Accepting request 1298659 from devel:kubic

OBS-URL: https://build.opensuse.org/request/show/1298659
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/grype?expand=0&rev=99

_service

@@ -3,12 +3,12 @@
     <param name="url">https://github.com/anchore/grype</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.80.1</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="revision">v0.97.2</param>
     <param name="match-tag">v*</param>
-  </service>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
+ </service>
   <service name="set_version" mode="manual">
   </service>
   <service name="tar" mode="buildtime"/>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/grype</param>
-              <param name="changesrevision">9fb219495a634d7ff9904154355b927223a66602</param></service></servicedata>
+              <param name="changesrevision">5f39c25063334745ec0b39152189d010be7717a3</param></service></servicedata>

grype-0.80.1.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e0e1ed275524d9e67c5a5c69168f707d0075f6b64157928daa731d9dd11b0b96
-size 18098701

grype-0.97.2.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d62357090c1228d3aff56e561c682b6ee7f14480ac862a7d95f2b29d4c9728c2
+size 18309133

grype.changes

@@ -1,3 +1,870 @@
+-------------------------------------------------------------------
+Sun Aug 10 07:04:18 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.97.2:
+  * Added Features
+    - new syft version adds binary classifier for hashicorp vault
+      [#4121 @willmurphyscode]
+  * Bug Fixes
+    - fix: update syft's nondeterministic Java archive purl and
+      improve groupID for better matching [#3521 #4118 @kzantow]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2860)
+    - chore(deps): bump docker/login-action from 3.4.0 to 3.5.0
+      (#2848)
+    - chore(deps): bump actions/cache in /.github/actions/bootstrap
+      (#2854)
+    - chore(deps): bump github/codeql-action from 3.29.6 to 3.29.8
+      (#2857)
+    - chore(deps): bump golang.org/x/tools from 0.35.0 to 0.36.0
+      (#2859)
+    - chore(deps): bump actions/cache from 4.2.3 to 4.2.4 (#2855)
+    - chore(deps): bump github/codeql-action from 3.29.5 to 3.29.6
+      (#2856)
+    - chore(deps): update tools to latest versions (#2839)
+
+-------------------------------------------------------------------
+Sun Aug 03 11:24:36 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.97.1:
+  * Bug Fixes
+    - Multiple EUS advisories where only some are fixed result in
+      unexpected vulnerabilities [#2840 #2841 @kzantow]
+
+-------------------------------------------------------------------
+Fri Aug 01 08:14:39 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.97.0:
+  * Added Features
+    - Add support for RHEL EUS [#2446 #2787 @wagoodman]
+  * Bug Fixes
+    - Error scanning snap "unsupported source: source.SnapMetadata"
+      [#2819 #2821 @kzantow]
+  * Additional Changes
+    - add channel to os / distro [#2782 @wagoodman]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2835)
+    - chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5
+      (#2837)
+    - chore(deps): bump github.com/docker/docker (#2831)
+    - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.13
+      to 0.5.14 (#2832)
+    - chore(deps): bump github.com/olekukonko/tablewriter from
+      1.0.8 to 1.0.9 (#2829)
+    - chore(deps): update tools to latest versions (#2826)
+    - chore(deps): update tools to latest versions (#2824)
+    - chore(deps): bump gorm.io/gorm from 1.30.0 to 1.30.1 (#2825)
+    - chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4
+      (#2823)
+    - chore(deps): update tools to latest versions (#2817)
+    - chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4
+      (#2820)
+
+-------------------------------------------------------------------
+Thu Jul 24 07:29:31 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.96.1:
+  * chore(deps): update anchore dependencies (#2815)
+  * chore: revert credentials persistence for release (#2816)
+  * chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3
+    (#2814)
+  * chore(deps): update tools to latest versions (#2806)
+  * chore(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2
+    (#2808)
+  * create ignore regexs conditionally (#2805)
+  * chore: lint gh actions (#2804)
+  * chore(deps): update tools to latest versions (#2801)
+
+-------------------------------------------------------------------
+Wed Jul 16 06:18:39 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.96.0:
+  * Added Features
+    - Added the EPSS score and KEV indications as CycloneDX
+      vulnerabilities.ratings entries [#2695 #2765 @AlinaPodoba]
+  * Bug Fixes
+    - The go run and go install broken due to useless redirect
+      directive in go.mod [#2777 #2780 @stefanb]
+    - EPSS implementation using percentile instead of percent
+      probability [#2778 #2785 @wagoodman]
+    - Latest version of grype with V6 schema lists incorrect URL
+      for v6 database [#2513]
+  * Additional Changes
+    - Add more detail around cataloging and DB load log statements
+      [#2779 @wagoodman]
+    - add version set and combined constraint [#2763 @wagoodman]
+    - add v6 OS store [#2766 @wagoodman]
+  * Dependencies
+    - chore(deps): update tools to latest versions (#2792)
+    - chore(deps): bump golang.org/x/tools from 0.34.0 to 0.35.0
+      (#2799)
+    - chore(deps): bump github.com/docker/docker (#2795)
+    - chore(deps): bump github.com/charmbracelet/bubbletea from
+      1.3.5 to 1.3.6 (#2790)
+    - chore(deps): bump github.com/olekukonko/tablewriter from
+      1.0.7 to 1.0.8 (#2781)
+    - chore(deps): bump github.com/docker/docker (#2775)
+    - chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2
+      (#2776)
+
+-------------------------------------------------------------------
+Thu Jul 03 04:49:43 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.95.0:
+  * Added Features
+    - Add string severity to db search json results [#2730
+      @wagoodman]
+    - Add package specifier overrides for kb, dpkg, and apkg [#2742
+      @westonsteimel]
+  * Bug Fixes
+    - show related NVD records for non-NVD matches [#2755 @kzantow]
+    - assume that a vulnerability with no ranges is always
+      vulnerable [#2759 @wagoodman]
+    - DB should hydrate for when the client has new features [#2758
+      @wagoodman]
+    - show relationship back to NVD for all CVE ids [#2756
+      @westonsteimel]
+    - properly escape CPE segments [#2731 @kzantow]
+    - msrc matcher should search by package ecosystem, not by
+      distro [#2748 @westonsteimel]
+    - Grype does not report any vulnerabilities for CPEs with
+      target_sw field set to value that does not correspond to
+      known package type [#2768 #2772 @willmurphyscode]
+    - malformed CPE in grype db search output [#2767 #2769
+      @westonsteimel]
+    - vex documents from the --vex flag do get processed or applied
+      to the output correctly [#1836 #2741 @willmurphyscode]
+  * Additional Changes
+    - replace deprecated GoReleaser configurations [#2729
+      @emmanuel-ferdman]
+    - specify types for all match details [#2762 @wagoodman]
+    - Refactor the version package [#2735 @wagoodman]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2773)
+    - chore(deps): update anchore dependencies (#2771)
+    - chore(deps): update tools to latest versions (#2751)
+    - chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2
+      (#2760)
+    - chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1
+      (#2757)
+    - chore(deps): bump github.com/docker/docker (#2753)
+    - chore(deps): bump sigstore/cosign-installer from 3.8.2 to
+      3.9.1 (#2749)
+    - chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1
+      (#2732)
+    - chore(deps): bump github.com/google/go-containerregistry
+      (#2733)
+    - chore(deps): bump github.com/go-viper/mapstructure/v2 (#2734)
+    - chore(deps): update tools to latest versions (#2736)
+    - chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0
+      (#2727)
+
+-------------------------------------------------------------------
+Fri Jun 13 04:52:37 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.94.0:
+  * Added Features
+    - Add echo os to grype [#2647 @orizerah]
+  * Bug Fixes
+    - Nonroot can't load local docker image with docker socket bind
+      [#2721 #2723 @kzantow]
+    - "Harden Container Runtime with Non-Root User" breaks --output
+      usage [#2720 #2723 @kzantow]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2726)
+    - chore(deps): update tools to latest versions (#2722)
+
+-------------------------------------------------------------------
+Wed Jun 11 04:33:31 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.93.0:
+  * Added Features
+    - Add support for MinimOS [#2627 @Daniel-Wachter]
+    - Use the upstream Bitmani vulndb data for matching [#1609
+      #2538 @juan131]
+    - Support rubygems specific version comparision [#2646 #2712
+      @willmurphyscode]
+  * Bug Fixes
+    - Harden Container Runtime with Non-Root User [#2716
+      @wagoodman]
+    - valid cpes in db search output [#2706 @westonsteimel]
+    - Always show results with json output for db search commands
+      [#2692 @wagoodman]
+    - False positive: CVE-2025-5702 reported with High severity on
+      glibc 2.34 (wrong severity and affected version) [#2718]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2719)
+    - chore(deps): update tools to latest versions (#2717)
+    - chore(deps): bump golang.org/x/tools from 0.33.0 to 0.34.0
+      (#2713)
+    - chore(deps): bump github.com/sergi/go-diff (#2714)
+    - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.12
+      to 0.5.13 (#2708)
+    - chore(deps): bump golang.org/x/time from 0.11.0 to 0.12.0
+      (#2709)
+    - chore(deps): bump github/codeql-action from 3.28.18 to
+      3.28.19 (#2704)
+    - chore(deps): update tools to latest versions (#2696)
+    - chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2
+      (#2703)
+    - chore(deps): bump github.com/docker/docker (#2702)
+    - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.11
+      to 0.5.12 (#2693)
+    - chore(deps): bump github.com/docker/docker (#2694)
+    - chore(deps): update tools to latest versions (#2679)
+    - chore(deps): bump github.com/google/go-containerregistry
+      (#2681)
+    - chore(deps): bump gorm.io/gorm from 1.26.1 to 1.30.0 (#2687)
+    - chore(deps): bump github.com/anchore/syft from 1.26.0 to
+      1.26.1 (#2678)
+
+-------------------------------------------------------------------
+Wed May 21 04:29:32 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.92.2:
+  * Bug Fixes
+    - unpin dockerfile base images to prevent wget TLS errors
+      [#2671 @spiffcs]
+    - Parse java group ID and artifact ID from PURL when missing
+      [#2675 @wagoodman]
+    - Grype can't update DB in docker volume (regression) [#2517
+      #2672 @willmurphyscode]
+  * Additional Changes
