chore(deps): update dependency anchore/syft to v1.42.1

2026-03-09 07:40:24 +00:00
3 changed files with 11 additions and 11 deletions
--- a/.gitea/workflows/artifacthub-metadata.yaml
+++ b/.gitea/workflows/artifacthub-metadata.yaml
@@ -11,18 +11,18 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v6.0.2
-    - uses: docker/login-action@v4.0.0
+    - uses: docker/login-action@v3.7.0
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.repository_owner }}
        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
-    - uses: docker/login-action@v4.0.0
+    - uses: docker/login-action@v3.7.0
      with:
        username: ${{ secrets.DOCKER_IO_USERNAME }}
        password: ${{ secrets.DOCKER_IO_PASSWORD }}
    - uses: oras-project/setup-oras@v1.2.4
      with:
-        version: 1.3.1 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
+        version: 1.3.0 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
    - name: Push artifacthub-repo.yml to git.cryptic.systems
      run: |
        oras push git.cryptic.systems/volker.raschek/dcmerge:artifacthub.io \
--- a/.gitea/workflows/golang-linters.yaml
+++ b/.gitea/workflows/golang-linters.yaml
@@ -26,4 +26,4 @@ jobs:
        go-version: ${{ matrix.go }}
    - uses: golangci/golangci-lint-action@v9.2.0
      with:
-        version: v2.11.3 # renovate: datasource=github-releases depName=golangci/golangci-lint
+        version: v2.11.2 # renovate: datasource=github-releases depName=golangci/golangci-lint
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -19,7 +19,7 @@ jobs:
      run: apt-get update && apt-get install --yes curl
    - name: Install syft
      env:
-        SYFT_VERSION: "1.42.2" # renovate: datasource=github-releases depName=anchore/syft
+        SYFT_VERSION: "1.42.1" # renovate: datasource=github-releases depName=anchore/syft
      run: |
        OS="$(uname | tr '[:upper:]' '[:lower:]')"
        ARCH="$(dpkg --print-architecture)"
@@ -31,15 +31,15 @@ jobs:
            "https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.deb"
        dpkg -i syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
        rm syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
-    - uses: sigstore/cosign-installer@v4.1.0
+    - uses: sigstore/cosign-installer@v4.0.0
      with:
-        cosign-release: "v3.0.5" # renovate: datasource=github-tags depName=sigstore/cosign
+        cosign-release: "v2.6.2" # renovate: datasource=github-tags depName=sigstore/cosign
-    - uses: docker/setup-qemu-action@v4.0.0
+    - uses: docker/setup-qemu-action@v3.7.0
-    - uses: docker/setup-buildx-action@v4.0.0
+    - uses: docker/setup-buildx-action@v3.12.0
    - uses: actions/setup-go@v6.3.0
      with:
        go-version: stable
-    - uses: docker/login-action@v4.0.0
+    - uses: docker/login-action@v3.7.0
      with:
        registry: git.cryptic.systems
        username: ${{ github.repository_owner }}
@@ -52,7 +52,7 @@ jobs:
        GOPROXY: ${{ vars.GOPROXY }}
      uses: goreleaser/goreleaser-action@v7.0.0
      with:
-        version: v2.14.3 # renovate: datasource=github-releases depName=goreleaser/goreleaser
+        version: v2.14.2 # renovate: datasource=github-releases depName=goreleaser/goreleaser
        args: release --clean
  sync-to-hub-docker-io: