Skip to content

chore(deps): bump github.com/anchore/syft from 1.45.1 to 1.46.0#532

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.46.0
Open

chore(deps): bump github.com/anchore/syft from 1.45.1 to 1.46.0#532
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.46.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/anchore/syft from 1.45.1 to 1.46.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.46.0

Added Features

Bug Fixes

Dependencies

34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated.

🟢 Remediated (5)

  • github.com/ProtonMail/go-crypto v1.4.0v1.4.1
  • github.com/anchore/bubbly v0.2.0v0.2.1
  • github.com/anchore/clio v0.1.0v0.1.1
  • github.com/anchore/fangs v0.1.0v0.1.1
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/anchore/go-lzo v0.1.0v0.1.1
  • github.com/anchore/go-macholibre v0.1.0v0.1.1
  • github.com/anchore/go-make v0.5.0v0.8.0
  • github.com/anchore/go-struct-converter v0.1.0v0.2.0-rc2

... (truncated)

Commits
  • b15c5db chore(deps): update anchore dependencies (#4960)
  • 35d56bf Update go-make to v0.8.0 (#5010)
  • abf6d78 fixes the wrapped taskfile-tasks (#5013)
  • fe42bce fix(purl-backfill): respect arch qualifier (#4987)
  • fea4a50 feat: deno cataloger #4417 (#4523)
  • 5eefd73 chore(deps): bump golang.org/x/tools from 0.45.0 to 0.46.0 (#5008)
  • 684c701 chore(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#5004)
  • f827f91 chore(deps): bump golang.org/x/mod from 0.36.0 to 0.37.0 (#5007)
  • e9af7d2 chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.10 to 6.8.1 (#5006)
  • 506ad5d refactor release pipeline: TAG_TOKEN, skip-checks gate, dependabot/zizmor cle...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies dealing with project dependencies label Jul 3, 2026
@oss-auto-merger oss-auto-merger Bot enabled auto-merge (squash) July 3, 2026 23:23
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.46.0 branch from 7a02d5e to 0e3963c Compare July 3, 2026 23:33
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.45.1 to 1.46.0.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.45.1...v1.46.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-version: 1.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.46.0 branch from 0e3963c to 84d3a2d Compare July 3, 2026 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies dealing with project dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants