Skip to content

build(deps): bump github.com/anchore/syft from 1.38.0 to 1.46.0#2002

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.45.1
Closed

build(deps): bump github.com/anchore/syft from 1.38.0 to 1.46.0#2002
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.45.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/anchore/syft from 1.38.0 to 1.46.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.46.0

Added Features

Bug Fixes

Dependencies

34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated.

🟢 Remediated (5)

  • github.com/ProtonMail/go-crypto v1.4.0v1.4.1
  • github.com/anchore/bubbly v0.2.0v0.2.1
  • github.com/anchore/clio v0.1.0v0.1.1
  • github.com/anchore/fangs v0.1.0v0.1.1
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/anchore/go-lzo v0.1.0v0.1.1
  • github.com/anchore/go-macholibre v0.1.0v0.1.1
  • github.com/anchore/go-make v0.5.0v0.8.0
  • github.com/anchore/go-struct-converter v0.1.0v0.2.0-rc2

... (truncated)

Commits
  • b15c5db chore(deps): update anchore dependencies (#4960)
  • 35d56bf Update go-make to v0.8.0 (#5010)
  • abf6d78 fixes the wrapped taskfile-tasks (#5013)
  • fe42bce fix(purl-backfill): respect arch qualifier (#4987)
  • fea4a50 feat: deno cataloger #4417 (#4523)
  • 5eefd73 chore(deps): bump golang.org/x/tools from 0.45.0 to 0.46.0 (#5008)
  • 684c701 chore(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#5004)
  • f827f91 chore(deps): bump golang.org/x/mod from 0.36.0 to 0.37.0 (#5007)
  • e9af7d2 chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.10 to 6.8.1 (#5006)
  • 506ad5d refactor release pipeline: TAG_TOKEN, skip-checks gate, dependabot/zizmor cle...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 18, 2026
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.38.0 to 1.46.0.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.38.0...v1.46.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-version: 1.45.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump github.com/anchore/syft from 1.38.0 to 1.45.1 build(deps): bump github.com/anchore/syft from 1.38.0 to 1.46.0 Jul 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.45.1 branch from ccc7bc6 to f837d3d Compare July 7, 2026 11:32
@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #2016.

@dependabot dependabot Bot closed this Jul 7, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/anchore/syft-1.45.1 branch July 7, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants