chore(deps): update dependency anchore/syft to v1.46.0 #241

Merged
CSRBot merged 1 commits from renovate/anchore-syft-1.x into master 2026-06-26 14:07:12 +02:00
Collaborator

This PR contains the following updates:

Package Update Change
anchore/syft minor 1.45.11.46.0

Release Notes

anchore/syft (anchore/syft)

v1.46.0

Compare Source

Added Features
Bug Fixes
Dependencies

34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated.

🟢 Remediated (5)

Updated (31 packages)
  • github.com/ProtonMail/go-crypto v1.4.0v1.4.1
  • github.com/anchore/bubbly v0.2.0v0.2.1
  • github.com/anchore/clio v0.1.0v0.1.1
  • github.com/anchore/fangs v0.1.0v0.1.1
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/anchore/go-lzo v0.1.0v0.1.1
  • github.com/anchore/go-macholibre v0.1.0v0.1.1
  • github.com/anchore/go-make v0.5.0v0.8.0
  • github.com/anchore/go-struct-converter v0.1.0v0.2.0-rc2
  • github.com/anchore/go-sync v0.1.0v0.1.1
  • github.com/anchore/stereoscope v0.2.1v0.2.2
  • github.com/charmbracelet/colorprofile v0.4.1v0.4.3
  • github.com/clipperhouse/displaywidth v0.10.0v0.11.0
  • github.com/clipperhouse/uax29/v2 v2.6.0v2.7.0
  • github.com/containerd/containerd/v2 v2.3.1v2.3.2 (🟢 remediated GHSA-33vj-92qq-66hc, GHSA-cvxm-645q-p574, GHSA-jpcc-p29g-p8mq, GHSA-rgh6-rfwx-v388, GHSA-xhf5-7wjv-pqxp)
  • github.com/docker/cli v29.4.3+incompatiblev29.5.3+incompatible
  • github.com/google/go-containerregistry v0.21.6v0.21.7
  • github.com/jedib0t/go-pretty/v6 v6.7.10v6.8.1
  • github.com/mattn/go-runewidth v0.0.19v0.0.21
  • github.com/spdx/tools-golang v0.5.7v0.6.0-rc4
  • github.com/sylabs/sif/v2 v2.24.0v2.24.1
  • golang.org/x/crypto v0.52.0v0.53.0
  • golang.org/x/mod v0.36.0v0.37.0
  • golang.org/x/net v0.55.0v0.56.0
  • golang.org/x/sync v0.20.0v0.21.0
  • golang.org/x/sys v0.45.0v0.46.0
  • golang.org/x/term v0.43.0v0.44.0
  • golang.org/x/text v0.37.0v0.38.0
  • golang.org/x/tools v0.45.0v0.46.0
Added (3 packages)
  • github.com/piprate/json-gold v0.7.0
  • github.com/pquerna/cachecontrol v0.0.0-1555304
  • github.com/tailscale/hujson v0.0.0-ecc657c

(Full Changelog)


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [anchore/syft](https://github.com/anchore/syft) | minor | `1.45.1` → `1.46.0` | --- ### Release Notes <details> <summary>anchore/syft (anchore/syft)</summary> ### [`v1.46.0`](https://github.com/anchore/syft/releases/tag/v1.46.0) [Compare Source](https://github.com/anchore/syft/compare/v1.45.1...v1.46.0) ##### Added Features - Add purl types to cataloger info cmd \[PR [#&#8203;4984](https://github.com/anchore/syft/pull/4984) [@&#8203;wagoodman](https://github.com/wagoodman)] - Python cataloger misses uv PEP 723 script lockfiles (`*.py.lock`) \[Issue [#&#8203;4949](https://github.com/anchore/syft/issues/4949)] \[PR [#&#8203;4950](https://github.com/anchore/syft/pull/4950) [@&#8203;ktopcuoglu](https://github.com/ktopcuoglu)] - Add bin classifier for Elastic agen \[Issue [#&#8203;4973](https://github.com/anchore/syft/issues/4973)] \[PR [#&#8203;4968](https://github.com/anchore/syft/pull/4968) [@&#8203;rezmoss](https://github.com/rezmoss)] - SPDX 3 Support \[Issue [#&#8203;4250](https://github.com/anchore/syft/issues/4250)] \[PR [#&#8203;4269](https://github.com/anchore/syft/pull/4269) [@&#8203;kzantow](https://github.com/kzantow)] - Add Deno support \[Issue [#&#8203;4417](https://github.com/anchore/syft/issues/4417)] \[PR [#&#8203;4523](https://github.com/anchore/syft/pull/4523) [@&#8203;rezmoss](https://github.com/rezmoss)] - Catalog Elastic Beats binary \[Issue [#&#8203;4961](https://github.com/anchore/syft/issues/4961)] \[PR [#&#8203;4969](https://github.com/anchore/syft/pull/4969) [@&#8203;rezmoss](https://github.com/rezmoss)] - Add binary classifiers for Elastic Beats \[Issue [#&#8203;4972](https://github.com/anchore/syft/issues/4972)] \[PR [#&#8203;4969](https://github.com/anchore/syft/pull/4969) [@&#8203;rezmoss](https://github.com/rezmoss)] - Catalog elastic-agent binary \[Issue [#&#8203;4962](https://github.com/anchore/syft/issues/4962)] - Add support for Bun lockfile (bun.lock) \[Issue [#&#8203;4617](https://github.com/anchore/syft/issues/4617)] \[PR [#&#8203;4625](https://github.com/anchore/syft/pull/4625) [@&#8203;hnnynh](https://github.com/hnnynh)] - Add .bpl file support to the PE / DLL cataloger \[Issue [#&#8203;4664](https://github.com/anchore/syft/issues/4664)] \[PR [#&#8203;4954](https://github.com/anchore/syft/pull/4954) [@&#8203;jfjrh2014](https://github.com/jfjrh2014)] ##### Bug Fixes - respect arch qualifier \[PR [#&#8203;4987](https://github.com/anchore/syft/pull/4987) [@&#8203;willmurphyscode](https://github.com/willmurphyscode)] - Preserve dependency edges when a compliance stub changes a package ID \[PR [#&#8203;4993](https://github.com/anchore/syft/pull/4993) [@&#8203;wagoodman](https://github.com/wagoodman)] - Support envoy binary various versions \[Issue [#&#8203;4590](https://github.com/anchore/syft/issues/4590)] \[PR [#&#8203;4605](https://github.com/anchore/syft/pull/4605) [@&#8203;rezmoss](https://github.com/rezmoss)] - .net deps.json cataloger shows phantom pkgs for reference assembly library entries \[Issue [#&#8203;4970](https://github.com/anchore/syft/issues/4970)] \[PR [#&#8203;4971](https://github.com/anchore/syft/pull/4971) [@&#8203;rezmoss](https://github.com/rezmoss)] - Syft does not extract package licenses from opkg manager \[Issue [#&#8203;4940](https://github.com/anchore/syft/issues/4940)] \[PR [#&#8203;4963](https://github.com/anchore/syft/pull/4963) [@&#8203;Dashtid](https://github.com/Dashtid)] - squashfs breaks with godisk-fs 1.8.0 \[Issue [#&#8203;4718](https://github.com/anchore/syft/issues/4718)] - requirements.txt cataloger silently drops PEP 440 local version identifiers, producing incorrect PURL \[Issue [#&#8203;4958](https://github.com/anchore/syft/issues/4958)] \[PR [#&#8203;4959](https://github.com/anchore/syft/pull/4959) [@&#8203;kzantow](https://github.com/kzantow)] ##### Dependencies 34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated. **🟢 Remediated (5)** - [GHSA-33vj-92qq-66hc](https://github.com/advisories/GHSA-33vj-92qq-66hc) (High) — github.com/containerd/containerd/v2 - [GHSA-cvxm-645q-p574](https://github.com/advisories/GHSA-cvxm-645q-p574) (Medium) — github.com/containerd/containerd/v2 - [GHSA-jpcc-p29g-p8mq](https://github.com/advisories/GHSA-jpcc-p29g-p8mq) (Medium) — github.com/containerd/containerd/v2 - [GHSA-rgh6-rfwx-v388](https://github.com/advisories/GHSA-rgh6-rfwx-v388) (High) — github.com/containerd/containerd/v2 - [GHSA-xhf5-7wjv-pqxp](https://github.com/advisories/GHSA-xhf5-7wjv-pqxp) (High) — github.com/containerd/containerd/v2 <details> <summary>Updated (31 packages)</summary> - github.com/ProtonMail/go-crypto `v1.4.0` → `v1.4.1` - github.com/anchore/bubbly `v0.2.0` → `v0.2.1` - github.com/anchore/clio `v0.1.0` → `v0.1.1` - github.com/anchore/fangs `v0.1.0` → `v0.1.1` - github.com/anchore/go-collections `v0.1.0` → `v0.1.1` - github.com/anchore/go-homedir `v0.1.0` → `v0.1.1` - github.com/anchore/go-logger `v0.1.0` → `v0.1.1` - github.com/anchore/go-lzo `v0.1.0` → `v0.1.1` - github.com/anchore/go-macholibre `v0.1.0` → `v0.1.1` - github.com/anchore/go-make `v0.5.0` → `v0.8.0` - github.com/anchore/go-struct-converter `v0.1.0` → `v0.2.0-rc2` - github.com/anchore/go-sync `v0.1.0` → `v0.1.1` - github.com/anchore/stereoscope `v0.2.1` → `v0.2.2` - github.com/charmbracelet/colorprofile `v0.4.1` → `v0.4.3` - github.com/clipperhouse/displaywidth `v0.10.0` → `v0.11.0` - github.com/clipperhouse/uax29/v2 `v2.6.0` → `v2.7.0` - github.com/containerd/containerd/v2 `v2.3.1` → `v2.3.2` **(🟢 remediated [GHSA-33vj-92qq-66hc](https://github.com/advisories/GHSA-33vj-92qq-66hc), [GHSA-cvxm-645q-p574](https://github.com/advisories/GHSA-cvxm-645q-p574), [GHSA-jpcc-p29g-p8mq](https://github.com/advisories/GHSA-jpcc-p29g-p8mq), [GHSA-rgh6-rfwx-v388](https://github.com/advisories/GHSA-rgh6-rfwx-v388), [GHSA-xhf5-7wjv-pqxp](https://github.com/advisories/GHSA-xhf5-7wjv-pqxp))** - github.com/docker/cli `v29.4.3+incompatible` → `v29.5.3+incompatible` - github.com/google/go-containerregistry `v0.21.6` → `v0.21.7` - github.com/jedib0t/go-pretty/v6 `v6.7.10` → `v6.8.1` - github.com/mattn/go-runewidth `v0.0.19` → `v0.0.21` - github.com/spdx/tools-golang `v0.5.7` → `v0.6.0-rc4` - github.com/sylabs/sif/v2 `v2.24.0` → `v2.24.1` - golang.org/x/crypto `v0.52.0` → `v0.53.0` - golang.org/x/mod `v0.36.0` → `v0.37.0` - golang.org/x/net `v0.55.0` → `v0.56.0` - golang.org/x/sync `v0.20.0` → `v0.21.0` - golang.org/x/sys `v0.45.0` → `v0.46.0` - golang.org/x/term `v0.43.0` → `v0.44.0` - golang.org/x/text `v0.37.0` → `v0.38.0` - golang.org/x/tools `v0.45.0` → `v0.46.0` </details> <details> <summary>Added (3 packages)</summary> - github.com/piprate/json-gold `v0.7.0` - github.com/pquerna/cachecontrol `v0.0.0-1555304` - github.com/tailscale/hujson `v0.0.0-ecc657c` </details> **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.45.1...v1.46.0)** </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzYuMyIsInVwZGF0ZWRJblZlciI6IjQzLjEzNi4zIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbInJlbm92YXRlL2F1dG9tZXJnZSIsInJlbm92YXRlL2dpdGh1Yi1hY3Rpb24iXX0=-->
CSRBot added 1 commit 2026-06-26 14:04:31 +02:00
chore(deps): update dependency anchore/syft to v1.46.0
Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 37s
Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 13s
Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 17s
Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 1m9s
Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 13s
Lint Markdown files / Run markdown linter (pull_request) Successful in 6s
Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 26s
Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 28s
Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 27s
be074981ec
CSRBot scheduled this pull request to auto merge when all checks succeed 2026-06-26 14:04:33 +02:00
CSRBot merged commit 6a232e6d53 into master 2026-06-26 14:07:12 +02:00
CSRBot deleted branch renovate/anchore-syft-1.x 2026-06-26 14:07:14 +02:00
Sign in to join this conversation.