Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grype for openSUSE:Factory checked in at 2025-05-20 10:36:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grype (Old) and /work/SRC/openSUSE:Factory/.grype.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grype" Tue May 20 10:36:28 2025 rev:90 rq:1278107 version:0.92.1 Changes: -------- --- /work/SRC/openSUSE:Factory/grype/grype.changes 2025-04-26 22:25:16.514164861 +0200 +++ /work/SRC/openSUSE:Factory/.grype.new.30101/grype.changes 2025-05-20 10:36:45.049493639 +0200 @@ -1,0 +2,49 @@ +Sat May 17 07:06:10 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 0.92.1: + * Dependencies + - chore(deps): update anchore dependencies (#2668) + - chore(deps): bump anchore/sbom-action from 0.19.0 to 0.20.0 + (#2664) + - chore(deps): bump github/codeql-action from 3.28.17 to + 3.28.18 (#2665) + +------------------------------------------------------------------- +Thu May 15 04:47:16 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 0.92.0: + https://github.com/anchore/grype/compare/v0.91.2...v0.92.0 + * Added Features + - improve html template [#2635 @OnceUponALoop] + - Add EPSS metrics to grype results [#1973 #2587 @wagoodman] + - Show indication of known exploited vulnerabilities (from + CISA) [#1511 #2587 @wagoodman] + * Bug Fixes + - adjust namespace translation logic to be v5 compatible [#2634 + @westonsteimel] + - fall back to fuzzy constraint units [#2651 @willmurphyscode] + - adjust version prefix check when excluding overlapping + packages [#2653 @westonsteimel] + - Dropping group from npm package names leads to false + positives [#2554 #2645 @kzantow] + - Potential regression in CVE detection from 0.87.0 (v5 schema) + to 0.88.0 (v6 schema) for go-module detection [#2642] + - Removal of temporary files not working on Windows [#2233 + #2657 @popey] + - @jridgewell/gen-mapping incorrectly attributed + GHSA-8rmg-jf7p-4p22 [#1886 #2645 @kzantow] + - Vulnerability reported on @group/name dependency when actual + vulnerability exists on name dependency [#1701 #2645 + @kzantow] + - Grype false negatives in versions v0.88.0 and later leading + to missed critical vulnerabilities [#2628 #2645 @kzantow] + - PHP pecl redis mixes with redis project itself and creates + false positive cve [#1804] + - False Positive: Openssl CVE-2022-2068, CVE-2022-1292, + CVE-2021-3711 in SUSE Enterprise 15 SP5 [#1729] + - Grype does not handle purl file input with packages from + different distributions [#2630 #2639 @chovanecadam] + - grype pkg:golang/k8s.io/[email protected] does not show + cve [#2580 #2586 @goatwu1993] + +------------------------------------------------------------------- Old: ---- grype-0.91.2.obscpio New: ---- grype-0.92.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grype.spec ++++++ --- /var/tmp/diff_new_pack.oqLZeP/_old 2025-05-20 10:36:48.213626018 +0200 +++ /var/tmp/diff_new_pack.oqLZeP/_new 2025-05-20 10:36:48.217626186 +0200 @@ -17,7 +17,7 @@ Name: grype -Version: 0.91.2 +Version: 0.92.1 Release: 0 Summary: A vulnerability scanner for container images and filesystems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.oqLZeP/_old 2025-05-20 10:36:48.249627525 +0200 +++ /var/tmp/diff_new_pack.oqLZeP/_new 2025-05-20 10:36:48.253627692 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/anchore/grype</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.91.2</param> + <param name="revision">v0.92.1</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.oqLZeP/_old 2025-05-20 10:36:48.277628696 +0200 +++ /var/tmp/diff_new_pack.oqLZeP/_new 2025-05-20 10:36:48.281628863 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/anchore/grype</param> - <param name="changesrevision">7e6ba817350bdb922f35e4437aa01869cf0a8be0</param></service></servicedata> + <param name="changesrevision">4d630fdfd3e8b2d4e3c02674c60bf355dfba4d7b</param></service></servicedata> (No newline at EOF) ++++++ grype-0.91.2.obscpio -> grype-0.92.1.obscpio ++++++ ++++ 8668 lines of diff (skipped) ++++++ grype.obsinfo ++++++ --- /var/tmp/diff_new_pack.oqLZeP/_old 2025-05-20 10:36:52.269795719 +0200 +++ /var/tmp/diff_new_pack.oqLZeP/_new 2025-05-20 10:36:52.273795886 +0200 @@ -1,5 +1,5 @@ name: grype -version: 0.91.2 -mtime: 1745594801 -commit: 7e6ba817350bdb922f35e4437aa01869cf0a8be0 +version: 0.92.1 +mtime: 1747424890 +commit: 4d630fdfd3e8b2d4e3c02674c60bf355dfba4d7b ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/grype/vendor.tar.gz /work/SRC/openSUSE:Factory/.grype.new.30101/vendor.tar.gz differ: char 16, line 1
