Bump scality/sbom from 1.2.2 to 2.1.0

[dependabot]

Bumps scality/sbom from 1.2.2 to 2.1.0.

Release notes

Sourced from scality/sbom's releases.

v2.1.0

What's Changed

• ✨ add cyclonedx merge by @​m4nch0t in scality/sbom#21

Full Changelog: scality/sbom@v2.0.0...v2.1.0

v2.1.0-rc3

Full Changelog: scality/sbom@v2.0.0...v2.1.0-rc3

v2.1.0-rc2

Full Changelog: scality/sbom@v2.0.0...v2.1.0-rc2

v2.1.0-rc1

Full Changelog: scality/sbom@v2.1.0-alpha2...v2.1.0-rc1

v2.1.0-alpha2

Full Changelog: scality/sbom@v2.0.0...v2.1.0-alpha2

v2.1.0-alpha

Full Changelog: scality/sbom@v2.0.0...v2.1.0-alpha

v2.0.0

What's Changed

• clean temp directories to avoid errors when running multiple times by @​m4nch0t in scality/sbom#16
• ⬆️ Bump requests from 2.31.0 to 2.32.0 in /.devcontainer by @​dependabot in scality/sbom#14
• 👷 add dependabot and tests by @​m4nch0t in scality/sbom#17
• ⬆️ Bump actions/create-github-app-token from 1 to 2 in /.github/workflows by @​dependabot in scality/sbom#20
• ♻️ refactor all ghaction by @​m4nch0t in scality/sbom#19

Full Changelog: scality/sbom@v1.2.4...v2.0.0

Github action refactorisation

This new version of GitHub Action got a cleaner and more robust codebase with vulnerability reports.

v2.0.0-alpha1

No release notes provided.

v1.2.3

What's Changed

Bump scanners versions:

• syft 1.8.0 from 1.3.0
• grype 0.79.1 from 0.77.3
• trivy 0.53.0 from 0.51.1

Excluded media types found output will now be more precise, only mediatype found in a list will be show.

Fix a bug during installation:

Invalid cross-device link: 'tmp_syft/syft' -> '/usr/local/bin/syft'

Commits

• 92c2e14 Merge pull request #21 from scality/feateure/add-merge
• 5eb7484 ✨ add cyclonedx merge
• 1fce4e5 Merge pull request #19 from scality/gh_refacto
• 0d86bed Merge branch 'main' into gh_refacto
• 3623a1d ♻️ refactor ghaction
• 2ce3741 Merge pull request #20 from scality/dependabot/github_actions/dot-github/work...
• 48c2428 ⬆️ Bump actions/create-github-app-token in /.github/workflows
• cf45775 Merge pull request #17 from scality/add_dependabot
• 10d735b ✨ add pre-commit, reviews and venv
• e1254a0 Merge branch 'main' into add_dependabot
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[bert-e]

Hello dependabot[bot],

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

The following options are set: bypass_author_approval, bypass_jira_check

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• one peer

Peer approvals must include at least 1 approval from the following list:

• @TeddyAndrieux

• @JBWatenbergScality

• @eg-ayoub

• @xaf-scality

• @aprucolimartins

• @m4nch0t

• @ezekiel-alexrod

• @ChengYanJin

• @thomasdanan

The following options are set: bypass_author_approval, bypass_jira_check

[bert-e]

Conflict

There is a conflict between your branch dependabot/github_actions/scality/sbom-2.1.0 and the
destination branch development/130.0.

Please resolve the conflict on the feature branch (dependabot/github_actions/scality/sbom-2.1.0).

git fetch && \
git checkout origin/dependabot/github_actions/scality/sbom-2.1.0 && \
git merge origin/development/130.0

Resolve merge conflicts and commit

git push origin HEAD:dependabot/github_actions/scality/sbom-2.1.0

The following options are set: bypass_author_approval, bypass_jira_check

[dependabot]

Looks like scality/sbom is up-to-date now, so this is no longer needed.