Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2026-05-05 15:15:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syft" Tue May 5 15:15:59 2026 rev:124 rq:1350801 version:1.44.0 Changes: -------- --- /work/SRC/openSUSE:Factory/syft/syft.changes 2026-04-25 21:37:08.257199050 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.30200/syft.changes 2026-05-05 15:17:14.151773669 +0200 @@ -1,0 +2,19 @@ +Fri May 01 18:09:12 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.44.0: + * Added Features + - Add support for linux-riscv64 [#4757 @luhenry] + * Bug Fixes + - Yarn lockfile cataloguing does not handle aliases [#4833 + #4836 @cyphercodes] + - Some snippet files are saved in the previous test directory + [#4829 #4830 @witchcraze] + - empty rockspec causes index out of range [#4824 #4827 + @aki1770-del] + - PE cataloger shows asp.net core ref assemblies using + fileversion build stamp instead of productversion [#4813 + #4814 @rezmoss] + - Syft safeCopy silently swallows archive decompression errors + [#4806 #4807 @SAY-5] + +------------------------------------------------------------------- Old: ---- syft-1.43.0.obscpio New: ---- syft-1.44.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ syft.spec ++++++ --- /var/tmp/diff_new_pack.obVrdD/_old 2026-05-05 15:17:17.039888553 +0200 +++ /var/tmp/diff_new_pack.obVrdD/_new 2026-05-05 15:17:17.043888712 +0200 @@ -17,7 +17,7 @@ Name: syft -Version: 1.43.0 +Version: 1.44.0 Release: 0 Summary: CLI tool and library for generating a Software Bill of Materials License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.obVrdD/_old 2026-05-05 15:17:17.083890303 +0200 +++ /var/tmp/diff_new_pack.obVrdD/_new 2026-05-05 15:17:17.087890462 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/anchore/syft</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.43.0</param> + <param name="revision">v1.44.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.obVrdD/_old 2026-05-05 15:17:17.107891258 +0200 +++ /var/tmp/diff_new_pack.obVrdD/_new 2026-05-05 15:17:17.111891417 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/anchore/syft</param> - <param name="changesrevision">390cf6cce0463d44c20270dea637bcb3833eee02</param></service></servicedata> + <param name="changesrevision">8cb78ce40ced6a731fb83f2a491a67444f541bf1</param></service></servicedata> (No newline at EOF) ++++++ syft-1.43.0.obscpio -> syft-1.44.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/.goreleaser.yaml new/syft-1.44.0/.goreleaser.yaml --- old/syft-1.43.0/.goreleaser.yaml 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/.goreleaser.yaml 2026-04-29 15:50:09.000000000 +0200 @@ -14,7 +14,7 @@ dir: ./cmd/syft binary: syft goos: [linux] - goarch: [amd64, arm64, ppc64le, s390x] + goarch: [amd64, arm64, ppc64le, riscv64, s390x] mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}' ldflags: &build-ldflags | -w @@ -115,6 +115,20 @@ - "--build-arg=VCS_URL={{.GitURL}}" - image_templates: + - anchore/syft:{{.Tag}}-riscv64 + - ghcr.io/anchore/syft:{{.Tag}}-riscv64 + goarch: riscv64 + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - "--platform=linux/riscv64" + - "--build-arg=DEBIAN_VERSION=13" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + + - image_templates: - anchore/syft:{{.Tag}}-s390x - ghcr.io/anchore/syft:{{.Tag}}-s390x goarch: s390x @@ -168,6 +182,20 @@ - "--build-arg=VCS_URL={{.GitURL}}" - image_templates: + - anchore/syft:{{.Tag}}-nonroot-riscv64 + - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64 + goarch: riscv64 + dockerfile: Dockerfile.nonroot + use: buildx + build_flag_templates: + - "--platform=linux/riscv64" + - "--build-arg=DEBIAN_VERSION=13" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + + - image_templates: - anchore/syft:{{.Tag}}-nonroot-s390x - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x goarch: s390x @@ -221,6 +249,20 @@ - "--build-arg=VCS_URL={{.GitURL}}" - image_templates: + - anchore/syft:{{.Tag}}-debug-riscv64 + - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64 + goarch: riscv64 + dockerfile: Dockerfile.debug + use: buildx + build_flag_templates: + - "--platform=linux/riscv64" + - "--build-arg=DEBIAN_VERSION=13" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + + - image_templates: - anchore/syft:{{.Tag}}-debug-s390x - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x goarch: s390x @@ -239,6 +281,7 @@ - anchore/syft:{{.Tag}}-amd64 - anchore/syft:{{.Tag}}-arm64v8 - anchore/syft:{{.Tag}}-ppc64le + - anchore/syft:{{.Tag}}-riscv64 - anchore/syft:{{.Tag}}-s390x - name_template: ghcr.io/anchore/syft:latest @@ -246,6 +289,7 @@ - ghcr.io/anchore/syft:{{.Tag}}-amd64 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-s390x - name_template: anchore/syft:{{.Tag}} @@ -253,6 +297,7 @@ - anchore/syft:{{.Tag}}-amd64 - anchore/syft:{{.Tag}}-arm64v8 - anchore/syft:{{.Tag}}-ppc64le + - anchore/syft:{{.Tag}}-riscv64 - anchore/syft:{{.Tag}}-s390x - name_template: ghcr.io/anchore/syft:{{.Tag}} @@ -260,6 +305,7 @@ - ghcr.io/anchore/syft:{{.Tag}}-amd64 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-s390x # nonroot images... @@ -268,6 +314,7 @@ - anchore/syft:{{.Tag}}-nonroot-amd64 - anchore/syft:{{.Tag}}-nonroot-arm64v8 - anchore/syft:{{.Tag}}-nonroot-ppc64le + - anchore/syft:{{.Tag}}-nonroot-riscv64 - anchore/syft:{{.Tag}}-nonroot-s390x - name_template: ghcr.io/anchore/syft:nonroot @@ -275,6 +322,7 @@ - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x - name_template: anchore/syft:{{.Tag}}-nonroot @@ -282,6 +330,7 @@ - anchore/syft:{{.Tag}}-nonroot-amd64 - anchore/syft:{{.Tag}}-nonroot-arm64v8 - anchore/syft:{{.Tag}}-nonroot-ppc64le + - anchore/syft:{{.Tag}}-nonroot-riscv64 - anchore/syft:{{.Tag}}-nonroot-s390x - name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot @@ -289,6 +338,7 @@ - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x # debug images... @@ -297,6 +347,7 @@ - anchore/syft:{{.Tag}}-debug-amd64 - anchore/syft:{{.Tag}}-debug-arm64v8 - anchore/syft:{{.Tag}}-debug-ppc64le + - anchore/syft:{{.Tag}}-debug-riscv64 - anchore/syft:{{.Tag}}-debug-s390x - name_template: ghcr.io/anchore/syft:debug @@ -304,6 +355,7 @@ - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x - name_template: anchore/syft:{{.Tag}}-debug @@ -311,6 +363,7 @@ - anchore/syft:{{.Tag}}-debug-amd64 - anchore/syft:{{.Tag}}-debug-arm64v8 - anchore/syft:{{.Tag}}-debug-ppc64le + - anchore/syft:{{.Tag}}-debug-riscv64 - anchore/syft:{{.Tag}}-debug-s390x - name_template: ghcr.io/anchore/syft:{{.Tag}}-debug @@ -318,6 +371,7 @@ - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x sboms: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/Dockerfile new/syft-1.44.0/Dockerfile --- old/syft-1.43.0/Dockerfile 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/Dockerfile 2026-04-29 15:50:09.000000000 +0200 @@ -1,4 +1,5 @@ -FROM gcr.io/distroless/static-debian12:latest AS build +ARG DEBIAN_VERSION=12 +FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:latest AS build FROM scratch # needed for version check HTTPS request diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/Dockerfile.debug new/syft-1.44.0/Dockerfile.debug --- old/syft-1.43.0/Dockerfile.debug 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/Dockerfile.debug 2026-04-29 15:50:09.000000000 +0200 @@ -1,4 +1,5 @@ -FROM gcr.io/distroless/static-debian12:debug-nonroot +ARG DEBIAN_VERSION=12 +FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:debug-nonroot # create the /tmp dir, which is needed for image content cache WORKDIR /tmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/Dockerfile.nonroot new/syft-1.44.0/Dockerfile.nonroot --- old/syft-1.43.0/Dockerfile.nonroot 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/Dockerfile.nonroot 2026-04-29 15:50:09.000000000 +0200 @@ -1,4 +1,5 @@ -FROM gcr.io/distroless/static-debian12:nonroot +ARG DEBIAN_VERSION=12 +FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:nonroot # create the /tmp dir, which is needed for image content cache WORKDIR /tmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/go.mod new/syft-1.44.0/go.mod --- old/syft-1.43.0/go.mod 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/go.mod 2026-04-29 15:50:09.000000000 +0200 @@ -9,6 +9,7 @@ github.com/Masterminds/sprig/v3 v3.3.0 github.com/OneOfOne/xxhash v1.2.8 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d + github.com/acobaugh/osrelease v0.1.0 github.com/adrg/xdg v0.5.3 github.com/anchore/bubbly v0.2.0 github.com/anchore/clio v0.1.0 @@ -22,10 +23,12 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b github.com/anchore/packageurl-go v0.2.0 github.com/anchore/stereoscope v0.1.23 + github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be github.com/aquasecurity/go-pep440-version v0.0.1 github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb github.com/bmatcuk/doublestar/v4 v4.10.0 + github.com/cespare/xxhash/v2 v2.3.0 github.com/charmbracelet/bubbles v1.0.0 github.com/charmbracelet/bubbletea v1.3.10 github.com/charmbracelet/lipgloss v1.1.0 @@ -42,12 +45,14 @@ github.com/go-git/go-git/v5 v5.18.0 github.com/go-test/deep v1.1.1 github.com/go-viper/mapstructure/v2 v2.5.0 + github.com/goccy/go-yaml v1.19.2 github.com/gohugoio/hashstructure v0.6.0 github.com/google/go-cmp v0.7.0 github.com/google/go-containerregistry v0.21.5 github.com/google/licensecheck v0.3.1 github.com/google/uuid v1.6.0 github.com/gookit/color v1.6.0 + github.com/gpustack/gguf-parser-go v0.24.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-getter v1.8.6 github.com/hashicorp/go-multierror v1.1.1 @@ -77,10 +82,12 @@ github.com/spf13/afero v1.15.0 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 + github.com/ulikunitz/xz v0.5.15 github.com/vbatts/go-mtree v0.7.0 github.com/vifraa/gopom v1.0.0 github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 github.com/wagoodman/go-progress v0.0.0-20260303201901-10176f79b2c0 + github.com/wk8/go-ordered-map/v2 v2.1.8 github.com/xeipuuv/gojsonschema v1.2.0 github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1 go.uber.org/goleak v1.3.0 @@ -88,49 +95,85 @@ golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 golang.org/x/mod v0.35.0 golang.org/x/net v0.53.0 + golang.org/x/time v0.15.0 + golang.org/x/tools v0.44.0 + gopkg.in/yaml.v3 v3.0.1 modernc.org/sqlite v1.46.2 ) require ( + cel.dev/expr v0.25.1 // indirect cloud.google.com/go v0.123.0 // indirect cloud.google.com/go/auth v0.18.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.9.0 // indirect cloud.google.com/go/iam v1.5.3 // indirect + cloud.google.com/go/monitoring v1.24.3 // indirect cloud.google.com/go/storage v1.61.3 // indirect + cyphar.com/go-pathrs v0.2.1 // indirect dario.cat/mergo v1.0.2 // indirect github.com/DataDog/zstd v1.5.5 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.14.0-rc.1 // indirect github.com/ProtonMail/go-crypto v1.4.0 // indirect github.com/STARRY-S/zip v0.2.3 // indirect - github.com/agext/levenshtein v1.2.1 // indirect; indirectt + github.com/agext/levenshtein v1.2.1 // indirect github.com/anchore/go-lzo v0.1.0 // indirect github.com/anchore/go-struct-converter v0.1.0 // indirect github.com/andybalholm/brotli v1.2.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aquasecurity/go-version v0.0.1 // indirect github.com/atotto/clipboard v0.1.4 // indirect + github.com/aws/aws-sdk-go-v2 v1.41.5 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.12 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.12 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.13 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.41.9 // indirect + github.com/aws/smithy-go v1.24.2 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/becheran/wildmatch-go v1.0.0 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/bodgit/plumbing v1.3.0 // indirect github.com/bodgit/sevenzip v1.6.1 // indirect github.com/bodgit/windows v1.0.1 // indirect + github.com/buger/jsonparser v1.1.2 // indirect github.com/charmbracelet/colorprofile v0.4.1 // indirect github.com/charmbracelet/harmonica v0.2.0 // indirect github.com/charmbracelet/x/ansi v0.11.6 // indirect github.com/charmbracelet/x/cellbuf v0.0.15 // indirect github.com/charmbracelet/x/term v0.2.2 // indirect + github.com/clipperhouse/displaywidth v0.10.0 // indirect + github.com/clipperhouse/uax29/v2 v2.6.0 // indirect github.com/cloudflare/circl v1.6.3 // indirect + github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect + github.com/containerd/cgroups/v3 v3.1.2 // indirect github.com/containerd/containerd/api v1.10.0 // indirect + github.com/containerd/containerd/v2 v2.2.2 // indirect github.com/containerd/continuity v0.4.5 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v1.0.0-rc.4 // indirect + github.com/containerd/plugin v1.0.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect github.com/containerd/ttrpc v1.2.7 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect @@ -142,6 +185,8 @@ github.com/docker/go-units v0.5.0 // indirect github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect github.com/emirpasic/gods v1.18.1 // indirect + github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/fgprof v0.9.5 // indirect @@ -150,28 +195,32 @@ github.com/gabriel-vasile/mimetype v1.4.13 // indirect github.com/gkampitakis/ciinfo v0.3.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-restruct/restruct v1.2.0-alpha // indirect - github.com/goccy/go-yaml v1.19.2 github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect github.com/googleapis/gax-go/v2 v2.17.0 // indirect + github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-version v1.8.0 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect + github.com/henvic/httpretty v0.1.4 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.18.5 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect github.com/lucasb-eyer/go-colorful v1.3.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/maruel/natural v1.1.1 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect @@ -186,14 +235,22 @@ github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect + github.com/moby/moby/api v1.54.1 // indirect + github.com/moby/moby/client v0.4.0 // indirect github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/sys/signal v0.7.1 // indirect github.com/moby/sys/user v0.4.0 // indirect github.com/moby/sys/userns v0.1.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect github.com/muesli/termenv v0.16.0 // indirect github.com/ncruces/go-strftime v1.0.0 // indirect + github.com/nwaples/rardecode/v2 v2.2.0 // indirect + github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect + github.com/olekukonko/errors v1.2.0 // indirect + github.com/olekukonko/ll v0.1.6 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.3.0 // indirect github.com/opencontainers/selinux v1.13.1 // indirect @@ -204,6 +261,7 @@ github.com/pkg/errors v0.9.1 // indirect github.com/pkg/profile v1.7.0 // indirect github.com/pkg/xattr v0.4.9 // indirect + github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/rivo/uniseg v0.4.7 // indirect @@ -213,11 +271,13 @@ github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.4 // indirect github.com/skeema/knownhosts v1.3.1 // indirect + github.com/smallnest/ringbuffer v0.0.0-20241116012123-461381446e3d // indirect github.com/sorairolake/lzip-go v0.3.8 // indirect github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect github.com/spf13/cast v1.10.0 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/spf13/viper v1.21.0 // indirect + github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/sylabs/sif/v2 v2.24.0 // indirect @@ -227,7 +287,6 @@ github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect - github.com/ulikunitz/xz v0.5.15 github.com/vbatts/tar-split v0.12.2 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect @@ -237,10 +296,13 @@ github.com/zclconf/go-cty v1.16.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect go.opentelemetry.io/otel v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/otel/sdk v1.43.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.43.0 // indirect go4.org v0.0.0-20230225012048-214862532bf5 // indirect golang.org/x/crypto v0.50.0 // indirect @@ -249,9 +311,8 @@ golang.org/x/sys v0.43.0 // indirect golang.org/x/term v0.42.0 // indirect golang.org/x/text v0.36.0 // indirect - golang.org/x/time v0.15.0 - golang.org/x/tools v0.44.0 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect + gonum.org/v1/gonum v0.16.0 // indirect google.golang.org/api v0.271.0 // indirect google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20 // indirect @@ -259,78 +320,11 @@ google.golang.org/grpc v1.79.3 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - gopkg.in/yaml.v3 v3.0.1 modernc.org/libc v1.70.0 // indirect modernc.org/mathutil v1.7.1 // indirect modernc.org/memory v1.11.0 // indirect ) -require ( - github.com/acobaugh/osrelease v0.1.0 - github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be - github.com/cespare/xxhash/v2 v2.3.0 - github.com/gpustack/gguf-parser-go v0.24.0 - github.com/wk8/go-ordered-map/v2 v2.1.8 -) - -require ( - cel.dev/expr v0.25.1 // indirect - cloud.google.com/go/monitoring v1.24.3 // indirect - cyphar.com/go-pathrs v0.2.1 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.55.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.55.0 // indirect - github.com/aws/aws-sdk-go-v2 v1.41.5 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect - github.com/aws/aws-sdk-go-v2/config v1.32.12 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.12 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3 // indirect - github.com/aws/aws-sdk-go-v2/service/signin v1.0.8 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.13 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.41.9 // indirect - github.com/aws/smithy-go v1.24.2 // indirect - github.com/bahlo/generic-list-go v0.2.0 // indirect - github.com/buger/jsonparser v1.1.2 // indirect - github.com/clipperhouse/displaywidth v0.10.0 // indirect - github.com/clipperhouse/uax29/v2 v2.6.0 // indirect - github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect - github.com/containerd/cgroups/v3 v3.1.2 // indirect - github.com/containerd/containerd/v2 v2.2.2 // indirect - github.com/containerd/plugin v1.0.0 // indirect - github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect - github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect - github.com/go-jose/go-jose/v4 v4.1.4 // indirect - github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72 // indirect - github.com/henvic/httpretty v0.1.4 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/moby/moby/api v1.54.1 // indirect - github.com/moby/moby/client v0.4.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect - github.com/nwaples/rardecode/v2 v2.2.0 // indirect - github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect - github.com/olekukonko/errors v1.2.0 // indirect - github.com/olekukonko/ll v0.1.6 // indirect - github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect - github.com/smallnest/ringbuffer v0.0.0-20241116012123-461381446e3d // indirect - github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect - go.opentelemetry.io/otel/sdk v1.43.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect - gonum.org/v1/gonum v0.16.0 // indirect -) - retract ( v1.25.0 // published with a replace directive (confusing for API users) v0.53.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/install.sh new/syft-1.44.0/install.sh --- old/syft-1.43.0/install.sh 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/install.sh 2026-04-29 15:50:09.000000000 +0200 @@ -154,6 +154,7 @@ mipsle) return 0 ;; mips64) return 0 ;; mips64le) return 0 ;; + riscv64) return 0 ;; s390x) return 0 ;; amd64p32) return 0 ;; esac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/internal/file/copy.go new/syft-1.44.0/internal/file/copy.go --- old/syft-1.43.0/internal/file/copy.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/internal/file/copy.go 2026-04-29 15:50:09.000000000 +0200 @@ -12,8 +12,20 @@ // protect against decompression bomb attacks. func safeCopy(writer io.Writer, reader io.Reader) error { numBytes, err := io.Copy(writer, io.LimitReader(reader, perFileReadLimit)) - if numBytes >= perFileReadLimit || errors.Is(err, io.EOF) { + if numBytes >= perFileReadLimit { return fmt.Errorf("zip read limit hit (potential decompression bomb attack)") } + // Propagate decompression / read errors up to the caller. io.Copy + // on the happy path returns (n, nil); the only way err is non-nil + // here is that the underlying reader surfaced a real failure + // ("flate: corrupt input before offset X" on a mangled ZIP entry, + // a network-backed reader erroring mid-stream, etc.). The previous + // implementation dropped that error and the caller stored a + // partial / empty buffer as a "successful" extract, which silently + // downgraded Java cataloger output and caused SBOM scanners to + // miss known CVEs (#4806). + if err != nil && !errors.Is(err, io.EOF) { + return fmt.Errorf("failed to read archive entry: %w", err) + } return nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/internal/file/copy_test.go new/syft-1.44.0/internal/file/copy_test.go --- old/syft-1.43.0/internal/file/copy_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/syft-1.44.0/internal/file/copy_test.go 2026-04-29 15:50:09.000000000 +0200 @@ -0,0 +1,64 @@ +package file + +import ( + "bytes" + "errors" + "io" + "strings" + "testing" +) + +// errReader returns a deterministic non-EOF error after emitting some +// bytes, mimicking what compress/flate does when it hits a corrupt +// stream mid-entry. +type errReader struct { + data []byte + err error + off int +} + +func (r *errReader) Read(p []byte) (int, error) { + if r.off >= len(r.data) { + return 0, r.err + } + n := copy(p, r.data[r.off:]) + r.off += n + return n, nil +} + +func TestSafeCopy(t *testing.T) { + t.Run("clean copy returns nil", func(t *testing.T) { + var buf bytes.Buffer + if err := safeCopy(&buf, strings.NewReader("hello")); err != nil { + t.Fatalf("unexpected error: %v", err) + } + if got := buf.String(); got != "hello" { + t.Fatalf("unexpected buffer contents: %q", got) + } + }) + + t.Run("propagates decompression error", func(t *testing.T) { + // #4806: safeCopy used to drop non-EOF errors, so the caller + // would persist a partial buffer as a successful extract and + // downstream catalogers silently read empty manifests. + sentinel := errors.New("flate: corrupt input before offset 42") + var buf bytes.Buffer + err := safeCopy(&buf, &errReader{data: []byte("partial"), err: sentinel}) + if err == nil { + t.Fatalf("expected error to be returned, got nil") + } + if !errors.Is(err, sentinel) { + t.Fatalf("error does not wrap sentinel: %v", err) + } + }) + + t.Run("EOF is not treated as an error", func(t *testing.T) { + // The old code had a dead io.EOF branch that labelled clean + // reads as decompression bombs; keep the happy path clean. + var buf bytes.Buffer + err := safeCopy(&buf, io.LimitReader(strings.NewReader("abc"), 3)) + if err != nil { + t.Fatalf("unexpected error on clean copy: %v", err) + } + }) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/schema/cyclonedx/cyclonedx.json new/syft-1.44.0/schema/cyclonedx/cyclonedx.json --- old/syft-1.43.0/schema/cyclonedx/cyclonedx.json 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/schema/cyclonedx/cyclonedx.json 2026-04-29 15:50:09.000000000 +0200 @@ -5132,6 +5132,7 @@ "armv9-a", "armv9-m", "s390x", + "riscv64", "ppc64", "ppc64le", "other", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/schema/cyclonedx/cyclonedx.xsd new/syft-1.44.0/schema/cyclonedx/cyclonedx.xsd --- old/syft-1.43.0/schema/cyclonedx/cyclonedx.xsd 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/schema/cyclonedx/cyclonedx.xsd 2026-04-29 15:50:09.000000000 +0200 @@ -6471,6 +6471,7 @@ <xs:enumeration value="armv9-a"/> <xs:enumeration value="armv9-m"/> <xs:enumeration value="s390x"/> + <xs:enumeration value="riscv64"/> <xs:enumeration value="ppc64"/> <xs:enumeration value="ppc64le"/> <xs:enumeration value="other"/> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/1.41.0/linux-amd64/deno new/syft-1.44.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/1.41.0/linux-amd64/deno --- old/syft-1.43.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/1.41.0/linux-amd64/deno 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/1.41.0/linux-amd64/deno 1970-01-01 01:00:00.000000000 +0100 @@ -1,9 +0,0 @@ -name: deno -offset: 17775514 -length: 100 -snippetSha256: 1bf995efbcf158531b2cde0a0213b348e189550a45d1db127b54eded4c520d0a -fileSha256: b0877de86c74027327fca3ca37a5ac3780bcc9c70579ecf6c7c9a55d22147aef - -### byte snippet to follow ### -t recognize flag '' -Deno/1.41.0cli/worker.rsmain_module deno::worker[ext:cli/worker.rs:191:37][ext:c \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.0.0/linux-amd64/deno new/syft-1.44.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.0.0/linux-amd64/deno --- old/syft-1.43.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.0.0/linux-amd64/deno 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.0.0/linux-amd64/deno 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +0,0 @@ -name: deno -offset: 19199775 -length: 100 -snippetSha256: a5411a3e2856c4351f97e9d5f50f78227da85640f50e436913b0bcb0f12d3216 -fileSha256: 097ca199e64f5cd67318cdd3750ab3da9374edeaa205032b74c905f8c99901a6 - -### byte snippet to follow ### -denover2.0.0+a62c7e0Deno/2.0.0Deno/2.0.0+a62c7e0a62c7e036ab6851c0293f407ead635a7331445b75.6.2cli/wor \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.6.3/linux-amd64/deno new/syft-1.44.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.6.3/linux-amd64/deno --- old/syft-1.43.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.6.3/linux-amd64/deno 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/deno/2.6.3/linux-amd64/deno 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +0,0 @@ -name: deno -offset: 21186310 -length: 100 -snippetSha256: b6dd3f1b71effaba81c4d1aa77a7769d1cafbd5857564e2f3529e293c7f0db80 -fileSha256: 644b733f21383c5eea7b27dcb5d81c3e2a94d18287c6b11e9771335b51e8438d - -### byte snippet to follow ### -ts2.6.32.6.3+3fbb1daDeno/2.6.3Deno/2.6.3+3fbb1da3fbb1daddbc9333cddf0d8c0735811717dd70f7a5.9.2Missing \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/1.41.0/linux-amd64/deno new/syft-1.44.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/1.41.0/linux-amd64/deno --- old/syft-1.43.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/1.41.0/linux-amd64/deno 1970-01-01 01:00:00.000000000 +0100 +++ new/syft-1.44.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/1.41.0/linux-amd64/deno 2026-04-29 15:50:09.000000000 +0200 @@ -0,0 +1,9 @@ +name: deno +offset: 17775514 +length: 100 +snippetSha256: 1bf995efbcf158531b2cde0a0213b348e189550a45d1db127b54eded4c520d0a +fileSha256: b0877de86c74027327fca3ca37a5ac3780bcc9c70579ecf6c7c9a55d22147aef + +### byte snippet to follow ### +t recognize flag '' +Deno/1.41.0cli/worker.rsmain_module deno::worker[ext:cli/worker.rs:191:37][ext:c \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.0.0/linux-amd64/deno new/syft-1.44.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.0.0/linux-amd64/deno --- old/syft-1.43.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.0.0/linux-amd64/deno 1970-01-01 01:00:00.000000000 +0100 +++ new/syft-1.44.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.0.0/linux-amd64/deno 2026-04-29 15:50:09.000000000 +0200 @@ -0,0 +1,8 @@ +name: deno +offset: 19199775 +length: 100 +snippetSha256: a5411a3e2856c4351f97e9d5f50f78227da85640f50e436913b0bcb0f12d3216 +fileSha256: 097ca199e64f5cd67318cdd3750ab3da9374edeaa205032b74c905f8c99901a6 + +### byte snippet to follow ### +denover2.0.0+a62c7e0Deno/2.0.0Deno/2.0.0+a62c7e0a62c7e036ab6851c0293f407ead635a7331445b75.6.2cli/wor \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.6.3/linux-amd64/deno new/syft-1.44.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.6.3/linux-amd64/deno --- old/syft-1.43.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.6.3/linux-amd64/deno 1970-01-01 01:00:00.000000000 +0100 +++ new/syft-1.44.0/syft/pkg/cataloger/binary/testdata/classifiers/snippets/deno/2.6.3/linux-amd64/deno 2026-04-29 15:50:09.000000000 +0200 @@ -0,0 +1,8 @@ +name: deno +offset: 21186310 +length: 100 +snippetSha256: b6dd3f1b71effaba81c4d1aa77a7769d1cafbd5857564e2f3529e293c7f0db80 +fileSha256: 644b733f21383c5eea7b27dcb5d81c3e2a94d18287c6b11e9771335b51e8438d + +### byte snippet to follow ### +ts2.6.32.6.3+3fbb1daDeno/2.6.3Deno/2.6.3+3fbb1da3fbb1daddbc9333cddf0d8c0735811717dd70f7a5.9.2Missing \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/dotnet/cataloger_test.go new/syft-1.44.0/syft/pkg/cataloger/dotnet/cataloger_test.go --- old/syft-1.43.0/syft/pkg/cataloger/dotnet/cataloger_test.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/dotnet/cataloger_test.go 2026-04-29 15:50:09.000000000 +0200 @@ -319,174 +319,174 @@ net8AppExpectedBinarySelfContainedPkgs = append(net8AppExpectedBinarySelfContainedPkgs, // include the runtime... ".NET Runtime @ 8,0,1425,11118 (/app/coreclr.dll)", - "Microsoft.CSharp @ 8.0.1425.11118 (/app/Microsoft.CSharp.dll)", - "Microsoft.VisualBasic @ 8.0.1425.11118 (/app/Microsoft.VisualBasic.dll)", + "Microsoft.CSharp @ 8.0.14 (/app/Microsoft.CSharp.dll)", + "Microsoft.VisualBasic @ 8.0.14 (/app/Microsoft.VisualBasic.dll)", "Microsoft.VisualBasic.Core @ 13.0.1425.11118 (/app/Microsoft.VisualBasic.Core.dll)", - "Microsoft.Win32.Primitives @ 8.0.1425.11118 (/app/Microsoft.Win32.Primitives.dll)", - "Microsoft.Win32.Registry @ 8.0.1425.11118 (/app/Microsoft.Win32.Registry.dll)", - "System @ 8.0.1425.11118 (/app/System.dll)", - "System.AppContext @ 8.0.1425.11118 (/app/System.AppContext.dll)", - "System.Buffers @ 8.0.1425.11118 (/app/System.Buffers.dll)", - "System.Collections @ 8.0.1425.11118 (/app/System.Collections.dll)", - "System.Collections.Concurrent @ 8.0.1425.11118 (/app/System.Collections.Concurrent.dll)", - "System.Collections.Immutable @ 8.0.1425.11118 (/app/System.Collections.Immutable.dll)", - "System.Collections.NonGeneric @ 8.0.1425.11118 (/app/System.Collections.NonGeneric.dll)", - "System.Collections.Specialized @ 8.0.1425.11118 (/app/System.Collections.Specialized.dll)", - "System.ComponentModel @ 8.0.1425.11118 (/app/System.ComponentModel.dll)", - "System.ComponentModel.Annotations @ 8.0.1425.11118 (/app/System.ComponentModel.Annotations.dll)", - "System.ComponentModel.DataAnnotations @ 8.0.1425.11118 (/app/System.ComponentModel.DataAnnotations.dll)", - "System.ComponentModel.EventBasedAsync @ 8.0.1425.11118 (/app/System.ComponentModel.EventBasedAsync.dll)", - "System.ComponentModel.Primitives @ 8.0.1425.11118 (/app/System.ComponentModel.Primitives.dll)", - "System.ComponentModel.TypeConverter @ 8.0.1425.11118 (/app/System.ComponentModel.TypeConverter.dll)", - "System.Configuration @ 8.0.1425.11118 (/app/System.Configuration.dll)", - "System.Console @ 8.0.1425.11118 (/app/System.Console.dll)", - "System.Core @ 8.0.1425.11118 (/app/System.Core.dll)", - "System.Data @ 8.0.1425.11118 (/app/System.Data.dll)", - "System.Data.Common @ 8.0.1425.11118 (/app/System.Data.Common.dll)", - "System.Data.DataSetExtensions @ 8.0.1425.11118 (/app/System.Data.DataSetExtensions.dll)", - "System.Diagnostics.Contracts @ 8.0.1425.11118 (/app/System.Diagnostics.Contracts.dll)", - "System.Diagnostics.Debug @ 8.0.1425.11118 (/app/System.Diagnostics.Debug.dll)", - "System.Diagnostics.DiagnosticSource @ 8.0.1425.11118 (/app/System.Diagnostics.DiagnosticSource.dll)", - "System.Diagnostics.FileVersionInfo @ 8.0.1425.11118 (/app/System.Diagnostics.FileVersionInfo.dll)", - "System.Diagnostics.Process @ 8.0.1425.11118 (/app/System.Diagnostics.Process.dll)", - "System.Diagnostics.StackTrace @ 8.0.1425.11118 (/app/System.Diagnostics.StackTrace.dll)", - "System.Diagnostics.TextWriterTraceListener @ 8.0.1425.11118 (/app/System.Diagnostics.TextWriterTraceListener.dll)", - "System.Diagnostics.Tools @ 8.0.1425.11118 (/app/System.Diagnostics.Tools.dll)", - "System.Diagnostics.TraceSource @ 8.0.1425.11118 (/app/System.Diagnostics.TraceSource.dll)", - "System.Diagnostics.Tracing @ 8.0.1425.11118 (/app/System.Diagnostics.Tracing.dll)", - "System.Drawing @ 8.0.1425.11118 (/app/System.Drawing.dll)", - "System.Drawing.Primitives @ 8.0.1425.11118 (/app/System.Drawing.Primitives.dll)", - "System.Dynamic.Runtime @ 8.0.1425.11118 (/app/System.Dynamic.Runtime.dll)", - "System.Formats.Asn1 @ 8.0.1425.11118 (/app/System.Formats.Asn1.dll)", - "System.Formats.Tar @ 8.0.1425.11118 (/app/System.Formats.Tar.dll)", - "System.Globalization @ 8.0.1425.11118 (/app/System.Globalization.dll)", - "System.Globalization.Calendars @ 8.0.1425.11118 (/app/System.Globalization.Calendars.dll)", - "System.Globalization.Extensions @ 8.0.1425.11118 (/app/System.Globalization.Extensions.dll)", - "System.IO @ 8.0.1425.11118 (/app/System.IO.dll)", - "System.IO.Compression @ 8.0.1425.11118 (/app/System.IO.Compression.dll)", - "System.IO.Compression.Brotli @ 8.0.1425.11118 (/app/System.IO.Compression.Brotli.dll)", - "System.IO.Compression.FileSystem @ 8.0.1425.11118 (/app/System.IO.Compression.FileSystem.dll)", - "System.IO.Compression.ZipFile @ 8.0.1425.11118 (/app/System.IO.Compression.ZipFile.dll)", - "System.IO.FileSystem @ 8.0.1425.11118 (/app/System.IO.FileSystem.dll)", - "System.IO.FileSystem.AccessControl @ 8.0.1425.11118 (/app/System.IO.FileSystem.AccessControl.dll)", - "System.IO.FileSystem.DriveInfo @ 8.0.1425.11118 (/app/System.IO.FileSystem.DriveInfo.dll)", - "System.IO.FileSystem.Primitives @ 8.0.1425.11118 (/app/System.IO.FileSystem.Primitives.dll)", - "System.IO.FileSystem.Watcher @ 8.0.1425.11118 (/app/System.IO.FileSystem.Watcher.dll)", - "System.IO.IsolatedStorage @ 8.0.1425.11118 (/app/System.IO.IsolatedStorage.dll)", - "System.IO.MemoryMappedFiles @ 8.0.1425.11118 (/app/System.IO.MemoryMappedFiles.dll)", - "System.IO.Pipes @ 8.0.1425.11118 (/app/System.IO.Pipes.dll)", - "System.IO.Pipes.AccessControl @ 8.0.1425.11118 (/app/System.IO.Pipes.AccessControl.dll)", - "System.IO.UnmanagedMemoryStream @ 8.0.1425.11118 (/app/System.IO.UnmanagedMemoryStream.dll)", - "System.Linq @ 8.0.1425.11118 (/app/System.Linq.dll)", - "System.Linq.Expressions @ 8.0.1425.11118 (/app/System.Linq.Expressions.dll)", - "System.Linq.Parallel @ 8.0.1425.11118 (/app/System.Linq.Parallel.dll)", - "System.Linq.Queryable @ 8.0.1425.11118 (/app/System.Linq.Queryable.dll)", - "System.Memory @ 8.0.1425.11118 (/app/System.Memory.dll)", - "System.Net @ 8.0.1425.11118 (/app/System.Net.dll)", - "System.Net.Http @ 8.0.1425.11118 (/app/System.Net.Http.dll)", - "System.Net.Http.Json @ 8.0.1425.11118 (/app/System.Net.Http.Json.dll)", - "System.Net.HttpListener @ 8.0.1425.11118 (/app/System.Net.HttpListener.dll)", - "System.Net.Mail @ 8.0.1425.11118 (/app/System.Net.Mail.dll)", - "System.Net.NameResolution @ 8.0.1425.11118 (/app/System.Net.NameResolution.dll)", - "System.Net.NetworkInformation @ 8.0.1425.11118 (/app/System.Net.NetworkInformation.dll)", - "System.Net.Ping @ 8.0.1425.11118 (/app/System.Net.Ping.dll)", - "System.Net.Primitives @ 8.0.1425.11118 (/app/System.Net.Primitives.dll)", - "System.Net.Quic @ 8.0.1425.11118 (/app/System.Net.Quic.dll)", - "System.Net.Requests @ 8.0.1425.11118 (/app/System.Net.Requests.dll)", - "System.Net.Security @ 8.0.1425.11118 (/app/System.Net.Security.dll)", - "System.Net.ServicePoint @ 8.0.1425.11118 (/app/System.Net.ServicePoint.dll)", - "System.Net.Sockets @ 8.0.1425.11118 (/app/System.Net.Sockets.dll)", - "System.Net.WebClient @ 8.0.1425.11118 (/app/System.Net.WebClient.dll)", - "System.Net.WebHeaderCollection @ 8.0.1425.11118 (/app/System.Net.WebHeaderCollection.dll)", - "System.Net.WebProxy @ 8.0.1425.11118 (/app/System.Net.WebProxy.dll)", - "System.Net.WebSockets @ 8.0.1425.11118 (/app/System.Net.WebSockets.dll)", - "System.Net.WebSockets.Client @ 8.0.1425.11118 (/app/System.Net.WebSockets.Client.dll)", - "System.Numerics @ 8.0.1425.11118 (/app/System.Numerics.dll)", - "System.Numerics.Vectors @ 8.0.1425.11118 (/app/System.Numerics.Vectors.dll)", - "System.ObjectModel @ 8.0.1425.11118 (/app/System.ObjectModel.dll)", - "System.Private.CoreLib @ 8.0.1425.11118 (/app/System.Private.CoreLib.dll)", - "System.Private.DataContractSerialization @ 8.0.1425.11118 (/app/System.Private.DataContractSerialization.dll)", - "System.Private.Uri @ 8.0.1425.11118 (/app/System.Private.Uri.dll)", - "System.Private.Xml @ 8.0.1425.11118 (/app/System.Private.Xml.dll)", - "System.Private.Xml.Linq @ 8.0.1425.11118 (/app/System.Private.Xml.Linq.dll)", - "System.Reflection @ 8.0.1425.11118 (/app/System.Reflection.dll)", - "System.Reflection.DispatchProxy @ 8.0.1425.11118 (/app/System.Reflection.DispatchProxy.dll)", - "System.Reflection.Emit @ 8.0.1425.11118 (/app/System.Reflection.Emit.dll)", - "System.Reflection.Emit.ILGeneration @ 8.0.1425.11118 (/app/System.Reflection.Emit.ILGeneration.dll)", - "System.Reflection.Emit.Lightweight @ 8.0.1425.11118 (/app/System.Reflection.Emit.Lightweight.dll)", - "System.Reflection.Extensions @ 8.0.1425.11118 (/app/System.Reflection.Extensions.dll)", - "System.Reflection.Metadata @ 8.0.1425.11118 (/app/System.Reflection.Metadata.dll)", - "System.Reflection.Primitives @ 8.0.1425.11118 (/app/System.Reflection.Primitives.dll)", - "System.Reflection.TypeExtensions @ 8.0.1425.11118 (/app/System.Reflection.TypeExtensions.dll)", - "System.Resources.Reader @ 8.0.1425.11118 (/app/System.Resources.Reader.dll)", - "System.Resources.ResourceManager @ 8.0.1425.11118 (/app/System.Resources.ResourceManager.dll)", - "System.Resources.Writer @ 8.0.1425.11118 (/app/System.Resources.Writer.dll)", - "System.Runtime @ 8.0.1425.11118 (/app/System.Runtime.dll)", - "System.Runtime.CompilerServices.Unsafe @ 8.0.1425.11118 (/app/System.Runtime.CompilerServices.Unsafe.dll)", - "System.Runtime.CompilerServices.VisualC @ 8.0.1425.11118 (/app/System.Runtime.CompilerServices.VisualC.dll)", - "System.Runtime.Extensions @ 8.0.1425.11118 (/app/System.Runtime.Extensions.dll)", - "System.Runtime.Handles @ 8.0.1425.11118 (/app/System.Runtime.Handles.dll)", - "System.Runtime.InteropServices @ 8.0.1425.11118 (/app/System.Runtime.InteropServices.dll)", - "System.Runtime.InteropServices.JavaScript @ 8.0.1425.11118 (/app/System.Runtime.InteropServices.JavaScript.dll)", - "System.Runtime.InteropServices.RuntimeInformation @ 8.0.1425.11118 (/app/System.Runtime.InteropServices.RuntimeInformation.dll)", - "System.Runtime.Intrinsics @ 8.0.1425.11118 (/app/System.Runtime.Intrinsics.dll)", - "System.Runtime.Loader @ 8.0.1425.11118 (/app/System.Runtime.Loader.dll)", - "System.Runtime.Numerics @ 8.0.1425.11118 (/app/System.Runtime.Numerics.dll)", - "System.Runtime.Serialization @ 8.0.1425.11118 (/app/System.Runtime.Serialization.dll)", - "System.Runtime.Serialization.Formatters @ 8.0.1425.11118 (/app/System.Runtime.Serialization.Formatters.dll)", - "System.Runtime.Serialization.Json @ 8.0.1425.11118 (/app/System.Runtime.Serialization.Json.dll)", - "System.Runtime.Serialization.Primitives @ 8.0.1425.11118 (/app/System.Runtime.Serialization.Primitives.dll)", - "System.Runtime.Serialization.Xml @ 8.0.1425.11118 (/app/System.Runtime.Serialization.Xml.dll)", - "System.Security @ 8.0.1425.11118 (/app/System.Security.dll)", - "System.Security.AccessControl @ 8.0.1425.11118 (/app/System.Security.AccessControl.dll)", - "System.Security.Claims @ 8.0.1425.11118 (/app/System.Security.Claims.dll)", - "System.Security.Cryptography @ 8.0.1425.11118 (/app/System.Security.Cryptography.dll)", - "System.Security.Cryptography.Algorithms @ 8.0.1425.11118 (/app/System.Security.Cryptography.Algorithms.dll)", - "System.Security.Cryptography.Cng @ 8.0.1425.11118 (/app/System.Security.Cryptography.Cng.dll)", - "System.Security.Cryptography.Csp @ 8.0.1425.11118 (/app/System.Security.Cryptography.Csp.dll)", - "System.Security.Cryptography.Encoding @ 8.0.1425.11118 (/app/System.Security.Cryptography.Encoding.dll)", - "System.Security.Cryptography.OpenSsl @ 8.0.1425.11118 (/app/System.Security.Cryptography.OpenSsl.dll)", - "System.Security.Cryptography.Primitives @ 8.0.1425.11118 (/app/System.Security.Cryptography.Primitives.dll)", - "System.Security.Cryptography.X509Certificates @ 8.0.1425.11118 (/app/System.Security.Cryptography.X509Certificates.dll)", - "System.Security.Principal @ 8.0.1425.11118 (/app/System.Security.Principal.dll)", - "System.Security.Principal.Windows @ 8.0.1425.11118 (/app/System.Security.Principal.Windows.dll)", - "System.Security.SecureString @ 8.0.1425.11118 (/app/System.Security.SecureString.dll)", - "System.ServiceModel.Web @ 8.0.1425.11118 (/app/System.ServiceModel.Web.dll)", - "System.ServiceProcess @ 8.0.1425.11118 (/app/System.ServiceProcess.dll)", - "System.Text.Encoding @ 8.0.1425.11118 (/app/System.Text.Encoding.dll)", - "System.Text.Encoding.CodePages @ 8.0.1425.11118 (/app/System.Text.Encoding.CodePages.dll)", - "System.Text.Encoding.Extensions @ 8.0.1425.11118 (/app/System.Text.Encoding.Extensions.dll)", - "System.Text.Encodings.Web @ 8.0.1425.11118 (/app/System.Text.Encodings.Web.dll)", - "System.Text.Json @ 8.0.1425.11118 (/app/System.Text.Json.dll)", - "System.Text.RegularExpressions @ 8.0.1425.11118 (/app/System.Text.RegularExpressions.dll)", - "System.Threading @ 8.0.1425.11118 (/app/System.Threading.dll)", - "System.Threading.Channels @ 8.0.1425.11118 (/app/System.Threading.Channels.dll)", - "System.Threading.Overlapped @ 8.0.1425.11118 (/app/System.Threading.Overlapped.dll)", - "System.Threading.Tasks @ 8.0.1425.11118 (/app/System.Threading.Tasks.dll)", - "System.Threading.Tasks.Dataflow @ 8.0.1425.11118 (/app/System.Threading.Tasks.Dataflow.dll)", - "System.Threading.Tasks.Extensions @ 8.0.1425.11118 (/app/System.Threading.Tasks.Extensions.dll)", - "System.Threading.Tasks.Parallel @ 8.0.1425.11118 (/app/System.Threading.Tasks.Parallel.dll)", - "System.Threading.Thread @ 8.0.1425.11118 (/app/System.Threading.Thread.dll)", - "System.Threading.ThreadPool @ 8.0.1425.11118 (/app/System.Threading.ThreadPool.dll)", - "System.Threading.Timer @ 8.0.1425.11118 (/app/System.Threading.Timer.dll)", - "System.Transactions @ 8.0.1425.11118 (/app/System.Transactions.dll)", - "System.Transactions.Local @ 8.0.1425.11118 (/app/System.Transactions.Local.dll)", - "System.ValueTuple @ 8.0.1425.11118 (/app/System.ValueTuple.dll)", - "System.Web @ 8.0.1425.11118 (/app/System.Web.dll)", - "System.Web.HttpUtility @ 8.0.1425.11118 (/app/System.Web.HttpUtility.dll)", - "System.Windows @ 8.0.1425.11118 (/app/System.Windows.dll)", - "System.Xml @ 8.0.1425.11118 (/app/System.Xml.dll)", - "System.Xml.Linq @ 8.0.1425.11118 (/app/System.Xml.Linq.dll)", - "System.Xml.ReaderWriter @ 8.0.1425.11118 (/app/System.Xml.ReaderWriter.dll)", - "System.Xml.Serialization @ 8.0.1425.11118 (/app/System.Xml.Serialization.dll)", - "System.Xml.XDocument @ 8.0.1425.11118 (/app/System.Xml.XDocument.dll)", - "System.Xml.XPath @ 8.0.1425.11118 (/app/System.Xml.XPath.dll)", - "System.Xml.XPath.XDocument @ 8.0.1425.11118 (/app/System.Xml.XPath.XDocument.dll)", - "System.Xml.XmlDocument @ 8.0.1425.11118 (/app/System.Xml.XmlDocument.dll)", - "System.Xml.XmlSerializer @ 8.0.1425.11118 (/app/System.Xml.XmlSerializer.dll)", - "WindowsBase @ 8.0.1425.11118 (/app/WindowsBase.dll)", - "mscorlib @ 8.0.1425.11118 (/app/mscorlib.dll)", - "netstandard @ 8.0.1425.11118 (/app/netstandard.dll)", + "Microsoft.Win32.Primitives @ 8.0.14 (/app/Microsoft.Win32.Primitives.dll)", + "Microsoft.Win32.Registry @ 8.0.14 (/app/Microsoft.Win32.Registry.dll)", + "System @ 8.0.14 (/app/System.dll)", + "System.AppContext @ 8.0.14 (/app/System.AppContext.dll)", + "System.Buffers @ 8.0.14 (/app/System.Buffers.dll)", + "System.Collections @ 8.0.14 (/app/System.Collections.dll)", + "System.Collections.Concurrent @ 8.0.14 (/app/System.Collections.Concurrent.dll)", + "System.Collections.Immutable @ 8.0.14 (/app/System.Collections.Immutable.dll)", + "System.Collections.NonGeneric @ 8.0.14 (/app/System.Collections.NonGeneric.dll)", + "System.Collections.Specialized @ 8.0.14 (/app/System.Collections.Specialized.dll)", + "System.ComponentModel @ 8.0.14 (/app/System.ComponentModel.dll)", + "System.ComponentModel.Annotations @ 8.0.14 (/app/System.ComponentModel.Annotations.dll)", + "System.ComponentModel.DataAnnotations @ 8.0.14 (/app/System.ComponentModel.DataAnnotations.dll)", + "System.ComponentModel.EventBasedAsync @ 8.0.14 (/app/System.ComponentModel.EventBasedAsync.dll)", + "System.ComponentModel.Primitives @ 8.0.14 (/app/System.ComponentModel.Primitives.dll)", + "System.ComponentModel.TypeConverter @ 8.0.14 (/app/System.ComponentModel.TypeConverter.dll)", + "System.Configuration @ 8.0.14 (/app/System.Configuration.dll)", + "System.Console @ 8.0.14 (/app/System.Console.dll)", + "System.Core @ 8.0.14 (/app/System.Core.dll)", + "System.Data @ 8.0.14 (/app/System.Data.dll)", + "System.Data.Common @ 8.0.14 (/app/System.Data.Common.dll)", + "System.Data.DataSetExtensions @ 8.0.14 (/app/System.Data.DataSetExtensions.dll)", + "System.Diagnostics.Contracts @ 8.0.14 (/app/System.Diagnostics.Contracts.dll)", + "System.Diagnostics.Debug @ 8.0.14 (/app/System.Diagnostics.Debug.dll)", + "System.Diagnostics.DiagnosticSource @ 8.0.14 (/app/System.Diagnostics.DiagnosticSource.dll)", + "System.Diagnostics.FileVersionInfo @ 8.0.14 (/app/System.Diagnostics.FileVersionInfo.dll)", + "System.Diagnostics.Process @ 8.0.14 (/app/System.Diagnostics.Process.dll)", + "System.Diagnostics.StackTrace @ 8.0.14 (/app/System.Diagnostics.StackTrace.dll)", + "System.Diagnostics.TextWriterTraceListener @ 8.0.14 (/app/System.Diagnostics.TextWriterTraceListener.dll)", + "System.Diagnostics.Tools @ 8.0.14 (/app/System.Diagnostics.Tools.dll)", + "System.Diagnostics.TraceSource @ 8.0.14 (/app/System.Diagnostics.TraceSource.dll)", + "System.Diagnostics.Tracing @ 8.0.14 (/app/System.Diagnostics.Tracing.dll)", + "System.Drawing @ 8.0.14 (/app/System.Drawing.dll)", + "System.Drawing.Primitives @ 8.0.14 (/app/System.Drawing.Primitives.dll)", + "System.Dynamic.Runtime @ 8.0.14 (/app/System.Dynamic.Runtime.dll)", + "System.Formats.Asn1 @ 8.0.14 (/app/System.Formats.Asn1.dll)", + "System.Formats.Tar @ 8.0.14 (/app/System.Formats.Tar.dll)", + "System.Globalization @ 8.0.14 (/app/System.Globalization.dll)", + "System.Globalization.Calendars @ 8.0.14 (/app/System.Globalization.Calendars.dll)", + "System.Globalization.Extensions @ 8.0.14 (/app/System.Globalization.Extensions.dll)", + "System.IO @ 8.0.14 (/app/System.IO.dll)", + "System.IO.Compression @ 8.0.14 (/app/System.IO.Compression.dll)", + "System.IO.Compression.Brotli @ 8.0.14 (/app/System.IO.Compression.Brotli.dll)", + "System.IO.Compression.FileSystem @ 8.0.14 (/app/System.IO.Compression.FileSystem.dll)", + "System.IO.Compression.ZipFile @ 8.0.14 (/app/System.IO.Compression.ZipFile.dll)", + "System.IO.FileSystem @ 8.0.14 (/app/System.IO.FileSystem.dll)", + "System.IO.FileSystem.AccessControl @ 8.0.14 (/app/System.IO.FileSystem.AccessControl.dll)", + "System.IO.FileSystem.DriveInfo @ 8.0.14 (/app/System.IO.FileSystem.DriveInfo.dll)", + "System.IO.FileSystem.Primitives @ 8.0.14 (/app/System.IO.FileSystem.Primitives.dll)", + "System.IO.FileSystem.Watcher @ 8.0.14 (/app/System.IO.FileSystem.Watcher.dll)", + "System.IO.IsolatedStorage @ 8.0.14 (/app/System.IO.IsolatedStorage.dll)", + "System.IO.MemoryMappedFiles @ 8.0.14 (/app/System.IO.MemoryMappedFiles.dll)", + "System.IO.Pipes @ 8.0.14 (/app/System.IO.Pipes.dll)", + "System.IO.Pipes.AccessControl @ 8.0.14 (/app/System.IO.Pipes.AccessControl.dll)", + "System.IO.UnmanagedMemoryStream @ 8.0.14 (/app/System.IO.UnmanagedMemoryStream.dll)", + "System.Linq @ 8.0.14 (/app/System.Linq.dll)", + "System.Linq.Expressions @ 8.0.14 (/app/System.Linq.Expressions.dll)", + "System.Linq.Parallel @ 8.0.14 (/app/System.Linq.Parallel.dll)", + "System.Linq.Queryable @ 8.0.14 (/app/System.Linq.Queryable.dll)", + "System.Memory @ 8.0.14 (/app/System.Memory.dll)", + "System.Net @ 8.0.14 (/app/System.Net.dll)", + "System.Net.Http @ 8.0.14 (/app/System.Net.Http.dll)", + "System.Net.Http.Json @ 8.0.14 (/app/System.Net.Http.Json.dll)", + "System.Net.HttpListener @ 8.0.14 (/app/System.Net.HttpListener.dll)", + "System.Net.Mail @ 8.0.14 (/app/System.Net.Mail.dll)", + "System.Net.NameResolution @ 8.0.14 (/app/System.Net.NameResolution.dll)", + "System.Net.NetworkInformation @ 8.0.14 (/app/System.Net.NetworkInformation.dll)", + "System.Net.Ping @ 8.0.14 (/app/System.Net.Ping.dll)", + "System.Net.Primitives @ 8.0.14 (/app/System.Net.Primitives.dll)", + "System.Net.Quic @ 8.0.14 (/app/System.Net.Quic.dll)", + "System.Net.Requests @ 8.0.14 (/app/System.Net.Requests.dll)", + "System.Net.Security @ 8.0.14 (/app/System.Net.Security.dll)", + "System.Net.ServicePoint @ 8.0.14 (/app/System.Net.ServicePoint.dll)", + "System.Net.Sockets @ 8.0.14 (/app/System.Net.Sockets.dll)", + "System.Net.WebClient @ 8.0.14 (/app/System.Net.WebClient.dll)", + "System.Net.WebHeaderCollection @ 8.0.14 (/app/System.Net.WebHeaderCollection.dll)", + "System.Net.WebProxy @ 8.0.14 (/app/System.Net.WebProxy.dll)", + "System.Net.WebSockets @ 8.0.14 (/app/System.Net.WebSockets.dll)", + "System.Net.WebSockets.Client @ 8.0.14 (/app/System.Net.WebSockets.Client.dll)", + "System.Numerics @ 8.0.14 (/app/System.Numerics.dll)", + "System.Numerics.Vectors @ 8.0.14 (/app/System.Numerics.Vectors.dll)", + "System.ObjectModel @ 8.0.14 (/app/System.ObjectModel.dll)", + "System.Private.CoreLib @ 8.0.14 (/app/System.Private.CoreLib.dll)", + "System.Private.DataContractSerialization @ 8.0.14 (/app/System.Private.DataContractSerialization.dll)", + "System.Private.Uri @ 8.0.14 (/app/System.Private.Uri.dll)", + "System.Private.Xml @ 8.0.14 (/app/System.Private.Xml.dll)", + "System.Private.Xml.Linq @ 8.0.14 (/app/System.Private.Xml.Linq.dll)", + "System.Reflection @ 8.0.14 (/app/System.Reflection.dll)", + "System.Reflection.DispatchProxy @ 8.0.14 (/app/System.Reflection.DispatchProxy.dll)", + "System.Reflection.Emit @ 8.0.14 (/app/System.Reflection.Emit.dll)", + "System.Reflection.Emit.ILGeneration @ 8.0.14 (/app/System.Reflection.Emit.ILGeneration.dll)", + "System.Reflection.Emit.Lightweight @ 8.0.14 (/app/System.Reflection.Emit.Lightweight.dll)", + "System.Reflection.Extensions @ 8.0.14 (/app/System.Reflection.Extensions.dll)", + "System.Reflection.Metadata @ 8.0.14 (/app/System.Reflection.Metadata.dll)", + "System.Reflection.Primitives @ 8.0.14 (/app/System.Reflection.Primitives.dll)", + "System.Reflection.TypeExtensions @ 8.0.14 (/app/System.Reflection.TypeExtensions.dll)", + "System.Resources.Reader @ 8.0.14 (/app/System.Resources.Reader.dll)", + "System.Resources.ResourceManager @ 8.0.14 (/app/System.Resources.ResourceManager.dll)", + "System.Resources.Writer @ 8.0.14 (/app/System.Resources.Writer.dll)", + "System.Runtime @ 8.0.14 (/app/System.Runtime.dll)", + "System.Runtime.CompilerServices.Unsafe @ 8.0.14 (/app/System.Runtime.CompilerServices.Unsafe.dll)", + "System.Runtime.CompilerServices.VisualC @ 8.0.14 (/app/System.Runtime.CompilerServices.VisualC.dll)", + "System.Runtime.Extensions @ 8.0.14 (/app/System.Runtime.Extensions.dll)", + "System.Runtime.Handles @ 8.0.14 (/app/System.Runtime.Handles.dll)", + "System.Runtime.InteropServices @ 8.0.14 (/app/System.Runtime.InteropServices.dll)", + "System.Runtime.InteropServices.JavaScript @ 8.0.14 (/app/System.Runtime.InteropServices.JavaScript.dll)", + "System.Runtime.InteropServices.RuntimeInformation @ 8.0.14 (/app/System.Runtime.InteropServices.RuntimeInformation.dll)", + "System.Runtime.Intrinsics @ 8.0.14 (/app/System.Runtime.Intrinsics.dll)", + "System.Runtime.Loader @ 8.0.14 (/app/System.Runtime.Loader.dll)", + "System.Runtime.Numerics @ 8.0.14 (/app/System.Runtime.Numerics.dll)", + "System.Runtime.Serialization @ 8.0.14 (/app/System.Runtime.Serialization.dll)", + "System.Runtime.Serialization.Formatters @ 8.0.14 (/app/System.Runtime.Serialization.Formatters.dll)", + "System.Runtime.Serialization.Json @ 8.0.14 (/app/System.Runtime.Serialization.Json.dll)", + "System.Runtime.Serialization.Primitives @ 8.0.14 (/app/System.Runtime.Serialization.Primitives.dll)", + "System.Runtime.Serialization.Xml @ 8.0.14 (/app/System.Runtime.Serialization.Xml.dll)", + "System.Security @ 8.0.14 (/app/System.Security.dll)", + "System.Security.AccessControl @ 8.0.14 (/app/System.Security.AccessControl.dll)", + "System.Security.Claims @ 8.0.14 (/app/System.Security.Claims.dll)", + "System.Security.Cryptography @ 8.0.14 (/app/System.Security.Cryptography.dll)", + "System.Security.Cryptography.Algorithms @ 8.0.14 (/app/System.Security.Cryptography.Algorithms.dll)", + "System.Security.Cryptography.Cng @ 8.0.14 (/app/System.Security.Cryptography.Cng.dll)", + "System.Security.Cryptography.Csp @ 8.0.14 (/app/System.Security.Cryptography.Csp.dll)", + "System.Security.Cryptography.Encoding @ 8.0.14 (/app/System.Security.Cryptography.Encoding.dll)", + "System.Security.Cryptography.OpenSsl @ 8.0.14 (/app/System.Security.Cryptography.OpenSsl.dll)", + "System.Security.Cryptography.Primitives @ 8.0.14 (/app/System.Security.Cryptography.Primitives.dll)", + "System.Security.Cryptography.X509Certificates @ 8.0.14 (/app/System.Security.Cryptography.X509Certificates.dll)", + "System.Security.Principal @ 8.0.14 (/app/System.Security.Principal.dll)", + "System.Security.Principal.Windows @ 8.0.14 (/app/System.Security.Principal.Windows.dll)", + "System.Security.SecureString @ 8.0.14 (/app/System.Security.SecureString.dll)", + "System.ServiceModel.Web @ 8.0.14 (/app/System.ServiceModel.Web.dll)", + "System.ServiceProcess @ 8.0.14 (/app/System.ServiceProcess.dll)", + "System.Text.Encoding @ 8.0.14 (/app/System.Text.Encoding.dll)", + "System.Text.Encoding.CodePages @ 8.0.14 (/app/System.Text.Encoding.CodePages.dll)", + "System.Text.Encoding.Extensions @ 8.0.14 (/app/System.Text.Encoding.Extensions.dll)", + "System.Text.Encodings.Web @ 8.0.14 (/app/System.Text.Encodings.Web.dll)", + "System.Text.Json @ 8.0.14 (/app/System.Text.Json.dll)", + "System.Text.RegularExpressions @ 8.0.14 (/app/System.Text.RegularExpressions.dll)", + "System.Threading @ 8.0.14 (/app/System.Threading.dll)", + "System.Threading.Channels @ 8.0.14 (/app/System.Threading.Channels.dll)", + "System.Threading.Overlapped @ 8.0.14 (/app/System.Threading.Overlapped.dll)", + "System.Threading.Tasks @ 8.0.14 (/app/System.Threading.Tasks.dll)", + "System.Threading.Tasks.Dataflow @ 8.0.14 (/app/System.Threading.Tasks.Dataflow.dll)", + "System.Threading.Tasks.Extensions @ 8.0.14 (/app/System.Threading.Tasks.Extensions.dll)", + "System.Threading.Tasks.Parallel @ 8.0.14 (/app/System.Threading.Tasks.Parallel.dll)", + "System.Threading.Thread @ 8.0.14 (/app/System.Threading.Thread.dll)", + "System.Threading.ThreadPool @ 8.0.14 (/app/System.Threading.ThreadPool.dll)", + "System.Threading.Timer @ 8.0.14 (/app/System.Threading.Timer.dll)", + "System.Transactions @ 8.0.14 (/app/System.Transactions.dll)", + "System.Transactions.Local @ 8.0.14 (/app/System.Transactions.Local.dll)", + "System.ValueTuple @ 8.0.14 (/app/System.ValueTuple.dll)", + "System.Web @ 8.0.14 (/app/System.Web.dll)", + "System.Web.HttpUtility @ 8.0.14 (/app/System.Web.HttpUtility.dll)", + "System.Windows @ 8.0.14 (/app/System.Windows.dll)", + "System.Xml @ 8.0.14 (/app/System.Xml.dll)", + "System.Xml.Linq @ 8.0.14 (/app/System.Xml.Linq.dll)", + "System.Xml.ReaderWriter @ 8.0.14 (/app/System.Xml.ReaderWriter.dll)", + "System.Xml.Serialization @ 8.0.14 (/app/System.Xml.Serialization.dll)", + "System.Xml.XDocument @ 8.0.14 (/app/System.Xml.XDocument.dll)", + "System.Xml.XPath @ 8.0.14 (/app/System.Xml.XPath.dll)", + "System.Xml.XPath.XDocument @ 8.0.14 (/app/System.Xml.XPath.XDocument.dll)", + "System.Xml.XmlDocument @ 8.0.14 (/app/System.Xml.XmlDocument.dll)", + "System.Xml.XmlSerializer @ 8.0.14 (/app/System.Xml.XmlSerializer.dll)", + "WindowsBase @ 8.0.14 (/app/WindowsBase.dll)", + "mscorlib @ 8.0.14 (/app/mscorlib.dll)", + "netstandard @ 8.0.14 (/app/netstandard.dll)", ) assertAllDepEntriesInEmbeddedExecutable := func(t *testing.T, pkgs []pkg.Package, relationships []artifact.Relationship) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/dotnet/package.go new/syft-1.44.0/syft/pkg/cataloger/dotnet/package.go --- old/syft-1.43.0/syft/pkg/cataloger/dotnet/package.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/dotnet/package.go 2026-04-29 15:50:09.000000000 +0200 @@ -323,6 +323,13 @@ productVersion := extractVersionFromResourcesValue(versionResources["ProductVersion"]) fileVersion := extractVersionFromResourcesValue(versionResources["FileVersion"]) + // ms file ver is a ci build stamp (major.minor.<buildfate>.<buildyime>) we'll match with fewer segments + if isMicrosoftVersionResource(versionResources) { + if v := preferShorterMajorMinorMatch(productVersion, fileVersion); v != "" { + return v + } + } + semanticVersionCompareResult := keepGreaterSemanticVersion(productVersion, fileVersion) if semanticVersionCompareResult != "" { return semanticVersionCompareResult @@ -363,6 +370,33 @@ return out } +// preferShorterMajorMinorMatch returns productVersion when it shares major.minor +// with fileversion and has fewer segments "" otherwise +func preferShorterMajorMinorMatch(productVersion, fileVersion string) string { + semanticProductVersion, err := version.NewVersion(productVersion) + if err != nil || semanticProductVersion == nil { + return "" + } + semanticFileVersion, err := version.NewVersion(fileVersion) + if err != nil || semanticFileVersion == nil { + return "" + } + productSegments := semanticProductVersion.Segments() + fileSegments := semanticFileVersion.Segments() + if len(productSegments) < 2 || len(fileSegments) < 2 { + return "" + } + if productSegments[0] != fileSegments[0] || productSegments[1] != fileSegments[1] { + return "" + } + if len(productSegments) >= len(fileSegments) { + return "" + } + // 1.0.7+sha -> 1.0.7 + v, _, _ := strings.Cut(productVersion, "+") + return v +} + func keepGreaterSemanticVersion(productVersion string, fileVersion string) string { semanticProductVersion, err := version.NewVersion(productVersion) if err != nil || semanticProductVersion == nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/dotnet/package_test.go new/syft-1.44.0/syft/pkg/cataloger/dotnet/package_test.go --- old/syft-1.43.0/syft/pkg/cataloger/dotnet/package_test.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/dotnet/package_test.go 2026-04-29 15:50:09.000000000 +0200 @@ -302,6 +302,24 @@ Version: "3.0.0.0", }, }, + { + name: "Microsoft assembly with CI-stamped FileVersion prefers ProductVersion", + versionResources: map[string]string{ + "CompanyName": "Microsoft Corporation", + "ProductName": "Microsoft ASP.NET Core", + "FileVersion": "10.0.726.21808", + "ProductVersion": "10.0.7+b16286c2284fecf303dbc12a0bb152476d662e44", + }, + expectedPackage: pkg.Package{ + Name: "Microsoft ASP.NET Core", + Version: "10.0.7", + Metadata: pkg.DotnetPortableExecutableEntry{ + CompanyName: "Microsoft Corporation", + ProductName: "Microsoft ASP.NET Core", + ProductVersion: "10.0.7+b16286c2284fecf303dbc12a0bb152476d662e44", + }, + }, + }, } for _, tc := range tests { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/javascript/parse_yarn_lock.go new/syft-1.44.0/syft/pkg/cataloger/javascript/parse_yarn_lock.go --- old/syft-1.43.0/syft/pkg/cataloger/javascript/parse_yarn_lock.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/javascript/parse_yarn_lock.go 2026-04-29 15:50:09.000000000 +0200 @@ -25,6 +25,11 @@ ) var ( + // packageAliasExp matches aliased yarn dependencies and captures the + // underlying npm package name instead of the local alias. + // For example: "old-async@npm:[email protected]" returns "async". + packageAliasExp = regexp.MustCompile(`^"?(?:@\w[\w-_.]*\/)?\w[\w-_.]*@npm:((?:@\w[\w-_.]*\/)?\w[\w-_.]*)@`) + // packageNameExp matches the name of the dependency in yarn.lock // including scope/namespace prefix if found. // For example: "[email protected]" returns "aws-sdk" @@ -305,6 +310,9 @@ } func findPackageName(line string) string { + if matches := packageAliasExp.FindStringSubmatch(line); len(matches) >= 2 { + return matches[1] + } if matches := packageNameExp.FindStringSubmatch(line); len(matches) >= 2 { return matches[1] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go new/syft-1.44.0/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go --- old/syft-1.43.0/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/javascript/parse_yarn_lock_test.go 2026-04-29 15:50:09.000000000 +0200 @@ -709,6 +709,18 @@ expected: "color-convert", }, { + line: `"old-async@npm:[email protected]":`, + expected: "async", + }, + { + line: `"old-foo@npm:@scope/[email protected]":`, + expected: "@scope/foo", + }, + { + line: `"@scope/old-foo@npm:@scope/[email protected]":`, + expected: "@scope/foo", + }, + { line: `"@npmcorp/code-frame@^7.1.0", "@npmcorp/code-frame@^7.10.4":`, expected: "@npmcorp/code-frame", }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/lua/rockspec_parser.go new/syft-1.44.0/syft/pkg/cataloger/lua/rockspec_parser.go --- old/syft-1.43.0/syft/pkg/cataloger/lua/rockspec_parser.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/lua/rockspec_parser.go 2026-04-29 15:50:09.000000000 +0200 @@ -63,8 +63,11 @@ parsing.SkipWhitespace(data, i) - if *i >= len(data) && len(out) > 0 { - return nil, fmt.Errorf("unexpected end of block at %d", *i) + if *i >= len(data) { + if len(out) > 0 { + return nil, fmt.Errorf("unexpected end of block at %d", *i) + } + return out, nil } c := data[*i] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/syft/pkg/cataloger/lua/rockspec_parser_test.go new/syft-1.44.0/syft/pkg/cataloger/lua/rockspec_parser_test.go --- old/syft-1.43.0/syft/pkg/cataloger/lua/rockspec_parser_test.go 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/syft/pkg/cataloger/lua/rockspec_parser_test.go 2026-04-29 15:50:09.000000000 +0200 @@ -15,6 +15,17 @@ wantErr require.ErrorAssertionFunc }{ { + name: "empty file", + content: ``, + }, + { + name: "whitespace only", + content: ` + + +`, + }, + { name: "basic valid content", content: ` foo = "bar" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/test/install/1_download_snapshot_asset_test.sh new/syft-1.44.0/test/install/1_download_snapshot_asset_test.sh --- old/syft-1.43.0/test/install/1_download_snapshot_asset_test.sh 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/test/install/1_download_snapshot_asset_test.sh 2026-04-29 15:50:09.000000000 +0200 @@ -92,6 +92,10 @@ run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "tar.gz" run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "rpm" run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "deb" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "sbom" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "tar.gz" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "rpm" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "deb" run_test_case test_positive_snapshot_download_asset "linux" "s390x" "sbom" run_test_case test_positive_snapshot_download_asset "linux" "s390x" "tar.gz" run_test_case test_positive_snapshot_download_asset "linux" "s390x" "rpm" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/test/install/3_install_asset_test.sh new/syft-1.44.0/test/install/3_install_asset_test.sh --- old/syft-1.43.0/test/install/3_install_asset_test.sh 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/test/install/3_install_asset_test.sh 2026-04-29 15:50:09.000000000 +0200 @@ -43,6 +43,11 @@ local_suffix="_power8" fi + # note: this is a change made in goreleaser v2.4.0 + if [ "${arch}" == "riscv64" ]; then + local_suffix="_rva20u64" + fi + assertFilesEqual \ "$(snapshot_dir)/${os}-build_${os}_${arch}${local_suffix}/${binary}" \ @@ -95,6 +100,7 @@ run_test_case test_positive_snapshot_install_asset "linux" "amd64" "tar.gz" run_test_case test_positive_snapshot_install_asset "linux" "arm64" "tar.gz" run_test_case test_positive_snapshot_install_asset "linux" "ppc64le" "tar.gz" +run_test_case test_positive_snapshot_install_asset "linux" "riscv64" "tar.gz" run_test_case test_positive_snapshot_install_asset "linux" "s390x" "tar.gz" run_test_case test_positive_snapshot_install_asset "darwin" "amd64" "tar.gz" run_test_case test_positive_snapshot_install_asset "darwin" "arm64" "tar.gz" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/test/install/testdata/assets/invalid/checksums.txt new/syft-1.44.0/test/install/testdata/assets/invalid/checksums.txt --- old/syft-1.43.0/test/install/testdata/assets/invalid/checksums.txt 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/test/install/testdata/assets/invalid/checksums.txt 2026-04-29 15:50:09.000000000 +0200 @@ -14,6 +14,10 @@ dc4b8c4a02ffd8dd394ab94695ed44ed2bfceb06bc239835c51e84dd9b84a68c syft_1.5.0_linux_ppc64le.rpm 392044f2951ca6522d0bc71de43763202a548d40bf836098caf286041a7c8fa4 syft_1.5.0_linux_ppc64le.sbom 551d98b67f7476bc2e38453a588177b0b038933850a351a94c4bf360813f01d0 syft_1.5.0_linux_ppc64le.tar.gz +98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_riscv64.deb +3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_riscv64.rpm +5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_riscv64.sbom +ff15f556660cc4c4279ce41e2475bffe2a0f72eb4423c21edf7380b2484fbf68 syft_1.5.0_linux_riscv64.tar.gz 98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_s390x.deb 3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_s390x.rpm 5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_s390x.sbom diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-1.43.0/test/install/testdata/assets/valid/checksums.txt new/syft-1.44.0/test/install/testdata/assets/valid/checksums.txt --- old/syft-1.43.0/test/install/testdata/assets/valid/checksums.txt 2026-04-22 17:09:10.000000000 +0200 +++ new/syft-1.44.0/test/install/testdata/assets/valid/checksums.txt 2026-04-29 15:50:09.000000000 +0200 @@ -14,6 +14,10 @@ dc4b8c4a02ffd8dd394ab94695ed44ed2bfceb06bc239835c51e84dd9b84a68c syft_1.5.0_linux_ppc64le.rpm 392044f2951ca6522d0bc71de43763202a548d40bf836098caf286041a7c8fa4 syft_1.5.0_linux_ppc64le.sbom 551d98b67f7476bc2e38453a588177b0b038933850a351a94c4bf360813f01d0 syft_1.5.0_linux_ppc64le.tar.gz +98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_riscv64.deb +3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_riscv64.rpm +5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_riscv64.sbom +ff15f556660cc4c4279ce41e2475bffe2a0f72eb4423c21edf7380b2484fbf68 syft_1.5.0_linux_riscv64.tar.gz 98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_s390x.deb 3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_s390x.rpm 5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_s390x.sbom ++++++ syft.obsinfo ++++++ --- /var/tmp/diff_new_pack.obVrdD/_old 2026-05-05 15:17:21.188053558 +0200 +++ /var/tmp/diff_new_pack.obVrdD/_new 2026-05-05 15:17:21.204054194 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.43.0 -mtime: 1776870550 -commit: 390cf6cce0463d44c20270dea637bcb3833eee02 +version: 1.44.0 +mtime: 1777470609 +commit: 8cb78ce40ced6a731fb83f2a491a67444f541bf1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.30200/vendor.tar.gz differ: char 133, line 2
