Skip to content

build(deps): bump github.com/anchore/syft from 1.39.0 to 1.42.3 in /sbomtool#343

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/sbomtool/github.com/anchore/syft-1.42.3
Open

build(deps): bump github.com/anchore/syft from 1.39.0 to 1.42.3 in /sbomtool#343
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/sbomtool/github.com/anchore/syft-1.42.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 20, 2026
edited
Loading

Bumps github.com/anchore/syft from 1.39.0 to 1.42.3.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.3

Bug Fixes

  • Missing secondary evidence for .NET dependency in ghcr.io/open-telemetry/demo:2.0.0-accounting image [#4652]

Additional Changes

(Full Changelog)

v1.42.2

Bug Fixes

Additional Changes

(Full Changelog)

v1.42.1

Bug Fixes

Additional Changes

(Full Changelog)

v1.42.0

Added Features

Additional Changes

  • CPE detection for APK libavif to use aomedia vendor [#4597 @​naag]

(Full Changelog)

... (truncated)

Commits
  • 860126c chore(deps): update anchore dependencies (#4681)
  • 36639f1 chore(deps): bump github.com/buger/jsonsparser to v1.1.2 (#4680)
  • f32238c chore(deps): bump the go-minor-patch group with 2 updates (#4678)
  • 0c8eef6 chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4675)
  • 4d42f8a chore(deps): bump the go-minor-patch group with 2 updates (#4674)
  • e388511 chore: centralize temp files and prefer streaming IO (#4668)
  • a3dacf5 chore(deps): update tools to latest versions (#4663)
  • cccc9bf chore(deps): bump the go-minor-patch group with 3 updates (#4669)
  • 59f7725 chore(deps): bump github/codeql-action (#4670)
  • 7a6b157 chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4671)
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/sbomtool/github.com/anchore/syft-1.42.3 branch from 52b9cdc to ea893d3 Compare March 27, 2026 22:27
@piyush-jena
Copy link
Copy Markdown
Contributor

piyush-jena commented Mar 27, 2026
edited
Loading

@dependabot recreate

@dependabot
build(deps): bump github.com/anchore/syft in /sbomtool
6949497 
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.39.0 to 1.42.3.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.39.0...v1.42.3)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-version: 1.42.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/sbomtool/github.com/anchore/syft-1.42.3 branch from ea893d3 to 6949497 Compare March 27, 2026 22:36
@jpculp jpculp mentioned this pull request May 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@piyush-jena