+    - Remove getDB() from the v6 DB reader [#2669 @wagoodman]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2676)
+    - chore(deps): update tools to latest versions (#2673)
+
+-------------------------------------------------------------------
+Sat May 17 07:06:10 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.92.1:
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2668)
+    - chore(deps): bump anchore/sbom-action from 0.19.0 to 0.20.0
+      (#2664)
+    - chore(deps): bump github/codeql-action from 3.28.17 to
+      3.28.18 (#2665)
+
+-------------------------------------------------------------------
+Thu May 15 04:47:16 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.92.0:
+  https://github.com/anchore/grype/compare/v0.91.2...v0.92.0
+  * Added Features
+    - improve html template [#2635 @OnceUponALoop]
+    - Add EPSS metrics to grype results [#1973 #2587 @wagoodman]
+    - Show indication of known exploited vulnerabilities (from
+      CISA) [#1511 #2587 @wagoodman]
+  * Bug Fixes
+    - adjust namespace translation logic to be v5 compatible [#2634
+      @westonsteimel]
+    - fall back to fuzzy constraint units [#2651 @willmurphyscode]
+    - adjust version prefix check when excluding overlapping
+      packages [#2653 @westonsteimel]
+    - Dropping group from npm package names leads to false
+      positives [#2554 #2645 @kzantow]
+    - Potential regression in CVE detection from 0.87.0 (v5 schema)
+      to 0.88.0 (v6 schema) for go-module detection [#2642]
+    - Removal of temporary files not working on Windows [#2233
+      #2657 @popey]
+    - @jridgewell/gen-mapping incorrectly attributed
+      GHSA-8rmg-jf7p-4p22 [#1886 #2645 @kzantow]
+    - Vulnerability reported on @group/name dependency when actual
+      vulnerability exists on name dependency [#1701 #2645
+      @kzantow]
+    - Grype false negatives in versions v0.88.0 and later leading
+      to missed critical vulnerabilities [#2628 #2645 @kzantow]
+    - PHP pecl redis mixes with redis project itself and creates
+      false positive cve [#1804]
+    - False Positive: Openssl CVE-2022-2068, CVE-2022-1292,
+      CVE-2021-3711 in SUSE Enterprise 15 SP5 [#1729]
+    - Grype does not handle purl file input with packages from
+      different distributions [#2630 #2639 @chovanecadam]
+    - grype pkg:golang/k8s.io/ingress-nginx@v1.11.2 does not show
+      cve [#2580 #2586 @goatwu1993]
+
+-------------------------------------------------------------------
+Fri Apr 25 18:25:36 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.91.2:
+  * chore(deps): update anchore dependencies (#2622)
+  * chore(deps): update tools to latest versions (#2619)
+  * fix: only fallback to language if language is non-blank (#2621)
+
+-------------------------------------------------------------------
+Fri Apr 25 06:06:48 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.91.1:
+  * Bug Fixes
+    - Assume that empty versions should match on all possible
+      versions [#2591 @wagoodman]
+    - Fix severity field in db search vuln [#2589 @wagoodman]
+    - Recover from panic within a matcher [#2590 @wagoodman]
+    - Should only check maven central if pom info is missing [#2216
+      #2547 @tdunlap607]
+    - grype db search GHSA-mrrh-fwg8-r2c3 doesn't return results
+      [#2530]
+    - Grype stopped reporting vulnerabilities after upgrade [#2608
+      #2610 @willmurphyscode]
+    - Grype does not handle cache-dir containing ~ correctly [#2599
+      #2600 @kzantow]
+    - Grype should expand ~ in paths in config file [#2024 #2600
+      @kzantow]
+    - False Positive: Multiple old CVEs in chromium 134.0.6998.117
+      for apk ecosystem [#2581]
+    - Missing grype DB update from 20250411 [#2593]
+    - Does not fill in the Level field of the SARIF result object
+      [#2511 #2571 @bdovaz]
+  * Additional Changes
+    - add timing info to log output [#2597 @kzantow]
+    - Replace os.ReadDir with afero.ReadDir for consistency [#2579
+      @joe-ton]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2616)
+    - chore(deps): bump github/codeql-action from 3.28.15 to
+      3.28.16 (#2611)
+    - chore(deps): bump sigstore/cosign-installer from 3.8.1 to
+      3.8.2 (#2612)
+    - chore(deps): bump actions/setup-python in
+      /.github/actions/bootstrap (#2614)
+    - chore(deps): update tools to latest versions (#2613)
+    - chore(deps): update tools to latest versions (#2609)
+    - chore(deps): bump github.com/docker/docker (#2604)
+    - chore(deps): bump github.com/gabriel-vasile/mimetype from
+      1.4.8 to 1.4.9 (#2605)
+    - chore(deps): bump github.com/docker/docker (#2602)
+    - chore(deps): update tools to latest versions (#2595)
+    - chore(deps): bump github.com/anchore/stereoscope from 0.1.2
+      to 0.1.3 (#2598)
+    - chore(deps): update tools to latest versions (#2583)
+    - chore(deps): bump github/codeql-action from 3.28.13 to
+      3.28.15 (#2584)
+    - chore(deps): bump golang.org/x/tools from 0.31.0 to 0.32.0
+      (#2585)
+    - chore(deps): update tools to latest versions (#2561)
+
+-------------------------------------------------------------------
+Tue Apr 01 17:31:06 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 0.91.0:
+  * Added Features
+    - Add v5 namespace emulation to db search output [#2539
+      @wagoodman]
+    - Add CVSS metrics in search JSON output [#2568 @wagoodman]
+    - Exit with a different return code for a failed scan [#1922]
+  * Bug Fixes
+    - Use data driven approach when detecting Alpine:edge and
