Sourced from github.com/anchore/syft's releases.

v0.45.1

Changelog

v0.45.1 (2022-05-03)

Full Changelog

Bug Fixes

• reduce noise of log output at the info level [[PR #976](anchore/syft#976 [luhring]
• fix Illegal character encoding in CylconeDX-XML. [[Issue #918](anchore/syft#918
• update golang crypto library dependency [[Issue #972](anchore/syft#972

v0.45.0

Changelog

v0.45.0 (2022-04-29)

Full Changelog

Added Features

• Preserve package IDs on Syft JSON SBOM decode [[PR #963](anchore/syft#963 [wagoodman]
• refactor command package to remove globals and add dependency injection [[PR #965](anchore/syft#965 [spiffcs]

Bug Fixes

• Decoding of sparse CycloneDX does not set language [[Issue #953](anchore/syft#953

• 37927b8 reduce logging severity for non-Go binaries (#983)
• 03d51c3 golang.org/x/crypto upgrade (#979)
• 0bd3558 reduce noise of log output (#976)
• 4ce2edd add version info and remove double config call (#977)
• 3697302 Rename syft-id to package-id (#970)
• 7d8ea39 update to cyclonedx-go 0.5.2 (#971)
• 6029dd7 refactor command package to remove globals and add dependency injection
• 7304bbf fix: #953 Derive language from pURL - https://github.com/anchore/syft… (#957)
• c270ee2 Fix typo in CPE-parsing error (#966)
• 172ecc0 Preserve syft IDs on SBOM decode (#963)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/anchore/syft's releases.

v0.45.0

Changelog

v0.45.0 (2022-04-29)

Full Changelog

Added Features

• Preserve package IDs on Syft JSON SBOM decode [[PR #963](anchore/syft#963 [wagoodman]
• refactor command package to remove globals and add dependency injection [[PR #965](anchore/syft#965 [spiffcs]

Bug Fixes

• Decoding of sparse CycloneDX does not set language [[Issue #953](anchore/syft#953

• 3697302 Rename syft-id to package-id (#970)
• 7d8ea39 update to cyclonedx-go 0.5.2 (#971)
• 6029dd7 refactor command package to remove globals and add dependency injection
• 7304bbf fix: #953 Derive language from pURL - https://github.com/anchore/syft… (#957)
• c270ee2 Fix typo in CPE-parsing error (#966)
• 172ecc0 Preserve syft IDs on SBOM decode (#963)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sigs.k8s.io/kustomize/kustomize/v4's releases.

kustomize/v4.5.6

Small features

#4704: Option to customize NamespaceTransformer role binding subject handling #4708: Option to customize NamespaceTransformer overwrite behaviour

Bug fixes

#4700: Correctly detect ambiguity between potential referrers when targeting a name+namespace reference #4703: Fix NameReference transformer handling of self-references in annotations #4730: Emit a warning when env loading bug is being relied on #4667: Replacements: fix issue with create: true option when there is an existing field

Dependency Changes

#4736: Pin to kyaml v0.13.8 #4737: Pin cmd/config 0.10.8 #4738: Pin to api v0.12.0 #4675: Update dependency github.com/xlab/treeprint to v1.1.0

kustomize/v4.5.5

This release is expected to have significant performance improvements for a good portion of inputs, due to #4568.

Small features

#4209: [Address #3937] Add labels to template/metadata if includeTemplates is true #4364: Add tagsuffix to take image tag suffix #4567: Add support for remote OpenAPI schema

Bug fixes and performance improvements

#4568: openapi parsing performance improvement with protobuffer #4489: Fix containerized function mounts issue #4577: Fix error message using replacement wildcard and create option #4565: Raise error for external generators or transformers

Dependency changes

#4644: Update kyaml to v0.13.7 #4645: Update cmd/config to v0.10.7 #4646: Update api to v0.11.5

• 29ca693 Merge pull request #4738 from natasha41575/pinToApi
• f5c70b3 pin to api v0.12.0
• b816903 Merge pull request #4737 from natasha41575/pinCmdConfig
• d32fe66 pin cmd/config 0.10.8
• 4b5fbf2 Merge pull request #4736 from natasha41575/pinToKyaml
• 283f8ae Merge pull request #4735 from natasha41575/statik
• f6a1e4a pin to kyaml v0.13.8
• e7fe132 Update netlify config (#4732)
• 631f623 update statik
• 19c467a Merge pull request #4734 from natasha41575/goSum
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/anchore/syft's releases.

v0.52.0

Changelog

v0.52.0 (2022-07-21)

Full Changelog

Added Features

• Replace scratch base image with distroless static [[Issue #833](anchore/syft#833
• add Haskell support [[Issue #1093](anchore/syft#1093

Bug Fixes

• Unable to build binary on ppc64le architecture [[Issue #1097](anchore/syft#1097

v0.51.0

Changelog

v0.51.0 (2022-07-11)

Full Changelog

Added Features

• Syft ignore docker images [[Issue #670](anchore/syft#670
• feat: add support for cocoapods (Swift/Objective-C) [[Issue #815](anchore/grype#815
• An option to limit to a single filesystem (like -xdev) [[Issue #674](anchore/syft#674
• Add Gentoo Linux support [[Issue #998](anchore/syft#998
• Update README.md with information about syft choco package [[Issue #1028](anchore/syft#1028

Bug Fixes

• syft attest cmd is not exporting output to file [[Issue #1061](anchore/syft#1061
• Name is duplicated into Package URL Namespace when Go module path has one element [[Issue #1091](anchore/syft#1091
• fix: unintended artifactRelationship records of type ownership-by-file-overlap are being reported [Issue 1077]

v0.50.0

Changelog

v0.50.0 (2022-07-06)

Full Changelog

... (truncated)

• f1c5463 Added ppc64le supported to the syft:debug image (#1124)
• 9896ff1 add a cataloger for binaries built with rust-audit (#1116)
• 62897fb bump goreleaser to v1.10.3 (#1123)
• d1729ee bump golangci-lint to v1.47.2 (#1122)
• 43715d3 bump cosign in bootstrap-tools to v1.10.0 (#1121)
• af330c8 Added s390x support (#1117)
• 20ad59a Delete pr_action.yaml (#1120)
• 8235e8e fix: use generic instead of not generating purl (#1119)
• b720a3c bump cosign to v1.10.0 (#1114)
• ba9adb1 Update sigstore/rekor dependency (#1112)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/golangci/golangci-lint's releases.

v1.47.2

Changelog

• 61673b34 revive: ignore slow rules (#2999)

v1.47.1

Changelog

• a91463cd build(deps): bump github.com/daixiang0/gci from 0.4.2 to 0.4.3 (#2992)
• 4c8bdc70 build(deps): bump github.com/sivchari/tenv from 1.6.0 to 1.7.0 (#2988)
• 4e60e8a8 gci: fix options display (#2989)
• fd87bd1e gci: remove the use of stdin (#2984)

v1.47.0

Changelog

• b4154027 Add linter asasalint to lint pass []any as any (#2968)
• 1d8a15a0 add nosnakecase lint (#2828)
• 2a1edcef build(deps): bump github.com/Antonboom/errname from 0.1.6 to 0.1.7 (#2888)
• c766184c build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v2 from 2.1.0 to 2.2.0 (#2916)
• b8f1e2a5 build(deps): bump github.com/daixiang0/gci from 0.3.4 to 0.4.0 (#2965)
• 5e183652 build(deps): bump github.com/daixiang0/gci from 0.4.0 to 0.4.1 (#2973)
• e60937a1 build(deps): bump github.com/daixiang0/gci from 0.4.1 to 0.4.2 (#2979)
• 98c811d0 build(deps): bump github.com/firefart/nonamedreturns from 1.0.1 to 1.0.2 (#2929)
• 023e1c4f build(deps): bump github.com/firefart/nonamedreturns from 1.0.2 to 1.0.4 (#2944)
• 7fbb11ca build(deps): bump github.com/fzipp/gocyclo from 0.5.1 to 0.6.0 (#2926)
• db5d58cd build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 (#2873)
• f75b1a8b build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 (#2958)
• 75be924e build(deps): bump github.com/kisielk/errcheck from 1.6.0 to 1.6.1 (#2871)
• 33f4aeeb build(deps): bump github.com/kulti/thelper from 0.6.2 to 0.6.3 (#2872)
• 6a412d3d build(deps): bump github.com/kunwardeep/paralleltest from 1.0.3 to 1.0.4 (#2907)
• 97eea6ea build(deps): bump github.com/kunwardeep/paralleltest from 1.0.4 to 1.0.6 (#2918)
• 3a0f646e build(deps): bump github.com/maratori/testpackage from 1.0.1 to 1.1.0 (#2945)
• 92d7022d build(deps): bump github.com/nishanths/exhaustive from 0.7.11 to 0.8.1 (#2906)
• 97d7415b build(deps): bump github.com/quasilyte/go-ruleguard/dsl from 0.3.19 to 0.3.21 (#2874)
• 0e3730d3 build(deps): bump github.com/securego/gosec/v2 from 2.11.0 to 2.12.0 (#2925)
• ac99dbcc build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#2908)
• 8e0a6725 build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.5 to 3.22.6 (#2959)
• c8e38c4b build(deps): bump github.com/sivchari/tenv from 1.5.0 to 1.6.0 (#2927)
• f70bf666 build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#2933)
• 153b4072 build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#2889)
• f03a5207 build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#2917)
• e33e63ed build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#2934)
• 44e9b34d build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (#2942)
• bb5b6625 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#2957)
• 2c30625c build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.6.1 to 2.6.2 (#2928)
• 9317da6c build(deps): bump github.com/uudashr/gocognit from 1.0.5 to 1.0.6 (#2962)
• 3071fecb build(deps): bump gitlab.com/bosi/decorder from 0.2.1 to 0.2.2 (#2943)
• d92f144d build(deps): bump goreleaser/goreleaser-action from 2 to 3 (#2876)
• ddee31ae build(deps): bump honnef.co/go/tools from 0.3.1 to 0.3.2 (#2870)
• 9ebc2d52 build(deps): bump moment from 2.29.2 to 2.29.4 in /.github/contributors (#2966)

... (truncated)

Sourced from github.com/golangci/golangci-lint's changelog.

v1.47.2

1. updated linters:
   • revive: ignore slow rules

v1.47.1

1. updated linters:
   • gci: from 0.4.2 to 0.4.3
   • gci: remove the use of stdin
   • gci: fix options display
   • tenv: from 1.6.0 to 1.7.0
   • unparam: bump to HEAD

v1.47.0

1. new linters:
   • asasalint: https://github.com/alingse/asasalint
   • nosnakecase: https://github.com/sivchari/nosnakecase
2. updated linters:
   • decorder: from 0.2.1 to 0.2.2
   • errcheck: from 1.6.0 to 1.6.1
   • errname: from 0.1.6 to 0.1.7
   • exhaustive: from 0.7.11 to 0.8.1
   • gci: fix issues and re-enable autofix
   • gci: from 0.3.4 to 0.4.2
   • go-exhaustruct: from 2.1.0 to 2.2.0
   • go-ruleguard: from 0.3.19 to 0.3.21
   • gocognit: from 1.0.5 to 1.0.6
   • gocyclo: from 0.5.1 to 0.6.0
   • golang.org/x/tools: bump to HEAD
   • gosec: allow global config
   • gosec: from 2.11.0 to 2.12.0
   • nonamedreturns: from 1.0.1 to 1.0.4
   • paralleltest: from 1.0.3 to 1.0.6
   • staticcheck: fix generics
   • staticcheck: from 0.3.1 to 0.3.2
   • tenv: from 1.5.0 to 1.6.0
   • testpackage: from 1.0.1 to 1.1.0
   • thelper: from 0.6.2 to 0.6.3
   • wrapcheck: from 2.6.1 to 2.6.2
3. documentation:
   • add thanks page
   • add a clear explanation about the staticcheck integration.
   • depguard: add ignore-file-rules
   • depguard: adjust phrasing
   • gocritic: add enable and disable ruleguard settings
   • gomnd: fix typo
   • gosec: add configs for all existing rules
   • govet: add settings for shadow and unusedresult

... (truncated)

• 61673b3 revive: ignore slow rules (#2999)
• 3fb60a3 build(deps): bump terser from 5.12.0 to 5.14.2 in /docs (#2998)
• dc02378 docs: Update documentation and assets (#2996)
• ebd6dcb Revert 'fix: generics (#2991)' (#2995)
• c39bf96 fix: disable structcheck for go >= 1.18 (#2994)
• a91463c build(deps): bump github.com/daixiang0/gci from 0.4.2 to 0.4.3 (#2992)
• eb16e70 fix: generics (#2991)
• 4e60e8a gci: fix options display (#2989)
• 4c8bdc7 build(deps): bump github.com/sivchari/tenv from 1.6.0 to 1.7.0 (#2988)
• fd87bd1 gci: remove the use of stdin (#2984)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/anchore/syft's releases.

v0.52.0

Changelog

v0.52.0 (2022-07-21)

Full Changelog

Added Features

• Replace scratch base image with distroless static [[Issue #833](anchore/syft#833
• add Haskell support [[Issue #1093](anchore/syft#1093

Bug Fixes

• Unable to build binary on ppc64le architecture [[Issue #1097](anchore/syft#1097

v0.51.0

Changelog

v0.51.0 (2022-07-11)

Full Changelog

Added Features

• Syft ignore docker images [[Issue #670](anchore/syft#670
• feat: add support for cocoapods (Swift/Objective-C) [[Issue #815](anchore/grype#815
• An option to limit to a single filesystem (like -xdev) [[Issue #674](anchore/syft#674
• Add Gentoo Linux support [[Issue #998](anchore/syft#998
• Update README.md with information about syft choco package [[Issue #1028](anchore/syft#1028

Bug Fixes

• syft attest cmd is not exporting output to file [[Issue #1061](anchore/syft#1061
• Name is duplicated into Package URL Namespace when Go module path has one element [[Issue #1091](anchore/syft#1091
• fix: unintended artifactRelationship records of type ownership-by-file-overlap are being reported [Issue 1077]

v0.50.0

Changelog

v0.50.0 (2022-07-06)

Full Changelog

... (truncated)

• ba9adb1 Update sigstore/rekor dependency (#1112)
• 51727fc Added ppc64le support (#1099)
• 5dc729b patch-distroless-ghcr (#1110)
• 7bae9d4 add distroless debug image to published release (#1106)
• 571de36 update help formatting (#1105)
• 9b1adce feat: implement haskell support (#1096)
• 00e1232 Add the -r argument for gnu xargs (#1103)
• 922663c fix: -o output option to include formats (#1102)
• 64b4852 moves go-rpmdb to latest; libc => v1.16.7 (#1098)
• 470b130 feat: add support for cocoapods (Swift/Objective-C) (#1081)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/golangci/golangci-lint's releases.

v1.47.1

Changelog

• a91463cd build(deps): bump github.com/daixiang0/gci from 0.4.2 to 0.4.3 (#2992)
• 4c8bdc70 build(deps): bump github.com/sivchari/tenv from 1.6.0 to 1.7.0 (#2988)
• 4e60e8a8 gci: fix options display (#2989)
• fd87bd1e gci: remove the use of stdin (#2984)

v1.47.0

Changelog

• b4154027 Add linter asasalint to lint pass []any as any (#2968)
• 1d8a15a0 add nosnakecase lint (#2828)
• 2a1edcef build(deps): bump github.com/Antonboom/errname from 0.1.6 to 0.1.7 (#2888)
• c766184c build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v2 from 2.1.0 to 2.2.0 (#2916)
• b8f1e2a5 build(deps): bump github.com/daixiang0/gci from 0.3.4 to 0.4.0 (#2965)
• 5e183652 build(deps): bump github.com/daixiang0/gci from 0.4.0 to 0.4.1 (#2973)
• e60937a1 build(deps): bump github.com/daixiang0/gci from 0.4.1 to 0.4.2 (#2979)
• 98c811d0 build(deps): bump github.com/firefart/nonamedreturns from 1.0.1 to 1.0.2 (#2929)
• 023e1c4f build(deps): bump github.com/firefart/nonamedreturns from 1.0.2 to 1.0.4 (#2944)
• 7fbb11ca build(deps): bump github.com/fzipp/gocyclo from 0.5.1 to 0.6.0 (#2926)
• db5d58cd build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 (#2873)
• f75b1a8b build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 (#2958)
• 75be924e build(deps): bump github.com/kisielk/errcheck from 1.6.0 to 1.6.1 (#2871)
• 33f4aeeb build(deps): bump github.com/kulti/thelper from 0.6.2 to 0.6.3 (#2872)
• 6a412d3d build(deps): bump github.com/kunwardeep/paralleltest from 1.0.3 to 1.0.4 (#2907)
• 97eea6ea build(deps): bump github.com/kunwardeep/paralleltest from 1.0.4 to 1.0.6 (#2918)
• 3a0f646e build(deps): bump github.com/maratori/testpackage from 1.0.1 to 1.1.0 (#2945)
• 92d7022d build(deps): bump github.com/nishanths/exhaustive from 0.7.11 to 0.8.1 (#2906)
• 97d7415b build(deps): bump github.com/quasilyte/go-ruleguard/dsl from 0.3.19 to 0.3.21 (#2874)
• 0e3730d3 build(deps): bump github.com/securego/gosec/v2 from 2.11.0 to 2.12.0 (#2925)
• ac99dbcc build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#2908)
• 8e0a6725 build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.5 to 3.22.6 (#2959)
• c8e38c4b build(deps): bump github.com/sivchari/tenv from 1.5.0 to 1.6.0 (#2927)
• f70bf666 build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#2933)
• 153b4072 build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#2889)
• f03a5207 build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#2917)
• e33e63ed build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#2934)
• 44e9b34d build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (#2942)
• bb5b6625 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#2957)
• 2c30625c build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.6.1 to 2.6.2 (#2928)
• 9317da6c build(deps): bump github.com/uudashr/gocognit from 1.0.5 to 1.0.6 (#2962)
• 3071fecb build(deps): bump gitlab.com/bosi/decorder from 0.2.1 to 0.2.2 (#2943)
• d92f144d build(deps): bump goreleaser/goreleaser-action from 2 to 3 (#2876)
• ddee31ae build(deps): bump honnef.co/go/tools from 0.3.1 to 0.3.2 (#2870)
• 9ebc2d52 build(deps): bump moment from 2.29.2 to 2.29.4 in /.github/contributors (#2966)
• f9d81511 bump golang.org/x/tools to HEAD (#2875)
• de7cc56e chore: remove reviewers from dependabot configuration (#2932)
• 86bd8423 chore: spelling and grammar fixes (#2865)
• 4b218e66 config: spread go version on linter's configurations (#2913)

... (truncated)

Sourced from github.com/golangci/golangci-lint's changelog.

v1.47.1

1. updated linters:
   • gci: from 0.4.2 to 0.4.3
   • gci: remove the use of stdin
   • gci: fix options display
   • tenv: from 1.6.0 to 1.7.0
   • unparam: bump to HEAD

v1.47.0

1. new linters:
   • asasalint: https://github.com/alingse/asasalint
   • nosnakecase: https://github.com/sivchari/nosnakecase
2. updated linters:
   • errname: from 0.1.6 to 0.1.7
   • gci: from 0.3.4 to 0.4.2
   • nonamedreturns: from 1.0.1 to 1.0.4
   • gocyclo: from 0.5.1 to 0.6.0
   • go-exhaustruct: from 2.1.0 to 2.2.0
   • errcheck: from 1.6.0 to 1.6.1
   • thelper: from 0.6.2 to 0.6.3
   • paralleltest: from 1.0.3 to 1.0.6
   • testpackage: from 1.0.1 to 1.1.0
   • exhaustive: from 0.7.11 to 0.8.1
   • go-ruleguard: from 0.3.19 to 0.3.21
   • gosec: from 2.11.0 to 2.12.0
   • tenv: from 1.5.0 to 1.6.0
   • wrapcheck: from 2.6.1 to 2.6.2
   • gocognit: from 1.0.5 to 1.0.6
   • decorder: from 0.2.1 to 0.2.2
   • honnef.co/go/tools: from 0.3.1 to 0.3.2
   • golang.org/x/tools: bump to HEAD
   • gci: fix issues and re-enable autofix
   • gosec: allow global config
   • staticcheck: fix generics
3. documentation:
   • add thanks page
   • add a clear explanation about the staticcheck integration.
   • depguard: add ignore-file-rules
   • depguard: adjust phrasing
   • gocritic: add enable and disable ruleguard settings
   • gomnd: fix typo
   • gosec: add configs for all existing rules
   • govet: add settings for shadow and unusedresult
   • thelper: add fuzz config and description
   • linters: add defaults

• ebd6dcb Revert 'fix: generics (#2991)' (#2995)
• c39bf96 fix: disable structcheck for go >= 1.18 (#2994)
• a91463c build(deps): bump github.com/daixiang0/gci from 0.4.2 to 0.4.3 (#2992)
• eb16e70 fix: generics (#2991)
• 4e60e8a gci: fix options display (#2989)
• 4c8bdc7 build(deps): bump github.com/sivchari/tenv from 1.6.0 to 1.7.0 (#2988)
• fd87bd1 gci: remove the use of stdin (#2984)
• a913b3e docs: Update documentation and assets (#2981)
• b415402 Add linter asasalint to lint pass []any as any (#2968)
• e60937a build(deps): bump github.com/daixiang0/gci from 0.4.1 to 0.4.2 (#2979)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/golangci/golangci-lint's releases.

v1.47.0

Changelog

• b4154027 Add linter asasalint to lint pass []any as any (#2968)
• 1d8a15a0 add nosnakecase lint (#2828)
• 2a1edcef build(deps): bump github.com/Antonboom/errname from 0.1.6 to 0.1.7 (#2888)
• c766184c build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v2 from 2.1.0 to 2.2.0 (#2916)
• b8f1e2a5 build(deps): bump github.com/daixiang0/gci from 0.3.4 to 0.4.0 (#2965)
• 5e183652 build(deps): bump github.com/daixiang0/gci from 0.4.0 to 0.4.1 (#2973)
• e60937a1 build(deps): bump github.com/daixiang0/gci from 0.4.1 to 0.4.2 (#2979)
• 98c811d0 build(deps): bump github.com/firefart/nonamedreturns from 1.0.1 to 1.0.2 (#2929)
• 023e1c4f build(deps): bump github.com/firefart/nonamedreturns from 1.0.2 to 1.0.4 (#2944)
• 7fbb11ca build(deps): bump github.com/fzipp/gocyclo from 0.5.1 to 0.6.0 (#2926)
• db5d58cd build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 (#2873)
• f75b1a8b build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 (#2958)
• 75be924e build(deps): bump github.com/kisielk/errcheck from 1.6.0 to 1.6.1 (#2871)
• 33f4aeeb build(deps): bump github.com/kulti/thelper from 0.6.2 to 0.6.3 (#2872)
• 6a412d3d build(deps): bump github.com/kunwardeep/paralleltest from 1.0.3 to 1.0.4 (#2907)
• 97eea6ea build(deps): bump github.com/kunwardeep/paralleltest from 1.0.4 to 1.0.6 (#2918)
• 3a0f646e build(deps): bump github.com/maratori/testpackage from 1.0.1 to 1.1.0 (#2945)
• 92d7022d build(deps): bump github.com/nishanths/exhaustive from 0.7.11 to 0.8.1 (#2906)
• 97d7415b build(deps): bump github.com/quasilyte/go-ruleguard/dsl from 0.3.19 to 0.3.21 (#2874)
• 0e3730d3 build(deps): bump github.com/securego/gosec/v2 from 2.11.0 to 2.12.0 (#2925)
• ac99dbcc build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#2908)
• 8e0a6725 build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.5 to 3.22.6 (#2959)
• c8e38c4b build(deps): bump github.com/sivchari/tenv from 1.5.0 to 1.6.0 (#2927)
• f70bf666 build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#2933)
• 153b4072 build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#2889)
• f03a5207 build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#2917)
• e33e63ed build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#2934)
• 44e9b34d build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (#2942)
• bb5b6625 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#2957)
• 2c30625c build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.6.1 to 2.6.2 (#2928)
• 9317da6c build(deps): bump github.com/uudashr/gocognit from 1.0.5 to 1.0.6 (#2962)
• 3071fecb build(deps): bump gitlab.com/bosi/decorder from 0.2.1 to 0.2.2 (#2943)
• d92f144d build(deps): bump goreleaser/goreleaser-action from 2 to 3 (#2876)
• ddee31ae build(deps): bump honnef.co/go/tools from 0.3.1 to 0.3.2 (#2870)
• 9ebc2d52 build(deps): bump moment from 2.29.2 to 2.29.4 in /.github/contributors (#2966)
• f9d81511 bump golang.org/x/tools to HEAD (#2875)
• de7cc56e chore: remove reviewers from dependabot configuration (#2932)
• 86bd8423 chore: spelling and grammar fixes (#2865)
• 4b218e66 config: spread go version on linter's configurations (#2913)
• ae2a9688 depguard: adjust phrasing (#2921)
• f2634d40 fix: codeQL scanning (#2882)
• 2f41c1f0 gci: fix issues and re-enable autofix (#2892)
• c531fc2a gosec: allow global config (#2880)
• 0abb2981 staticcheck: fix generics (#2976)

Sourced from github.com/golangci/golangci-lint's changelog.

