Sourced from github.com/anchore/syft's releases.

v0.55.0

Changelog

(Unreleased) (2022-08-29)

Full Changelog

Added Features

• Capture package.json private field for npm modules [[Issue #1160](anchore/syft#1160
• add support for pnpm [[Issue #1165](anchore/syft#1165

Bug Fixes

• Java-Cataloger produces empty entries for cyclonedx output [[Issue #466](anchore/syft#466
• No licenses included in scan with yarn.lock [[Issue #845](anchore/syft#845
• syft convert -o option erroring out [[Issue #1095](anchore/syft#1095

v0.54.0

Changelog

v0.54.0 (2022-08-17)

Full Changelog

Added Features

• Assume :latest tag implicitly [[Issue #411](anchore/syft#411
• Add 'rpm modularity' to rpm records generated by syft [[Issue #1145](anchore/syft#1145

Bug Fixes

• Empty metadata while decoding should be allowed [[PR #1154](anchore/syft#1154 [wagoodman]
• Add PHP Composer dev dependencies [[Issue #773](anchore/syft#773
• opaque error when scanning an image in github registry [[Issue #790](anchore/syft#790
• javascript-lock-cataloger not detect and parse yarn.lock file [[Issue #798](anchore/syft#798
• Distro identification fails for dir: scheme when identityFiles not in scope. [[Issue #814](anchore/syft#814
• podman report not working [[Issue #893](anchore/syft#893
• Parsing yarn.lock fails to identify the currect package and version combinations [[Issue #925](anchore/syft#925
• gemspecs going unreported [[Issue #960](anchore/syft#960
• json SPDX invalid format [[Issue #992](anchore/syft#992
• Docker configuration issue on release [[Issue #1126](anchore/syft#1126
• Can't configure off-by-default cataloger without using --all [[Issue #1141](anchore/syft#1141

v0.53.4

Changelog

v0.53.4 (2022-08-03)

Full Changelog

... (truncated)

• a7966a4 update stereoscope to latest (#1181)
• 4ebf6af Update syft bootstrap tools to latest versions. (#1180)
• 615f933 Bug fix for 1095 - syft conversion option error (#1177)
• 2c882f6 Update syft bootstrap tools to latest versions. (#1176)
• 7d4f333 enhance development support on macOS ARM (#1163)
• 5e93d1e Capture if a node module is private (#1161)
• 57c5413 Find version numbers from jars with different naming conventions (#1174)
• b0fc955 Update syft bootstrap tools to latest versions. (#1171)
• 6949a25 Fix update-bootstrap-tools workflow (#1170)
• 5282820 workflow to create automated PRs to update bootstrap tools (#1167)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)