+      Debian:sid [#2556 @wagoodman]
+    - db list should render out full URLs for text format [#2553
+      @wagoodman]
+    - grype db import fails since v0.88 and above [#2542 #2546
+      @kzantow]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2570)
+    - chore(deps): bump actions/setup-python in
+      /.github/actions/bootstrap (#2564)
+    - chore(deps): bump actions/cache in /.github/actions/bootstrap
+      (#2549)
+    - chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
+      (#2551)
+    - chore(deps): bump actions/cache from 4.2.2 to 4.2.3 (#2552)
+    - chore(deps): bump github/codeql-action from 3.28.12 to
+      3.28.13 (#2562)
+    - chore(deps): bump github.com/docker/docker (#2565)
+    - chore(deps): bump 8398a7/action-slack from 3.16.2 to 3.18.0
+      (#2567)
+    - chore(deps): update tools to latest versions (#2536)
+    - chore(deps): bump github.com/containerd/containerd from
+      1.7.26 to 1.7.27 (#2535)
+    - chore(deps): bump actions/setup-go in
+      /.github/actions/bootstrap (#2543)
+    - chore(deps): bump github/codeql-action from 3.28.11 to
+      3.28.12 (#2544)
+    - chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0
+      (#2545)
+
+-------------------------------------------------------------------
+Tue Mar 18 05:47:30 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.90.0:
+  * chore(deps): update anchore dependencies (#2533)
+  * feat: specify distro without version (#2534)
+  * import DB from URL (#2532)
+  * Improve DB metadata regarding data provenance (#2529)
+  * chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11
+    (#2519)
+  * chore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0
+    to 1.1.0 (#2525)
+  * chore(deps): update tools to latest versions (#2512)
+  * chore(deps): bump docker/login-action from 3.3.0 to 3.4.0
+    (#2528)
+
+-------------------------------------------------------------------
+Fri Mar 14 06:27:30 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.89.1:
+  * fix: populate vulnerability.Metadata.DataSource with first
+    reference URL (#2523)
+  * fix(java): ensure fatal error from maven search bubbles up
+    (#2518)
+  * fix: exclude self from related vulnerability list (#2515)
+
+-------------------------------------------------------------------
+Fri Mar 07 06:41:48 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.89.0:
+  * chore(deps): bump github.com/muesli/termenv from 0.15.2 to
+    0.16.0 (#2509)
+  * chore(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0
+    (#2510)
+  * fix regression to allow for reading listing from local FS
+    (#2508)
+  * chore(deps): bump golang.org/x/time from 0.10.0 to 0.11.0
+    (#2503)
+  * chore(deps): update tools to latest versions (#2506)
+  * Add suggested fixed version when there are multiple fixes
+    available (#2271)
+  * remove v6 development configuration (#2504)
+
+-------------------------------------------------------------------
+Thu Mar 06 06:18:47 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.88.0:
+  * Enumerate version ranges within a single match (don't
+    duplicate) (#2502)
+  * Fix CPE target software filtering + improve logging (#2494)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.7 to
+    7.0.8 (#2501)
+  * test: update quality gate db to latest version (#2495)
+  * chore(deps): update tools to latest versions (#2496)
+  * ensure azurelinux ids get same version processing as mariner
+    (#2499)
+  * ensure azure linux has 0 minor version (#2498)
+  * cover mariner and ubuntu namespace conversion (#2497)
+  * Add KEV & EPSS to db search schema (#2481)
+  * Refactor presenters to use static model over dynamic lookups
+    (#2492)
+  * feat: enable v6 database (#2439)
+  * fix(java): error out on maven search rate limiting (#2460)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.3
+    to 1.3.4 (#2484)
+  * chore(deps): bump github.com/docker/docker (#2485)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#2490)
+  * chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#2491)
+  * chore(deps): update tools to latest versions (#2487)
+  * fix: golang 1.24 version handling (#2486)
+  * chore: update syft to 1.20 (#2473)
+  * chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1
+    (#2477)
+  * chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
+    (#2475)
+  * chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
+    (#2478)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.6 to
+    7.0.7 (#2479)
+  * chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10
+    (#2480)
+  * Add EPSS models to the v6 DB (#2472)
+  * fix: add explicit igore for problematic CVE-2023-45853 (#2474)
+  * Add KEV information to v6 DB (#2464)
+  * Add CPE provider (#2463)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#2467)
+  * chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (#2469)
+  * detect when DB rehydration is necessary (#2470)
+  * chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1
+    (#2468)
+  * chore(deps): update tools to latest versions (#2465)
+  * chore(deps): bump github.com/docker/docker (#2466)
+  * chore(deps): update tools to latest versions (#2433)
+  * chore: update rpm modularity to string pointer (#2458)
+  * fix jenkins plugins (#2457)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10
+    to 0.5.11 (#2453)
+  * chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
+    (#2454)
+  * Additional ecosystem related v6 fixes (#2450)
+  * chore(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0
+    (#2437)
+  * add language mapping to konwn pkg spec override (#2448)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.2
+    to 1.3.3 (#2447)
+  * feat: update to go 1.24.x (#2441)
+  * Add more logging and fix search by CPE (#2444)
+  * fix: only log matcher errors (#2442)
+  * chore: update runners to ubuntu-24.04 (#2440)
+  * fix: exclude unknown packages from CPE target software
+    component filter logic (#2438)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.0
+    to 1.3.2 (#2436)
+  * More complete severity parsing for v6 DBs (#2431)
+  * remove DB v3 and v4 schema code (#2435)
+  * feat: v6 database support, updated matcher interfaces (#2311)
+  * add optional ID to reference + advisory tag const (#2432)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.9 to
+    0.5.10 (#2430)
+  * chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9
+    (#2429)
+  * chore(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
+    (#2424)
+  * chore(deps): update tools to latest versions (#2425)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4
+    to 1.3.0 (#2426)
+  * chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0
+    (#2427)
+  * test: update quality gate db to latest version (#2420)
+  * chore(deps): update tools to latest versions (#2419)
+  * docs(config): add GRYPE_CONFIG docs (#2380)
+  * feat: output compact JSON by default with option for pretty
+    format (#2406)
+  * chore(deps): update tools to latest versions (#2417)
+  * chore(deps): bump github/codeql-action from 3.28.7 to 3.28.8
+    (#2416)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.8 to
+    0.5.9 (#2413)
+  * docs: flip descriptions to correct documentation (#2414)
+  * chore(deps): bump github/codeql-action from 3.28.6 to 3.28.7
+    (#2415)
+  * chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6
+    (#2410)
+  * chore(deps): bump actions/setup-python in
+    /.github/actions/bootstrap (#2411)
+  * feat(external-sources): make maven rate limit configurable
+    (#2397)
+  * chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5
+    (#2407)
+  * chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4
+    (#2405)
+  * chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0
+    (#2404)
+  * Performance enhancements for DB v6 writes (#2394)
+  * chore(deps): update tools to latest versions (#2395)
+  * chore(deps): bump actions/setup-python in
+    /.github/actions/bootstrap (#2398)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#2400)
+  * chore(deps): bump actions/setup-go in
+    /.github/actions/bootstrap (#2399)
+  * chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3
+    (#2401)
+  * chore(deps): bump github.com/docker/docker (#2402)
+  * chore(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#2403)
+  * chore(ci): fix composite GitHub action path in dependabot
+    config (#2396)
+
+-------------------------------------------------------------------
+Thu Jan 23 05:36:33 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.87.0:
+  * chore(deps): update anchore dependencies (#2388)
+  * external-sources: throttle requests to maven central to avoid
+    being rate limited for large sets of java dependencies (#2384)
+  * chore(deps): bump github.com/aquasecurity/go-pep440-version
+    (#2391)
+  * chore(deps): bump github/codeql-action from 3.28.1 to 3.28.2
+    (#2390)
+  * chore(deps): bump github.com/anchore/stereoscope from 0.0.12 to
+    0.0.13 (#2392)
+  * chore(deps): update tools to latest versions (#2389)
+  * chore(deps): bump github.com/invopop/jsonschema from 0.7.0 to
+    0.13.0 (#2378)
+  * chore(deps): update tools to latest versions (#2381)
+  * chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#2386)
+  * remove db debug statements for v6 (#2387)
+  * chore: disable v1 images in quality tests (#2385)
+  * Add package spec alias + case insensitivity for v6 DBs (#2376)
+  * chore(deps): bump github.com/google/go-containerregistry
+    (#2377)
+  * chore(deps): bump golang.org/x/tools from 0.23.0 to 0.29.0
+    (#2379)
+  * fix: upstream match for linux-.*-headers-.* (#2320)
+  * chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
+    5.13.0 (#2371)
+  * chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
+    (#2370)
+  * chore(deps): bump github.com/anchore/stereoscope from 0.0.11 to
+    0.0.12 (#2369)
+  * chore(deps): bump github.com/spf13/afero from 1.11.0 to 1.12.0
+    (#2368)
+  * chore(deps): bump github.com/hashicorp/go-getter from 1.7.6 to
+    1.7.8 (#2374)
+  * Enhance v6 search command (#2303)
+  * chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1
+    (#2372)
+  * feat: add OpenVEX matching on local package name + tags (#2355)
+  * use v6 vuln status enum (#2366)
+  * Clean up config help text (#2347)
+  * have aliases for non standard names (#2352)
+  * chore(deps): update tools to latest versions (#2364)
+  * chore(deps): update tools to latest versions (#2362)
+  * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.7
+    to 1.4.8 (#2363)
+  * chore(deps): update tools to latest versions (#2361)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.7 to
+    0.5.8 (#2353)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.5 to
+    7.0.6 (#2354)
+  * test: update quality gate db to latest version (#2358)
+  * chore(deps): update tools to latest versions (#2359)
+  * have aliases for non standard names (#2351)
+  * finalize label version and add release id to OS model (#2349)
+  * chore(deps): update tools to latest versions (#2346)
+  * chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0
+    (#2350)
+  * do not warn if DB missing (#2341)
+  * Allow v6 store to support multiple qualifiers (#2338)
+  * chore(deps): bump github.com/docker/docker (#2339)
+  * chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
+    (#2340)
+  * Drop DB v6 indexes on close (#2335)
+  * chore(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9
+    (#2334)
+
+-------------------------------------------------------------------
+Sat Dec 14 21:22:36 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.86.1:
+  * chore(deps): update anchore dependencies (#2331)
+  * chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9
+    (#2330)
+  * fix: do not panic on cdx/sairf output from PURL file (#2328)
+  * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1
+    to 0.9.2 (#2329)
+  * chore: move v5-specific interfaces and implementations to the
+    v5 package (#2322)
+  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
+    (#2323)
+  * docs: fix link to cosign documentation (#2321)
+  * deduplicate vulns on store write (#2319)
+  * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2317)
+  * chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#2318)
+  * add update anchore dependencies workflow (#2312)
+  * chore: replace archiver with anchore fork (#2313)
+  * chore(deps): bump github.com/docker/docker (#2310)
+  * chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7
+    (#2309)
+
+-------------------------------------------------------------------
+Tue Dec 10 08:54:29 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.86.0:
+  * chore(deps): update anchore dependencies (#2308)
+  * chore(deps): update tools to latest versions (#2307)
+  * chore(deps): update tools to latest versions (#2305)
+  * chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#2306)
+  * add initial os aliases to the DB after migration (#2301)
+  * latest doc from reader should allow for empty (#2294)
+  * Migrate searchable vulnerability data out of v6 blob (#2300)
+  * fix: add PURLs in SARIF report (#2254)
+  * ignore linux-aws-headers-.* as well like linux-headers-.*
+    (#2295)
+  * chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
+    (#2296)
+  * chore(deps): update tools to latest versions (#2298)
+  * chore: refactor v5-specific code out of core packages (#2299)
+  * modify store to be one getter-per-noun (#2297)
+  * Add ability to map CPEs directly to packages (v6 schema)
+    (#2285)
+  * Fix DB v6 curator directory creation (#2293)
+  * test: update quality gate db to latest version (#2291)
+  * chore(deps): update tools to latest versions (#2290)
+  * add db v6 feature flag and wire to db commands (#2288)
+  * Simplify v6 distribution material (#2277)
+  * chore(deps): bump anchore/sbom-action from 0.17.7 to 0.17.8
+    (#2279)
+  * chore(deps): bump github.com/stretchr/testify from 1.9.0 to
+    1.10.0 (#2284)
+  * chore(deps): update tools to latest versions (#2280)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.3
+    to 1.2.4 (#2283)
+  * note supported grype versions (#2287)
+  * remove support for v1 & v2 schemas (#2278)
+  * allow distro search to be entirely data driven (#2265)
+
+-------------------------------------------------------------------
+Fri Nov 22 09:34:28 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.85.0:
+  * dependencies: latest syft and stereoscope (#2275)
+  * chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
+    (#2272)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.2
+    to 1.2.3 (#2273)
+  * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.6
+    to 1.4.7 (#2274)
+  * chore(deps): update tools to latest versions (#2269)
+  * fix: bump clio to fix logging when no tty present (#2268)
+  * chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4
+    (#2260)
+  * fix failing tests (#2261)
+  * Add v6 DB curator (#2151)
+  * Add affected CPE store (#2258)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2
+    to 1.2.2 (#2256)
+  * Add AffectedPackage store (#2245)
+  * Add v6 vulnerability & blob stores (#2243)
+  * chore(deps): bump anchore/sbom-action from 0.17.6 to 0.17.7
+    (#2238)
+  * chore(deps): bump github.com/anchore/stereoscope (#2246)
+  * chore(deps): bump github/codeql-action from 3.27.0 to 3.27.3
+    (#2257)
+  * Add v6 distribution client (#2150)
+  * restore log on ui teardown (#2248)
+  * Merge indirect matches with direct matches (#2241)
+  * doc: Add official Grype logo license information (#2244)
+  * add v6 provider store (#2232)
+
+-------------------------------------------------------------------
+Tue Nov 12 08:13:47 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.84.0:
+  * chore(deps): update Syft to v1.16.0 (#2237)
+  * test: update quality gate db to latest version (#2231)
+  * chore(deps): bump github.com/adrg/xdg from 0.5.2 to 0.5.3
+    (#2230)
+  * chore(deps): bump github.com/charmbracelet/lipgloss from 0.13.1
+    to 1.0.0 (#2228)
+  * fix and cleanup namespace search to account for missing info
+    (#2226)
+  * Remove gentoo integration test (#2227)
+  * Improve purl input (#2223)
+  * chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2
+    (#2220)
+  * chore(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6
+    (#2221)
+
+-------------------------------------------------------------------
+Tue Oct 29 14:02:25 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.83.0:
+  * bump syft to v1.15.0, sterescope to v0.0.5 (#2219)
+  * Add `grype db providers` command (#2174)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1
+    to 1.1.2 (#2214)
+  * chore(deps): update tools to latest versions (#2213)
+  * docs: update config section to be valid, reference config
+    subcommand (#2218)
+  * chore(deps): bump github.com/charmbracelet/lipgloss (#2207)
+  * chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0
+    (#2208)
+  * chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#2209)
+  * chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#2211)
+  * feat: multi-level configuration and profiles (#2194)
+  * chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#2204)
+  * chore(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5
+    (#2205)
+
+-------------------------------------------------------------------
+Tue Oct 22 07:09:22 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.82.2:
+  * Update to Syft v1.14.2 (#2203)
+  * Updated README.md with correct spellings & phrase. (#2201)
+  * chore(deps): bump github.com/adrg/xdg from 0.5.0 to 0.5.1
+    (#2198)
+  * chore(deps): update tools to latest versions (#2196)
+  * fix: azurelinux considered as comprehensive distro (#2197)
+  * chore(deps): bump anchore/sbom-action from 0.17.3 to 0.17.4
+    (#2193)
+
+-------------------------------------------------------------------
+Tue Oct 15 15:36:39 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.82.1:
+  * chore(deps): update Syft to v1.14.1 (#2191)
+  * dependency: bump syft to main pre-release (#2189)
+  * chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13
+    (#2183)
+  * Skip matching on packages with missing version info (#2182)
+  * chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3
+    (#2184)
+  * chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5
+    to 1.4.6 (#2185)
+  * Account for implicit 0s in rpm release versions (#2188)
+  * chore: bump syft in quality gate to v1.14.0 (#2187)
+  * use epoch from metadata when missing from version string
+    (#2186)
+  * fix: exclude binary packages from CPE target software component
+    filter logic (#2179)
+  * add release docs (#2177)
+  * chore(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3
+    (#2176)
+  * chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2
+    (#2173)
+  * chore(deps): bump actions/cache from 4.0.2 to 4.1.1 (#2172)
+  * [chore] Add mastodon link to README.md (#2166)
+  * chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1
+    (#2167)
+  * chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#2168)
+  * chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12
+    (#2169)
+
+-------------------------------------------------------------------
+Wed Oct 09 04:39:05 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.82.0:
+  * chore(deps): update Syft to v1.14.0 (#2164)
+  * fix: use fix info from secDB in APK matcher even if NVD fix
+    info present (#2162)
+  * chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
+    (#2159)
+  * chore(deps): bump github/codeql-action from 3.26.10 to 3.26.11
+    (#2160)
+  * chore(deps): update tools to latest versions (#2157)
+  * Add v6 DB metadata store (#2146)
+  * feat: remove `wordpress` from `known` targets due to wordpress
+    cataloger support syft/#1553
+  * Add a space following the "Name:" label (#2155)
+  * chore(deps): update tools to latest versions (#2154)
+  * test: update quality gate db to latest version (#2153)
+  * explicitly skip update ts on check failure (#2152)
+  * port over tar/xz decompressors (#2139)
+  * chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10
+    (#2149)
+  * chore(deps): bump github.com/docker/docker (#2147)
+  * implement a low pass filter for update checks (#2148)
+  * migrate legacy distribution concerns (#2144)
+  * chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9
+    (#2142)
+  * chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#2145)
+
+-------------------------------------------------------------------
+Thu Sep 26 05:02:11 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.81.0:
+  * add awaiting response management (#2141)
+  * feat: add distro mapping for azure linux 3 (#1848)
+
+-------------------------------------------------------------------
+Tue Sep 24 17:22:08 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.80.2:
+  * chore(deps): update Syft to v1.13.0 (#2140)
+  * Correctly match JVM version ranges (#2114)
+  * chore: switch to yardstick validate from custom gate.py (#2090)
+  * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0
+    to 0.9.1 (#2118)
+  * chore(deps): update tools to latest versions (#2123)
+  * chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8
+    (#2135)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.2 to
+    7.0.5 (#2136)
+  * test: fix slice init length (#2133)
+  * fix: hash vuln db only once on load (#2054)
+  * chore: include file specifier in help (#2121)
+  * docs: add mention of file scheme (#2120)
+  * fix(apk): find secdb entries for origin packages (#1602)
+  * chore(deps): update tools to latest versions (#2115)
+  * chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7
+    (#2113)
+  * chore(deps): update tools to latest versions (#2102)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0
+    to 1.1.1 (#2109)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.1 to
+    7.0.2 (#2111)
+
 -------------------------------------------------------------------
 Thu Sep 12 05:00:44 UTC 2024 - opensuse_buildservice@ojkastl.de
 

grype.obsinfo

@@ -1,4 +1,4 @@
 name: grype
-version: 0.80.1
-mtime: 1726073840
-commit: 9fb219495a634d7ff9904154355b927223a66602
+version: 0.97.2
+mtime: 1754679639
+commit: 5f39c25063334745ec0b39152189d010be7717a3

grype.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package grype
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,23 @@
 #
 
 
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
-
 Name:           grype
-Version:        0.80.1
+Version:        0.97.2
 Release:        0
 Summary:        A vulnerability scanner for container images and filesystems
 License:        Apache-2.0
 URL:            https://github.com/anchore/grype
 Source:         grype-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  go >= 1.23
+BuildRequires:  bash-completion
+BuildRequires:  fish
+BuildRequires:  go >= 1.24
+BuildRequires:  zsh
 
 %description
-A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
+A vulnerability scanner for container images and filesystems. Easily install
+the binary to try it out. Works with Syft, the powerful SBOM (software bill of
+materials) tool for container images and filesystems.
 
 %package -n %{name}-bash-completion
 Summary:        Bash Completion for %{name}
@@ -94,8 +97,8 @@ mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
 %{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
 
 # create the zsh completion file
-mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
-%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name}
+mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/
+%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{name}
 
 %files
 %doc README.md
@@ -103,17 +106,12 @@ mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
 %{_bindir}/%{name}
 
 %files -n %{name}-bash-completion
-%dir %{_datarootdir}/bash-completion/completions/
 %{_datarootdir}/bash-completion/completions/%{name}
 
 %files -n %{name}-fish-completion
-%dir %{_datarootdir}/fish
-%dir %{_datarootdir}/fish/vendor_completions.d
 %{_datarootdir}/fish/vendor_completions.d/%{name}.fish
 
 %files -n %{name}-zsh-completion
-%defattr(-,root,root)
-%dir %{_datarootdir}/zsh_completion.d/
-%{_datarootdir}/zsh_completion.d/_%{name}
+%{_datarootdir}/zsh/site-functions/_%{name}
 
 %changelog

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:98534845c0d426b8cd60d9149185532e2fe94d06e7d7f815873a6aacb10d5a8d
-size 53973309
+oid sha256:446df3ad904929dd166f07e68cc719d079d9d41962653e083a39982709d11d7a
+size 61733643