chore(deps): update dependency anchore/syft to v1.45.0 #234

2026-06-02T23:07:08+02:00

CSRBot commented

2026-06-02 23:07:08 +02:00

This PR contains the following updates:

Package	Update	Change
anchore/syft	minor	`1.44.0` → `1.45.0`

⚠️ Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

anchore/syft (anchore/syft)

`v1.45.0`

Compare Source

Added Features

Add support for ZapAddOns as jar files [#4654 #4932 @douglasclarke]
MySQL binary classifier should distinguish between MySQL Cluster (ndb) and MySQL [#3297 #4907 @witchcraze]
Catalog ingress-nginx binary [#4818 #4857 @witchcraze]

Bug Fixes

Support helm binary various versions [#4820 #4922 @witchcraze]
Support julia binary various versions [#4867 #4945 @witchcraze]
Support deno binary old versions [#4865 #4939 @witchcraze]
Compressed kernel modules are not scanned by the linux-kernel-cataloger [#4721 #4740 @will-bates11]
Yarn Berry lockfile parser incorrectly deduplicates packages with multiple resolutions [#4691 #4838 @calumleslie]
Possible misdetection of AWS-LC as OpenSSL 1.1.1 [#4539 #4882 @witchcraze]
Support elixir binary rc versions [#4819 #4851 @ChrisJr404]
Exclude path ending with a slash are discarded [#4839 #4892 @ChrisJr404]
Incorrect CPE for .NET Runtime [#4738 #4743 @PGrayCS]
fix parsing of debian/copyright files [#4708 #4754 @Bahtya]
Grype ignores python requirements in arbitrary equality (===) format [#4834 #4835 @cyphercodes]
valkey is detected as both of valkey and redis [#4591 #4619 @witchcraze]
TypeByName missing "nuget" case causes UnknownPkg when reading SPDX SBOMs [#4837 #4848 @ChrisJr404]

Additional Changes

hoist name normalization regexp to package level [#4926 @matiasinsaurralde]
bump the actions-minor-patch group across 1 directory with 6 updates [#4946 @dependabot]
bump the actions-minor-patch group across 2 directories with 2 updates [#4936 @dependabot]
bump the actions-minor-patch group across 1 directory with 4 updates [#4927 @dependabot]
bump the actions-minor-patch group across 1 directory with 2 updates [#4920 @dependabot]
bump the actions-minor-patch group across 1 directory with 2 updates [#4897 @dependabot]
update CPE dictionary index [#4831 @anchore-oss-update-bot]

(Full Changelog)

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [anchore/syft](https://github.com/anchore/syft) | minor | `1.44.0` → `1.45.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the warning logs for more information. --- ### Release Notes <details> <summary>anchore/syft (anchore/syft)</summary> ### [`v1.45.0`](https://github.com/anchore/syft/releases/tag/v1.45.0) [Compare Source](https://github.com/anchore/syft/compare/v1.44.0...v1.45.0) ##### Added Features - Add support for ZapAddOns as jar files \[[#4654](https://github.com/anchore/syft/issues/4654) [#4932](https://github.com/anchore/syft/pull/4932) [@douglasclarke](https://github.com/douglasclarke)] - MySQL binary classifier should distinguish between MySQL Cluster (ndb) and MySQL \[[#3297](https://github.com/anchore/syft/issues/3297) [#4907](https://github.com/anchore/syft/pull/4907) [@witchcraze](https://github.com/witchcraze)] - Catalog ingress-nginx binary \[[#4818](https://github.com/anchore/syft/issues/4818) [#4857](https://github.com/anchore/syft/pull/4857) [@witchcraze](https://github.com/witchcraze)] ##### Bug Fixes - Support helm binary various versions \[[#4820](https://github.com/anchore/syft/issues/4820) [#4922](https://github.com/anchore/syft/pull/4922) [@witchcraze](https://github.com/witchcraze)] - Support julia binary various versions \[[#4867](https://github.com/anchore/syft/issues/4867) [#4945](https://github.com/anchore/syft/pull/4945) [@witchcraze](https://github.com/witchcraze)] - Support deno binary old versions \[[#4865](https://github.com/anchore/syft/issues/4865) [#4939](https://github.com/anchore/syft/pull/4939) [@witchcraze](https://github.com/witchcraze)] - Compressed kernel modules are not scanned by the linux-kernel-cataloger \[[#4721](https://github.com/anchore/syft/issues/4721) [#4740](https://github.com/anchore/syft/pull/4740) [@will-bates11](https://github.com/will-bates11)] - Yarn Berry lockfile parser incorrectly deduplicates packages with multiple resolutions \[[#4691](https://github.com/anchore/syft/issues/4691) [#4838](https://github.com/anchore/syft/pull/4838) [@calumleslie](https://github.com/calumleslie)] - Possible misdetection of AWS-LC as OpenSSL 1.1.1 \[[#4539](https://github.com/anchore/syft/issues/4539) [#4882](https://github.com/anchore/syft/pull/4882) [@witchcraze](https://github.com/witchcraze)] - Support elixir binary rc versions \[[#4819](https://github.com/anchore/syft/issues/4819) [#4851](https://github.com/anchore/syft/pull/4851) [@ChrisJr404](https://github.com/ChrisJr404)] - Exclude path ending with a slash are discarded \[[#4839](https://github.com/anchore/syft/issues/4839) [#4892](https://github.com/anchore/syft/pull/4892) [@ChrisJr404](https://github.com/ChrisJr404)] - Incorrect CPE for .NET Runtime \[[#4738](https://github.com/anchore/syft/issues/4738) [#4743](https://github.com/anchore/syft/pull/4743) [@PGrayCS](https://github.com/PGrayCS)] - fix parsing of debian/copyright files \[[#4708](https://github.com/anchore/syft/issues/4708) [#4754](https://github.com/anchore/syft/pull/4754) [@Bahtya](https://github.com/Bahtya)] - Grype ignores python requirements in arbitrary equality (===) format \[[#4834](https://github.com/anchore/syft/issues/4834) [#4835](https://github.com/anchore/syft/pull/4835) [@cyphercodes](https://github.com/cyphercodes)] - valkey is detected as both of valkey and redis \[[#4591](https://github.com/anchore/syft/issues/4591) [#4619](https://github.com/anchore/syft/pull/4619) [@witchcraze](https://github.com/witchcraze)] - TypeByName missing "nuget" case causes UnknownPkg when reading SPDX SBOMs \[[#4837](https://github.com/anchore/syft/issues/4837) [#4848](https://github.com/anchore/syft/pull/4848) [@ChrisJr404](https://github.com/ChrisJr404)] ##### Additional Changes - hoist name normalization regexp to package level \[[#4926](https://github.com/anchore/syft/pull/4926) [@matiasinsaurralde](https://github.com/matiasinsaurralde)] - bump the actions-minor-patch group across 1 directory with 6 updates \[[#4946](https://github.com/anchore/syft/pull/4946) [@dependabot](https://github.com/dependabot)] - bump the actions-minor-patch group across 2 directories with 2 updates \[[#4936](https://github.com/anchore/syft/pull/4936) [@dependabot](https://github.com/dependabot)] - bump the actions-minor-patch group across 1 directory with 4 updates \[[#4927](https://github.com/anchore/syft/pull/4927) [@dependabot](https://github.com/dependabot)] - bump the actions-minor-patch group across 1 directory with 2 updates \[[#4920](https://github.com/anchore/syft/pull/4920) [@dependabot](https://github.com/dependabot)] - bump the actions-minor-patch group across 1 directory with 2 updates \[[#4897](https://github.com/anchore/syft/pull/4897) [@dependabot](https://github.com/dependabot)] - update CPE dictionary index \[[#4831](https://github.com/anchore/syft/pull/4831) [@anchore-oss-update-bot](https://github.com/anchore-oss-update-bot)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.44.0...v1.45.0)** </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

CSRBot added 1 commit 2026-06-02 23:07:09 +02:00

chore(deps): update dependency anchore/syft to v1.45.0

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 15s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 8s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 33s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 14s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 8s

Details

Lint Markdown files / Run markdown linter (pull_request) Successful in 4s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 21s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 31s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 22s

Details

cf67271e61

CSRBot scheduled this pull request to auto merge when all checks succeed 2026-06-02 23:07:11 +02:00

CSRBot merged commit 53c9594ab4 into master

2026-06-02 23:09:01 +02:00

CSRBot deleted branch renovate/actions

2026-06-02 23:09:02 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: volker.raschek/db-wait#234