v1.47.0

1. new linters:
   • asasalint: https://github.com/alingse/asasalint
   • nosnakecase: https://github.com/sivchari/nosnakecase
2. updated linters:
   • errname: from 0.1.6 to 0.1.7
   • gci: from 0.3.4 to 0.4.2
   • nonamedreturns: from 1.0.1 to 1.0.4
   • gocyclo: from 0.5.1 to 0.6.0
   • go-exhaustruct: from 2.1.0 to 2.2.0
   • errcheck: from 1.6.0 to 1.6.1
   • thelper: from 0.6.2 to 0.6.3
   • paralleltest: from 1.0.3 to 1.0.6
   • testpackage: from 1.0.1 to 1.1.0
   • exhaustive: from 0.7.11 to 0.8.1
   • go-ruleguard: from 0.3.19 to 0.3.21
   • gosec: from 2.11.0 to 2.12.0
   • tenv: from 1.5.0 to 1.6.0
   • wrapcheck: from 2.6.1 to 2.6.2
   • gocognit: from 1.0.5 to 1.0.6
   • decorder: from 0.2.1 to 0.2.2
   • honnef.co/go/tools: from 0.3.1 to 0.3.2
   • golang.org/x/tools: bump to HEAD
   • gci: fix issues and re-enable autofix
   • gosec: allow global config
   • staticcheck: fix generics
3. documentation:
   • add thanks page
   • add a clear explanation about the staticcheck integration.
   • depguard: add ignore-file-rules
   • depguard: adjust phrasing
   • gocritic: add enable and disable ruleguard settings
   • gomnd: fix typo
   • gosec: add configs for all existing rules
   • govet: add settings for shadow and unusedresult
   • thelper: add fuzz config and description
   • linters: add defaults

• b415402 Add linter asasalint to lint pass []any as any (#2968)
• e60937a build(deps): bump github.com/daixiang0/gci from 0.4.1 to 0.4.2 (#2979)
• 27f921f dev: use directives instead of comments for tests (#2978)
• 0abb298 staticcheck: fix generics (#2976)
• d6a39ef dev: remove kortschak from generated team (#2974)
• 5e18365 build(deps): bump github.com/daixiang0/gci from 0.4.0 to 0.4.1 (#2973)
• ed4befe dev: change err to nil (#2971)
• 9ebc2d5 build(deps): bump moment from 2.29.2 to 2.29.4 in /.github/contributors (#2966)
• b050b42 build(deps): bump moment from 2.29.2 to 2.29.4 in /docs (#2967)
• b8f1e2a build(deps): bump github.com/daixiang0/gci from 0.3.4 to 0.4.0 (#2965)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/anchore/syft's releases.

v0.51.0

Changelog

v0.51.0 (2022-07-11)

Full Changelog

Added Features

• Syft ignore docker images [[Issue #670](anchore/syft#670
• feat: add support for cocoapods (Swift/Objective-C) [[Issue #815](anchore/grype#815
• An option to limit to a single filesystem (like -xdev) [[Issue #674](anchore/syft#674
• Add Gentoo Linux support [[Issue #998](anchore/syft#998
• Update README.md with information about syft choco package [[Issue #1028](anchore/syft#1028

Bug Fixes

• syft attest cmd is not exporting output to file [[Issue #1061](anchore/syft#1061
• Name is duplicated into Package URL Namespace when Go module path has one element [[Issue #1091](anchore/syft#1091
• fix: unintended artifactRelationship records of type ownership-by-file-overlap are being reported [Issue 1077]

v0.50.0

Changelog

v0.50.0 (2022-07-06)

Full Changelog

Added Features

• Add a dockerized workflow for local dev [[Issue #1042](anchore/syft#1042
• add flag for image scanning to use all catalogers rather than just some [[Issue #1049](anchore/syft#1049
• feat: add Conan (C/C++) support [[Issue #1082](anchore/syft#1082

Bug Fixes

• composer.json isn't parsed for packages [[Issue #1064](anchore/syft#1064
• Source pom.xml cataloger Namespace error [[Issue #1075](anchore/syft#1075
• unintended artifactRelationship records of type ownership-by-file-overlap are being reported in SBOMs generated against current fedora container imges [[Issue #1077](anchore/syft#1077

v0.49.0

Changelog

v0.49.0 (2022-06-24)

Full Changelog

... (truncated)

• 470b130 feat: add support for cocoapods (Swift/Objective-C) (#1081)
• 2f1aa33 Fix package url for Go modules with no / (#1092)
• b3a7b91 Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090)
• 5206193 feat: output attestation to file (#1087)
• c7fa498 Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089)
• 4c55c62 Add portage support for Gentoo Linux (#1076)
• ba685ea Add PR action back to workflow with new token (#1086)
• 69134ed feat: add new login cmd (#1068)
• 47df669 update AltRpmDbGlob with comment and context (#1085)
• 57323a1 feat: add support for conan packages (C/C++) (#1083)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from go.opentelemetry.io/otel/trace's changelog.

[1.8.0/0.31.0] - 2022-07-08

Added

• Add support for opentracing.TextMap format in the Inject and Extract methods of the "go.opentelemetry.io/otel/bridge/opentracing".BridgeTracer type. (#2911)

Changed

• The crosslink make target has been updated to use the go.opentelemetry.io/build-tools/crosslink package. (#2886)
• In the go.opentelemetry.io/otel/sdk/instrumentation package rename Library to Scope and alias Library as Scope (#2976)
• Move metric no-op implementation form nonrecording to metric package. (#2866)

Removed

• Support for go1.16. Support is now only for go1.17 and go1.18 (#2917)

Deprecated

• The Library struct in the go.opentelemetry.io/otel/sdk/instrumentation package is deprecated. Use the equivalent Scope struct instead. (#2977)
• The ReadOnlySpan.InstrumentationLibrary method from the go.opentelemetry.io/otel/sdk/trace package is deprecated. Use the equivalent ReadOnlySpan.InstrumentationScope method instead. (#2977)

• 08ff959 Release prep 1.8.0 (#3001)
• eb9e058 Add workflow to automate bundling dependabot PRs (#2997)
• ac0221e Add a release template (#2863)
• 8b89e49 Feat/bridge support text map (#2911)
• 575e1bb Deprecate Library and move all uses to Scope (#2977)
• 5795c70 added traces.txt to gitignore for fib (#2993)
• 376973c typo fix (#2991)
• c2dc940 fix typo (#2986)
• 36b37c4 Update getting-started.md (#2984)
• ef6c0da docs(website_docs): fix exporting_data.md and getting-started.md toc (#2930)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from go.opentelemetry.io/otel's changelog.

