chore(deps): update ⬆️ aqua-packages (#113)

mend-for-gb.xjqchip.workers.dev[bot] · web-flow · commit d4abaf1ab863 · 2024-01-10T17:00:35.000+01:00
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [anchore/syft](https://togithub.com/anchore/syft) | minor | `v0.73.0`
-&gt; `v0.100.0` |
| [aquaproj/aqua-registry](https://togithub.com/aquaproj/aqua-registry)
| minor | `v4.44.1` -&gt; `v4.115.0` |
| [charmbracelet/glow](https://togithub.com/charmbracelet/glow) | patch
| `v1.5.0` -&gt; `v1.5.1` |
| [direnv/direnv](https://togithub.com/direnv/direnv) | minor |
`v2.32.2` -&gt; `v2.33.0` |
| [gitleaks/gitleaks](https://togithub.com/gitleaks/gitleaks) | patch |
`v8.18.0` -&gt; `v8.18.1` |
| [golang/go](https://togithub.com/golang/go) | patch | `1.21.0` -&gt;
`1.21.6` |
| [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint)
| minor | `v1.52.2` -&gt; `v1.55.2` |
| [goreleaser/goreleaser](https://togithub.com/goreleaser/goreleaser) |
minor | `v1.20.0` -&gt; `v1.23.0` |
|
[gotestyourself/gotestsum](https://togithub.com/gotestyourself/gotestsum)
| minor | `v1.9.0` -&gt; `v1.11.0` |
| [helm/helm](https://togithub.com/helm/helm) | minor | `v3.11.1` -&gt;
`v3.13.3` |
| [kubernetes-sigs/kind](https://togithub.com/kubernetes-sigs/kind) |
minor | `v0.17.0` -&gt; `v0.20.0` |
| [kubernetes/minikube](https://togithub.com/kubernetes/minikube) |
minor | `v1.31.2` -&gt; `v1.32.0` |
| [magefile/mage](https://togithub.com/magefile/mage) | minor |
`v1.14.0` -&gt; `v1.15.0` |
| [miniscruff/changie](https://togithub.com/miniscruff/changie) | minor
| `v1.12.0` -&gt; `v1.17.0` |
| [mvdan/gofumpt](https://togithub.com/mvdan/gofumpt) | minor | `v0.4.0`
-&gt; `v0.5.0` |
| [norwoodj/helm-docs](https://togithub.com/norwoodj/helm-docs) | minor
| `v1.11.0` -&gt; `v1.12.0` |
| [stern/stern](https://togithub.com/stern/stern) | minor | `v1.23.0` -&gt;
`v1.28.0` |
| [tilt-dev/tilt](https://togithub.com/tilt-dev/tilt) | minor |
`v0.32.0` -&gt; `v0.33.10` |

---

### Release Notes

&lt;details&gt;
&lt;summary&gt;anchore/syft (anchore/syft)&lt;/summary&gt;

###
[`v0.100.0`](https://togithub.com/anchore/syft/releases/tag/v0.100.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.99.0...v0.100.0)

##### Added Features

- Add more functionality to the ErLang parser
\[[#&amp;#8203;2390](https://togithub.com/anchore/syft/pull/2390)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]
- Added OpenSSL binary matcher
\[[#&amp;#8203;2416](https://togithub.com/anchore/syft/pull/2416)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]
- Add ability to extend the binaries cataloguers
\[[#&amp;#8203;2469](https://togithub.com/anchore/syft/pull/2469)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]

##### Bug Fixes

- Added missing Purl for busybox
\[[#&amp;#8203;2457](https://togithub.com/anchore/syft/pull/2457)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]
- Fix diff error obfuscating binary test failures message
\[[#&amp;#8203;2468](https://togithub.com/anchore/syft/pull/2468)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]
- v0.99.0: CycloneDX json output breaks osv-scanner
\[[#&amp;#8203;2467](https://togithub.com/anchore/syft/issues/2467)]

##### Additional Changes

- update openssl binary to -x
\[[#&amp;#8203;2456](https://togithub.com/anchore/syft/pull/2456)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.99.0...v0.100.0)**

### [`v0.99.0`](https://togithub.com/anchore/syft/releases/tag/v0.99.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.98.0...v0.99.0)

##### Added Features

- Look for a maven version in a pom from a parent dependency management…
\[[#&amp;#8203;2423](https://togithub.com/anchore/syft/pull/2423)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Adding the ability to retrieve remote licenses for yarn.lock
\[[#&amp;#8203;2338](https://togithub.com/anchore/syft/pull/2338)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Retrieve remote licenses using pom.properties when there is no pom.xml
\[[#&amp;#8203;2315](https://togithub.com/anchore/syft/pull/2315)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add the option to retrieve remote licenses for projects defined in a …
\[[#&amp;#8203;2409](https://togithub.com/anchore/syft/pull/2409)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Parse Python licenses from LicenseFile entry in the Wheel Metadata
\[[#&amp;#8203;2331](https://togithub.com/anchore/syft/pull/2331)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add binary classifier for the ERLang interpreter
\[[#&amp;#8203;2417](https://togithub.com/anchore/syft/pull/2417)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]
- Parse Python licenses from LicenseExpression entry in the Wheel
Metadata \[[#&amp;#8203;2431](https://togithub.com/anchore/syft/pull/2431)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add binary classifier for Julia lang
\[[#&amp;#8203;2427](https://togithub.com/anchore/syft/pull/2427)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]
- Add binary detection for PHP composer
\[[#&amp;#8203;2432](https://togithub.com/anchore/syft/pull/2432)
[@&amp;#8203;LaurentGoderre](https://togithub.com/LaurentGoderre)]

##### Bug Fixes

- bump fangs for ptr summarize fix
\[[#&amp;#8203;2387](https://togithub.com/anchore/syft/pull/2387)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]
- improve identification for org.codehaus.groovy artifacts
\[[#&amp;#8203;2404](https://togithub.com/anchore/syft/pull/2404)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for commons-jelly artifacts
\[[#&amp;#8203;2399](https://togithub.com/anchore/syft/pull/2399)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for io.minio artifacts
\[[#&amp;#8203;2398](https://togithub.com/anchore/syft/pull/2398)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for com.graphql-java artifacts
\[[#&amp;#8203;2397](https://togithub.com/anchore/syft/pull/2397)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for org.apache.tapestry artifacts
\[[#&amp;#8203;2384](https://togithub.com/anchore/syft/pull/2384)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for io.ratpack artifacts
\[[#&amp;#8203;2379](https://togithub.com/anchore/syft/pull/2379)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for org.apache.cassandra artifacts
\[[#&amp;#8203;2386](https://togithub.com/anchore/syft/pull/2386)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for org.neo4j.procedure artifacts
\[[#&amp;#8203;2388](https://togithub.com/anchore/syft/pull/2388)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for org.elasticsearch artifacts
\[[#&amp;#8203;2383](https://togithub.com/anchore/syft/pull/2383)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for org.apache.geode artifacts
\[[#&amp;#8203;2382](https://togithub.com/anchore/syft/pull/2382)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for org.apache.tomcat artifacts
\[[#&amp;#8203;2381](https://togithub.com/anchore/syft/pull/2381)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- improve identification for io.projectreactor.netty artifacts
\[[#&amp;#8203;2378](https://togithub.com/anchore/syft/pull/2378)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- stop panic when parsing Haskell stack.yaml.lock with missing `hackage`
field \[[#&amp;#8203;2421](https://togithub.com/anchore/syft/issues/2421)
[#&amp;#8203;2419](https://togithub.com/anchore/syft/pull/2419)
[@&amp;#8203;houdini91](https://togithub.com/houdini91)]
- fix detecting the name of the eclipse OSGi artifact
\[[#&amp;#8203;2314](https://togithub.com/anchore/syft/issues/2314)
[#&amp;#8203;2349](https://togithub.com/anchore/syft/pull/2349)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- File Sources incorrectly exclude files on Windows
\[[#&amp;#8203;2410](https://togithub.com/anchore/syft/issues/2410)
[#&amp;#8203;2411](https://togithub.com/anchore/syft/pull/2411)
[@&amp;#8203;Racer159](https://togithub.com/Racer159)]
- Parser for dotnet_portable_executable using wrong attribute name
\[[#&amp;#8203;2029](https://togithub.com/anchore/syft/issues/2029)
[#&amp;#8203;2133](https://togithub.com/anchore/syft/pull/2133)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]

##### Breaking Changes

- Generalize UI events for cataloging tasks
\[[#&amp;#8203;2369](https://togithub.com/anchore/syft/pull/2369)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Additional Changes

- refactor pkg.Collection to remove "catalog" references
\[[#&amp;#8203;2439](https://togithub.com/anchore/syft/pull/2439)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Expose javascript fields in cataloger configuration
\[[#&amp;#8203;2438](https://togithub.com/anchore/syft/pull/2438)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Use common archive catalog configuration
\[[#&amp;#8203;2437](https://togithub.com/anchore/syft/pull/2437)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Fix file digest cataloger when passed explicit coordinates
\[[#&amp;#8203;2436](https://togithub.com/anchore/syft/pull/2436)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.98.0...v0.99.0)**

### [`v0.98.0`](https://togithub.com/anchore/syft/releases/tag/v0.98.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.97.1...v0.98.0)

##### Added Features

- Add binary classifiers for MySQL and MariaDB
\[[#&amp;#8203;2316](https://togithub.com/anchore/syft/pull/2316)
[@&amp;#8203;duanemay](https://togithub.com/duanemay)]
- Enhance redis binary classifier to support additional versions
\[[#&amp;#8203;2329](https://togithub.com/anchore/syft/pull/2329)
[@&amp;#8203;whalelines](https://togithub.com/whalelines)]
- Expose compact JSON and XML format configuration
\[[#&amp;#8203;561](https://togithub.com/anchore/syft/issues/561)
[#&amp;#8203;2275](https://togithub.com/anchore/syft/pull/2275)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Bug Fixes

- Fix file metadata cataloger when passed explicit coordinates
\[[#&amp;#8203;2370](https://togithub.com/anchore/syft/pull/2370)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- hardcode xalan group ID
\[[#&amp;#8203;2368](https://togithub.com/anchore/syft/pull/2368)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]
- logging level for parsing potential PE files
\[[#&amp;#8203;2367](https://togithub.com/anchore/syft/pull/2367)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]
- Use read lock in `pkg.Collection`
\[[#&amp;#8203;2341](https://togithub.com/anchore/syft/pull/2341)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- add manual namespace mapping for org.springframework jars
\[[#&amp;#8203;2345](https://togithub.com/anchore/syft/pull/2345)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- add manual namespace mapping for org.springframework.security jars
\[[#&amp;#8203;2343](https://togithub.com/anchore/syft/pull/2343)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- errors are printed into the stdout in syft 0.97.1
\[[#&amp;#8203;2356](https://togithub.com/anchore/syft/issues/2356)
[#&amp;#8203;2364](https://togithub.com/anchore/syft/pull/2364)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]
- `syft some-jar.jar` fails to find packages if PWD is a symlink
\[[#&amp;#8203;2355](https://togithub.com/anchore/syft/issues/2355)
[#&amp;#8203;2359](https://togithub.com/anchore/syft/pull/2359)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]
- Default for recently added base path, `""`, disables detection of
symlinked `*.jar` files
\[[#&amp;#8203;1962](https://togithub.com/anchore/syft/issues/1962)
[#&amp;#8203;2359](https://togithub.com/anchore/syft/pull/2359)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]
- `syft attest` broken since 0.85.0
\[[#&amp;#8203;2333](https://togithub.com/anchore/syft/issues/2333)
[#&amp;#8203;2337](https://togithub.com/anchore/syft/pull/2337)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Incorrect Java PURL for org.bouncycastle jars
\[[#&amp;#8203;2339](https://togithub.com/anchore/syft/issues/2339)
[#&amp;#8203;2342](https://togithub.com/anchore/syft/pull/2342)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]

##### Breaking Changes

- Remove power-user command and related catalogers
\[[#&amp;#8203;1419](https://togithub.com/anchore/syft/issues/1419)
[#&amp;#8203;2306](https://togithub.com/anchore/syft/pull/2306)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Additional Changes

- Normalize cataloger configuration patterns
\[[#&amp;#8203;2365](https://togithub.com/anchore/syft/pull/2365)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Normalize enums to lowercase with hyphens
\[[#&amp;#8203;2363](https://togithub.com/anchore/syft/pull/2363)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.97.1...v0.98.0)**

##### Special Thanks

Thanks [@&amp;#8203;duanemay](https://togithub.com/duanemay) and
[@&amp;#8203;whalelines](https://togithub.com/whalelines) for the enhanced
binary classifier support 👍

### [`v0.97.1`](https://togithub.com/anchore/syft/releases/tag/v0.97.1)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.97.0...v0.97.1)

##### Bug Fixes

- Syft does not use HTTP proxy when downloading the Docker image itself
\[[#&amp;#8203;2203](https://togithub.com/anchore/syft/issues/2203)
[#&amp;#8203;2336](https://togithub.com/anchore/syft/pull/2336)
[@&amp;#8203;anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)]

##### Additional Changes

- `syft version` report is broken with 0.97.0 release
\[[#&amp;#8203;2334](https://togithub.com/anchore/syft/issues/2334)
[#&amp;#8203;2335](https://togithub.com/anchore/syft/pull/2335)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.97.0...v0.97.1)**

### [`v0.97.0`](https://togithub.com/anchore/syft/releases/tag/v0.97.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.96.0...v0.97.0)

##### Added Features

- Add license for golang stdlib package
\[[#&amp;#8203;2317](https://togithub.com/anchore/syft/pull/2317)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Fall back to searching maven central using groupIDFromJavaMetadata
\[[#&amp;#8203;2295](https://togithub.com/anchore/syft/pull/2295)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]

##### Bug Fixes

- Refine license search from groupIDFromJavaMetadata to account for
artfactId in the groupId
\[[#&amp;#8203;2313](https://togithub.com/anchore/syft/pull/2313)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- capture content written to stdout outside of report
\[[#&amp;#8203;2324](https://togithub.com/anchore/syft/pull/2324)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]
- add manual groupid mappings for org.apache.velocity jars
\[[#&amp;#8203;2327](https://togithub.com/anchore/syft/pull/2327)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- skip maven bundle plugin logic if vendor id and symbolic name match
\[[#&amp;#8203;2326](https://togithub.com/anchore/syft/pull/2326)
[@&amp;#8203;westonsteimel](https://togithub.com/westonsteimel)]
- cataloger `dpkg-db-cataloger` not working
\[[#&amp;#8203;2323](https://togithub.com/anchore/syft/issues/2323)]

##### Breaking Changes

- Rename Location virtualPath to accessPath
\[[#&amp;#8203;1835](https://togithub.com/anchore/syft/issues/1835)
[#&amp;#8203;2288](https://togithub.com/anchore/syft/pull/2288)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Additional Changes

- Export syft-json format package metadata type helper
\[[#&amp;#8203;2328](https://togithub.com/anchore/syft/pull/2328)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Add dotnet-portable-executable-cataloger to README
\[[#&amp;#8203;2322](https://togithub.com/anchore/syft/pull/2322)
[@&amp;#8203;noqcks](https://togithub.com/noqcks)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.96.0...v0.97.0)**

### [`v0.96.0`](https://togithub.com/anchore/syft/releases/tag/v0.96.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.95.0...v0.96.0)

##### Added Features

- Check maven central as well for licenses in parents poms for nested
jars \[[#&amp;#8203;2302](https://togithub.com/anchore/syft/pull/2302)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- store image annotations inside the SBOM
\[[#&amp;#8203;2267](https://togithub.com/anchore/syft/issues/2267)
[#&amp;#8203;2294](https://togithub.com/anchore/syft/pull/2294)
[@&amp;#8203;noqcks](https://togithub.com/noqcks)]
- Support parsing license information in Maven projects via parent poms
\[[#&amp;#8203;2103](https://togithub.com/anchore/syft/issues/2103)]

##### Bug Fixes

- SPDX file has duplicate sha256 tag in versionInfo
\[[#&amp;#8203;2300](https://togithub.com/anchore/syft/pull/2300)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Report virtual path consistently between file.Resolvers
\[[#&amp;#8203;1836](https://togithub.com/anchore/syft/issues/1836)
[#&amp;#8203;2287](https://togithub.com/anchore/syft/pull/2287)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Unable to identify CycloneDX JSON documents without $schema property
\[[#&amp;#8203;2299](https://togithub.com/anchore/syft/issues/2299)
[#&amp;#8203;2303](https://togithub.com/anchore/syft/pull/2303)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.95.0...v0.96.0)**

### [`v0.95.0`](https://togithub.com/anchore/syft/releases/tag/v0.95.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.94.0...v0.95.0)

##### Added Features

- Use case-insensitive matching for Go license files
\[[#&amp;#8203;2286](https://togithub.com/anchore/syft/pull/2286)
[@&amp;#8203;miquella](https://togithub.com/miquella)]
- Add conaninfo.txt parser to detect conan packages in docker images
\[[#&amp;#8203;2234](https://togithub.com/anchore/syft/pull/2234)
[@&amp;#8203;Pro](https://togithub.com/Pro)]
- Perform case insensitive matching on Java License files
\[[#&amp;#8203;2235](https://togithub.com/anchore/syft/pull/2235)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Read a license from a parent pom stored in Maven Central
\[[#&amp;#8203;2228](https://togithub.com/anchore/syft/pull/2228)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add PURLs when scanning Gradle lock files
\[[#&amp;#8203;2278](https://togithub.com/anchore/syft/pull/2278)
[@&amp;#8203;robbiev](https://togithub.com/robbiev)]

##### Bug Fixes

- Fix CPE index workflow
\[[#&amp;#8203;2252](https://togithub.com/anchore/syft/pull/2252)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Fix cpe generation task
\[[#&amp;#8203;2270](https://togithub.com/anchore/syft/pull/2270)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]
- Introduce cataloger naming conventions
\[[#&amp;#8203;1578](https://togithub.com/anchore/syft/issues/1578)
[#&amp;#8203;2277](https://togithub.com/anchore/syft/pull/2277)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- .NET / nuget - invalid SBOM generated after parsing
\[[#&amp;#8203;2255](https://togithub.com/anchore/syft/issues/2255)
[#&amp;#8203;2273](https://togithub.com/anchore/syft/pull/2273)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Wrong parsing after v0.85.0 syft for some components
\[[#&amp;#8203;2241](https://togithub.com/anchore/syft/issues/2241)
[#&amp;#8203;2273](https://togithub.com/anchore/syft/pull/2273)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- SPDX-2.3 is misidentified as SPDX-2.2
\[[#&amp;#8203;2112](https://togithub.com/anchore/syft/issues/2112)
[#&amp;#8203;2186](https://togithub.com/anchore/syft/pull/2186)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Jar parser chokes on empty lines
\[[#&amp;#8203;2179](https://togithub.com/anchore/syft/issues/2179)
[#&amp;#8203;2254](https://togithub.com/anchore/syft/pull/2254)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Add a new Java configuration option to recursively search parent poms…
\[[#&amp;#8203;2274](https://togithub.com/anchore/syft/pull/2274)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Fix directory resolver to always return virtual path
\[[#&amp;#8203;2259](https://togithub.com/anchore/syft/pull/2259)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Syft can now handle the case of parsing a jar with multiple poms
\[[#&amp;#8203;2231](https://togithub.com/anchore/syft/pull/2231)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add ruby.NewGemSpecCataloger to DirectoryCatalogers
\[[#&amp;#8203;1971](https://togithub.com/anchore/syft/pull/1971)
[@&amp;#8203;evanchaoli](https://togithub.com/evanchaoli)]

##### Breaking Changes

- Introduce cataloger naming conventions
\[[#&amp;#8203;1578](https://togithub.com/anchore/syft/issues/1578)
[#&amp;#8203;2277](https://togithub.com/anchore/syft/pull/2277)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Remove MetadataType from the core package struct
\[[#&amp;#8203;1735](https://togithub.com/anchore/syft/issues/1735)
[#&amp;#8203;1983](https://togithub.com/anchore/syft/pull/1983)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Add convention for JSON metadata type names and port existing values
to the new convention
\[[#&amp;#8203;1844](https://togithub.com/anchore/syft/issues/1844)
[#&amp;#8203;1983](https://togithub.com/anchore/syft/pull/1983)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Remove deprecated syft.Format functions
\[[#&amp;#8203;1344](https://togithub.com/anchore/syft/issues/1344)
[#&amp;#8203;2186](https://togithub.com/anchore/syft/pull/2186)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Additional Changes

- Upgrade tool management
\[[#&amp;#8203;2188](https://togithub.com/anchore/syft/pull/2188)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Fix homebrew post-release workflow
\[[#&amp;#8203;2242](https://togithub.com/anchore/syft/pull/2242)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.94.0...v0.95.0)**

### [`v0.94.0`](https://togithub.com/anchore/syft/releases/tag/v0.94.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.93.0...v0.94.0)

##### Added Features

- Add additional license filenames
\[[#&amp;#8203;2227](https://togithub.com/anchore/syft/pull/2227)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Parse donet dependency trees
\[[#&amp;#8203;2143](https://togithub.com/anchore/syft/pull/2143)
[@&amp;#8203;noqcks](https://togithub.com/noqcks)]
- Find license by embedded license text
\[[#&amp;#8203;2147](https://togithub.com/anchore/syft/issues/2147)
[#&amp;#8203;2213](https://togithub.com/anchore/syft/pull/2213)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add support for dpkg dependency relationships
\[[#&amp;#8203;2040](https://togithub.com/anchore/syft/issues/2040)
[#&amp;#8203;2212](https://togithub.com/anchore/syft/pull/2212)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Bug Fixes

- Report errors to stderr not stdout
\[[#&amp;#8203;2232](https://togithub.com/anchore/syft/pull/2232)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Python egg packages are not parsed for SBOM
\[[#&amp;#8203;1761](https://togithub.com/anchore/syft/issues/1761)
[#&amp;#8203;2239](https://togithub.com/anchore/syft/pull/2239)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Java archive is listed twice
\[[#&amp;#8203;2130](https://togithub.com/anchore/syft/issues/2130)
[#&amp;#8203;2220](https://togithub.com/anchore/syft/pull/2220)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Java archives not from Maven
\[[#&amp;#8203;2217](https://togithub.com/anchore/syft/issues/2217)
[#&amp;#8203;2220](https://togithub.com/anchore/syft/pull/2220)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Remove internal.StringSet
\[[#&amp;#8203;2209](https://togithub.com/anchore/syft/issues/2209)
[#&amp;#8203;2219](https://togithub.com/anchore/syft/pull/2219)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Invalid interface conversion in Swift cataloger
\[[#&amp;#8203;2225](https://togithub.com/anchore/syft/issues/2225)
[#&amp;#8203;2226](https://togithub.com/anchore/syft/pull/2226)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.93.0...v0.94.0)**

### [`v0.93.0`](https://togithub.com/anchore/syft/releases/tag/v0.93.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.92.0...v0.93.0)

##### Added Features

- Parse license from the pom.xml if not contained in the manifest
\[[#&amp;#8203;2115](https://togithub.com/anchore/syft/pull/2115)
[@&amp;#8203;coheigea](https://togithub.com/coheigea)]
- Add Golang STD library package given a Golang binary has been
discovered compiled with that go binary
\[[#&amp;#8203;1853](https://togithub.com/anchore/syft/issues/1853)
[#&amp;#8203;2195](https://togithub.com/anchore/syft/pull/2195)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Improve --output CLI help and deprecate --file
\[[#&amp;#8203;2165](https://togithub.com/anchore/syft/issues/2165)
[#&amp;#8203;2187](https://togithub.com/anchore/syft/pull/2187)
[@&amp;#8203;sharief007](https://togithub.com/sharief007)]

##### Bug Fixes

- Converting a SBOM looses the algorithm type for added checksums
\[[#&amp;#8203;2183](https://togithub.com/anchore/syft/issues/2183)
[#&amp;#8203;2207](https://togithub.com/anchore/syft/pull/2207)
[@&amp;#8203;sharief007](https://togithub.com/sharief007)]

##### Additional Changes

- Refine the docs for building a cataloger
\[[#&amp;#8203;2175](https://togithub.com/anchore/syft/pull/2175)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- update license list to 3.22
\[[#&amp;#8203;2201](https://togithub.com/anchore/syft/pull/2201)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Add exact syntax of the conversion formats
\[[#&amp;#8203;2196](https://togithub.com/anchore/syft/pull/2196)
[@&amp;#8203;vargenau](https://togithub.com/vargenau)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.92.0...v0.93.0)**

### [`v0.92.0`](https://togithub.com/anchore/syft/releases/tag/v0.92.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.91.0...v0.92.0)

##### Added Features

- Support for multiple image refs of same sha in OCI layout
\[[#&amp;#8203;1544](https://togithub.com/anchore/syft/issues/1544)]

##### Bug Fixes

- Generated purls are different between runs of syft against the same
image and artifact
\[[#&amp;#8203;2169](https://togithub.com/anchore/syft/issues/2169)
[#&amp;#8203;2170](https://togithub.com/anchore/syft/pull/2170)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]

##### Additional Changes

- bump stereoscope to fix data race in UI code
\[[#&amp;#8203;2173](https://togithub.com/anchore/syft/pull/2173)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.91.0...v0.92.0)**

### [`v0.91.0`](https://togithub.com/anchore/syft/releases/tag/v0.91.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.90.0...v0.91.0)

##### Added Features

- Add support for CycloneDX 1.5
\[[#&amp;#8203;2120](https://togithub.com/anchore/syft/issues/2120)
[#&amp;#8203;2123](https://togithub.com/anchore/syft/pull/2123)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Add support for containerd as an image source
\[[#&amp;#8203;201](https://togithub.com/anchore/syft/issues/201)
[#&amp;#8203;1793](https://togithub.com/anchore/syft/pull/1793)
[@&amp;#8203;shanedell](https://togithub.com/shanedell)]
- Support cataloging github workflow &amp; github action usages
\[[#&amp;#8203;1896](https://togithub.com/anchore/syft/issues/1896)
[#&amp;#8203;2140](https://togithub.com/anchore/syft/pull/2140)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]

##### Bug Fixes

- Allow CycloneDX json input with no components
\[[#&amp;#8203;2127](https://togithub.com/anchore/syft/pull/2127)
[@&amp;#8203;ahoz](https://togithub.com/ahoz)]
- Prevent errors from clobbering terminal
\[[#&amp;#8203;2161](https://togithub.com/anchore/syft/pull/2161)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]
- Using syft as a go library to decode a syft json has incomplete data
\[[#&amp;#8203;2069](https://togithub.com/anchore/syft/issues/2069)
[#&amp;#8203;2083](https://togithub.com/anchore/syft/pull/2083)
[@&amp;#8203;kzantow](https://togithub.com/kzantow)]
- SBOMs are not the same on multiple runs of syft
\[[#&amp;#8203;1944](https://togithub.com/anchore/syft/issues/1944)]

##### Additional Changes

- Switch to stdlib's slices pkg
\[[#&amp;#8203;2148](https://togithub.com/anchore/syft/pull/2148)
[@&amp;#8203;hainenber](https://togithub.com/hainenber)]
- Remove unneeded arch switch in unit test
\[[#&amp;#8203;2156](https://togithub.com/anchore/syft/pull/2156)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]
- Update chronicle to v0.8.0
\[[#&amp;#8203;2154](https://togithub.com/anchore/syft/pull/2154)
[@&amp;#8203;wagoodman](https://togithub.com/wagoodman)]
- Update to latest stereoscope
\[[#&amp;#8203;2151](https://togithub.com/anchore/syft/pull/2151)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Pin workflow checkout for cpe update-cpe-dictionary-index
\[[#&amp;#8203;2141](https://togithub.com/anchore/syft/pull/2141)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Add dependency information to conan lockfile parser
\[[#&amp;#8203;2131](https://togithub.com/anchore/syft/pull/2131)
[@&amp;#8203;Pro](https://togithub.com/Pro)]
- Pin and update all workflow dependencies; add permission scopes
\[[#&amp;#8203;2138](https://togithub.com/anchore/syft/pull/2138)
[@&amp;#8203;spiffcs](https://togithub.com/spiffcs)]
- Enforce race detector
\[[#&amp;#8203;2122](https://togithub.com/anchore/syft/pull/2122)
[@&amp;#8203;willmurphyscode](https://togithub.com/willmurphyscode)]

**[(Full
Changelog)](https://togithub.com/anchore/syft/compare/v0.90.0...v0.91.0)**

### [`v0.90.0`](https://togithub.com/anchore/syft/releases/tag/v0.90.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.89.0...v0.90.0)

###

#### [v0.90.0](https://togithub.com/anchore/syft/tree/v0.90.0)
(2023-09-11)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.89.0...v0.90.0)

##### Added Features

- Expose cobra command in cli package \[[PR
#&amp;#8203;2097](https://togithub.com/anchore/syft/pull/2097)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Explicitly test PURL generation against key packages \[[Issue
#&amp;#8203;2071](https://togithub.com/anchore/syft/issues/2071)]
- Add User-Agent with Syft version during update check \[[Issue
#&amp;#8203;2072](https://togithub.com/anchore/syft/issues/2072)] \[[PR
#&amp;#8203;2100](https://togithub.com/anchore/syft/pull/2100)]
\[[hainenber](https://togithub.com/hainenber)]

##### Bug Fixes

- fix: correct group IDs for commons-codec, okhttp, okio, and add
integration tests for Java PURL generation \[[PR
#&amp;#8203;2075](https://togithub.com/anchore/syft/pull/2075)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- Cyclonedx external reference URLs are not validated when encoding
\[[Issue #&amp;#8203;2079](https://togithub.com/anchore/syft/issues/2079)]
\[[PR #&amp;#8203;2091](https://togithub.com/anchore/syft/pull/2091)]
\[[hainenber](https://togithub.com/hainenber)]

##### Additional Changes

- Bump the golang.org/x/exp dependency and fix a build breakage. \[[PR
#&amp;#8203;2088](https://togithub.com/anchore/syft/pull/2088)]
\[[dlorenc](https://togithub.com/dlorenc)]
- fix: update codeql-analysis for go 1.21 \[[PR
#&amp;#8203;2108](https://togithub.com/anchore/syft/pull/2108)]
\[[spiffcs](https://togithub.com/spiffcs)]

### [`v0.89.0`](https://togithub.com/anchore/syft/releases/tag/v0.89.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.88.0...v0.89.0)

###

#### [v0.89.0](https://togithub.com/anchore/syft/tree/v0.89.0)
(2023-08-31)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.88.0...v0.89.0)

##### Added Features

- Add registry certificate verification support \[[PR
#&amp;#8203;1734](https://togithub.com/anchore/syft/pull/1734)]
\[[5p2O5pe25ouT](https://togithub.com/5p2O5pe25ouT)]
- Add SYFT_CONFIG environment variable for configuration file path
\[[Issue #&amp;#8203;1986](https://togithub.com/anchore/syft/issues/1986)]
\[[PR #&amp;#8203;2001](https://togithub.com/anchore/syft/pull/2001)]
\[[kzantow](https://togithub.com/kzantow)]

##### Bug Fixes

- Fix quiet flag \[[PR
#&amp;#8203;2081](https://togithub.com/anchore/syft/pull/2081)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Command line flags not overriding configuration file values \[[Issue
#&amp;#8203;1143](https://togithub.com/anchore/syft/issues/1143)] \[[PR
#&amp;#8203;2001](https://togithub.com/anchore/syft/pull/2001)]
\[[kzantow](https://togithub.com/kzantow)]
- Django package CPE is not correct \[[Issue
#&amp;#8203;1298](https://togithub.com/anchore/syft/issues/1298)] \[[PR
#&amp;#8203;2068](https://togithub.com/anchore/syft/pull/2068)]
\[[witchcraze](https://togithub.com/witchcraze)]
- Config parsing includes `config.yaml` in working dir \[[Issue
#&amp;#8203;1634](https://togithub.com/anchore/syft/issues/1634)] \[[PR
#&amp;#8203;2001](https://togithub.com/anchore/syft/pull/2001)]
\[[kzantow](https://togithub.com/kzantow)]
- Fix a possible panic on universal go binaries \[[Issue
#&amp;#8203;2073](https://togithub.com/anchore/syft/issues/2073)] \[[PR
#&amp;#8203;2078](https://togithub.com/anchore/syft/pull/2078)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- Disabling catalogers is not working in power user command \[[Issue
#&amp;#8203;2074](https://togithub.com/anchore/syft/issues/2074)] \[[PR
#&amp;#8203;2001](https://togithub.com/anchore/syft/pull/2001)]
\[[kzantow](https://togithub.com/kzantow)]
- Virtual path changes to java cataloger causing creation of extra
incorrect packages when jars are renamed \[[Issue
#&amp;#8203;2077](https://togithub.com/anchore/syft/issues/2077)] \[[PR
#&amp;#8203;2080](https://togithub.com/anchore/syft/pull/2080)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]

### [`v0.88.0`](https://togithub.com/anchore/syft/releases/tag/v0.88.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.87.1...v0.88.0)

###

#### [v0.88.0](https://togithub.com/anchore/syft/tree/v0.88.0)
(2023-08-25)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.87.1...v0.88.0)

##### Added Features

- Detect golang boring crypto and fipsonly modules \[[PR
#&amp;#8203;2021](https://togithub.com/anchore/syft/pull/2021)]
\[[bathina2](https://togithub.com/bathina2)]
- feat: 1944 - update purl generation to use a consistent groupID \[[PR
#&amp;#8203;2033](https://togithub.com/anchore/syft/pull/2033)]
\[[spiffcs](https://togithub.com/spiffcs)]
- Add support to detect bash binaries \[[Issue
#&amp;#8203;1963](https://togithub.com/anchore/syft/issues/1963)] \[[PR
#&amp;#8203;2055](https://togithub.com/anchore/syft/pull/2055)]
\[[witchcraze](https://togithub.com/witchcraze)]

##### Bug Fixes

- fix: properly parse conan ref and include user and channel \[[PR
#&amp;#8203;2034](https://togithub.com/anchore/syft/pull/2034)]
\[[Pro](https://togithub.com/Pro)]
- New version notice only showing the version and no text \[[PR
#&amp;#8203;2042](https://togithub.com/anchore/syft/pull/2042)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Fix: don't validate pom declared group \[[PR
#&amp;#8203;2054](https://togithub.com/anchore/syft/pull/2054)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- Errors when handling symlinks on Windows with syft v0.85.0 \[[Issue
#&amp;#8203;1950](https://togithub.com/anchore/syft/issues/1950)] \[[PR
#&amp;#8203;2051](https://togithub.com/anchore/syft/pull/2051)]
\[[selzoc](https://togithub.com/selzoc)]
- Syft seems unable to parse non UTF-8 pom.xml files \[[Issue
#&amp;#8203;2044](https://togithub.com/anchore/syft/issues/2044)] \[[PR
#&amp;#8203;2047](https://togithub.com/anchore/syft/pull/2047)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Error parsing pom.xml with v0.87.1 \[[Issue
#&amp;#8203;2060](https://togithub.com/anchore/syft/issues/2060)] \[[PR
#&amp;#8203;2064](https://togithub.com/anchore/syft/pull/2064)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- Invalid CycloneDX: duplicates in relationships section \[[Issue
#&amp;#8203;2062](https://togithub.com/anchore/syft/issues/2062)] \[[PR
#&amp;#8203;2063](https://togithub.com/anchore/syft/pull/2063)]
\[[kzantow](https://togithub.com/kzantow)]

### [`v0.87.1`](https://togithub.com/anchore/syft/releases/tag/v0.87.1)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.87.0...v0.87.1)

###

#### [v0.87.1](https://togithub.com/anchore/syft/tree/v0.87.1)
(2023-08-17)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.87.0...v0.87.1)

##### Bug Fixes

- Use Java package names to determine known groupIDs \[[PR
#&amp;#8203;2032](https://togithub.com/anchore/syft/pull/2032)]
\[[kzantow](https://togithub.com/kzantow)]
- Relationships section of CycloneDX is not outputting even when the
data is present \[[Issue
#&amp;#8203;1972](https://togithub.com/anchore/syft/issues/1972)] \[[PR
#&amp;#8203;1974](https://togithub.com/anchore/syft/pull/1974)]
\[[markgalpin](https://togithub.com/markgalpin)]
\[[kzantow](https://togithub.com/kzantow)]
- SPDX Tag-Value conversion not handling files directly set on packages
\[[Issue #&amp;#8203;2013](https://togithub.com/anchore/syft/issues/2013)]
\[[PR #&amp;#8203;2014](https://togithub.com/anchore/syft/pull/2014)]
\[[kzantow](https://togithub.com/kzantow)]
- Intermittent binary listings, different results every time \[[Issue
#&amp;#8203;2035](https://togithub.com/anchore/syft/issues/2035)] \[[PR
#&amp;#8203;2036](https://togithub.com/anchore/syft/pull/2036)]
\[[kzantow](https://togithub.com/kzantow)]

### [`v0.87.0`](https://togithub.com/anchore/syft/releases/tag/v0.87.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.86.1...v0.87.0)

###

#### [v0.87.0](https://togithub.com/anchore/syft/tree/v0.87.0)
(2023-08-14)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.86.1...v0.87.0)

##### Added Features

- feat: use originator logic to fill supplier \[[PR
#&amp;#8203;1980](https://togithub.com/anchore/syft/pull/1980)]
\[[spiffcs](https://togithub.com/spiffcs)]
- Expand deb cataloger to include opkg \[[PR
#&amp;#8203;1985](https://togithub.com/anchore/syft/pull/1985)]
\[[johnDeSilencio](https://togithub.com/johnDeSilencio)]
- Package duplicated by different cataloger \[[Issue
#&amp;#8203;931](https://togithub.com/anchore/syft/issues/931)] \[[PR
#&amp;#8203;1948](https://togithub.com/anchore/syft/pull/1948)]
\[[spiffcs](https://togithub.com/spiffcs)]
- Add binary cataloger for Nginx built from source \[[Issue
#&amp;#8203;1945](https://togithub.com/anchore/syft/issues/1945)] \[[PR
#&amp;#8203;1988](https://togithub.com/anchore/syft/pull/1988)]
\[[SemProvoost](https://togithub.com/SemProvoost)]

##### Bug Fixes

- chore: update bubbly to fix hanging \[[PR
#&amp;#8203;1990](https://togithub.com/anchore/syft/pull/1990)]
\[[kzantow](https://togithub.com/kzantow)]
- fix: update glob to use newer usr/lib/sysimage path \[[PR
#&amp;#8203;1997](https://togithub.com/anchore/syft/pull/1997)]
\[[spiffcs](https://togithub.com/spiffcs)]
- fix: SPDX license values and download location \[[PR
#&amp;#8203;2007](https://togithub.com/anchore/syft/pull/2007)]
\[[kzantow](https://togithub.com/kzantow)]
- Different CPEs between java-cataloger and
java-gradle-lockfile-cataloger \[[Issue
#&amp;#8203;1957](https://togithub.com/anchore/syft/issues/1957)] \[[PR
#&amp;#8203;1995](https://togithub.com/anchore/syft/pull/1995)]
\[[kzantow](https://togithub.com/kzantow)]

### [`v0.86.1`](https://togithub.com/anchore/syft/releases/tag/v0.86.1)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.86.0...v0.86.1)

### Changelog

#### [v0.86.1](https://togithub.com/anchore/syft/tree/v0.86.1)
(2023-07-31)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.86.0...v0.86.1)

##### Bug Fixes

- Source requires default image name as user input for unparsable
reference \[[PR
#&amp;#8203;1979](https://togithub.com/anchore/syft/pull/1979)]
\[[kzantow](https://togithub.com/kzantow)]

### [`v0.86.0`](https://togithub.com/anchore/syft/releases/tag/v0.86.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.85.0...v0.86.0)

### Changelog

#### [v0.86.0](https://togithub.com/anchore/syft/tree/v0.86.0)
(2023-07-31)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.85.0...v0.86.0)

##### Added Features

- Introduce indexed embedded CPE dictionary \[[PR
#&amp;#8203;1897](https://togithub.com/anchore/syft/pull/1897)]
\[[luhring](https://togithub.com/luhring)]
- Add cataloger for Swift Package Manager. \[[PR
#&amp;#8203;1919](https://togithub.com/anchore/syft/pull/1919)]
\[[trilleplay](https://togithub.com/trilleplay)]
- Guess unpinned versions in python requirements.txt \[[PR
#&amp;#8203;1597](https://togithub.com/anchore/syft/pull/1597)] \[[PR
#&amp;#8203;1966](https://togithub.com/anchore/syft/pull/1966)]
\[[manifestori](https://togithub.com/manifestori)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Create a package record for the artifact an SBOM described when
creating a SPDX SBOM \[[Issue
#&amp;#8203;1661](https://togithub.com/anchore/syft/issues/1661)] \[[Issue
#&amp;#8203;1241](https://togithub.com/anchore/syft/issues/1241)] \[[PR
#&amp;#8203;1934](https://togithub.com/anchore/syft/pull/1934)]
\[[kzantow](https://togithub.com/kzantow)]

##### Bug Fixes

- Fix panic condition on docker pull failure \[[PR
#&amp;#8203;1968](https://togithub.com/anchore/syft/pull/1968)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Syft reports the "minimum required version" of .NET assemblies rather
than the "assembly version" \[[Issue
#&amp;#8203;1799](https://togithub.com/anchore/syft/issues/1799)] \[[PR
#&amp;#8203;1943](https://togithub.com/anchore/syft/pull/1943)]
\[[luhring](https://togithub.com/luhring)]
- Grype cannot read SPDX documents generated by SPDX-maven-plugin \[[PR
#&amp;#8203;1969](https://togithub.com/anchore/syft/pull/1969)]
\[[spiffcs](https://togithub.com/spiffcs)]

##### Breaking Changes

- Remove jotframe UI \[[PR
#&amp;#8203;1932](https://togithub.com/anchore/syft/pull/1932)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Simplify python env markers \[[PR
#&amp;#8203;1967](https://togithub.com/anchore/syft/pull/1967)]
\[[wagoodman](https://togithub.com/wagoodman)]

### [`v0.85.0`](https://togithub.com/anchore/syft/releases/tag/v0.85.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.84.1...v0.85.0)

### Changelog

#### [v0.85.0](https://togithub.com/anchore/syft/tree/v0.85.0)
(2023-07-12)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.84.1...v0.85.0)

##### Added Features

- Add a --base-path command line flag to set the directory base for
scans (this option was previously exposed via API only) \[[PR
#&amp;#8203;1867](https://togithub.com/anchore/syft/pull/1867)]
\[[deitch](https://togithub.com/deitch)]
- Add file source digest support \[[PR
#&amp;#8203;1914](https://togithub.com/anchore/syft/pull/1914)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Remove erroneous Java CPEs from generation \[[PR
#&amp;#8203;1918](https://togithub.com/anchore/syft/pull/1918)]
\[[luhring](https://togithub.com/luhring)]
- Fix CPE generation for k8s python client \[[PR
#&amp;#8203;1921](https://togithub.com/anchore/syft/pull/1921)]
\[[luhring](https://togithub.com/luhring)]
- Don't use the actual redis or grpc CPEs for gems \[[PR
#&amp;#8203;1926](https://togithub.com/anchore/syft/pull/1926)]
\[[luhring](https://togithub.com/luhring)]
- The text user interface is now provided by the bubbletea library
\[[Issue #&amp;#8203;1441](https://togithub.com/anchore/syft/issues/1441)]
\[[PR #&amp;#8203;1888](https://togithub.com/anchore/syft/pull/1888)]
\[[wagoodman](https://togithub.com/wagoodman)]

##### Bug Fixes

- Install script returns exit code 0 even if install fails \[[Issue
#&amp;#8203;1566](https://togithub.com/anchore/syft/issues/1566)] \[[PR
#&amp;#8203;1915](https://togithub.com/anchore/syft/pull/1915)]
\[[lorsatti](https://togithub.com/lorsatti)]
- \[Windows] Not able to scan volume mounted to folder \[[Issue
#&amp;#8203;1828](https://togithub.com/anchore/syft/issues/1828)] \[[PR
#&amp;#8203;1884](https://togithub.com/anchore/syft/pull/1884)]
\[[dd-cws](https://togithub.com/dd-cws)]
- Deprecated license: GFDL-1.2+ \[[Issue
#&amp;#8203;1899](https://togithub.com/anchore/syft/issues/1899)] \[[PR
#&amp;#8203;1907](https://togithub.com/anchore/syft/pull/1907)]
\[[spiffcs](https://togithub.com/spiffcs)]

##### Breaking Changes

- Refactor the `source` API and syft-json `source` block data shape
\[[Issue #&amp;#8203;1866](https://togithub.com/anchore/syft/issues/1866)]
\[[PR #&amp;#8203;1846](https://togithub.com/anchore/syft/pull/1846)]
\[[wagoodman](https://togithub.com/wagoodman)]

##### Additional Changes

- chore: update iterations to protect against race \[[PR
#&amp;#8203;1927](https://togithub.com/anchore/syft/pull/1927)]
\[[spiffcs](https://togithub.com/spiffcs)]
- fix: background reader apart from global handler for testing \[[PR
#&amp;#8203;1929](https://togithub.com/anchore/syft/pull/1929)]
\[[spiffcs](https://togithub.com/spiffcs)]

### [`v0.84.1`](https://togithub.com/anchore/syft/releases/tag/v0.84.1)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.84.0...v0.84.1)

### Changelog

#### [v0.84.1](https://togithub.com/anchore/syft/tree/v0.84.1)
(2023-06-29)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.84.0...v0.84.1)

##### Bug Fixes

- Fix version detection in Java archive name parsing \[[PR
#&amp;#8203;1889](https://togithub.com/anchore/syft/pull/1889)]
\[[luhring](https://togithub.com/luhring)]
- Improve support for Dart SDK package dependency lockfiles \[[PR
#&amp;#8203;1891](https://togithub.com/anchore/syft/pull/1891)]
\[[rufman](https://togithub.com/rufman)]
- Fix license output for some CycloneDX JSON SBOMs \[[Issue
#&amp;#8203;1877](https://togithub.com/anchore/syft/issues/1877)] \[[PR
#&amp;#8203;1879](https://togithub.com/anchore/syft/pull/1879)]
\[[kzantow](https://togithub.com/kzantow)]
- Correctly discover Debian file relationships in distroless images
\[[Issue #&amp;#8203;1900](https://togithub.com/anchore/syft/issues/1900)]
\[[PR #&amp;#8203;1901](https://togithub.com/anchore/syft/pull/1901)]
\[[westonsteimel](https://togithub.com/westonsteimel)]

##### Additional Changes

- Simplify the SBOM writer interface \[[PR
#&amp;#8203;1892](https://togithub.com/anchore/syft/pull/1892)]
\[[wagoodman](https://togithub.com/wagoodman)]

### [`v0.84.0`](https://togithub.com/anchore/syft/releases/tag/v0.84.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.83.1...v0.84.0)

### Changelog

#### [v0.84.0](https://togithub.com/anchore/syft/tree/v0.84.0)
(2023-06-20)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.83.1...v0.84.0)

##### Breaking Changes

- Pad artifact IDs \[[PR
#&amp;#8203;1882](https://togithub.com/anchore/syft/pull/1882)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]

##### Additional Changes

- chore: update SPDX license list to 3.21 \[[PR
#&amp;#8203;1885](https://togithub.com/anchore/syft/pull/1885)]
\[[kzantow](https://togithub.com/kzantow)]

### [`v0.83.1`](https://togithub.com/anchore/syft/releases/tag/v0.83.1)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.83.0...v0.83.1)

### Changelog

#### [v0.83.1](https://togithub.com/anchore/syft/tree/v0.83.1)
(2023-06-14)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.83.0...v0.83.1)

##### Bug Fixes

- fix: pom properties not setting artifact id \[[PR
#&amp;#8203;1870](https://togithub.com/anchore/syft/pull/1870)]
\[[jneate](https://togithub.com/jneate)]
- fix(deps): pull in platform selection fix from stereoscope \[[PR
#&amp;#8203;1871](https://togithub.com/anchore/syft/pull/1871)]
\[[anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)]
- pulling in an image with a digest that does not match the platform and
architecture of the host no longer fails with an error, see
[https://github.com/anchore/stereoscope/issues/188](https://togithub.com/anchore/stereoscope/issues/188)
- symlinks within a scanned directory tree are parsed outside the tree,
failing if target does not exist \[[Issue
#&amp;#8203;1860](https://togithub.com/anchore/syft/issues/1860)] \[[PR
#&amp;#8203;1861](https://togithub.com/anchore/syft/pull/1861)]
\[[deitch](https://togithub.com/deitch)]

### [`v0.83.0`](https://togithub.com/anchore/syft/releases/tag/v0.83.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.82.0...v0.83.0)

### Changelog

#### [v0.83.0](https://togithub.com/anchore/syft/tree/v0.83.0)
(2023-06-05)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.82.0...v0.83.0)

##### Added Features

- Add new '--source-version' and '--source-name' options to set the name
and version of the target being analyzed for reference in resulting
syft-json format SBOMs (more formats will support these flags soon).
\[[Issue #&amp;#8203;1399](https://togithub.com/anchore/syft/issues/1399)]
\[[PR #&amp;#8203;1859](https://togithub.com/anchore/syft/pull/1859)]
\[[kzantow](https://togithub.com/kzantow)]
- Add scope to POM properties \[[PR
#&amp;#8203;1779](https://togithub.com/anchore/syft/pull/1779)]
\[[jneate](https://togithub.com/jneate)]
- Accept main.version ldflags even without vcs \[[PR
#&amp;#8203;1855](https://togithub.com/anchore/syft/pull/1855)]
\[[deitch](https://togithub.com/deitch)]

##### Bug Fixes

- Fix directory resolver to consider CWD and root path input correctly
\[[PR #&amp;#8203;1840](https://togithub.com/anchore/syft/pull/1840)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Show all error messages if there is a failure retrieving an image with
a specified scheme \[[Issue
#&amp;#8203;1569](https://togithub.com/anchore/syft/issues/1569)] \[[PR
#&amp;#8203;1801](https://togithub.com/anchore/syft/pull/1801)]
\[[FrimIdan](https://togithub.com/FrimIdan)]
- v0.81.0 crashing parsing some images \[[Issue
#&amp;#8203;1837](https://togithub.com/anchore/syft/issues/1837)] \[[PR
#&amp;#8203;1839](https://togithub.com/anchore/syft/pull/1839)]
\[[spiffcs](https://togithub.com/spiffcs)]

##### Deprecated Features

- Migrate location-related structs to the file package \[[PR
#&amp;#8203;1751](https://togithub.com/anchore/syft/pull/1751)]
\[[wagoodman](https://togithub.com/wagoodman)]

##### Additional Changes

- chore: code cleanup \[[PR
#&amp;#8203;1865](https://togithub.com/anchore/syft/pull/1865)]
\[[spiffcs](https://togithub.com/spiffcs)]

### [`v0.82.0`](https://togithub.com/anchore/syft/releases/tag/v0.82.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.81.0...v0.82.0)

### Changelog

#### [v0.82.0](https://togithub.com/anchore/syft/tree/v0.82.0)
(2023-05-23)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.81.0...v0.82.0)

##### Added Features

- Improve Go main module version detection by attempting to parse
available ldflags \[[Issue
#&amp;#8203;1785](https://togithub.com/anchore/syft/issues/1785)] \[[PR
#&amp;#8203;1832](https://togithub.com/anchore/syft/pull/1832)]
\[[wagoodman](https://togithub.com/wagoodman)]

##### Bug Fixes

- Fix a problem in the license parsing logic that may result in a panic
\[[PR #&amp;#8203;1839](https://togithub.com/anchore/syft/pull/1839)]
- Return all relevant error messages if an image retrieval fails when a
scheme is specified \[[PR
#&amp;#8203;1801](https://togithub.com/anchore/syft/pull/1801)]
\[[FrimIdan](https://togithub.com/FrimIdan)]
- Fix a problem with PNPM scanning where v6 lockfiles might result in
duplicated packages \[[Issue
#&amp;#8203;1762](https://togithub.com/anchore/syft/issues/1762)] \[[PR
#&amp;#8203;1778](https://togithub.com/anchore/syft/pull/1778)]
\[[kzantow](https://togithub.com/kzantow)]

### [`v0.81.0`](https://togithub.com/anchore/syft/releases/tag/v0.81.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.80.0...v0.81.0)

### Changelog

#### [v0.81.0](https://togithub.com/anchore/syft/tree/v0.81.0)
(2023-05-22)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.80.0...v0.81.0)

##### Added Features

- Support cataloging R packages \[[Issue
#&amp;#8203;730](https://togithub.com/anchore/syft/issues/730)] \[[PR
#&amp;#8203;1790](https://togithub.com/anchore/syft/pull/1790)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- Support describing license properties and SPDX expression assertions
\[[Issue #&amp;#8203;1577](https://togithub.com/anchore/syft/issues/1577)]
\[[PR #&amp;#8203;1743](https://togithub.com/anchore/syft/pull/1743)]
\[[spiffcs](https://togithub.com/spiffcs)]
- Warn if parsing a newer SBOM \[[PR
#&amp;#8203;1810](https://togithub.com/anchore/syft/pull/1810)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]

##### Bug Fixes

- Retain cataloged SBOM relationships \[[PR
#&amp;#8203;1509](https://togithub.com/anchore/syft/pull/1509)]
\[[houdini91](https://togithub.com/houdini91)]
- fix: update field plurality of 8.0.0 schema before release \[[PR
#&amp;#8203;1820](https://togithub.com/anchore/syft/pull/1820)]
\[[spiffcs](https://togithub.com/spiffcs)]
- fix: remove spurious warnings - unknown relationship type: evident-by
form-lib=syft \[[Issue
#&amp;#8203;1812](https://togithub.com/anchore/syft/issues/1812)] \[[PR
#&amp;#8203;1797](https://togithub.com/anchore/syft/pull/1797)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- CycloneDX Dependencies Relationships Inverted \[[Issue
#&amp;#8203;1815](https://togithub.com/anchore/syft/issues/1815)] \[[PR
#&amp;#8203;1816](https://togithub.com/anchore/syft/pull/1816)]
\[[shanealv](https://togithub.com/shanealv)]
- Alpine: license expression should be complete and not parsed out
\[[Issue #&amp;#8203;1817](https://togithub.com/anchore/syft/issues/1817)]
\[[PR #&amp;#8203;1819](https://togithub.com/anchore/syft/pull/1819)]
\[[spiffcs](https://togithub.com/spiffcs)]

##### Additional Changes

- Print package list when extra packages found \[[PR
#&amp;#8203;1791](https://togithub.com/anchore/syft/pull/1791)]
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- update cosign to v2 release (different go module) \[[PR
#&amp;#8203;1805](https://togithub.com/anchore/syft/pull/1805)]
\[[bobcallaway](https://togithub.com/bobcallaway)]

### [`v0.80.0`](https://togithub.com/anchore/syft/releases/tag/v0.80.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.79.0...v0.80.0)

### Changelog

#### [v0.80.0](https://togithub.com/anchore/syft/tree/v0.80.0)
(2023-05-05)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.79.0...v0.80.0)

##### Added Features

- Improve pnpm support \[[Issue
#&amp;#8203;1535](https://togithub.com/anchore/syft/issues/1535)] \[[PR
#&amp;#8203;1752](https://togithub.com/anchore/syft/pull/1752)]
\[[Shanedell](https://togithub.com/Shanedell)]

##### Bug Fixes

- chore: add more detail on SPDX file IDs \[[PR
#&amp;#8203;1769](https://togithub.com/anchore/syft/pull/1769)]
\[[kzantow](https://togithub.com/kzantow)]
- chore: do not HTML escape PackageURLs \[[PR
#&amp;#8203;1782](https://togithub.com/anchore/syft/pull/1782)]
\[[kzantow](https://togithub.com/kzantow)]
- RPM database not found on ostree-managed systems \[[Issue
#&amp;#8203;1755](https://togithub.com/anchore/syft/issues/1755)] \[[PR
#&amp;#8203;1756](https://togithub.com/anchore/syft/pull/1756)]
\[[fpytloun](https://togithub.com/fpytloun)]
- Unable to use syft for private azure container registry \[[Issue
#&amp;#8203;1777](https://togithub.com/anchore/syft/issues/1777)]
- linux-kernel-cataloger produces thousands of version-less components.
\[[Issue #&amp;#8203;1781](https://togithub.com/anchore/syft/issues/1781)]
\[[PR #&amp;#8203;1784](https://togithub.com/anchore/syft/pull/1784)]
\[[kzantow](https://togithub.com/kzantow)]

##### Deprecated Features

- Rename pkg.Catalog to pkg.Collection \[[PR
#&amp;#8203;1764](https://togithub.com/anchore/syft/pull/1764)]
\[[wagoodman](https://togithub.com/wagoodman)]

### [`v0.79.0`](https://togithub.com/anchore/syft/releases/tag/v0.79.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.78.0...v0.79.0)

### Changelog

#### [v0.79.0](https://togithub.com/anchore/syft/tree/v0.79.0)
(2023-04-21)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.78.0...v0.79.0)

##### Added Features

- Add ALPM Metadata to CYCLONEDX and SPDX output formats \[[Issue
#&amp;#8203;1037](https://togithub.com/anchore/syft/issues/1037)] \[[PR
#&amp;#8203;1747](https://togithub.com/anchore/syft/pull/1747)]
\[[Shanedell](https://togithub.com/Shanedell)]
- consul binary classifier \[[Issue
#&amp;#8203;1590](https://togithub.com/anchore/syft/issues/1590)] \[[PR
#&amp;#8203;1738](https://togithub.com/anchore/syft/pull/1738)]
\[[Shanedell](https://togithub.com/Shanedell)]

##### Bug Fixes

- Syft missing direct dependencies from the gemfile.lock \[[Issue
#&amp;#8203;1660](https://togithub.com/anchore/syft/issues/1660)] \[[PR
#&amp;#8203;1749](https://togithub.com/anchore/syft/pull/1749)]
\[[Shanedell](https://togithub.com/Shanedell)]

##### Additional Changes

- chore: bump stereoscope to latest version \[[PR
#&amp;#8203;1741](https://togithub.com/anchore/syft/pull/1741)]
\[[westonsteimel](https://togithub.com/westonsteimel)]

### [`v0.78.0`](https://togithub.com/anchore/syft/releases/tag/v0.78.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.77.0...v0.78.0)

### Changelog

#### [v0.78.0](https://togithub.com/anchore/syft/tree/v0.78.0)
(2023-04-17)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.77.0...v0.78.0)

##### Added Features

- Add Linux Kernel cataloger \[[PR
#&amp;#8203;1694](https://togithub.com/anchore/syft/pull/1694)]
\[[deitch](https://togithub.com/deitch) &amp;
[wagoodman](https://togithub.com/wagoodman)]
- Support scanning license files in golang packages over the network
\[[Issue #&amp;#8203;1056](https://togithub.com/anchore/syft/issues/1056)]
\[[PR #&amp;#8203;1630](https://togithub.com/anchore/syft/pull/1630)]
\[[deitch](https://togithub.com/deitch) &amp;
[kzantow](https://togithub.com/kzantow)]
- Add consul binary classifier \[[Issue
#&amp;#8203;1590](https://togithub.com/anchore/syft/issues/1590)] \[[PR
#&amp;#8203;1738](https://togithub.com/anchore/syft/pull/1738)]
\[[Shanedell](https://togithub.com/Shanedell)]
- Add annotations for evidence on package locations \[[PR
#&amp;#8203;1723](https://togithub.com/anchore/syft/pull/1723)]
\[[wagoodman](https://togithub.com/wagoodman)]

##### Bug Fixes

- Decoding of the syft-json format does not handle files \[[Issue
#&amp;#8203;1534](https://togithub.com/anchore/syft/issues/1534)] \[[PR
#&amp;#8203;1698](https://togithub.com/anchore/syft/pull/1698)]
\[[wagoodman](https://togithub.com/wagoodman)]

### [`v0.77.0`](https://togithub.com/anchore/syft/releases/tag/v0.77.0)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.76.1...v0.77.0)

### Changelog

#### [v0.77.0](https://togithub.com/anchore/syft/tree/v0.77.0)
(2023-04-11)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.76.1...v0.77.0)

##### Added Features

- feat: gradle lockfile support \[[PR
#&amp;#8203;1719](https://togithub.com/anchore/syft/pull/1719)]
\[[henrysachs](https://togithub.com/henrysachs)]
- feat: support for java "nar" files \[[PR
#&amp;#8203;1727](https://togithub.com/anchore/syft/pull/1727)]
\[[Shanedell](https://togithub.com/Shanedell)]

### [`v0.76.1`](https://togithub.com/anchore/syft/releases/tag/v0.76.1)

[Compare
Source](https://togithub.com/anchore/syft/compare/v0.76.0...v0.76.1)

### Changelog

#### [v0.76.1](https://togithub.com/anchore/syft/tree/v0.76.1)
(2023-04-05)

[Full
Changelog](https://togithub.com/anchore/syft/compare/v0.76.0...v0.76.1)

##### Added Features

- Capture file ownership relationships from portage ecosystem \[[PR
#&amp;#8203;1702](https://togithub.com/anchore/syft/pull/1702)]
\[[wagoodman](https://togithub.com/wagoodman)]
- Add Nix Cataloger \[[Issue
#&amp;#8203;462](https://togithub.com/anchore/syft/issues/462)] \[[PR
#&amp;#8203;1107](https://togithub.com/anchore/sy

Co-authored-by: mend-for-gb.xjqchip.workers.dev[bot] &lt;50673670+mend-for-gb.xjqchip.workers.dev[bot]@users.noreply.github.com&gt;
diff --git a/.aqua/aqua.yaml b/.aqua/aqua.yaml
@@ -6,41 +6,41 @@ checksum:
   require_checksum: false
 registries:
   - type: standard
-    ref: v4.44.1 # renovate: depName=aquaproj/aqua-registry
+    ref: v4.115.0 # renovate: depName=aquaproj/aqua-registry
   - name: local
     type: local
     path: registry.yaml
 packages:
-  - name: miniscruff/changie@v1.12.0
+  - name: miniscruff/changie@v1.17.0
     tags: ['release']
-  - name: golang/go@go1.21.0
+  - name: golang/go@go1.21.6
     tags: ['first', 'release', 'test', 'scan', 'lint']
-  - name: direnv/direnv@v2.32.2
-  - name: magefile/mage@v1.14.0
+  - name: direnv/direnv@v2.33.0
+  - name: magefile/mage@v1.15.0
     tags: ['release', 'test', 'scan', 'lint']
-  - name: charmbracelet/glow@v1.5.0
-  - name: goreleaser/goreleaser@v1.20.0
+  - name: charmbracelet/glow@v1.5.1
+  - name: goreleaser/goreleaser@v1.23.0
     tags: ['release']
-  - name: mvdan/gofumpt@v0.4.0
-  - name: anchore/syft@v0.73.0
+  - name: mvdan/gofumpt@v0.5.0
+  - name: anchore/syft@v0.100.0
     tags: ['release']
-  - name: norwoodj/helm-docs@v1.11.0
-  - name: gotestyourself/gotestsum@v1.9.0
+  - name: norwoodj/helm-docs@v1.12.0
+  - name: gotestyourself/gotestsum@v1.11.0
     tags: ['test']
   - name: c-bata/kube-prompt@v1.0.11
-  - name: kubernetes-sigs/kind@v0.17.0
+  - name: kubernetes-sigs/kind@v0.20.0
   - name: kubernetes/kubectl
     version: v1.25.2
-  - name: helm/helm@v3.11.1
-  - name: kubernetes/minikube@v1.31.2
+  - name: helm/helm@v3.13.3
+  - name: kubernetes/minikube@v1.32.0
     tags: ['ci']
-  - name: stern/stern@v1.23.0
-  - name: tilt-dev/tilt@v0.32.0
-  - name: golangci/golangci-lint@v1.52.2
+  - name: stern/stern@v1.28.0
+  - name: tilt-dev/tilt@v0.33.10
+  - name: golangci/golangci-lint@v1.55.2
     tags: ['lint']
   - name: mage-select
     version: v1.4.2
     registry: local
     tags: ['goinstall']
   - name: DelineaXPM/dsv-cli@v1.40.5
-  - name: gitleaks/gitleaks@v8.18.0
+  - name: gitleaks/gitleaks@v8.18.1
