Skip to content

Update Syft to v1.21.0 #478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Syft to v1.21.0 #478

wants to merge 1 commit into from

Conversation

xeol-actions[bot]
Copy link
Contributor

@xeol-actions xeol-actions bot commented Jan 8, 2025

Update Syft to v1.18.1

@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from 771b9a8 to 1529289 Compare January 23, 2025 08:09
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from 89861f8 to d15b05c Compare February 6, 2025 08:09
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from 2d73ec3 to 45843c3 Compare February 18, 2025 08:09
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from 7c89702 to 9534514 Compare February 22, 2025 08:07
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 3 times, most recently from 53c0e17 to dafb7f1 Compare March 18, 2025 15:58
@pull-request-size pull-request-size bot added size/M and removed size/L labels Mar 18, 2025
@rlmestre rlmestre changed the title Update Syft to v1.18.1 Update Syft to v1.20.1 Mar 18, 2025
@rlmestre rlmestre changed the title Update Syft to v1.20.1 Update Syft to v1.21.0 Mar 18, 2025
@pull-request-size pull-request-size bot added size/L and removed size/M labels Mar 18, 2025
@pull-request-size pull-request-size bot added size/M and removed size/L labels Mar 19, 2025
@pull-request-size pull-request-size bot added size/L and removed size/M labels Mar 24, 2025
@pull-request-size pull-request-size bot added size/M and removed size/L labels Mar 25, 2025
@pull-request-size pull-request-size bot added size/L and removed size/M labels Apr 2, 2025
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from d8ec882 to 72d245a Compare April 26, 2025 08:08
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 3 times, most recently from 32facd6 to 8b2f1cd Compare May 21, 2025 08:10
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from 898c390 to 29e8939 Compare June 13, 2025 08:10
@xeol-actions xeol-actions bot force-pushed the auto/latest branch 2 times, most recently from 4300553 to 27fce85 Compare August 14, 2025 08:11
@corgea Corgea
Copy link

corgea bot commented Sep 16, 2025

🐕 Corgea found the following new SCA issues in the codebase:

Package CVE Severity Version Fixed Version Ecosystem Summary
github.com/mholt/archiver/v3 CVE-2025-3445 HIGH 3.5.1 N/A Go Vulnerable to Path Traversal via Crafted ZIP File in github.com/mholt/archiver
github.com/golang-jwt/jwt/v4 CVE-2025-30204 HIGH 4.5.1 4.5.2 Go Excessive memory allocation during header parsing in github.com/golang-jwt/jwt
github.com/notaryproject/notation CVE-2024-23332 MEDIUM 1.0.0 N/A Go Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
stdlib CVE-2025-22871 N/A 1.24.1 1.24.2 Go Request smuggling due to acceptance of invalid chunked data in net/http

Showing 4 out of 9 findings. See full results

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@noqcks