Skip to content

fix(deps): update dependency hoppr to v1.13.3 signed-off-by: bot, renovate <hopprexternalrenovate.dl-eo@groups.lmco.com>

lmco-renovate-botrequested to merge
renovate/hoppr-1.x-lockfile into main

This MR contains the following updates:

Package Type Update Change
hoppr (source) dependencies minor 1.9.5 -> 1.13.3

Release Notes

hoppr/hoppr (hoppr)

v1.13.3

Compare Source

Bug Fixes
  • docker collector signature validation plugin compatibility (31497fa)
  • handle non-standard NPM purls (f0e2e15)
  • increase max workers default in transfer file (b80d1c4)
  • invalid auth credentials passed during container registry query (fbccdb9)
  • preserve tag and version on copied docker images (d14af7f)
  • propagate bom-ref updates through merged SBOM (3a9b3d1)
  • repository url parsing (e9c2321)
  • rpm collector sha algorithm resolution (83de9be)
  • show full collection error in live output (d13b02e)
  • use process timeout config option in file downloads (a75758e)

v1.13.2

Compare Source

Bug Fixes
  • authentication issue, enhance logging in oras code (d099fcc)
  • fixed experimental maven collector plugin issue that was stripping classifiers (5720fc8)
  • hoppr invalid merge strategy (7d0d3ad)
  • invalid docker purl error message (57305ea)
  • oras version compatibility (f344157)
  • rpm collector issues (869b3c0)
  • updated signature collection failures to be treated as warnings (6e7d7b9)
  • use local repositories in dnf collector (f920a58)

v1.13.1

Compare Source

Bug Fixes
  • alternative method to get pypi download urls (ed6f878)
  • bundles for git repos with versions (834cfc7)
  • collect docker signatures (057e195)
  • git collection directory property (ab0bfb8)
  • hoppr doesn't support bundling git repositories at different depths (aa26cfc)

v1.13.0

Compare Source

Features
  • add hash validation to Cargo collector (f7d6e61)
  • add hash validation to GEM collector (2fd906f)
  • add hash validation to golang collector (8f6142a)
  • add hash validation to NPM collector (ad78c60)
  • add hash validation to PyPI collector plugin (0a0af36)
  • Add Hash/SHA validation to APT collector (364a7f4)
  • Add Hash/SHA validation to Maven collector (31f5fb5)
  • Add raw hash/sha validation (edd9bcd)
  • added sbom and bundle signing (c48ac4a)
Bug Fixes
  • added additional sbom validation tests (b959a13)
  • Validation Error for SBOM when merging: "annotator" field not permitted (8fc9989)

v1.12.0

Compare Source

Features
  • add new CLI options and mark existing ones as deprecated (cb158d2)
  • experimental RPM collector (5b29800)
  • Hoppr SBOM validation config file and profile definitions (2eae68b)
  • SBOM validation config file definitions (882918e)
  • update SBOM validation CLI to use new models and Code Climate reporting (7c7bac7), closes #​389
  • update SBOM validation CLI to use new models and Code Climate reporting (3670c93)
  • validator models (d871cdf), closes #​386
  • validator models (75fddb2)
Bug Fixes
  • add --ignore-errors Flag (91cb561)
  • add compose shared network (68728eb)
  • add pylint ignore (74ebef5)
  • add repositories field validator to fix search order (acfd5b0)
  • Add sbom-url and manifest options to validate command (025a6f2)
  • add unit test for new function (470fb67)
  • added git config cleanup (8684330)
  • capture generated schemas in release (e6cc83c)
  • case for no download URLs found (baac61b)
  • change to dict formats for files and urls (3bb9e6c)
  • check-lint error (a1ae1fb)
  • component hash checking and equality logic (d468ecf)
  • component validation for Metadata.tools (7a5e17b)
  • don't fail on empty search results until all params are tried (79c1346)
  • download repodata into bundle, add integration test (ed4b195)
  • extract parts from sbom function to a new one (895ef3f)
  • findings caused by new version of pylint (00bc736)
  • fix check-types error (c814e9b)
  • Fix lint error (788664f)
  • fix processed component count (60566b3)
  • fix repo dir path (7f00f85)
  • fix sourcery error (0ac4cc6)
  • linting errors (9d54170)
  • only validate CycloneDX-formatted JSON files when using --sbom-dir (33f0497)
  • remove 6th arg from test_create_sbom_data_map (d692f76)
  • remove 6th argument from test (30ca55a)
  • remove checks with ignore configuration from SBOM validation report (73f1202)
  • remove comparison of purl and bom_ref fields (00b5323)
  • remove test statements (bc32c2b)
  • remove unused import (065bf2d)
  • repository search order logic (bf9d470)
  • request proxy settings (5cd4dfb)
  • support package disambiguation in manifest nexus repository urls (1f4b3a3)
  • unit test failures (af9902c)
  • unit test failures (6919faa)
  • update test params (2829d64)
  • update unit test (c93e229)
  • updated conflicting flags in validation (356f3c3), closes #​400
  • updated conflicting flags in validation (d8c6490)
  • valid test sbom and expected issues (539a065)

