------------------------------------------------------------------- Thu Jul 24 07:29:39 UTC 2025 - Johannes Kastl - Update to version 0.35.0: * Added Features - Add support for RedHat EUS data [#540 @willmurphyscode] * Bug Fixes - CVE-2004-0377 false positive [#611 #609 @westonsteimel] * Dependencies - chore(deps): Bump astral-sh/setup-uv in /.github/actions/bootstrap (#608) - chore(deps): Bump github.com/spf13/pflag from 1.0.6 to 1.0.7 (#605) - chore(deps): update anchore dependencies (#601) - chore(deps): Bump golang.org/x/sync from 0.15.0 to 0.16.0 (#598) ------------------------------------------------------------------- Thu Jul 03 04:54:22 UTC 2025 - Johannes Kastl - Update to version 0.34.1: * chore(deps): update anchore dependencies (#596) * chore(deps): update anchore dependencies (#595) * chore(deps): Bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 (#594) * chore(deps): Bump github.com/go-viper/mapstructure/v2 (#593) * fix: include CVSS version in vector string (#591) * chore(deps): Bump github.com/anchore/grype (#590) * feat: enable echo data (#589) * Add echo os to grype db (#572) ------------------------------------------------------------------- Wed Jun 11 04:33:44 UTC 2025 - Johannes Kastl - Update to version 0.34.0: * Added Features - Add support for MinimOS [#566 @Daniel-Wachter] - enable bitnami and minimOS providers by default [#587 @willmurphyscode] * Bug Fixes - Version 5 vulnerability database no longer getting updates [#578] * Additional Changes - enable bitnami vuln data [#581 @willmurphyscode] * Dependencies - chore(deps): update anchore dependencies (#588) - chore(deps): Bump golang.org/x/text from 0.25.0 to 0.26.0 (#584) - chore(deps): Bump github.com/sergi/go-diff (#585) - chore(deps): Bump golang.org/x/sync from 0.14.0 to 0.15.0 (#586) - chore(deps): Bump gorm.io/gorm from 1.26.1 to 1.30.0 (#580) - chore(deps): Bump github.com/anchore/grype from 0.92.0 to 0.92.1 (#576) ------------------------------------------------------------------- Thu May 15 04:51:18 UTC 2025 - Johannes Kastl - Update to version 0.33.1: * Bug Fixes - emit fuzzy ranges rather than invalid ranges [#574 @willmurphyscode] * Dependencies - chore(deps): update anchore dependencies (#575) - chore(deps): update generated code (#563) - chore(deps): Bump mxschmitt/action-tmate from 3.21 to 3.22 (#567) - chore(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 (#573) - chore(deps): Bump astral-sh/setup-uv in /.github/actions/bootstrap (#562) - chore(deps): update anchore dependencies (#561) - chore(deps): Bump mxschmitt/action-tmate from 3.19 to 3.21 (#560) ------------------------------------------------------------------- Wed Apr 16 15:49:44 UTC 2025 - Johannes Kastl - Update to version 0.33.0: * Added Features - allow db hydration during build [#558 @westonsteimel] * Additional Changes - Fix processing of github-action entries [#556 @wagoodman] ------------------------------------------------------------------- Thu Apr 10 13:38:55 UTC 2025 - Johannes Kastl - Update to version 0.32.0: * Added Features - Support CVSS v4 vectors [#553 @wagoodman] * Additional Changes - add option to always publish databases under their schema direc… [#552 @asomya] * Dependencies - chore(deps): Bump github.com/spf13/viper from 1.19.0 to 1.20.1 (#548) - chore(deps): Bump golang.org/x/text from 0.23.0 to 0.24.0 (#554) - chore(deps): Bump github.com/anchore/grype from 0.90.0 to 0.91.0 (#551) - chore(deps): Bump 8398a7/action-slack from 3.16.2 to 3.18.0 (#549) ------------------------------------------------------------------- Thu Mar 27 15:09:34 UTC 2025 - opensuse_buildservice@ojkastl.de - Update to version 0.31.0: * Added Features - Add hardware and operating system CPE parts [#544 @wagoodman] * Bug Fixes - Use all CPE parts when considering duplicates [#547 @wagoodman] - Refactor NVD node configuration parsing [#546 @wagoodman] ------------------------------------------------------------------- Sat Mar 22 07:51:26 UTC 2025 - opensuse_buildservice@ojkastl.de - Update to version 0.30.1 (there is no 0.30.0): * retract v0.30.0 release * bump minimum required go version * chore(deps): Bump actions/cache from 4.2.2 to 4.2.3 (#542) * chore(deps): Bump actions/cache in /.github/actions/bootstrap (#543) * chore(deps): Bump actions/setup-go from 5.3.0 to 5.4.0 (#541) * chore(deps): Bump github.com/containerd/containerd from 1.7.24 to 1.7.27 (#537) * Update grype-db bootstrap tools to latest versions. (#539) * chore(deps): Bump github.com/anchore/grype from 0.89.1 to 0.90.0 (#538) * chore(deps): Bump github.com/spf13/afero from 1.12.0 to 1.14.0 (#534) * Update grype-db bootstrap tools to latest versions. (#529) * chore(deps): Bump github.com/anchore/grype (#532) * feat: add support for OSV schema (#217) * chore: update grype schema version reference (#533) * chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 (#530) * port msrc transformer to v6 (#531) ------------------------------------------------------------------- Fri Mar 07 06:41:59 UTC 2025 - opensuse_buildservice@ojkastl.de - Update to version 0.29.0: * Fix internal link in usage (#483) * chore(deps): Bump golang.org/x/text from 0.22.0 to 0.23.0 (#523) * Update grype-db bootstrap tools to latest versions. (#520) * chore(deps): Bump actions/cache from 4.2.1 to 4.2.2 (#517) * chore(deps): Bump actions/cache in /.github/actions/bootstrap (#518) * chore(deps): Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (#522) * chore(deps): Bump golang.org/x/sync from 0.11.0 to 0.12.0 (#524) * Enable v6 CI validations (#521) * fix: pin grype to v0.87.0 for v5 (#519) * explicitly translate nvd cvss type when sorting (#516) * enable EPSS and KEV (#515) * Update grype-db bootstrap tools to latest versions. (#494) * chore(deps): Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (#514) * Add EPSS v6 transforms (#511) * chore(deps): Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#513) * fix v prefix (#512) * Add KEV transformer + processor (#507) * chore(deps): Bump actions/cache in /.github/actions/bootstrap (#510) * chore(deps): Bump github.com/klauspost/compress from 1.17.11 to 1.18.0 (#508) * chore(deps): Bump actions/cache from 4.2.0 to 4.2.1 (#509) * fix RPM modularity (#506) * fix jenkins plugins (#505) * Missing constraint in v6 DB should match everything (#503) * explicitly use syft pkg types (#499) * stop publishing to s3 (#498) * Switch from poetry to UV (#497) * Normalize v6 record severities (#496) * feat: update to go 1.24.x (#495) * chore(deps-dev): Bump cryptography from 44.0.0 to 44.0.1 (#492) * chore: update runners to ubuntu-24.04 (#493) * pull in v6 severity updates (#490) * Tag advisory URLs for v6 references (#491) * point v6 tip to main * chore(deps): Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#484) * chore(deps): Bump abatilo/actions-poetry in /.github/actions/bootstrap (#487) * chore(deps): Bump golang.org/x/text from 0.21.0 to 0.22.0 (#488) * chore(deps): Bump golang.org/x/sync from 0.10.0 to 0.11.0 (#489) * chore: fix python workflow failures (#485) * remove v3 and v4 schema usage (#482) ------------------------------------------------------------------- Sat Jan 25 08:05:52 UTC 2025 - opensuse_buildservice@ojkastl.de - Update to version 0.28.0: * skip release gate for unexpected acceptance tests (#481) * fix gate threshold (#480) * chore(deps): Bump actions/cache in /.github/actions/bootstrap (#479) * fix gate threshold (#478) * Add DB v6 support to grype-db-manager (#446) * Rework usage instructions with working code, step-by-step (#468) * chore(deps): Bump actions/setup-go in /.github/actions/bootstrap (#477) * chore(deps): Bump actions/setup-python in /.github/actions/bootstrap (#476) * chore(deps): Bump actions/cache in /.github/actions/bootstrap (#475) * chore(deps): Bump abatilo/actions-poetry in /.github/actions/bootstrap (#474) * chore(ci): fix composite GitHub action path in dependabot config (#473) * chore(deps): Bump github.com/spf13/afero from 1.11.0 to 1.12.0 (#461) * chore(deps): Bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.8 (#464) * chore(deps): Bump actions/setup-go from 5.2.0 to 5.3.0 (#471) * chore(ci): add crane to binny (#470) * chore(ci): bootstrap oras for use in ci (#469) * chore(deps-dev): Bump jinja2 from 3.1.4 to 3.1.5 (#467) * chore(deps): Bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#465) * Loosen vunnel schema version check (#463) * pin vunnel providers (#458) * chore(deps): Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#459) * Update grype-db bootstrap tools to latest versions. (#460) * Add release ID to OS models (#457) * Pull in more v6 schema changes (#456) ------------------------------------------------------------------- Sat Dec 14 21:22:51 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.27.4: * chore(deps): update anchore dependencies (#455) * chore(deps): Bump actions/checkout from 4.2.1 to 4.2.2 (#453) * chore(deps): Bump actions/setup-go from 5.1.0 to 5.2.0 (#454) * add update anchore dependencies workflow (#452) ------------------------------------------------------------------- Wed Dec 11 07:06:24 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.27.3: * chore(deps): update anchore dependencies (#451) * chore(deps): Bump golang.org/x/sync from 0.9.0 to 0.10.0 (#448) * chore(deps): Bump actions/cache from 4.1.2 to 4.2.0 (#450) * Enable packaging v6 DBs (#437) * Add transformers for v6 DB schema (#436) * fix: use timestamp from only provider if only one provider (#445) * add request retry count for nvd (#444) * chore(deps): Bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 (#430) * chore(deps): Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#439) * Update grype-db bootstrap tools to latest versions. (#442) * add more retrys for NVD provider (#443) ------------------------------------------------------------------- Tue Nov 26 14:04:51 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.27.2: * ignore NVD data age + tests (#441) * ignore NVD data age (#440) * remove v1 & v2 processors (#438) ------------------------------------------------------------------- Fri Nov 22 09:35:20 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.27.1: * Update Grype to v0.85.0 (#435) * remove push event for code gen * Remove support for v1 & v2 schemas (#434) * add os codename fetcher/helper method (#433) * Migrate common processor code to internal (#432) * chore(deps): Bump golang.org/x/text from 0.19.0 to 0.20.0 (#426) * chore(deps-dev): Bump werkzeug from 3.0.3 to 3.0.6 (#427) * Update grype-db bootstrap tools to latest versions. (#428) * chore(deps): Bump github.com/anchore/grype from 0.83.0 to 0.84.0 (#424) ------------------------------------------------------------------- Tue Oct 29 14:06:02 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.27.0: * chore(deps): Bump github.com/anchore/grype from 0.82.2 to 0.83.0 (#420) * chore(deps): Bump actions/checkout from 4.2.1 to 4.2.2 (#416) * chore(deps): Bump actions/setup-go from 5.0.2 to 5.1.0 (#417) ------------------------------------------------------------------- Thu Oct 24 13:31:04 UTC 2024 - Johannes Kastl - new package grype-db: create a Grype vulnerability database from upstream vulnerability data sources