Added Features
- Add purl types to cataloger info cmd [PR #4984 @wagoodman]
- Python cataloger misses uv PEP 723 script lockfiles (
*.py.lock) [Issue #4949] [PR #4950 @ktopcuoglu] - Add bin classifier for Elastic agen [Issue #4973] [PR #4968 @rezmoss]
- SPDX 3 Support [Issue #4250] [PR #4269 @kzantow]
- Add Deno support [Issue #4417] [PR #4523 @rezmoss]
- Catalog Elastic Beats binary [Issue #4961] [PR #4969 @rezmoss]
- Add binary classifiers for Elastic Beats [Issue #4972] [PR #4969 @rezmoss]
- Catalog elastic-agent binary [Issue #4962]
- Add support for Bun lockfile (bun.lock) [Issue #4617] [PR #4625 @hnnynh]
- Add .bpl file support to the PE / DLL cataloger [Issue #4664] [PR #4954 @jfjrh2014]
Bug Fixes
- respect arch qualifier [PR #4987 @willmurphyscode]
- Preserve dependency edges when a compliance stub changes a package ID [PR #4993 @wagoodman]
- Support envoy binary various versions [Issue #4590] [PR #4605 @rezmoss]
- .net deps.json cataloger shows phantom pkgs for reference assembly library entries [Issue #4970] [PR #4971 @rezmoss]
- Syft does not extract package licenses from opkg manager [Issue #4940] [PR #4963 @Dashtid]
- squashfs breaks with godisk-fs 1.8.0 [Issue #4718]
- requirements.txt cataloger silently drops PEP 440 local version identifiers, producing incorrect PURL [Issue #4958] [PR #4959 @kzantow]
Dependencies
34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated.
🟢 Remediated (5)
- GHSA-33vj-92qq-66hc (High) — github.com/containerd/containerd/v2
- GHSA-cvxm-645q-p574 (Medium) — github.com/containerd/containerd/v2
- GHSA-jpcc-p29g-p8mq (Medium) — github.com/containerd/containerd/v2
- GHSA-rgh6-rfwx-v388 (High) — github.com/containerd/containerd/v2
- GHSA-xhf5-7wjv-pqxp (High) — github.com/containerd/containerd/v2
Updated (31 packages)
- github.com/ProtonMail/go-crypto
v1.4.0→v1.4.1 - github.com/anchore/bubbly
v0.2.0→v0.2.1 - github.com/anchore/clio
v0.1.0→v0.1.1 - github.com/anchore/fangs
v0.1.0→v0.1.1 - github.com/anchore/go-collections
v0.1.0→v0.1.1 - github.com/anchore/go-homedir
v0.1.0→v0.1.1 - github.com/anchore/go-logger
v0.1.0→v0.1.1 - github.com/anchore/go-lzo
v0.1.0→v0.1.1 - github.com/anchore/go-macholibre
v0.1.0→v0.1.1 - github.com/anchore/go-make
v0.5.0→v0.8.0 - github.com/anchore/go-struct-converter
v0.1.0→v0.2.0-rc2 - github.com/anchore/go-sync
v0.1.0→v0.1.1 - github.com/anchore/stereoscope
v0.2.1→v0.2.2 - github.com/charmbracelet/colorprofile
v0.4.1→v0.4.3 - github.com/clipperhouse/displaywidth
v0.10.0→v0.11.0 - github.com/clipperhouse/uax29/v2
v2.6.0→v2.7.0 - github.com/containerd/containerd/v2
v2.3.1→v2.3.2(🟢 remediated GHSA-33vj-92qq-66hc, GHSA-cvxm-645q-p574, GHSA-jpcc-p29g-p8mq, GHSA-rgh6-rfwx-v388, GHSA-xhf5-7wjv-pqxp) - github.com/docker/cli
v29.4.3+incompatible→v29.5.3+incompatible - github.com/google/go-containerregistry
v0.21.6→v0.21.7 - github.com/jedib0t/go-pretty/v6
v6.7.10→v6.8.1 - github.com/mattn/go-runewidth
v0.0.19→v0.0.21 - github.com/spdx/tools-golang
v0.5.7→v0.6.0-rc4 - github.com/sylabs/sif/v2
v2.24.0→v2.24.1 - golang.org/x/crypto
v0.52.0→v0.53.0 - golang.org/x/mod
v0.36.0→v0.37.0 - golang.org/x/net
v0.55.0→v0.56.0 - golang.org/x/sync
v0.20.0→v0.21.0 - golang.org/x/sys
v0.45.0→v0.46.0 - golang.org/x/term
v0.43.0→v0.44.0 - golang.org/x/text
v0.37.0→v0.38.0 - golang.org/x/tools
v0.45.0→v0.46.0
Added (3 packages)
- github.com/piprate/json-gold
v0.7.0 - github.com/pquerna/cachecontrol
v0.0.0-1555304 - github.com/tailscale/hujson
v0.0.0-ecc657c