v1.11.8

Compare Source

Bug Fixes
  • pinned version of securesystemslib (140e2c4)

v1.11.7

Compare Source

Bug Fixes
  • authorization failure for included manifests (82d4df2)

v1.11.6

Compare Source

Bug Fixes
  • added git config cleanup (a1c94d0)
  • only validate CycloneDX-formatted JSON files when using (280a52c)

v1.11.5

Compare Source

Bug Fixes
  • Add sbom-url and manifest options to validate command (83cc76f)
  • ambiguous search results (f0223f8)
  • fix processed component count (62cf8f2)
  • git collector directory bug (487b307)
  • scorecard artifact path (9ec72fb)

v1.11.4

Compare Source

Bug Fixes
  • component hash checking and equality logic (v1.12.0-dev.5) (cb36aa9)
  • manifest repository search order (v1.11.1-dev.2) (d34091a)
  • validation error for tools without versions (v1.11.1-dev.1) (cea77b7)

v1.11.3

Compare Source

Bug Fixes

v1.11.2

Compare Source

Bug Fixes
  • license model parsing/validation (8bc8aac)
  • remove hashing logic for Affect (b823635)

v1.11.1

Compare Source

Bug Fixes
  • NTIA minimum field checks (2b220b6)
  • patch Licensing model fields with corrected model fields (190c18f)
  • processing of --sbom-dirs CLI option (c749f21)
  • result summary and logging, license models (e423e5c)
  • use updated Metadata model for hopctl validate (b84ba39)

v1.11.0

Compare Source

Features
  • Hoppr SBOM validation command (25fbef4)
  • validate result JSON output file (b170d04)
Bug Fixes
  • calculate length of source column text (84295c4)
  • get correct console width when using --basic-term (9649404)
  • order of summary panel messages (3894bb0)
  • strip whitespace before comparison, log computed hash on fail (8a51b4e)

v1.10.4

Compare Source

Bug Fixes
  • add ComponentType to __all__ (85f6268)
  • calculate length of source column text (79f5cae)
  • require RELEASE_VERSION artifact (f3505d6)
  • require RELEASE_VERSION artifact (d17e901)
  • unhashable type error (c9f8459)

v1.10.3

Compare Source

Bug Fixes
  • add delta plugin config item to determine if no components is failure (f41a26a)
  • construct download URL before dest file path (b3b5a34)
  • correcting formatting maybe (96740c4)
  • correcting lint error and reordering (844a074)
  • handle sboms out of working directory (8140176)
  • use underscore separator for artifact file name (a74dc84)

v1.10.2

Compare Source

Bug Fixes
  • destination file name (2882a97)
  • destination file name (0d2a3e7)
  • download poms for artifacts (9a376a0)
  • fail on artifact download error (adac4d0)
  • Leverage fulcio and OID (cff5cfc)
  • logic for adding task to jobs panel (8e49fb0)
  • pom file name (6ab8319)
  • remove missing expected-tar-toc file (852b23b)
  • remove missing expected-tar-toc file (645417b)
  • Remove pub key printout since fulcio will handle it (ab7f028)
  • request proxy settings (8e63023)
  • resolve previous path relative to transfer file (09a6744)
  • Update certificate issuer (8f03afa)
  • Update identify provider (b215573)

v1.10.1

Compare Source

Bug Fixes
  • hoppr-cyclonedx-models version constraint (a41cf32)

v1.10.0

Compare Source

Features
Bug Fixes
  • supported_purl_types default value (3a9366e)
  • ToolModel validation (abdece7)
  • add purl version check if specified in purl (6d0f8f2)
  • add unique ID callbacks for spec version 1.5 (37d8b25)
  • apt integration test SBOMs (0524862)
  • Credentials invalid fields (4c669b4)
  • docker base images (9a62f15)
  • docker base images (7ab7d50)
  • Dockerfile ARG scoping (c468d60)
  • duplicate metadata.tools.components items (18613b8)
  • git collector problems given no version (64cc59d)
  • linting (1896ac2)
  • models for affect versions field (dd2b8c5)
  • models for license fields (458efaf)
  • poetry issues (d190926)
  • purl type name check (8dadfec)
  • revert (6aeb8be)
  • rich console output for hopctl merge (5ffe4cf)
  • rich console output for hopctl merge (8490624)
  • unit test (354d599)
  • update field names (f45f933)
  • write hoppr unit test logs to temp directory (8a9f85c)
Reverts

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by lmco-renovate-bot

Merge request reports