1254)
    * Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253)
    * Update syft bootstrap tools to latest versions. (#1244)
    * fix apkdb checksum representation (#1247)
    * feat: add identifiable field to source object (#1243)
    * feat: attest support for Singularity images (#1201)
    * Update syft bootstrap tools to latest versions. (#1239)
    * Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240)
    * fix: Follow symlinks when searching for globs in all-layers scope (#1221)
    * update requires to use list; remove field (#1234)
* Fri Sep 30 2022 kastl@b1-systems.de
  - Update to version 0.58.0:
    * Add Conan (C/C++) conan.lock file support (#1230)
    * add sequence diagrams and flesh out TODO notes (#1233)
    * Do not fail if unable to parse `.rpm` file (#1232)
    * fix: support exclude patterns on Windows (#1228)
    * Update syft bootstrap tools to latest versions. (#1225)
    * Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224)
    * Update syft bootstrap tools to latest versions. (#1223)
    * Update syft bootstrap tools to latest versions. (#1220)
* Wed Sep 21 2022 kastl@b1-systems.de
  - Update to version 0.57.0:
    * feat: catalog python files for installed-files.txt file metadata (#1217)
    * Stabilize SPDX JSON output sorting (#1216)
    * bug: remove chance for panic; provide default attestation path (#1214)
    * refactor: update Makefile organization; update DEVELOPING.md instructions (#1212)
    * refactor: replace ioutil=>io; update linter (#1211)
    * Update bootstrap tools to latest versions. (#1204)
    * Add gosimports (#1205)
    * refactor: move formats from internal into syft module (#1172)
* Tue Sep 13 2022 kastl@b1-systems.de
  - Update to version 0.56.0:
    * warn on errors from RPM DB parsing (#1200)
    * docs: improve Singularity image source docs (#1190)
    * Add RPM file scanning support (#1188)
    * Normalize syft-json output (#1194)
    * Revert "External sources configuration (#1158)" (#1191)
    * Update syft bootstrap tools to latest versions. (#1186)
    * Fix RPM DB license handling (#1184)
    * Update syft bootstrap tools to latest versions. (#1182)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.55.0:
    * update stereoscope to latest (#1181)
    * Update syft bootstrap tools to latest versions. (#1180)
    * Bug fix for 1095 - syft conversion option error (#1177)
    * Update syft bootstrap tools to latest versions. (#1176)
    * enhance development support on macOS ARM (#1163)
    * Capture if a node module is private (#1161)
    * Find version numbers from jars with different naming conventions (#1174)
    * Update syft bootstrap tools to latest versions. (#1171)
    * Fix update-bootstrap-tools workflow (#1170)
    * workflow to create automated PRs to update bootstrap tools (#1167)
    * feat: add support for licenses in package-lock json v2 (#1164)
    * External sources configuration (#1158)
    * feat: add support for pnpm (#1166)
    * Prevent symlinks causing duplicate package-file relationships (#1168)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.54.0:
    * Associate node package licenses from node_modules (#1152)
    * Give the contributing guide a substantial rework (#1155)
    * fix: extract file ids correctly for spdx-json (#1156)
    * metadata decoding should be optional (#1154)
    * Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151)
    * Add modularitylabel metadata to RPM type records generated by syft (#1148)
    * Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149)
    * retraction for mispublished versions (#1147)
    * cataloger configuration is respected regardless of source (#1142)
    * Update README.md (#1146)
    * bump cosign to v1.10.1 (#1144)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.53.4:
    * Update stereoscope to get rid of the replace directive (#1140)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.53.3:
    * Correct squashfs import and fix incorrect bouncer configuration (#1138)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.53.2:
    * Overwrite deprecated SPDX licenses automatically (#1009)
    * disable release for docker assets (#1137)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.53.1:
    * improve docker release bootstrap (#1136)
    * Singularity Image Support (#974)
* Wed Sep 07 2022 kastl@b1-systems.de
  - Update to version 0.53.0:
    * remove docker login from keychain (#1135)
    * remove ENV checks from siging script (#1134)
    * remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133)
    * remove prefixed v from tag to match release (#1131)
    * rollback actions-setup-docker to earlier version (#1130)
    * Bump go-rustaudit to support rustaudit 0.2.0 (#1127)
    * bump bouncer to v0.4.0 (#1125)
    * Added ppc64le supported to the syft:debug image (#1124)
    * add a cataloger for binaries built with rust-audit (#1116)
    * bump goreleaser to v1.10.3 (#1123)
    * bump golangci-lint to v1.47.2 (#1122)
    * bump cosign in bootstrap-tools to v1.10.0 (#1121)
    * Added s390x support (#1117)
    * Delete pr_action.yaml (#1120)
    * fix: use generic instead of not generating purl (#1119)
    * bump cosign to v1.10.0 (#1114)
* Thu Jul 21 2022 kastl@b1-systems.de
  - Update to version 0.52.0:
    * Update sigstore/rekor dependency (#1112)
    * Added ppc64le support (#1099)
    * patch-distroless-ghcr (#1110)
    * add distroless debug image to published release (#1106)
    * update help formatting (#1105)
    * feat: implement haskell support (#1096)
    * Add the -r argument for gnu xargs (#1103)
    * fix: -o output option to include formats (#1102)
    * moves go-rpmdb to latest; libc => v1.16.7 (#1098)
* Sat Jul 16 2022 kastl@b1-systems.de
  - Update to version 0.51.0:
    * feat: add support for cocoapods (Swift/Objective-C) (#1081)
    * Fix package url for Go modules with no / (#1092)
    * Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090)
    * feat: output attestation to file (#1087)
    * Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089)
    * Add portage support for Gentoo Linux (#1076)
    * Add PR action back to workflow with new token (#1086)
* Wed Jul 06 2022 kastl@b1-systems.de
  - Update to version 0.50.0:
    * feat: add new login cmd (#1068)
    * update AltRpmDbGlob with comment and context (#1085)
    * feat: add support for conan packages (C/C++) (#1083)
    * add golang main module and pseudo-version (#916)
    * fix: add glob to filter list to ensure rpm metadata files are matched… (#1079)
    * remove pr automation until service account creation (#1080)
    * fix: purl generation for pom.xml (#1078)
    * Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072)
    * fix: add new languages found in cpes (#1069)
    * fix: add php catalogers to all catalogers (#1065)
    * feat: add use-all-catalogers flag (#1050)
* Mon Jun 27 2022 kastl@b1-systems.de
  - Update to version 0.49.0:
    * Updates parsing of `yarn.lock` to use `resolved` URLs that are pulled from yarn and npm registries (#926)
    * remove OSS Meetup message (#1057)
    * add pom.xml cataloger (#1055)
    * Add support for CBL-Mariner distroless images (#1045)
    * Add catalogers configuration (#1038)
    * add template output (#1051)
* Wed Jun 22 2022 kastl@b1-systems.de
  - Update to version 0.48.1:
    * update stereoscope to latest version (#1052)
* Wed Jun 22 2022 kastl@b1-systems.de
  - Update to version 0.48.0:
    * update zip_read_closer to incorporate zip64 support (#1041)
    * Add pacman (alpm) parser support (#943)
* Wed Jun 22 2022 kastl@b1-systems.de
  - Update to version 0.47.0:
    * Update of README.md (#1027)
    * bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025)
    * add workflows to test new project automation (#1023)
    * improve LanguageByName and add unit tests (#1034)
    * Read Description from dpkg status files (#996)
    * Add announcement for Anchore OSS Virtual Meetup (#1033)
    * add main module field to go bin metadata (#1026)
    * Add filters to package cataloger (#1021)
    * change draft to false for release process (#1016)
    * Support RPM distros with newer RPM db formats (#1018)
    * fix: add component list to prevent cyclone-dx panic (#1015)
* Mon Jun 06 2022 Johannes Kastl <kastl@b1-systems.de>
  - first version of package syft at version 0.46.3

Files

/usr/bin/syft
/usr/share/doc/packages/syft
/usr/share/doc/packages/syft/README.md
/usr/share/licenses/syft
/usr/share/licenses/syft/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 19 01:14:14 2024