[1.8.0/0.31.0] - 2022-07-08

Added

• Add support for opentracing.TextMap format in the Inject and Extract methods of the "go.opentelemetry.io/otel/bridge/opentracing".BridgeTracer type. (#2911)

Changed

• The crosslink make target has been updated to use the go.opentelemetry.io/build-tools/crosslink package. (#2886)
• In the go.opentelemetry.io/otel/sdk/instrumentation package rename Library to Scope and alias Library as Scope (#2976)
• Move metric no-op implementation form nonrecording to metric package. (#2866)

Removed

• Support for go1.16. Support is now only for go1.17 and go1.18 (#2917)

Deprecated

• The Library struct in the go.opentelemetry.io/otel/sdk/instrumentation package is deprecated. Use the equivalent Scope struct instead. (#2977)
• The ReadOnlySpan.InstrumentationLibrary method from the go.opentelemetry.io/otel/sdk/trace package is deprecated. Use the equivalent ReadOnlySpan.InstrumentationScope method instead. (#2977)

• 08ff959 Release prep 1.8.0 (#3001)
• eb9e058 Add workflow to automate bundling dependabot PRs (#2997)
• ac0221e Add a release template (#2863)
• 8b89e49 Feat/bridge support text map (#2911)
• 575e1bb Deprecate Library and move all uses to Scope (#2977)
• 5795c70 added traces.txt to gitignore for fib (#2993)
• 376973c typo fix (#2991)
• c2dc940 fix typo (#2986)
• 36b37c4 Update getting-started.md (#2984)
• ef6c0da docs(website_docs): fix exporting_data.md and getting-started.md toc (#2930)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sigs.k8s.io/kustomize/kustomize/v4's releases.

kustomize/v4.5.7

Due to an oversight, kustomize v4.5.6 has the golang testing library compiled in unnecessarily. This is a rerelease with the same functionality, but without the unnecessary additional library compiled in.

Dependency changes

#4743: Pin to kyaml v0.13.9 #4744: pin to cmd/config 0.10.9 #4745: pin to api v0.12.1

kustomize/v4.5.6

Due to an oversight, kustomize v4.5.6 has the golang testing library compiled in unnecessarily. It is advised that you upgrade to v4.5.7, which doesn't have the testing library compiled in.

Small features

#4704: Option to customize NamespaceTransformer role binding subject handling #4708: Option to customize NamespaceTransformer overwrite behaviour

Bug fixes

#4700: Correctly detect ambiguity between potential referrers when targeting a name+namespace reference #4703: Fix NameReference transformer handling of self-references in annotations #4730: Emit a warning when env loading bug is being relied on #4667: Replacements: fix issue with create: true option when there is an existing field

Dependency Changes

#4736: Pin to kyaml v0.13.8 #4737: Pin cmd/config 0.10.8 #4738: Pin to api v0.12.0 #4675: Update dependency github.com/xlab/treeprint to v1.1.0

kustomize/v4.5.5

This release is expected to have significant performance improvements for a good portion of inputs, due to #4568.

Small features

#4209: [Address #3937] Add labels to template/metadata if includeTemplates is true #4364: Add tagsuffix to take image tag suffix #4567: Add support for remote OpenAPI schema

Bug fixes and performance improvements

#4568: openapi parsing performance improvement with protobuffer #4489: Fix containerized function mounts issue #4577: Fix error message using replacement wildcard and create option #4565: Raise error for external generators or transformers

Dependency changes

#4644: Update kyaml to v0.13.7 #4645: Update cmd/config to v0.10.7 #4646: Update api to v0.11.5

• 56d82a8 Merge pull request #4745 from natasha41575/pinToApi
• 39dbddd pin api to v0.12.1
• 27a1de1 Merge pull request #4744 from natasha41575/pinToCmdConfig
• 7229f5f pin to cmd/config 0.10.9
• ba9d5ee Merge pull request #4743 from natasha41575/PinToKyaml
• 001b0c5 pin to kyaml v0.13.9
• bbeff6d prevent testing lib from being compiled in (#4742)
• e57b5d2 Merge pull request #4739 from natasha41575/updateReleaseNum
• dbd719b update latest release number to 4.5.6
• 29ca693 Merge pull request #4738 from natasha41575/pinToApi
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/anchore/syft's releases.

v0.53.2

Changelog

v0.53.2 (2022-08-02)

Full Changelog

Bug Fixes

• Phantom release 0.53.0 [[Issue #1128](anchore/syft#1128

v0.53.1

Changelog

v0.53.1 (2022-08-02)

Full Changelog

Added Features

• Singularity Image Format (SIF) support [[Issue #937](anchore/syft#937

v0.53.0

Changelog

v0.53.0 (2022-08-02)

Full Changelog

Added Features

• Add support for auditable Rust binaries [[Issue #1108](anchore/syft#1108

Bug Fixes

• WARN unable to convert relationship from CycloneDX 1.3 JSON [[Issue #980](anchore/syft#980
• purls not generated for unknown types [[Issue #1118](anchore/syft#1118

v0.52.0

Changelog

v0.52.0 (2022-07-21)

Full Changelog

Added Features

... (truncated)

• 69fb0a6 Overwrite deprecated SPDX licenses automatically (#1009)
• e68f384 disable release for docker assets (#1137)
• f5d02d4 improve docker release bootstrap (#1136)
• d361d40 Singularity Image Support (#974)
• b7f587f remove docker login from keychain (#1135)
• d196ab7 remove ENV checks from siging script (#1134)
• 1bf97af remove docker assets from main goreleaser configuration to reduce mac-os runn...
• ca69fb8 remove prefixed v from tag to match release (#1131)
• 8f21180 rollback actions-setup-docker to earlier version (#1130)
• b4c2728 Bump go-rustaudit to support rustaudit 0.2.0 (#1127)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from go.opentelemetry.io/otel/trace's changelog.

[1.9.0/0.0.3] - 2022-08-01

Added

• Add support for Schema Files format 1.1.x (metric "split" transform) with the new go.opentelemetry.io/otel/schema/v1.1 package. (#2999)
• Add the go.opentelemetry.io/otel/semconv/v1.11.0 package. The package contains semantic conventions from the v1.11.0 version of the OpenTelemetry specification. (#3009)
• Add the go.opentelemetry.io/otel/semconv/v1.12.0 package. The package contains semantic conventions from the v1.12.0 version of the OpenTelemetry specification. (#3010)
• Add the http.method attribute to HTTP server metric from all go.opentelemetry.io/otel/semconv/* packages. (#3018)

Fixed

• Invalid warning for context setup being deferred in go.opentelemetry.io/otel/bridge/opentracing package. (#3029)

[1.8.0/0.31.0] - 2022-07-08

Added

• Add support for opentracing.TextMap format in the Inject and Extract methods of the "go.opentelemetry.io/otel/bridge/opentracing".BridgeTracer type. (#2911)

Changed

• The crosslink make target has been updated to use the go.opentelemetry.io/build-tools/crosslink package. (#2886)
• In the go.opentelemetry.io/otel/sdk/instrumentation package rename Library to Scope and alias Library as Scope (#2976)
• Move metric no-op implementation form nonrecording to metric package. (#2866)

Removed

• Support for go1.16. Support is now only for go1.17 and go1.18 (#2917)

Deprecated

• The Library struct in the go.opentelemetry.io/otel/sdk/instrumentation package is deprecated. Use the equivalent Scope struct instead. (#2977)
• The ReadOnlySpan.InstrumentationLibrary method from the go.opentelemetry.io/otel/sdk/trace package is deprecated. Use the equivalent ReadOnlySpan.InstrumentationScope method instead. (#2977)

• e99a0ac Release v1.9.0 (#3052)
• 1eae91b Introduce "split" metric schema transformation (#2999)
• 05c5509 Add tests and fix opentracing bridge defer warning (#3029)
• 096a162 Add http.method attribute to http server metric (#3018)
• 5568a30 Add semconv/v1.12.0 (#3010)
• aa27169 Add semconv/v1.11.0 (#3009)
• f739569 Add benchmark metric test for UpDownCounter (#2655)
• 08ff959 Release prep 1.8.0 (#3001)
• eb9e058 Add workflow to automate bundling dependabot PRs (#2997)
• ac0221e Add a release template (#2863)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.9.0/0.0.3] - 2022-08-01

Added

• Add support for Schema Files format 1.1.x (metric "split" transform) with the new go.opentelemetry.io/otel/schema/v1.1 package. (#2999)
• Add the go.opentelemetry.io/otel/semconv/v1.11.0 package. The package contains semantic conventions from the v1.11.0 version of the OpenTelemetry specification. (#3009)
• Add the go.opentelemetry.io/otel/semconv/v1.12.0 package. The package contains semantic conventions from the v1.12.0 version of the OpenTelemetry specification. (#3010)
• Add the http.method attribute to HTTP server metric from all go.opentelemetry.io/otel/semconv/* packages. (#3018)

Fixed

• Invalid warning for context setup being deferred in go.opentelemetry.io/otel/bridge/opentracing package. (#3029)

[1.8.0/0.31.0] - 2022-07-08

Added

• Add support for opentracing.TextMap format in the Inject and Extract methods of the "go.opentelemetry.io/otel/bridge/opentracing".BridgeTracer type. (#2911)

Changed

• The crosslink make target has been updated to use the go.opentelemetry.io/build-tools/crosslink package. (#2886)
• In the go.opentelemetry.io/otel/sdk/instrumentation package rename Library to Scope and alias Library as Scope (#2976)
• Move metric no-op implementation form nonrecording to metric package. (#2866)

Removed

• Support for go1.16. Support is now only for go1.17 and go1.18 (#2917)

Deprecated

• The Library struct in the go.opentelemetry.io/otel/sdk/instrumentation package is deprecated. Use the equivalent Scope struct instead. (#2977)
• The ReadOnlySpan.InstrumentationLibrary method from the go.opentelemetry.io/otel/sdk/trace package is deprecated. Use the equivalent ReadOnlySpan.InstrumentationScope method instead. (#2977)

• e99a0ac Release v1.9.0 (#3052)
• 1eae91b Introduce "split" metric schema transformation (#2999)
• 05c5509 Add tests and fix opentracing bridge defer warning (#3029)
• 096a162 Add http.method attribute to http server metric (#3018)
• 5568a30 Add semconv/v1.12.0 (#3010)
• aa27169 Add semconv/v1.11.0 (#3009)
• f739569 Add benchmark metric test for UpDownCounter (#2655)
• 08ff959 Release prep 1.8.0 (#3001)
• eb9e058 Add workflow to automate bundling dependabot PRs (#2997)
• ac0221e Add a release template (#2863)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from go.opentelemetry.io/otel's changelog.

[1.9.0/0.0.3] - 2022-08-01

Added

• Add support for Schema Files format 1.1.x (metric "split" transform) with the new go.opentelemetry.io/otel/schema/v1.1 package. (#2999)
• Add the go.opentelemetry.io/otel/semconv/v1.11.0 package. The package contains semantic conventions from the v1.11.0 version of the OpenTelemetry specification. (#3009)
• Add the go.opentelemetry.io/otel/semconv/v1.12.0 package. The package contains semantic conventions from the v1.12.0 version of the OpenTelemetry specification. (#3010)
• Add the http.method attribute to HTTP server metric from all go.opentelemetry.io/otel/semconv/* packages. (#3018)

Fixed

• Invalid warning for context setup being deferred in go.opentelemetry.io/otel/bridge/opentracing package. (#3029)

[1.8.0/0.31.0] - 2022-07-08

Added

• Add support for opentracing.TextMap format in the Inject and Extract methods of the "go.opentelemetry.io/otel/bridge/opentracing".BridgeTracer type. (#2911)

Changed

• The crosslink make target has been updated to use the go.opentelemetry.io/build-tools/crosslink package. (#2886)
• In the go.opentelemetry.io/otel/sdk/instrumentation package rename Library to Scope and alias Library as Scope (#2976)
• Move metric no-op implementation form nonrecording to metric package. (#2866)

Removed

• Support for go1.16. Support is now only for go1.17 and go1.18 (#2917)

Deprecated

• The Library struct in the go.opentelemetry.io/otel/sdk/instrumentation package is deprecated. Use the equivalent Scope struct instead. (#2977)
• The ReadOnlySpan.InstrumentationLibrary method from the go.opentelemetry.io/otel/sdk/trace package is deprecated. Use the equivalent ReadOnlySpan.InstrumentationScope method instead. (#2977)

• e99a0ac Release v1.9.0 (#3052)
• 1eae91b Introduce "split" metric schema transformation (#2999)
• 05c5509 Add tests and fix opentracing bridge defer warning (#3029)
• 096a162 Add http.method attribute to http server metric (#3018)
• 5568a30 Add semconv/v1.12.0 (#3010)
• aa27169 Add semconv/v1.11.0 (#3009)
• f739569 Add benchmark metric test for UpDownCounter (#2655)
• 08ff959 Release prep 1.8.0 (#3001)
• eb9e058 Add workflow to automate bundling dependabot PRs (#2997)
• ac0221e Add a release template (#2863)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/golangci/golangci-lint's releases.

v1.47.3

Changelog

• 72fc41ce build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0 (#3009)
• 57d61afb build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v2 from 2.2.0 to 2.2.2 (#3030)
• 9cb17e4f build(deps): bump github.com/alingse/asasalint from 0.0.10 to 0.0.11 (#3003)
• 2ab46788 build(deps): bump github.com/daixiang0/gci from 0.4.3 to 0.5.0 (#3031)
• 03d9b113 build(deps): bump github.com/ryancurrah/gomodguard from 1.2.3 to 1.2.4 (#3029)
• e55f22c7 build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#3010)
• c7ed8b67 build(deps): bump github.com/sivchari/nosnakecase from 1.5.0 to 1.7.0 (#3008)
• 95d57d99 build(deps): bump gitlab.com/bosi/decorder from 0.2.2 to 0.2.3 (#3033)
• d186efe9 build(deps): bump honnef.co/go/tools from 0.3.2 to 0.3.3 (#3032)
• 846fab81 cgo: fix linters ignoring Cgo files (#3025)
• d44cd49a feat: remove some go1.18 limitations (#3001)
• 886fbd71 gci: fix panic with invalid configuration option (#3019)

v1.47.2

Changelog

• 61673b34 revive: ignore slow rules (#2999)

v1.47.1

Changelog

• a91463cd build(deps): bump github.com/daixiang0/gci from 0.4.2 to 0.4.3 (#2992)
• 4c8bdc70 build(deps): bump github.com/sivchari/tenv from 1.6.0 to 1.7.0 (#2988)
• 4e60e8a8 gci: fix options display (#2989)
• fd87bd1e gci: remove the use of stdin (#2984)

v1.47.0

Changelog

• b4154027 Add linter asasalint to lint pass []any as any (#2968)
• 1d8a15a0 add nosnakecase lint (#2828)
• 2a1edcef build(deps): bump github.com/Antonboom/errname from 0.1.6 to 0.1.7 (#2888)
• c766184c build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v2 from 2.1.0 to 2.2.0 (#2916)
• b8f1e2a5 build(deps): bump github.com/daixiang0/gci from 0.3.4 to 0.4.0 (#2965)
• 5e183652 build(deps): bump github.com/daixiang0/gci from 0.4.0 to 0.4.1 (#2973)
• e60937a1 build(deps): bump github.com/daixiang0/gci from 0.4.1 to 0.4.2 (#2979)
• 98c811d0 build(deps): bump github.com/firefart/nonamedreturns from 1.0.1 to 1.0.2 (#2929)
• 023e1c4f build(deps): bump github.com/firefart/nonamedreturns from 1.0.2 to 1.0.4 (#2944)
• 7fbb11ca build(deps): bump github.com/fzipp/gocyclo from 0.5.1 to 0.6.0 (#2926)
• db5d58cd build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.5.0 (#2873)
• f75b1a8b build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 (#2958)
• 75be924e build(deps): bump github.com/kisielk/errcheck from 1.6.0 to 1.6.1 (#2871)
• 33f4aeeb build(deps): bump github.com/kulti/thelper from 0.6.2 to 0.6.3 (#2872)
• 6a412d3d build(deps): bump github.com/kunwardeep/paralleltest from 1.0.3 to 1.0.4 (#2907)
• 97eea6ea build(deps): bump github.com/kunwardeep/paralleltest from 1.0.4 to 1.0.6 (#2918)
• 3a0f646e build(deps): bump github.com/maratori/testpackage from 1.0.1 to 1.1.0 (#2945)
• 92d7022d build(deps): bump github.com/nishanths/exhaustive from 0.7.11 to 0.8.1 (#2906)
• 97d7415b build(deps): bump github.com/quasilyte/go-ruleguard/dsl from 0.3.19 to 0.3.21 (#2874)
• 0e3730d3 build(deps): bump github.com/securego/gosec/v2 from 2.11.0 to 2.12.0 (#2925)

... (truncated)

Sourced from github.com/golangci/golangci-lint's changelog.

v1.47.3

1. updated linters:
   • remove some go1.18 limitations
   • asasalint: from 0.0.10 to 0.0.11
   • decorder: from 0.2.2 to v0.2.3
   • gci: fix panic with invalid configuration option
   • gci: from 0.4.3 to v0.5.0
   • go-exhaustruct: from 2.2.0 to 2.2.2
   • gomodguard: from 1.2.3 to 1.2.4
   • nosnakecase: from 1.5.0 to 1.7.0
   • honnef.co/go/tools: from 0.3.2 to v0.3.3
2. misc
   • cgo: fix linters ignoring CGo files

v1.47.2

1. updated linters:
   • revive: ignore slow rules

v1.47.1

1. updated linters:
   • gci: from 0.4.2 to 0.4.3
   • gci: remove the use of stdin
   • gci: fix options display
   • tenv: from 1.6.0 to 1.7.0
   • unparam: bump to HEAD

v1.47.0

1. new linters:
   • asasalint: https://github.com/alingse/asasalint
   • nosnakecase: https://github.com/sivchari/nosnakecase
2. updated linters:
   • decorder: from 0.2.1 to 0.2.2
   • errcheck: from 1.6.0 to 1.6.1
   • errname: from 0.1.6 to 0.1.7
   • exhaustive: from 0.7.11 to 0.8.1
   • gci: fix issues and re-enable autofix
   • gci: from 0.3.4 to 0.4.2
   • go-exhaustruct: from 2.1.0 to 2.2.0
   • go-ruleguard: from 0.3.19 to 0.3.21
   • gocognit: from 1.0.5 to 1.0.6
   • gocyclo: from 0.5.1 to 0.6.0
   • golang.org/x/tools: bump to HEAD
   • gosec: allow global config
   • gosec: from 2.11.0 to 2.12.0
   • nonamedreturns: from 1.0.1 to 1.0.4
   • paralleltest: from 1.0.3 to 1.0.6

... (truncated)

• d186efe build(deps): bump honnef.co/go/tools from 0.3.2 to 0.3.3 (#3032)
• 57d61af build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v2 from 2.2.0...
• 95d57d9 build(deps): bump gitlab.com/bosi/decorder from 0.2.2 to 0.2.3 (#3033)
• 2ab4678 build(deps): bump github.com/daixiang0/gci from 0.4.3 to 0.5.0 (#3031)
• 03d9b11 build(deps): bump github.com/ryancurrah/gomodguard from 1.2.3 to 1.2.4 (#3029)
• cee90e3 docs: fix broken license link (#3028)
• 846fab8 cgo: fix linters ignoring Cgo files (#3025)
• 886fbd7 gci: fix panic with invalid configuration option (#3019)
• d03608f doc: add Bytebase info the trusted-by page (#3013)
• a9dc1ce dev: change format like function without args (#3012)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)