Skip to content

[updatecli] Bump anchore/syft version to v1.46.0#288

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
updatecli_main_06629c727631ead9d59d398175d9c1ab73d29ea86dc2914410206bab924892fb
Open

[updatecli] Bump anchore/syft version to v1.46.0#288
github-actions[bot] wants to merge 1 commit into
mainfrom
updatecli_main_06629c727631ead9d59d398175d9c1ab73d29ea86dc2914410206bab924892fb

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Bump anchore/syft version

Update version in aqua.yaml

1 file(s) updated with "${1}v1.46.0": * aqua.yaml

v1.46.0
### Added Features

- Add purl types to cataloger info cmd [PR [#4984](https://github.com/anchore/syft/pull/4984) @wagoodman]
- Python cataloger misses uv PEP 723 script lockfiles (`*.py.lock`) [Issue [#4949](https://github.com/anchore/syft/issues/4949)] [PR [#4950](https://github.com/anchore/syft/pull/4950) @ktopcuoglu]
- Add bin classifier for Elastic agen [Issue [#4973](https://github.com/anchore/syft/issues/4973)] [PR [#4968](https://github.com/anchore/syft/pull/4968) @rezmoss]
- SPDX 3 Support [Issue [#4250](https://github.com/anchore/syft/issues/4250)] [PR [#4269](https://github.com/anchore/syft/pull/4269) @kzantow]
- Add Deno support [Issue [#4417](https://github.com/anchore/syft/issues/4417)] [PR [#4523](https://github.com/anchore/syft/pull/4523) @rezmoss]
- Catalog Elastic Beats binary [Issue [#4961](https://github.com/anchore/syft/issues/4961)] [PR [#4969](https://github.com/anchore/syft/pull/4969) @rezmoss]
- Add binary classifiers for Elastic Beats [Issue [#4972](https://github.com/anchore/syft/issues/4972)] [PR [#4969](https://github.com/anchore/syft/pull/4969) @rezmoss]
- Catalog elastic-agent binary [Issue [#4962](https://github.com/anchore/syft/issues/4962)]
- Add support for Bun lockfile (bun.lock) [Issue [#4617](https://github.com/anchore/syft/issues/4617)] [PR [#4625](https://github.com/anchore/syft/pull/4625) @hnnynh]
- Add .bpl file support to the PE / DLL cataloger [Issue [#4664](https://github.com/anchore/syft/issues/4664)] [PR [#4954](https://github.com/anchore/syft/pull/4954) @jfjrh2014]

### Bug Fixes

- respect arch qualifier [PR [#4987](https://github.com/anchore/syft/pull/4987) @willmurphyscode]
- Preserve dependency edges when a compliance stub changes a package ID [PR [#4993](https://github.com/anchore/syft/pull/4993) @wagoodman]
- Support envoy binary various versions [Issue [#4590](https://github.com/anchore/syft/issues/4590)] [PR [#4605](https://github.com/anchore/syft/pull/4605) @rezmoss]
- .net deps.json cataloger shows phantom pkgs for reference assembly library entries [Issue [#4970](https://github.com/anchore/syft/issues/4970)] [PR [#4971](https://github.com/anchore/syft/pull/4971) @rezmoss]
- Syft does not extract package licenses from opkg manager [Issue [#4940](https://github.com/anchore/syft/issues/4940)] [PR [#4963](https://github.com/anchore/syft/pull/4963) @Dashtid]
- squashfs breaks with godisk-fs 1.8.0 [Issue [#4718](https://github.com/anchore/syft/issues/4718)]
- requirements.txt cataloger silently drops PEP 440 local version identifiers, producing incorrect PURL [Issue [#4958](https://github.com/anchore/syft/issues/4958)] [PR [#4959](https://github.com/anchore/syft/pull/4959) @kzantow]

### Dependencies

34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated.

**🟢 Remediated (5)**

- [GHSA-33vj-92qq-66hc](https://github.com/advisories/GHSA-33vj-92qq-66hc) (High) — github.com/containerd/containerd/v2
- [GHSA-cvxm-645q-p574](https://github.com/advisories/GHSA-cvxm-645q-p574) (Medium) — github.com/containerd/containerd/v2
- [GHSA-jpcc-p29g-p8mq](https://github.com/advisories/GHSA-jpcc-p29g-p8mq) (Medium) — github.com/containerd/containerd/v2
- [GHSA-rgh6-rfwx-v388](https://github.com/advisories/GHSA-rgh6-rfwx-v388) (High) — github.com/containerd/containerd/v2
- [GHSA-xhf5-7wjv-pqxp](https://github.com/advisories/GHSA-xhf5-7wjv-pqxp) (High) — github.com/containerd/containerd/v2

<details>
<summary>Updated (31 packages)</summary>

- github.com/ProtonMail/go-crypto `v1.4.0` → `v1.4.1`
- github.com/anchore/bubbly `v0.2.0` → `v0.2.1`
- github.com/anchore/clio `v0.1.0` → `v0.1.1`
- github.com/anchore/fangs `v0.1.0` → `v0.1.1`
- github.com/anchore/go-collections `v0.1.0` → `v0.1.1`
- github.com/anchore/go-homedir `v0.1.0` → `v0.1.1`
- github.com/anchore/go-logger `v0.1.0` → `v0.1.1`
- github.com/anchore/go-lzo `v0.1.0` → `v0.1.1`
- github.com/anchore/go-macholibre `v0.1.0` → `v0.1.1`
- github.com/anchore/go-make `v0.5.0` → `v0.8.0`
- github.com/anchore/go-struct-converter `v0.1.0` → `v0.2.0-rc2`
- github.com/anchore/go-sync `v0.1.0` → `v0.1.1`
- github.com/anchore/stereoscope `v0.2.1` → `v0.2.2`
- github.com/charmbracelet/colorprofile `v0.4.1` → `v0.4.3`
- github.com/clipperhouse/displaywidth `v0.10.0` → `v0.11.0`
- github.com/clipperhouse/uax29/v2 `v2.6.0` → `v2.7.0`
- github.com/containerd/containerd/v2 `v2.3.1` → `v2.3.2` **(🟢 remediated [GHSA-33vj-92qq-66hc](https://github.com/advisories/GHSA-33vj-92qq-66hc), [GHSA-cvxm-645q-p574](https://github.com/advisories/GHSA-cvxm-645q-p574), [GHSA-jpcc-p29g-p8mq](https://github.com/advisories/GHSA-jpcc-p29g-p8mq), [GHSA-rgh6-rfwx-v388](https://github.com/advisories/GHSA-rgh6-rfwx-v388), [GHSA-xhf5-7wjv-pqxp](https://github.com/advisories/GHSA-xhf5-7wjv-pqxp))**
- github.com/docker/cli `v29.4.3+incompatible` → `v29.5.3+incompatible`
- github.com/google/go-containerregistry `v0.21.6` → `v0.21.7`
- github.com/jedib0t/go-pretty/v6 `v6.7.10` → `v6.8.1`
- github.com/mattn/go-runewidth `v0.0.19` → `v0.0.21`
- github.com/spdx/tools-golang `v0.5.7` → `v0.6.0-rc4`
- github.com/sylabs/sif/v2 `v2.24.0` → `v2.24.1`
- golang.org/x/crypto `v0.52.0` → `v0.53.0`
- golang.org/x/mod `v0.36.0` → `v0.37.0`
- golang.org/x/net `v0.55.0` → `v0.56.0`
- golang.org/x/sync `v0.20.0` → `v0.21.0`
- golang.org/x/sys `v0.45.0` → `v0.46.0`
- golang.org/x/term `v0.43.0` → `v0.44.0`
- golang.org/x/text `v0.37.0` → `v0.38.0`
- golang.org/x/tools `v0.45.0` → `v0.46.0`
</details>

<details>
<summary>Added (3 packages)</summary>

- github.com/piprate/json-gold `v0.7.0`
- github.com/pquerna/cachecontrol `v0.0.0-1555304`
- github.com/tailscale/hujson `v0.0.0-ecc657c`
</details>

**[(Full Changelog)](https://github.com/anchore/syft/compare/v1.45.1...v1.46.0)**

GitHub Action workflow link
Updatecli logo

Created automatically by Updatecli

Options:

Most of Updatecli configuration is done via its manifest(s).

  • If you close this pull request, Updatecli will automatically reopen it, the next time it runs.
  • If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.

Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

Made with ❤️️ by updatecli
@github-actions github-actions Bot added the dependencies Pull requests that update a dependency file label Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants