Skip to content

build(deps): bump github.com/anchore/syft from 1.38.0 to 1.42.3#1911

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/anchore/syft-1.42.3
Open

build(deps): bump github.com/anchore/syft from 1.38.0 to 1.42.3#1911
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/anchore/syft-1.42.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2026
edited
Loading

Bumps github.com/anchore/syft from 1.38.0 to 1.42.3.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.3

Bug Fixes

  • Missing secondary evidence for .NET dependency in ghcr.io/open-telemetry/demo:2.0.0-accounting image [#4652]

Additional Changes

(Full Changelog)

v1.42.2

Bug Fixes

Additional Changes

(Full Changelog)

v1.42.1

Bug Fixes

Additional Changes

(Full Changelog)

v1.42.0

Added Features

Additional Changes

  • CPE detection for APK libavif to use aomedia vendor [#4597 @​naag]

(Full Changelog)

... (truncated)

Commits
  • 860126c chore(deps): update anchore dependencies (#4681)
  • 36639f1 chore(deps): bump github.com/buger/jsonsparser to v1.1.2 (#4680)
  • f32238c chore(deps): bump the go-minor-patch group with 2 updates (#4678)
  • 0c8eef6 chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4675)
  • 4d42f8a chore(deps): bump the go-minor-patch group with 2 updates (#4674)
  • e388511 chore: centralize temp files and prefer streaming IO (#4668)
  • a3dacf5 chore(deps): update tools to latest versions (#4663)
  • cccc9bf chore(deps): bump the go-minor-patch group with 3 updates (#4669)
  • 59f7725 chore(deps): bump github/codeql-action (#4670)
  • 7a6b157 chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4671)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 20, 2026
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.42.3 branch 3 times, most recently from 190a530 to f9e361e Compare March 30, 2026 09:22
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.42.3 branch 5 times, most recently from 49ecaec to bb988df Compare April 16, 2026 00:41
@dependabot
build(deps): bump github.com/anchore/syft from 1.38.0 to 1.42.3
e7c2769 
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.38.0 to 1.42.3.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.38.0...v1.42.3)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-version: 1.42.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.42.3 branch from bb988df to e7c2769 Compare April 16, 2026 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants