chore(deps): update dependency anchore/syft to v1.42.1 #134

Open

CSRBot wants to merge 1 commits from renovate/anchore-syft-1.x into master

pull from: renovate/anchore-syft-1.x

merge into: volker.raschek:master

volker.raschek:master

volker.raschek:renovate/docker-login-action-4.x

volker.raschek:renovate/docker-setup-qemu-action-4.x

volker.raschek:renovate/sigstore-cosign-3.x

volker.raschek:renovate/golangci-golangci-lint-2.x

Conversation 0 Commits 1 Files Changed 1 +1 -1

CSRBot commented 2026-02-25 16:46:59 +01:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Update	Change
anchore/syft	minor	1.41.1 -> 1.42.1

---

Release Notes

anchore/syft (anchore/syft)

v1.42.1

Compare Source

Bug Fixes

• Use redhat as namespace for hummingbird rpms [#​4615 @​scoheb]
• False Positive: Emacs snap package version CVE-2024-39331 [#​4485]

Additional Changes

• call cleanup on tmpfile and replace some io.ReadAlls with streams [#​4629 @​willmurphyscode]
• bumps go mod version to 1.25; ci takes latest patch [#​4628 @​spiffcs]

(Full Changelog)

v1.42.0

Compare Source

Added Features

• Add support for scanning GGUF models from OCI registries [#​4335 @​spiffcs]
• yarn lockfile scan doesnt catch dev dependencies [#​4548 #​4549 @​rezmoss]

Additional Changes

• CPE detection for APK libavif to use aomedia vendor [#​4597 @​naag]

(Full Changelog)

v1.41.2

Compare Source

Bug Fixes

• further improve go binary classifier, including windows [#​4593 @​kzantow]
• Wrong format in license [#​4233 #​4588 @​spiffcs]
• Cannot detect installation of Qt6 [#​4467 #​4550 @​rezmoss]
• bug: Syft mis-identifies binary as deb inside a snap [#​4486 #​4500 @​popey]

(Full Changelog)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [anchore/syft](https://github.com/anchore/syft) | minor | `1.41.1` -> `1.42.1` | --- ### Release Notes <details> <summary>anchore/syft (anchore/syft)</summary> ### [`v1.42.1`](https://github.com/anchore/syft/releases/tag/v1.42.1) [Compare Source](https://github.com/anchore/syft/compare/v1.42.0...v1.42.1) ##### Bug Fixes - Use redhat as namespace for hummingbird rpms \[[#&#8203;4615](https://github.com/anchore/syft/pull/4615) [@&#8203;scoheb](https://github.com/scoheb)] - False Positive: Emacs snap package version CVE-2024-39331 \[[#&#8203;4485](https://github.com/anchore/syft/issues/4485)] ##### Additional Changes - call cleanup on tmpfile and replace some io.ReadAlls with streams \[[#&#8203;4629](https://github.com/anchore/syft/pull/4629) [@&#8203;willmurphyscode](https://github.com/willmurphyscode)] - bumps go mod version to 1.25; ci takes latest patch \[[#&#8203;4628](https://github.com/anchore/syft/pull/4628) [@&#8203;spiffcs](https://github.com/spiffcs)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.42.0...v1.42.1)** ### [`v1.42.0`](https://github.com/anchore/syft/releases/tag/v1.42.0) [Compare Source](https://github.com/anchore/syft/compare/v1.41.2...v1.42.0) ##### Added Features - Add support for scanning GGUF models from OCI registries \[[#&#8203;4335](https://github.com/anchore/syft/pull/4335) [@&#8203;spiffcs](https://github.com/spiffcs)] - yarn lockfile scan doesnt catch dev dependencies \[[#&#8203;4548](https://github.com/anchore/syft/issues/4548) [#&#8203;4549](https://github.com/anchore/syft/pull/4549) [@&#8203;rezmoss](https://github.com/rezmoss)] ##### Additional Changes - CPE detection for APK libavif to use aomedia vendor \[[#&#8203;4597](https://github.com/anchore/syft/pull/4597) [@&#8203;naag](https://github.com/naag)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.41.2...v1.42.0)** ### [`v1.41.2`](https://github.com/anchore/syft/releases/tag/v1.41.2) [Compare Source](https://github.com/anchore/syft/compare/v1.41.1...v1.41.2) ##### Bug Fixes - further improve go binary classifier, including windows \[[#&#8203;4593](https://github.com/anchore/syft/pull/4593) [@&#8203;kzantow](https://github.com/kzantow)] - Wrong format in license \[[#&#8203;4233](https://github.com/anchore/syft/issues/4233) [#&#8203;4588](https://github.com/anchore/syft/pull/4588) [@&#8203;spiffcs](https://github.com/spiffcs)] - Cannot detect installation of Qt6 \[[#&#8203;4467](https://github.com/anchore/syft/issues/4467) [#&#8203;4550](https://github.com/anchore/syft/pull/4550) [@&#8203;rezmoss](https://github.com/rezmoss)] - bug: Syft mis-identifies binary as deb inside a snap \[[#&#8203;4486](https://github.com/anchore/syft/issues/4486) [#&#8203;4500](https://github.com/anchore/syft/pull/4500) [@&#8203;popey](https://github.com/popey)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.41.1...v1.41.2)** </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDAuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

CSRBot added 1 commit 2026-02-25 16:47:01 +01:00

chore(deps): update dependency anchore/syft to v1.42.1 deae5d3f0f

CSRBot force-pushed renovate/anchore-syft-1.x from deae5d3f0f to 20a5c73e6e 2026-02-25 21:06:06 +01:00 Compare

CSRBot force-pushed renovate/anchore-syft-1.x from 20a5c73e6e to f94739b597 2026-02-26 09:05:47 +01:00 Compare

CSRBot force-pushed renovate/anchore-syft-1.x from f94739b597 to 75188e3ab6 2026-02-26 16:10:23 +01:00 Compare

All checks were successful

Hide all checks

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 11s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 11s

Required

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 8s

Required

Details

Lint Markdown files / Run markdown linter (pull_request) Successful in 6s

Required

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 30s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 23s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 30s

Required

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 24s

Required

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/anchore-syft-1.x:renovate/anchore-syft-1.x

git checkout renovate/anchore-syft-1.x

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

CSRBot volker.raschek

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: volker.raschek/dcmerge#134