Skip to content

Bump github.com/anchore/syft from 1.38.0 to 1.42.3#17

Merged
neetogit-bot[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.42.3
Apr 3, 2026
Merged

Bump github.com/anchore/syft from 1.38.0 to 1.42.3#17
neetogit-bot[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.42.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 3, 2026

Bumps github.com/anchore/syft from 1.38.0 to 1.42.3.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.3

Bug Fixes

  • Missing secondary evidence for .NET dependency in ghcr.io/open-telemetry/demo:2.0.0-accounting image [#4652]

Additional Changes

(Full Changelog)

v1.42.2

Bug Fixes

Additional Changes

(Full Changelog)

v1.42.1

Bug Fixes

Additional Changes

(Full Changelog)

v1.42.0

Added Features

Additional Changes

  • CPE detection for APK libavif to use aomedia vendor [#4597 @​naag]

(Full Changelog)

... (truncated)

Commits
  • 860126c chore(deps): update anchore dependencies (#4681)
  • 36639f1 chore(deps): bump github.com/buger/jsonsparser to v1.1.2 (#4680)
  • f32238c chore(deps): bump the go-minor-patch group with 2 updates (#4678)
  • 0c8eef6 chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4675)
  • 4d42f8a chore(deps): bump the go-minor-patch group with 2 updates (#4674)
  • e388511 chore: centralize temp files and prefer streaming IO (#4668)
  • a3dacf5 chore(deps): update tools to latest versions (#4663)
  • cccc9bf chore(deps): bump the go-minor-patch group with 3 updates (#4669)
  • 59f7725 chore(deps): bump github/codeql-action (#4670)
  • 7a6b157 chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#4671)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump github.com/anchore/syft from 1.38.0 to 1.42.3
61b2fc8 
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.38.0 to 1.42.3.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.38.0...v1.42.3)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-version: 1.42.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go labels Apr 3, 2026
@neetogit-bot
Copy link
Copy Markdown

neetogit-bot Bot commented Apr 3, 2026

NeetoGit is monitoring this dependabot PR (github.com/anchore/syft 1.38.0 → 1.42.3). Once CI completes, this PR will be auto-merged if all checks pass, or a reviewer will be assigned if CI fails.

This comment was auto-generated by NeetoGit.

@neetogit-bot neetogit-bot Bot removed the go label Apr 3, 2026
@neetogit-bot
Copy link
Copy Markdown

neetogit-bot Bot commented Apr 3, 2026

Label "go" is not an approved label and cannot be applied.

For a detailed list of all allowed labels please refer to approved labels list.
If you want to add a new label to this list, please create an issue in neeto-engineering-web and get it approved by Neeraj/Suman/Kirti.

1 similar comment
@neetogit-bot
Copy link
Copy Markdown

neetogit-bot Bot commented Apr 3, 2026

Label "go" is not an approved label and cannot be applied.

For a detailed list of all allowed labels please refer to approved labels list.
If you want to add a new label to this list, please create an issue in neeto-engineering-web and get it approved by Neeraj/Suman/Kirti.

@neetogit-bot neetogit-bot Bot added the mergepr label Apr 3, 2026
@neetogit-bot neetogit-bot Bot merged commit 10d431a into main Apr 3, 2026
4 of 6 checks passed
@neetogit-bot neetogit-bot Bot deleted the dependabot/go_modules/github.com/anchore/syft-1.42.3 branch April 3, 2026 04:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file mergepr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants