Skip to content

chore(deps): bump github.com/anchore/syft from 1.45.1 to 1.46.0#537

Merged
oss-auto-merger[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.46.0
Jul 2, 2026
Merged

chore(deps): bump github.com/anchore/syft from 1.45.1 to 1.46.0#537
oss-auto-merger[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/syft-1.46.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/anchore/syft from 1.45.1 to 1.46.0.

Release notes

Sourced from github.com/anchore/syft's releases.

v1.46.0

Added Features

Bug Fixes

Dependencies

34 dependency changes (31 updated, 3 added). 5 vulnerabilities remediated.

🟢 Remediated (5)

  • github.com/ProtonMail/go-crypto v1.4.0v1.4.1
  • github.com/anchore/bubbly v0.2.0v0.2.1
  • github.com/anchore/clio v0.1.0v0.1.1
  • github.com/anchore/fangs v0.1.0v0.1.1
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/anchore/go-lzo v0.1.0v0.1.1
  • github.com/anchore/go-macholibre v0.1.0v0.1.1
  • github.com/anchore/go-make v0.5.0v0.8.0
  • github.com/anchore/go-struct-converter v0.1.0v0.2.0-rc2

... (truncated)

Commits
  • b15c5db chore(deps): update anchore dependencies (#4960)
  • 35d56bf Update go-make to v0.8.0 (#5010)
  • abf6d78 fixes the wrapped taskfile-tasks (#5013)
  • fe42bce fix(purl-backfill): respect arch qualifier (#4987)
  • fea4a50 feat: deno cataloger #4417 (#4523)
  • 5eefd73 chore(deps): bump golang.org/x/tools from 0.45.0 to 0.46.0 (#5008)
  • 684c701 chore(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#5004)
  • f827f91 chore(deps): bump golang.org/x/mod from 0.36.0 to 0.37.0 (#5007)
  • e9af7d2 chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.10 to 6.8.1 (#5006)
  • 506ad5d refactor release pipeline: TAG_TOKEN, skip-checks gate, dependabot/zizmor cle...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies dealing with project dependencies label Jul 2, 2026
@oss-auto-merger oss-auto-merger Bot enabled auto-merge (squash) July 2, 2026 20:06
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.46.0 branch from 2e76460 to a7a9702 Compare July 2, 2026 20:13
Bumps [github.com/anchore/syft](https://github.com/anchore/syft) from 1.45.1 to 1.46.0.
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.45.1...v1.46.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/syft
  dependency-version: 1.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/syft-1.46.0 branch from a7a9702 to c84fb23 Compare July 2, 2026 20:21
@oss-auto-merger oss-auto-merger Bot merged commit 906e949 into main Jul 2, 2026
14 checks passed
@oss-auto-merger oss-auto-merger Bot deleted the dependabot/go_modules/github.com/anchore/syft-1.46.0 branch July 2, 2026 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies dealing with project dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants