OBS-URL: https://build.opensuse.org/package/show/devel:kubic/grype-db?expand=0&rev=28
300 lines
12 KiB
Plaintext
300 lines
12 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Jul 24 07:29:39 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- Update to version 0.35.0:
|
|
* Added Features
|
|
- Add support for RedHat EUS data [#540 @willmurphyscode]
|
|
* Bug Fixes
|
|
- CVE-2004-0377 false positive [#611 #609 @westonsteimel]
|
|
* Dependencies
|
|
- chore(deps): Bump astral-sh/setup-uv in
|
|
/.github/actions/bootstrap (#608)
|
|
- chore(deps): Bump github.com/spf13/pflag from 1.0.6 to 1.0.7
|
|
(#605)
|
|
- chore(deps): update anchore dependencies (#601)
|
|
- chore(deps): Bump golang.org/x/sync from 0.15.0 to 0.16.0
|
|
(#598)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 03 04:54:22 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- Update to version 0.34.1:
|
|
* chore(deps): update anchore dependencies (#596)
|
|
* chore(deps): update anchore dependencies (#595)
|
|
* chore(deps): Bump github.com/Masterminds/semver/v3 from 3.3.1
|
|
to 3.4.0 (#594)
|
|
* chore(deps): Bump github.com/go-viper/mapstructure/v2 (#593)
|
|
* fix: include CVSS version in vector string (#591)
|
|
* chore(deps): Bump github.com/anchore/grype (#590)
|
|
* feat: enable echo data (#589)
|
|
* Add echo os to grype db (#572)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 11 04:33:44 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- Update to version 0.34.0:
|
|
* Added Features
|
|
- Add support for MinimOS [#566 @Daniel-Wachter]
|
|
- enable bitnami and minimOS providers by default [#587
|
|
@willmurphyscode]
|
|
* Bug Fixes
|
|
- Version 5 vulnerability database no longer getting updates
|
|
[#578]
|
|
* Additional Changes
|
|
- enable bitnami vuln data [#581 @willmurphyscode]
|
|
* Dependencies
|
|
- chore(deps): update anchore dependencies (#588)
|
|
- chore(deps): Bump golang.org/x/text from 0.25.0 to 0.26.0
|
|
(#584)
|
|
- chore(deps): Bump github.com/sergi/go-diff (#585)
|
|
- chore(deps): Bump golang.org/x/sync from 0.14.0 to 0.15.0
|
|
(#586)
|
|
- chore(deps): Bump gorm.io/gorm from 1.26.1 to 1.30.0 (#580)
|
|
- chore(deps): Bump github.com/anchore/grype from 0.92.0 to
|
|
0.92.1 (#576)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 15 04:51:18 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- Update to version 0.33.1:
|
|
* Bug Fixes
|
|
- emit fuzzy ranges rather than invalid ranges [#574
|
|
@willmurphyscode]
|
|
* Dependencies
|
|
- chore(deps): update anchore dependencies (#575)
|
|
- chore(deps): update generated code (#563)
|
|
- chore(deps): Bump mxschmitt/action-tmate from 3.21 to 3.22
|
|
(#567)
|
|
- chore(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 (#573)
|
|
- chore(deps): Bump astral-sh/setup-uv in
|
|
/.github/actions/bootstrap (#562)
|
|
- chore(deps): update anchore dependencies (#561)
|
|
- chore(deps): Bump mxschmitt/action-tmate from 3.19 to 3.21
|
|
(#560)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 16 15:49:44 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- Update to version 0.33.0:
|
|
* Added Features
|
|
- allow db hydration during build [#558 @westonsteimel]
|
|
* Additional Changes
|
|
- Fix processing of github-action entries [#556 @wagoodman]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 10 13:38:55 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- Update to version 0.32.0:
|
|
* Added Features
|
|
- Support CVSS v4 vectors [#553 @wagoodman]
|
|
* Additional Changes
|
|
- add option to always publish databases under their schema
|
|
direc… [#552 @asomya]
|
|
* Dependencies
|
|
- chore(deps): Bump github.com/spf13/viper from 1.19.0 to
|
|
1.20.1 (#548)
|
|
- chore(deps): Bump golang.org/x/text from 0.23.0 to 0.24.0
|
|
(#554)
|
|
- chore(deps): Bump github.com/anchore/grype from 0.90.0 to
|
|
0.91.0 (#551)
|
|
- chore(deps): Bump 8398a7/action-slack from 3.16.2 to 3.18.0
|
|
(#549)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 27 15:09:34 UTC 2025 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.31.0:
|
|
* Added Features
|
|
- Add hardware and operating system CPE parts [#544 @wagoodman]
|
|
* Bug Fixes
|
|
- Use all CPE parts when considering duplicates [#547
|
|
@wagoodman]
|
|
- Refactor NVD node configuration parsing [#546 @wagoodman]
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 22 07:51:26 UTC 2025 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.30.1 (there is no 0.30.0):
|
|
* retract v0.30.0 release
|
|
* bump minimum required go version
|
|
* chore(deps): Bump actions/cache from 4.2.2 to 4.2.3 (#542)
|
|
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
|
|
(#543)
|
|
* chore(deps): Bump actions/setup-go from 5.3.0 to 5.4.0 (#541)
|
|
* chore(deps): Bump github.com/containerd/containerd from 1.7.24
|
|
to 1.7.27 (#537)
|
|
* Update grype-db bootstrap tools to latest versions. (#539)
|
|
* chore(deps): Bump github.com/anchore/grype from 0.89.1 to
|
|
0.90.0 (#538)
|
|
* chore(deps): Bump github.com/spf13/afero from 1.12.0 to 1.14.0
|
|
(#534)
|
|
* Update grype-db bootstrap tools to latest versions. (#529)
|
|
* chore(deps): Bump github.com/anchore/grype (#532)
|
|
* feat: add support for OSV schema (#217)
|
|
* chore: update grype schema version reference (#533)
|
|
* chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 (#530)
|
|
* port msrc transformer to v6 (#531)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 07 06:41:59 UTC 2025 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.29.0:
|
|
* Fix internal link in usage (#483)
|
|
* chore(deps): Bump golang.org/x/text from 0.22.0 to 0.23.0
|
|
(#523)
|
|
* Update grype-db bootstrap tools to latest versions. (#520)
|
|
* chore(deps): Bump actions/cache from 4.2.1 to 4.2.2 (#517)
|
|
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
|
|
(#518)
|
|
* chore(deps): Bump peter-evans/create-pull-request from 7.0.7 to
|
|
7.0.8 (#522)
|
|
* chore(deps): Bump golang.org/x/sync from 0.11.0 to 0.12.0
|
|
(#524)
|
|
* Enable v6 CI validations (#521)
|
|
* fix: pin grype to v0.87.0 for v5 (#519)
|
|
* explicitly translate nvd cvss type when sorting (#516)
|
|
* enable EPSS and KEV (#515)
|
|
* Update grype-db bootstrap tools to latest versions. (#494)
|
|
* chore(deps): Bump peter-evans/create-pull-request from 7.0.6 to
|
|
7.0.7 (#514)
|
|
* Add EPSS v6 transforms (#511)
|
|
* chore(deps): Bump github.com/google/go-cmp from 0.6.0 to 0.7.0
|
|
(#513)
|
|
* fix v prefix (#512)
|
|
* Add KEV transformer + processor (#507)
|
|
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
|
|
(#510)
|
|
* chore(deps): Bump github.com/klauspost/compress from 1.17.11 to
|
|
1.18.0 (#508)
|
|
* chore(deps): Bump actions/cache from 4.2.0 to 4.2.1 (#509)
|
|
* fix RPM modularity (#506)
|
|
* fix jenkins plugins (#505)
|
|
* Missing constraint in v6 DB should match everything (#503)
|
|
* explicitly use syft pkg types (#499)
|
|
* stop publishing to s3 (#498)
|
|
* Switch from poetry to UV (#497)
|
|
* Normalize v6 record severities (#496)
|
|
* feat: update to go 1.24.x (#495)
|
|
* chore(deps-dev): Bump cryptography from 44.0.0 to 44.0.1 (#492)
|
|
* chore: update runners to ubuntu-24.04 (#493)
|
|
* pull in v6 severity updates (#490)
|
|
* Tag advisory URLs for v6 references (#491)
|
|
* point v6 tip to main
|
|
* chore(deps): Bump github.com/spf13/pflag from 1.0.5 to 1.0.6
|
|
(#484)
|
|
* chore(deps): Bump abatilo/actions-poetry in
|
|
/.github/actions/bootstrap (#487)
|
|
* chore(deps): Bump golang.org/x/text from 0.21.0 to 0.22.0
|
|
(#488)
|
|
* chore(deps): Bump golang.org/x/sync from 0.10.0 to 0.11.0
|
|
(#489)
|
|
* chore: fix python workflow failures (#485)
|
|
* remove v3 and v4 schema usage (#482)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 25 08:05:52 UTC 2025 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.28.0:
|
|
* skip release gate for unexpected acceptance tests (#481)
|
|
* fix gate threshold (#480)
|
|
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
|
|
(#479)
|
|
* fix gate threshold (#478)
|
|
* Add DB v6 support to grype-db-manager (#446)
|
|
* Rework usage instructions with working code, step-by-step
|
|
(#468)
|
|
* chore(deps): Bump actions/setup-go in
|
|
/.github/actions/bootstrap (#477)
|
|
* chore(deps): Bump actions/setup-python in
|
|
/.github/actions/bootstrap (#476)
|
|
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
|
|
(#475)
|
|
* chore(deps): Bump abatilo/actions-poetry in
|
|
/.github/actions/bootstrap (#474)
|
|
* chore(ci): fix composite GitHub action path in dependabot
|
|
config (#473)
|
|
* chore(deps): Bump github.com/spf13/afero from 1.11.0 to 1.12.0
|
|
(#461)
|
|
* chore(deps): Bump github.com/hashicorp/go-getter from 1.7.6 to
|
|
1.7.8 (#464)
|
|
* chore(deps): Bump actions/setup-go from 5.2.0 to 5.3.0 (#471)
|
|
* chore(ci): add crane to binny (#470)
|
|
* chore(ci): bootstrap oras for use in ci (#469)
|
|
* chore(deps-dev): Bump jinja2 from 3.1.4 to 3.1.5 (#467)
|
|
* chore(deps): Bump github.com/go-git/go-git/v5 from 5.12.0 to
|
|
5.13.0 (#465)
|
|
* Loosen vunnel schema version check (#463)
|
|
* pin vunnel providers (#458)
|
|
* chore(deps): Bump peter-evans/create-pull-request from 7.0.5 to
|
|
7.0.6 (#459)
|
|
* Update grype-db bootstrap tools to latest versions. (#460)
|
|
* Add release ID to OS models (#457)
|
|
* Pull in more v6 schema changes (#456)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 14 21:22:51 UTC 2024 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.27.4:
|
|
* chore(deps): update anchore dependencies (#455)
|
|
* chore(deps): Bump actions/checkout from 4.2.1 to 4.2.2 (#453)
|
|
* chore(deps): Bump actions/setup-go from 5.1.0 to 5.2.0 (#454)
|
|
* add update anchore dependencies workflow (#452)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 11 07:06:24 UTC 2024 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.27.3:
|
|
* chore(deps): update anchore dependencies (#451)
|
|
* chore(deps): Bump golang.org/x/sync from 0.9.0 to 0.10.0 (#448)
|
|
* chore(deps): Bump actions/cache from 4.1.2 to 4.2.0 (#450)
|
|
* Enable packaging v6 DBs (#437)
|
|
* Add transformers for v6 DB schema (#436)
|
|
* fix: use timestamp from only provider if only one provider
|
|
(#445)
|
|
* add request retry count for nvd (#444)
|
|
* chore(deps): Bump github.com/Masterminds/semver/v3 from 3.3.0
|
|
to 3.3.1 (#430)
|
|
* chore(deps): Bump github.com/stretchr/testify from 1.9.0 to
|
|
1.10.0 (#439)
|
|
* Update grype-db bootstrap tools to latest versions. (#442)
|
|
* add more retrys for NVD provider (#443)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 26 14:04:51 UTC 2024 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.27.2:
|
|
* ignore NVD data age + tests (#441)
|
|
* ignore NVD data age (#440)
|
|
* remove v1 & v2 processors (#438)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 22 09:35:20 UTC 2024 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.27.1:
|
|
* Update Grype to v0.85.0 (#435)
|
|
* remove push event for code gen
|
|
* Remove support for v1 & v2 schemas (#434)
|
|
* add os codename fetcher/helper method (#433)
|
|
* Migrate common processor code to internal (#432)
|
|
* chore(deps): Bump golang.org/x/text from 0.19.0 to 0.20.0
|
|
(#426)
|
|
* chore(deps-dev): Bump werkzeug from 3.0.3 to 3.0.6 (#427)
|
|
* Update grype-db bootstrap tools to latest versions. (#428)
|
|
* chore(deps): Bump github.com/anchore/grype from 0.83.0 to
|
|
0.84.0 (#424)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 29 14:06:02 UTC 2024 - opensuse_buildservice@ojkastl.de
|
|
|
|
- Update to version 0.27.0:
|
|
* chore(deps): Bump github.com/anchore/grype from 0.82.2 to
|
|
0.83.0 (#420)
|
|
* chore(deps): Bump actions/checkout from 4.2.1 to 4.2.2 (#416)
|
|
* chore(deps): Bump actions/setup-go from 5.0.2 to 5.1.0 (#417)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 24 13:31:04 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
|
|
|
- new package grype-db: create a Grype vulnerability database from
|
|
upstream vulnerability data sources
|