chore(deps): update dependency anchore/syft to v1.42.1 - autoclosed #128

CSRBot · 2026-02-03T21:05:31+01:00

CSRBot commented

2026-02-03 21:05:31 +01:00

This PR contains the following updates:

Package	Update	Change
anchore/syft	minor	`1.41.1` -> `1.42.1`

Release Notes

anchore/syft (anchore/syft)

`v1.42.1`

Compare Source

Bug Fixes

Use redhat as namespace for hummingbird rpms [#4615 @scoheb]
False Positive: Emacs snap package version CVE-2024-39331 [#4485]

Additional Changes

call cleanup on tmpfile and replace some io.ReadAlls with streams [#4629 @willmurphyscode]
bumps go mod version to 1.25; ci takes latest patch [#4628 @spiffcs]

(Full Changelog)

`v1.42.0`

Compare Source

Added Features

Add support for scanning GGUF models from OCI registries [#4335 @spiffcs]
yarn lockfile scan doesnt catch dev dependencies [#4548 #4549 @rezmoss]

Additional Changes

CPE detection for APK libavif to use aomedia vendor [#4597 @naag]

(Full Changelog)

`v1.41.2`

Compare Source

Bug Fixes

further improve go binary classifier, including windows [#4593 @kzantow]
Wrong format in license [#4233 #4588 @spiffcs]
Cannot detect installation of Qt6 [#4467 #4550 @rezmoss]
bug: Syft mis-identifies binary as deb inside a snap [#4486 #4500 @popey]

(Full Changelog)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [anchore/syft](https://github.com/anchore/syft) | minor | `1.41.1` -> `1.42.1` | --- ### Release Notes <details> <summary>anchore/syft (anchore/syft)</summary> ### [`v1.42.1`](https://github.com/anchore/syft/releases/tag/v1.42.1) [Compare Source](https://github.com/anchore/syft/compare/v1.42.0...v1.42.1) ##### Bug Fixes - Use redhat as namespace for hummingbird rpms \[[#4615](https://github.com/anchore/syft/pull/4615) [@scoheb](https://github.com/scoheb)] - False Positive: Emacs snap package version CVE-2024-39331 \[[#4485](https://github.com/anchore/syft/issues/4485)] ##### Additional Changes - call cleanup on tmpfile and replace some io.ReadAlls with streams \[[#4629](https://github.com/anchore/syft/pull/4629) [@willmurphyscode](https://github.com/willmurphyscode)] - bumps go mod version to 1.25; ci takes latest patch \[[#4628](https://github.com/anchore/syft/pull/4628) [@spiffcs](https://github.com/spiffcs)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.42.0...v1.42.1)** ### [`v1.42.0`](https://github.com/anchore/syft/releases/tag/v1.42.0) [Compare Source](https://github.com/anchore/syft/compare/v1.41.2...v1.42.0) ##### Added Features - Add support for scanning GGUF models from OCI registries \[[#4335](https://github.com/anchore/syft/pull/4335) [@spiffcs](https://github.com/spiffcs)] - yarn lockfile scan doesnt catch dev dependencies \[[#4548](https://github.com/anchore/syft/issues/4548) [#4549](https://github.com/anchore/syft/pull/4549) [@rezmoss](https://github.com/rezmoss)] ##### Additional Changes - CPE detection for APK libavif to use aomedia vendor \[[#4597](https://github.com/anchore/syft/pull/4597) [@naag](https://github.com/naag)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.41.2...v1.42.0)** ### [`v1.41.2`](https://github.com/anchore/syft/releases/tag/v1.41.2) [Compare Source](https://github.com/anchore/syft/compare/v1.41.1...v1.41.2) ##### Bug Fixes - further improve go binary classifier, including windows \[[#4593](https://github.com/anchore/syft/pull/4593) [@kzantow](https://github.com/kzantow)] - Wrong format in license \[[#4233](https://github.com/anchore/syft/issues/4233) [#4588](https://github.com/anchore/syft/pull/4588) [@spiffcs](https://github.com/spiffcs)] - Cannot detect installation of Qt6 \[[#4467](https://github.com/anchore/syft/issues/4467) [#4550](https://github.com/anchore/syft/pull/4550) [@rezmoss](https://github.com/rezmoss)] - bug: Syft mis-identifies binary as deb inside a snap \[[#4486](https://github.com/anchore/syft/issues/4486) [#4500](https://github.com/anchore/syft/pull/4500) [@popey](https://github.com/popey)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.41.1...v1.41.2)** </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

CSRBot added 1 commit 2026-02-03 21:05:32 +01:00

chore(deps): update dependency anchore/syft to v1.41.2

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 11s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 29s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 10s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 8s

Details

Lint Markdown files / Run markdown linter (pull_request) Successful in 5s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 23s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 28s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 22s

Details

004001e171

CSRBot force-pushed renovate/anchore-syft-1.x from 004001e171 to ca28081e65

2026-02-07 23:24:55 +01:00

Compare

CSRBot force-pushed renovate/anchore-syft-1.x from ca28081e65 to dd6f64cb17

2026-02-10 21:04:32 +01:00

Compare

CSRBot changed title from ~~chore(deps): update dependency anchore/syft to v1.41.2~~ to chore(deps): update dependency anchore/syft to v1.42.0

2026-02-10 21:04:33 +01:00

CSRBot force-pushed renovate/anchore-syft-1.x from dd6f64cb17 to 50d63c4feb

2026-02-11 06:04:37 +01:00

Compare

CSRBot force-pushed renovate/anchore-syft-1.x from 50d63c4feb to d391ae859c

2026-02-18 21:03:20 +01:00

Compare

CSRBot changed title from ~~chore(deps): update dependency anchore/syft to v1.42.0~~ to chore(deps): update dependency anchore/syft to v1.42.1

2026-02-18 21:03:21 +01:00

CSRBot force-pushed renovate/anchore-syft-1.x from d391ae859c to deae5d3f0f

2026-02-22 03:05:48 +01:00

Compare

CSRBot changed title from ~~chore(deps): update dependency anchore/syft to v1.42.1~~ to chore(deps): update dependency anchore/syft to v1.42.1 - autoclosed

2026-02-25 16:34:28 +01:00

CSRBot closed this pull request

2026-02-25 16:34:30 +01:00

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 11s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 8s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 22s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 14s

Required

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 9s

Required

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 33s

Required

Details

Lint Markdown files / Run markdown linter (pull_request) Successful in 8s

Required

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 24s

Required

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: volker.raschek/dcmerge#128